Hola , Les comento, tengo un problema para activar firewall de windows 7 , intente todo desde limpiar con todo tipo de software el problema pero nada funciono, cuanto voy a servicios para iniciar el Firewall me aparece una ventana que dice lo siguiente:“Windows no pudo iniciar Firewall de Windows en Equipo Local.Para mas informacion,revise el Registro de eventos del Sistema.Si este no es un servicio de Microsoft, ponganse en contacto con el proveedor de servicio y haga referencia al error especifico del servicio 6801”.Actualmente instale un Firewall pero como me utiliza recursos, no me siento agusto. Si existe una solución se los agradeceria.Gracias
Hola
Realiza en orden y pegas los logs:
-
Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.
-
Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits)
¿Cómo saber si mi Windows es de 32 o 64 bits? -
Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.
-
En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.
-
Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.
En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST
Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.
He tenido que eliminar todos los logos porque está todo mal hecho.
primeramente no me has pegado el log de Malwarebyttes antirookit que es lo primero que indique.
en segundo lugar fabar lo usaste como cuenta de invitado y tienes que usar la cuenta de administrador que está claramente indicado pues este tipo de programas nunca se pueden usar como invitado
Hola Miguel, lo voy a volver hacer correctamente le pido mil disculpas !
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
Database version: main: v2019.01.19.07 rootkit: v2019.01.19.07
Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.18860 Gabriela :: PC [administrator]
19/01/2019 08:52:18 p.m. mbar-log-2019-01-19 (20-52-18).txt
Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 267799 Time elapsed: 37 minute(s), 14 second(s)
Memory Processes Detected: 0 (No malicious items detected)
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 0 (No malicious items detected)
Registry Values Detected: 0 (No malicious items detected)
Registry Data Items Detected: 0 (No malicious items detected)
Folders Detected: 0 (No malicious items detected)
Files Detected: 0 (No malicious items detected)
Physical Sectors Detected: 0 (No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.18860
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 2864234496, free: 1124765696
Downloaded database version: v2019.01.19.07
Downloaded database version: v2019.01.19.07
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
01/19/2019 20:52:07
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\vsdatant.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\NNSNAHSL.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1207020.003\Ironx64.SYS
\SystemRoot\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\psinknc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\NNSTlsc.sys
\SystemRoot\system32\DRIVERS\NNSStrm.sys
\SystemRoot\system32\DRIVERS\NNSSmtp.sys
\SystemRoot\system32\DRIVERS\NNSPrv.sys
\SystemRoot\system32\DRIVERS\NNSProt.sys
\SystemRoot\system32\DRIVERS\NNSPop3.sys
\SystemRoot\system32\DRIVERS\NNSPihsw.sys
\SystemRoot\system32\DRIVERS\NNSPicc.sys
\SystemRoot\system32\DRIVERS\NNSIds.sys
\SystemRoot\system32\DRIVERS\NNSHttps.sys
\SystemRoot\system32\DRIVERS\NNSHttp.sys
\SystemRoot\system32\DRIVERS\NNSAlpc.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130709.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130702.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\aftap0901.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\SGdrv64.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\PSINAflt.sys
\SystemRoot\system32\DRIVERS\PSINProt.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\drivers\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\btmaud.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\system32\DRIVERS\PSINFile.sys
\SystemRoot\system32\DRIVERS\PSINProc.sys
\SystemRoot\system32\DRIVERS\PSINReg.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\PSKMAD.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\cdd.dll
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\31625479.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\normaliz.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\usp10.dll
\Windows\System32\sechost.dll
\Windows\System32\gdi32.dll
\Windows\System32\user32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\lpk.dll
\Windows\System32\urlmon.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\imm32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2019.01.19.07
rootkit: v2019.01.19.07
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003024060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003024b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003024060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002b41050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 16C5B7BC
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition is bootable
Partition file system is NTFS
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 373293056
Partition is not bootable
Partition file system is NTFS
Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 373499904 Numsec = 556965888
Partition is not bootable
Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 930465792 Numsec = 46307328
Partition is bootable
Partition file system is NTFS
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-2D14DB3ED3D239C16B32C0A9A51BD5168EFFA42E.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-2D14DB3ED3D239C16B32C0A9A51BD5168EFFA42E.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-2D14DB3ED3D239C16B32C0A9A51BD5168EFFA42E.bin.83" is compressed (flags = 1)
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-373499904-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-930465792-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finishedScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.2019 01
Ran by Gabriela (administrator) on PC (19-01-2019 21:34:25)
Running from C:\Users\Gabriela\Favorites\Desktop
Loaded Profiles: UpdatusUser & Gabriela (Available Profiles: UpdatusUser & Gabriela & Invitado)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe
(McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Gabriela\Favorites\Desktop\FRST64.exe.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2721576 2011-06-17] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144240 2017-12-29] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [153296 2018-05-30] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM\...\Drivers32: [vidc.ffds] => C:\windows\system32\ff_vfw.dll [127488 2013-01-25] ()
HKLM\...\Drivers32-x32: [vidc.ffds] => C:\windows\SysWOW64\ff_vfw.dll [112640 2013-01-25] ()
HKLM\...\Drivers32-x32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [242259 2011-06-24] ()
HKLM\...\Drivers32-x32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [4102656 2012-07-01] (x264vfw project)
HKLM\...\Drivers32-x32: [vidc.lags] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( )
HKLM\...\Drivers32-x32: [msacm.ac3filter] => C:\Windows\SysWOW64\ac3filter.acm [965120 2012-06-17] ()
HKLM\...\Drivers32-x32: [msacm.lameacm] => C:\Windows\SysWOW64\LameACM.acm [839680 2008-09-24] (hxxp://www.mp3dev.org/)
HKLM\...\Drivers32-x32: [msacm.divxa32] => C:\Windows\SysWOW64\DivXa32.acm [291408 2000-04-01] (Packed With Joy !)
HKLM\...\Drivers32-x32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32.dll [746496 2009-07-13] (Intel Corporation)
HKLM\...\Drivers32-x32: [msacm.iac2] => C:\windows\SysWOW64\iac25_32.ax [197632 2009-07-13] (Intel Corporation)
HKLM\...\Drivers32-x32: [VIDC.IV41] => IR41_32.AX
HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-08] (Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2018-11-27] (McAfee, LLC.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corp.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\On-Screen Keyboard.lnk [2018-02-02]
ShortcutTarget: On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Panda Protection.lnk [2018-01-31]
ShortcutTarget: Panda Protection.lnk -> C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAConsole.exe (Panda Security, S.L.)
Startup: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZoneAlarm Security.lnk [2018-02-02]
ShortcutTarget: ZoneAlarm Security.lnk -> C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
GroupPolicyScripts: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 186.130.129.73 200.63.155.102
Tcpip\..\Interfaces\{9FBA4FD2-0008-4FCD-B073-59B1D8933B49}: [DhcpNameServer] 186.130.129.73 200.63.155.102
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/
HKU\S-1-5-21-297820468-187987108-3971814952-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ar.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180401__ya[browser]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-297820468-187987108-3971814952-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ar.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180401__yaie&p={searchTerms}
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (Intel Security)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (Intel Security)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-12-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-20] (Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (Intel Security)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FireFox:
========
FF ProfilePath: C:\Users\Gabriela\AppData\Roaming\Mozilla\Firefox\Profiles\nu7u4psi.default-1460144494161 [2019-01-04]
FF Homepage: Mozilla\Firefox\Profiles\nu7u4psi.default-1460144494161 -> hxxps://ar.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180401__yaff
FF NewTab: Mozilla\Firefox\Profiles\nu7u4psi.default-1460144494161 -> hxxps://ar.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180401__yaff
FF SearchPlugin: C:\Users\Gabriela\AppData\Roaming\Mozilla\Firefox\Profiles\nu7u4psi.default-1460144494161\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-12]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
FF Extension: (Symantec Intrusion Prevention) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn [2013-07-01] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_9_4
FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_9_4 [2018-01-31] [Legacy] [not signed]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-03-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-09-05] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-25] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin HKU\S-1-5-21-297820468-187987108-3971814952-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Gabriela\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=es-es
CHR DefaultSearchURL: Default -> hxxps://es.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default [2019-01-19]
CHR Extension: (Documentos) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-20]
CHR Extension: (Google Drive) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-20]
CHR Extension: (Adblock Plus) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-28]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-20]
CHR Extension: (Chrome Media Router) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-09]
CHR Profile: C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-01-04]
CHR Extension: (Google Docs) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-21]
CHR Extension: (Adblock Plus) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-29]
CHR Extension: (Banksy Theme) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\koibnbkfdghpoaopokmdofeoabncmihc [2015-11-24]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKU\S-1-5-21-297820468-187987108-3971814952-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2012-09-05] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2012-09-05] (Alcatel-Lucent) [File not signed]
S4 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [149160 2015-08-26] (Mozilla Foundation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-11-08] (Panda Security, S.L.)
S4 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-19] ()
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2018-05-30] (Panda Security, S.L.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [352688 2018-11-27] (McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [352688 2018-11-27] (McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2018-11-27] (McAfee, LLC.)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107584 2017-12-29] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2017-12-28] (Check Point Software Technologies, Ltd.)
S4 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1057648 2017-12-29] (Check Point Software Technologies Ltd.)
S4 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe" [X]
S3 McAfee Vpn Service; "C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe" [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aftap0901; C:\windows\System32\DRIVERS\aftap0901.sys [48624 2017-11-16] (The OpenVPN Project)
S3 AndnetBus; C:\windows\System32\DRIVERS\lgandnetbus64.sys [30208 2016-08-31] (LG Electronics Inc.)
S3 AndNetDiag; C:\windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (LG Electronics Inc.)
S3 ANDNetModem; C:\windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (LG Electronics Inc.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-06-19] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130709.001\IDSvia64.sys [513184 2013-06-18] (Symantec Corporation)
S3 ManyCam; C:\windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-09-05] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-09-05] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130710.002\ENG64.SYS [126040 2013-06-19] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130710.002\EX64.SYS [2098776 2013-06-19] (Symantec Corporation)
R1 NNSALPC; C:\windows\System32\DRIVERS\NNSAlpc.sys [107848 2017-11-03] (Panda Security, S.L.)
R1 NNSHTTP; C:\windows\System32\DRIVERS\NNSHttp.sys [212360 2017-11-03] (Panda Security, S.L.)
R1 NNSHTTPS; C:\windows\System32\DRIVERS\NNSHttps.sys [121232 2017-11-03] (Panda Security, S.L.)
R1 NNSIDS; C:\windows\System32\DRIVERS\NNSIds.sys [126352 2017-11-03] (Panda Security, S.L.)
R1 NNSNAHSL; C:\windows\System32\DRIVERS\NNSNAHSL.sys [94392 2017-09-18] (Panda Security, S.L.)
R1 NNSPICC; C:\windows\System32\DRIVERS\NNSPicc.sys [118136 2017-11-03] (Panda Security, S.L.)
R1 NNSPIHSW; C:\windows\System32\DRIVERS\NNSPihsw.sys [85176 2017-11-03] (Panda Security, S.L.)
R1 NNSPOP3; C:\windows\System32\DRIVERS\NNSPop3.sys [135640 2017-11-03] (Panda Security, S.L.)
R1 NNSPROT; C:\windows\System32\DRIVERS\NNSProt.sys [337520 2017-11-03] (Panda Security, S.L.)
R1 NNSPRV; C:\windows\System32\DRIVERS\NNSPrv.sys [249976 2017-11-03] (Panda Security, S.L.)
R1 NNSSMTP; C:\windows\System32\DRIVERS\NNSSmtp.sys [123304 2017-11-03] (Panda Security, S.L.)
R1 NNSSTRM; C:\windows\System32\DRIVERS\NNSStrm.sys [281912 2017-11-03] (Panda Security, S.L.)
R1 NNSTLSC; C:\windows\System32\DRIVERS\NNSTlsc.sys [125840 2017-11-03] (Panda Security, S.L.)
R2 PSINAflt; C:\windows\System32\DRIVERS\PSINAflt.sys [190552 2017-11-08] (Panda Security, S.L.)
R2 PSINFile; C:\windows\System32\DRIVERS\PSINFile.sys [153176 2018-01-23] (Panda Security, S.L.)
R1 PSINKNC; C:\windows\System32\DRIVERS\psinknc.sys [206424 2018-01-30] (Panda Security, S.L.)
R2 PSINProc; C:\windows\System32\DRIVERS\PSINProc.sys [146976 2017-11-06] (Panda Security, S.L.)
R2 PSINProt; C:\windows\System32\DRIVERS\PSINProt.sys [159312 2017-11-06] (Panda Security, S.L.)
R2 PSINReg; C:\windows\System32\DRIVERS\PSINReg.sys [129448 2017-11-06] (Panda Security, S.L.)
U3 PSKMAD; C:\windows\System32\DRIVERS\PSKMAD.sys [72280 2017-05-22] (Panda Security, S.L.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-10-28] (Windows (R) 2003 DDK 3790 provider)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11616 2001-08-30] () [File not signed]
R2 SGDrv; C:\windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 SRTSP; C:\windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2013-05-30] (Symantec Corporation)
R1 SymIRON; C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
R1 Vsdatant; C:\windows\System32\DRIVERS\vsdatant.sys [461240 2017-12-28] (Check Point Software Technologies Ltd.)
U3 iswSvc; no ImagePath
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-19 21:33 - 2019-01-19 21:34 - 000000000 ____D C:\FRST
2019-01-19 20:52 - 2019-01-19 20:52 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\31625479.sys
2019-01-19 20:46 - 2019-01-19 20:46 - 000001290 _____ C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-01-19 20:45 - 2019-01-19 20:46 - 001985440 _____ (Opera Software) C:\Users\Gabriela\Downloads\OperaSetup.exe
2019-01-19 16:19 - 2019-01-19 16:19 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\62562E4C.sys
2019-01-19 16:18 - 2019-01-19 21:30 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-01-19 16:18 - 2019-01-19 20:51 - 000192952 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2019-01-19 16:17 - 2019-01-19 16:17 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Invitado\Desktop\mbar.exe.exe
2019-01-19 16:05 - 2019-01-19 16:06 - 000025415 _____ C:\Users\Invitado\Desktop\Addition.txt
2019-01-19 16:04 - 2019-01-19 16:06 - 000026491 _____ C:\Users\Invitado\Desktop\FRST.txt
2019-01-19 16:00 - 2019-01-19 16:00 - 002427904 _____ (Farbar) C:\Users\Invitado\Desktop\FRST64.exe
2019-01-19 15:17 - 2017-05-22 07:29 - 000072280 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys
2019-01-18 17:25 - 2019-01-18 17:26 - 000313366 _____ C:\Users\Gabriela\Downloads\WindowsUpdate.diagcab
2019-01-18 17:24 - 2019-01-18 17:24 - 004214830 _____ C:\Users\Gabriela\Downloads\windows6.1-kb3177467-v2-x86_abd69a188878d93212486213990c8caab4d6ae57.msu
2019-01-18 17:23 - 2019-01-18 17:23 - 004212488 _____ C:\Users\Gabriela\Downloads\windows6.1-kb3177467-x86_7fa40e58f6a8e56eb78b09502e5c8c6c1acf0158.msu
2019-01-18 17:22 - 2019-01-18 17:22 - 009542472 _____ C:\Users\Gabriela\Downloads\windows6.1-kb3177467-x64_42467e48b4cfeb44112d819f50b0557d4f9bbb2f.msu
2019-01-18 17:20 - 2019-01-18 17:21 - 009542066 _____ C:\Users\Gabriela\Downloads\windows6.1-kb3177467-v2-x64_b9df2405e7e034e3ffda160fff99a36ab96ba187.msu
2019-01-18 17:06 - 2019-01-18 17:06 - 000000000 ____D C:\Users\Gabriela\AppData\Local\{C4963CBE-7729-43B0-AA9F-977FE0F1B3C7}
2019-01-18 08:55 - 2019-01-18 08:55 - 000000000 ____D C:\Users\Invitado\AppData\Local\mbam
2019-01-17 00:58 - 2019-01-17 00:58 - 000001254 _____ C:\Users\Invitado\Desktop\Navegador Opera.lnk
2019-01-17 00:58 - 2019-01-17 00:58 - 000001254 _____ C:\Users\Invitado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-01-17 00:58 - 2019-01-17 00:58 - 000000000 ____D C:\Users\Invitado\AppData\Local\Opera Software
2019-01-17 00:56 - 2019-01-17 00:56 - 000000000 ____D C:\Users\Invitado\AppData\Roaming\Opera Software
2019-01-09 19:45 - 2019-01-09 19:45 - 000000000 ____D C:\Users\Gabriela\AppData\Local\Solid State Networks
2019-01-09 19:41 - 2019-01-09 19:42 - 019767752 _____ (Gameforge 4D GmbH ) C:\Users\Gabriela\Downloads\2018-11-27_TERA_Setup.exe
2019-01-09 17:29 - 2019-01-09 17:29 - 000000000 ____D C:\Users\Gabriela\Documents\League of Legends
2019-01-09 17:19 - 2019-01-09 17:19 - 000000000 ____D C:\ProgramData\Riot Games
2019-01-09 17:17 - 2008-07-12 08:18 - 003851784 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_39.dll
2019-01-09 17:17 - 2008-07-12 08:18 - 001493528 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_39.dll
2019-01-09 17:17 - 2008-07-12 08:18 - 000467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_39.dll
2019-01-09 17:08 - 2019-01-09 17:09 - 088142216 _____ (Riot Games, Inc) C:\Users\Gabriela\Downloads\League of Legends installer NA.exe
2019-01-08 15:08 - 2019-01-08 15:08 - 000467184 _____ C:\windows\system32\FNTCACHE.DAT
2019-01-06 18:07 - 2019-01-06 18:17 - 000000000 ____D C:\Users\Gabriela\Documents\Mount&Blade Savegames
2019-01-06 18:06 - 2019-01-06 18:23 - 000000000 ____D C:\Users\Gabriela\AppData\Roaming\Mount&Blade
2019-01-06 18:03 - 2019-01-06 18:05 - 000000638 _____ C:\Users\UpdatusUser\Desktop\Mount&Blade.lnk
2019-01-06 18:03 - 2019-01-06 18:05 - 000000638 _____ C:\Users\Invitado\Desktop\Mount&Blade.lnk
2019-01-06 18:03 - 2019-01-06 18:05 - 000000638 _____ C:\Users\Gabriela\Desktop\Mount&Blade.lnk
2019-01-06 18:03 - 2019-01-06 18:03 - 000000000 ____D C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2019-01-06 18:03 - 2019-01-06 18:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2019-01-04 18:47 - 2019-01-04 18:47 - 000115256 _____ C:\Users\Gabriela\AppData\Local\GDIPFONTCACHEV1.DAT
2018-12-31 13:02 - 2018-12-31 13:02 - 000000000 ____D C:\Users\Invitado\Desktop\Nueva carpeta
2018-12-28 13:44 - 2018-12-28 13:44 - 000000000 ____D C:\Users\Invitado\Desktop\JUEGO - ToplayAndrew
2018-12-28 13:35 - 2018-12-27 17:08 - 4196778791 _____ C:\Users\Invitado\Desktop\JUEGO - ToplayAndrew.rar
2018-12-27 15:45 - 2018-12-27 15:45 - 000000959 _____ C:\Users\Public\Desktop\WinRAR.lnk
2018-12-27 15:42 - 2018-12-27 15:45 - 000000000 ____D C:\Program Files\WinRAR
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-19 20:46 - 2015-11-21 17:06 - 000000000 ____D C:\Users\Gabriela\AppData\Roaming\Opera Software
2019-01-19 20:46 - 2015-11-21 17:06 - 000000000 ____D C:\Users\Gabriela\AppData\Local\Opera Software
2019-01-19 20:42 - 2009-07-14 02:09 - 000000000 ____D C:\windows\System32\Tasks\WPD
2019-01-19 16:19 - 2018-01-28 14:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-19 16:01 - 2013-05-16 11:40 - 000000000 ____D C:\Users\Gabriela
2019-01-19 15:24 - 2009-07-14 01:45 - 000022624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-19 15:24 - 2009-07-14 01:45 - 000022624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-19 15:17 - 2009-07-14 02:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-01-18 19:40 - 2015-07-25 03:05 - 000000000 ____D C:\windows\pss
2019-01-18 18:19 - 2017-09-26 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2019-01-18 17:07 - 2013-06-19 10:23 - 000000000 ____D C:\Users\Gabriela\AppData\Local\CrashDumps
2019-01-18 06:44 - 2018-02-01 19:17 - 000527986 _____ C:\windows\ntbtlog.txt
2019-01-18 04:48 - 2015-09-21 21:47 - 000000000 ____D C:\Users\Gabriela\AppData\Roaming\uTorrent
2019-01-17 19:55 - 2015-07-25 03:45 - 000007604 _____ C:\Users\Gabriela\AppData\Local\Resmon.ResmonCfg
2019-01-11 10:58 - 2012-01-13 06:06 - 000000000 ____D C:\Users\UpdatusUser
2019-01-08 15:17 - 2016-02-16 11:05 - 000002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-08 15:17 - 2016-02-16 11:05 - 000002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-01-04 19:40 - 2012-01-13 06:04 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-04 18:49 - 2018-10-16 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cliente MUCastillo 99B
2018-12-28 14:24 - 2018-10-21 01:57 - 000000000 ____D C:\Users\Invitado\AppData\Local\VirtualStore
2018-12-27 15:46 - 2014-09-06 19:45 - 000000000 ____D C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-12-27 15:46 - 2014-09-06 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-12-20 16:42 - 2018-02-01 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-12-20 16:42 - 2015-01-15 13:09 - 000000000 ____D C:\Program Files (x86)\Java
2018-12-20 16:34 - 2018-02-01 11:38 - 000098680 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
==================== Files in the root of some directories =======
2017-11-18 10:30 - 2017-11-18 10:30 - 007649280 _____ () C:\Program Files (x86)\GUT9515.tmp
2015-09-03 20:59 - 2015-09-03 20:59 - 000000132 _____ () C:\Users\Gabriela\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2015-09-08 17:57 - 2015-09-08 18:13 - 000000095 _____ () C:\Users\Gabriela\AppData\Roaming\LauncherSettings_live.cfg
2013-05-16 17:09 - 2013-05-16 17:09 - 000015850 _____ () C:\Users\Gabriela\AppData\Roaming\UserTile.png
2015-07-25 03:45 - 2019-01-17 19:55 - 000007604 _____ () C:\Users\Gabriela\AppData\Local\Resmon.ResmonCfg
2015-06-06 01:43 - 2015-06-06 01:43 - 000000003 _____ () C:\Users\Gabriela\AppData\Local\updater.log
2015-06-06 01:44 - 2018-08-30 20:16 - 000000059 _____ () C:\Users\Gabriela\AppData\Local\UserProducts.xml
2015-12-09 20:15 - 2015-12-09 20:15 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{0C213795-078D-4192-8894-E55995C86F03}
2017-10-10 19:28 - 2017-10-10 19:28 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{1B062759-EB48-49F3-B2F0-5D9F1C436E80}
2016-03-10 17:25 - 2016-03-10 17:25 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{21D525A5-8C07-4128-A2B6-8EC3B46EC8CF}
2018-01-08 17:16 - 2018-01-08 17:16 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{3A58E67E-862B-4E90-823E-5197843BC769}
2017-05-20 12:16 - 2017-05-20 12:16 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{5EB48E99-BDA6-4981-804B-541663771DA4}
2016-08-21 18:13 - 2016-08-21 18:13 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{61772A00-82B9-4566-89C5-A129FE1A29F1}
2016-08-15 18:40 - 2016-08-15 18:40 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{73AAB017-39E5-4760-931F-74F46E4382FB}
2017-12-16 03:49 - 2017-12-16 03:49 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{755D553A-D990-4308-8CF0-3B185F6AAA48}
2016-08-11 16:22 - 2016-08-11 16:22 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{76B708F8-A444-419C-A1FD-66445CD82DDA}
2018-01-10 12:26 - 2018-01-10 12:26 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{825BAD9F-632A-4ACA-BBE4-A78601F081B5}
2017-10-08 17:48 - 2017-10-08 17:48 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{8FE9FDF2-38C9-4CFB-9A5E-B776F0D0503A}
2017-12-17 05:40 - 2017-12-17 05:40 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{B046ABCE-230A-41BB-8BB2-CDD317710292}
2017-10-04 20:13 - 2017-10-04 20:13 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{BD67F23D-ED39-46CA-8427-6B75A51FFD32}
2016-04-12 12:18 - 2016-04-12 12:18 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{EF0593FD-B03E-477B-B3C2-90DA50F7002C}
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-01-25 12:03
==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by Gabriela (19-01-2019 21:35:37)
Running from C:\Users\Gabriela\Favorites\Desktop
Windows 7 Home Basic Service Pack 1 (X64) (2013-05-16 14:40:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-297820468-187987108-3971814952-500 - Administrator - Disabled)
Gabriela (S-1-5-21-297820468-187987108-3971814952-1001 - Administrator - Enabled) => C:\Users\Gabriela
Invitado (S-1-5-21-297820468-187987108-3971814952-501 - Limited - Enabled) => C:\Users\Invitado
UpdatusUser (S-1-5-21-297820468-187987108-3971814952-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Panda Dome (Disabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Protection (Disabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {3EB84D8C-4821-F4B8-2DD8-2831FAA29B21}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Windows Live Essentials“ (HKLM-x32\...\{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (HKLM-x32\...\{2720009D-9566-45A7-A370-0E6DAC313F3F}) (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (HKLM-x32\...\{122800FE-3AAF-4974-9FBD-54B023FA756A}) (Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (HKLM-x32\...\{C877E454-FA36-409A-A00E-1240CEC61BBD}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-297820468-187987108-3971814952-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
Asistente Virtual (HKLM-x32\...\TASA) (Version: - )
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
Cheating-Death 4.33.4 (HKLM-x32\...\Cheating-Death) (Version: - )
Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.1.16.14 - Samsung Electronics Co., Ltd.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung)
ETDWare PS/2-X64 10.0.7.2_WHQL (HKLM\...\Elantech) (Version: 10.0.7.2 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (HKLM-x32\...\WT085618) (Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (HKLM-x32\...\{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (HKLM-x32\...\{CB66242D-12B1-4494-82D2-6F53A7E024A3}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Insaniquarium Deluxe (HKLM-x32\...\WT085622) (Version: 2.2.0.82 - WildTangent) Hidden
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.3.436779.133 - Comodo)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
John Deere Drive Green (HKLM-x32\...\WT085580) (Version: 2.2.0.82 - WildTangent) Hidden
Juegos WildTangent (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG AirDrive (HKLM-x32\...\{8137B0B3-043B-415D-9095-172CA399D785}) (Version: 3.1.1 - LG Electronics)
LG Bridge (HKLM-x32\...\LG Bridge) (Version: 1.2.48 - LG Electronics)
LG Mobile Drivers (HKLM-x32\...\{C3C008A7-D4A5-4E19-B0D6-72043D6EFE34}) (Version: 4.2.0 - LG Electronics)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.2.167.1 - McAfee, LLC)
Media Player Codec Pack 4.2.5 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.5 - Media Player Codec Pack)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{57660847-B1F7-35BD-9118-F62EB863A598}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mount&Blade (HKLM-x32\...\Mount&Blade) (Version: - )
Mozilla Firefox 41.0.1 (x86 es-AR) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 es-AR)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
Node.js (HKLM\...\{401959C6-C385-4BAF-9565-FF2B75B45D8C}) (Version: 4.2.1 - Node.js Foundation)
NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 57.0.3098.116 (HKU\S-1-5-21-297820468-187987108-3971814952-1001\...\Opera 57.0.3098.116) (Version: 57.0.3098.116 - Opera Software)
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Dome (HKLM\...\{DC22166B-6F26-4E2E-BFDE-CC3578246940}) (Version: 9.14.00 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.6.0 - Panda Security)
Paquete de compatibilidad para Office 2007 (Beta) (HKLM-x32\...\{30120000-0020-0C0A-0000-0000000FF1CE}) (Version: 12.0.4407.1005 - Microsoft Corporation)
Peggle (HKLM-x32\...\WT085663) (Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WT085581) (Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (HKLM-x32\...\WT085669) (Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (HKLM-x32\...\{64376910-1860-4CEF-8B34-AA5D205FC5F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM-x32\...\{7A9D47BA-6D50-4087-866F-0800D8B89383}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (HKLM-x32\...\WT085583) (Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (HKLM-x32\...\{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Soul Air Client (HKLM-x32\...\{80C4BE97-1EEF-D199-1A9F-5997C1F2CAC0}) (Version: 0.90.3 - UNKNOWN) Hidden
Soul Air Client (HKLM-x32\...\com.ambergames.soul.air) (Version: 0.90.3 - UNKNOWN)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Voobly Game Data (HKLM-x32\...\Voobly_is1) (Version: Voobly Game Datas - Voobly)
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
ZoneAlarm Firewall (HKLM-x32\...\{6B677C8A-0051-41D4-B70A-4E721C2667D5}) (Version: 15.1.522.17528 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.1.522.17528 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{6E442303-774D-4AEC-A2BA-F2F523B0ACAC}) (Version: 15.1.522.17528 - Check Point Software Technologies Ltd.) Hidden
Zuma Deluxe (HKLM-x32\...\WT089285) (Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (HKLM-x32\...\{C00C2A91-6CB3-483F-80B3-2958E29468F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (HKLM-x32\...\{E83DC314-C926-4214-AD58-147691D6FE9F}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (HKLM-x32\...\{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}) (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (HKLM-x32\...\{77F69CA1-E53D-4D77-8BA3-FA07606CC851}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (HKLM-x32\...\{4444F27C-B1A8-464E-9486-4C37BAB39A09}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (HKLM-x32\...\{CE929F09-3853-4180-BD90-30764BFF7136}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (HKLM-x32\...\{0A4C4B29-5A9D-4910-A13C-B920D5758744}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (HKLM-x32\...\{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-297820468-187987108-3971814952-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-297820468-187987108-3971814952-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-297820468-187987108-3971814952-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-297820468-187987108-3971814952-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-297820468-187987108-3971814952-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-297820468-187987108-3971814952-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-10-18] (Intel Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\18.7.2.3\NavShExt.dll [2012-06-07] (Symantec Corporation)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security, S.L.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\18.7.2.3\NavShExt.dll [2012-06-07] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2010-12-16] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\system32\nvshext.dll [2011-06-04] (NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security, S.L.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\18.7.2.3\NavShExt.dll [2012-06-07] (Symantec Corporation)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security, S.L.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07CB5A75-96E0-4D66-88C7-F2666F94077D} - no filepath
Task: {0BC61C3C-EE30-454B-8601-8B017C0C55B1} - System32\Tasks\{276015E9-7FAD-4982-B045-7F069C693CED} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.5.0.101/es/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {19473DB8-7A18-4509-9B86-73E0B5584DB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {1B4C1EE6-68B4-42CE-A719-6561C4C7C82E} - System32\Tasks\Opera scheduled Autoupdate 1448136369 => C:\Program Files (x86)\Opera\launcher.exe
Task: {29C75E29-BBA6-46EA-A1FB-0FBFB5AB4C0E} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2011-09-14] (Samsung)
Task: {2C5F1FD7-F198-4000-B91B-AEDCAE9BE515} - System32\Tasks\update-S-1-5-21-297820468-187987108-3971814952-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {301185B7-F70B-4F31-B1FE-9342AB2C653D} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {358C3E55-D32E-4502-AA6E-E7631B4A58F9} - no filepath
Task: {3B756166-A2A1-4F13-A7DB-C23CDCB7C097} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {3C9D1EB9-8CA2-4145-9A02-60350E16CBEC} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {463DA5E8-AE9C-4C8E-9C23-96B2CED8D3A9} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {47D3A6DE-B610-4312-AEB0-263828B20C4B} - System32\Tasks\{01965240-4E0E-4EC8-A918-6C5FBD692549} => C:\Program Files (x86)\TASA\McciBrowser.exe [2012-09-05] (Alcatel-Lucent)
Task: {4A82EF35-1EBC-43F2-9845-952582BD0C0D} - System32\Tasks\{9EB756B4-B963-47C3-B869-0D5C3E48E7EB} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.5.80.101/es/go/help.faq.installer?LastError=1618
Task: {4FECA123-6EAF-4210-A494-939CFE17D154} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {54B2C66D-D6ED-4340-B889-9DBFE85CA234} - System32\Tasks\{A6D772A8-0474-4C65-910B-7A1C78F54647} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.16.0.105&LastError=404
Task: {567AB5F6-7B7F-4D40-9CD6-07C0C881FB7A} - no filepath
Task: {6A02E356-8F73-4897-897D-24DF20596254} - no filepath
Task: {6F1DFF2E-F4E1-45EB-A8CD-20E08D5D9B52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {7403A64B-C5F5-45E1-9B83-6418BA37B83D} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {7CBE8AC7-1A67-4488-BEA6-7B84A0F593A3} - System32\Tasks\{674A162A-5AB2-404D-AA5F-0D0FC808C8FC} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.10.80.101/es/abandoninstall?page=tsMain
Task: {890EC9A0-48B3-474E-8313-7D5E173BDBBE} - System32\Tasks\{F3DE4C64-B652-4BD0-8869-C6924C08967D} => C:\windows\system32\pcalua.exe -a C:\Users\Gabriela\AppData\Local\Temp\{1EB77A19-702F-49A5-8BE9-E2195D5601B4}\setup.exe -d "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95" <==== ATTENTION
Task: {92476712-A490-4BF6-BEDF-7D31B9171BCD} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-29] (SAMSUNG Electronics)
Task: {959B15F6-87F5-478A-8AA9-F1121EA8F248} - System32\Tasks\{2E70CCCE-1DB7-44E3-9DF5-C8AB0EA9CC66} => C:\Program Files (x86)\TASA\McciBrowser.exe [2012-09-05] (Alcatel-Lucent)
Task: {997C7382-2169-4840-83D1-7B1A866CA422} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-297820468-187987108-3971814952-1001UA => C:\Users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {9BB059FE-AF1E-413A-B70E-43D0368471A2} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {9DB69938-5C2B-4DEE-B31F-66073CB03B78} - System32\Tasks\{3B5D194F-AACC-4131-9AD8-C99AC7959292} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.5.0.102/es/go/help.faq.installer?LastError=1618
Task: {AA8B58E1-3E8D-42FD-A07E-0263B44DA802} - no filepath
Task: {B64A6DEB-5279-4F6A-A0B8-0951AC0BB683} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {C3D3A79D-4CBF-4A27-AC45-0581EAE0F88F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-297820468-187987108-3971814952-1001Core => C:\Users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-10] (Facebook Inc.)
Task: {F04F11F9-D26E-4467-9BCE-FF9AF7975337} - System32\Tasks\{454AAAA4-270B-4BFE-ADA6-B124532D5552} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.5.0.102/es/go/help.faq.installer?LastError=1618
Task: {F058A450-FD3D-4DCD-BB1F-808816D240F9} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {F16E541F-6CB5-43C1-96FC-AE3E9BB96993} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-27] (Samsung Electronics)
Task: {FBA24B13-DB3A-468C-9F44-5092033EAE1E} - System32\Tasks\{071F74E1-4279-4B16-9308-5311B25970A1} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.5.0.102/es/go/help.faq.installer?LastError=1618
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297820468-187987108-3971814952-1001Core.job => C:\Users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297820468-187987108-3971814952-1001UA.job => C:\Users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\update-S-1-5-21-297820468-187987108-3971814952-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":
WMI:subscription\__EventFilter->BVTFilter:
WMI:subscription\CommandLineEventConsumer->BVTConsumer:
ShortcutWithArgument: C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
ShortcutWithArgument: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\nodejs\nodevars.bat"
ShortcutWithArgument: C:\Users\Gabriela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) ==============
2015-12-15 14:17 - 2015-12-15 14:17 - 000618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [322]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [322]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [322]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [322]
AlternateDataStreams: C:\Users\Gabriela\Datos de programa:NT [40]
AlternateDataStreams: C:\Users\Gabriela\Datos de programa:NT2 [322]
AlternateDataStreams: C:\Users\Gabriela\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\Gabriela\AppData\Roaming:NT2 [322]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-297820468-187987108-3971814952-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-297820468-187987108-3971814952-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 23:34 - 2009-06-10 18:00 - 000000824 _____ C:\windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\nodejs\
HKCU\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\nodejs\
HKU\S-1-5-21-297820468-187987108-3971814952-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 186.130.129.73 - 200.63.155.102
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: Bluetooth Device Monitor => 2
MSCONFIG\Services: Bluetooth Media Service => 3
MSCONFIG\Services: Bluetooth OBEX Service => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: ZAPrivacyService => 3
MSCONFIG\Services: ZoneAlarm ICM Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Gabriela^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk => C:\windows\pss\IMVU.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gabriela^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Malwarebytes.lnk => C:\windows\pss\Malwarebytes.lnk.Startup
MSCONFIG\startupreg: ares => "C:\Users\Gabriela\Desktop\Ares\Ares.exe" -h
MSCONFIG\startupreg: Avira SystrayStartTrigger => "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Gabriela\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: RaidCall => C:\Program Files (x86)\RaidCall\raidcall.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: sXe Injected => C:\Program Files (x86)\sXe Injected\sXe Injected.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Gabriela\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: Voobly => "C:\Program Files (x86)\Voobly\voobly.exe" --startup
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
14-01-2019 03:06:28 Windows Update
19-01-2019 02:55:32 Windows Update
==================== Faulty Device Manager Devices =============
Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/19/2019 09:35:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: Error en la fase de recuperación.
Contexto: aplicación Windows, catálogo SystemIndex
Detalles:
El recopilador se está cerrando. (HRESULT : 0x80040d23) (0x80040d23)
Error: (01/19/2019 09:35:42 PM) (Source: Windows Search Service) (EventID: 3602) (User: )
Description: ID 1 del error producido durante la etapa de recuperación de Windows Search, reinicie el servicio. Si el error persiste, vuelva a crear el índice.
Contexto: aplicación Windows, catálogo SystemIndex
Detalles:
El recopilador se está cerrando. (HRESULT : 0x80040d23) (0x80040d23)
Error: (01/19/2019 09:34:36 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: Error en la fase de recuperación.
Contexto: aplicación Windows, catálogo SystemIndex
Detalles:
El recopilador se está cerrando. (HRESULT : 0x80040d23) (0x80040d23)
Error: (01/19/2019 09:34:36 PM) (Source: Windows Search Service) (EventID: 3602) (User: )
Description: ID 1 del error producido durante la etapa de recuperación de Windows Search, reinicie el servicio. Si el error persiste, vuelva a crear el índice.
Contexto: aplicación Windows, catálogo SystemIndex
Detalles:
El recopilador se está cerrando. (HRESULT : 0x80040d23) (0x80040d23)
Error: (01/19/2019 09:33:06 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: Error en la fase de recuperación.
Contexto: aplicación Windows, catálogo SystemIndex
Detalles:
El recopilador se está cerrando. (HRESULT : 0x80040d23) (0x80040d23)
Error: (01/19/2019 09:33:06 PM) (Source: Windows Search Service) (EventID: 3602) (User: )
Description: ID 1 del error producido durante la etapa de recuperación de Windows Search, reinicie el servicio. Si el error persiste, vuelva a crear el índice.
Contexto: aplicación Windows, catálogo SystemIndex
Detalles:
El recopilador se está cerrando. (HRESULT : 0x80040d23) (0x80040d23)
Error: (01/19/2019 09:33:06 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: El servicio Windows Search no pudo crear el nuevo índice de búsqueda. Error interno <10, 0x80071a91, Error al guardar los cambios del administrador de ámbito de rastreo: >.
Error: (01/19/2019 09:33:06 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <20, 0x80071a91, "">.
System errors:
=============
Error: (01/19/2019 09:35:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Windows Search se terminó de manera inesperada. Esto ha sucedido 36 veces.
Error: (01/19/2019 09:35:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Windows Search se cerró con el siguiente error:
La compatibilidad con transacciones dentro del administrador de recursos especificado no se inició o se cerró debido a un error.
Error: (01/19/2019 09:34:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Windows Search se terminó de manera inesperada. Esto ha sucedido 35 veces.
Error: (01/19/2019 09:34:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Windows Search se cerró con el siguiente error:
La compatibilidad con transacciones dentro del administrador de recursos especificado no se inició o se cerró debido a un error.
Error: (01/19/2019 09:33:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Windows Search se terminó de manera inesperada. Esto ha sucedido 34 veces.
Error: (01/19/2019 09:33:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Windows Search se cerró con el siguiente error:
La compatibilidad con transacciones dentro del administrador de recursos especificado no se inició o se cerró debido a un error.
Error: (01/19/2019 09:33:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Windows Search se terminó de manera inesperada. Esto ha sucedido 33 veces.
Error: (01/19/2019 09:33:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Windows Search se cerró con el siguiente error:
La compatibilidad con transacciones dentro del administrador de recursos especificado no se inició o se cerró debido a un error.
Windows Defender:
===================================
Date: 2018-01-28 14:35:07.498
Description:
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{D3610728-26DC-42A5-BE53-3ADFCE69C95A}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:NT AUTHORITY\Servicio de red
CodeIntegrity:
===================================
Date: 2018-02-01 09:43:48.590
Description:
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\PROGRA~2\COMMON~1\Motive\MRESP50.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
Date: 2018-02-01 09:43:48.372
Description:
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\PROGRA~2\COMMON~1\Motive\MRESP50.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
Date: 2018-02-01 09:43:48.153
Description:
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\PROGRA~2\COMMON~1\Motive\MREMP50.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
Date: 2018-02-01 09:43:47.919
Description:
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\PROGRA~2\COMMON~1\Motive\MREMP50.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
Date: 2018-02-01 09:43:46.000
Description:
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\PROGRA~2\COMMON~1\Motive\MRESP50.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
Date: 2018-02-01 09:43:45.798
Description:
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\PROGRA~2\COMMON~1\Motive\MRESP50.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
Date: 2018-02-01 09:43:45.579
Description:
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\PROGRA~2\COMMON~1\Motive\MREMP50.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
Date: 2018-02-01 09:43:45.345
Description:
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\PROGRA~2\COMMON~1\Motive\MREMP50.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 49%
Total physical RAM: 2731.55 MB
Available physical RAM: 1380.45 MB
Total Virtual: 5461.28 MB
Available Virtual: 3985.78 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:178 GB) (Free:84.83 GB) NTFS
Drive d: () (Fixed) (Total:265.58 GB) (Free:217.96 GB) NTFS
\\?\Volume{4b569a45-3e53-11e1-b901-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{eb2078c4-1ef9-11e2-9fb1-806e6f6e6963}\ (SAMSUNG_REC) (Fixed) (Total:22.08 GB) (Free:0.94 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 16C5B7BC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=178 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.6 GB) - (Type=0F Extended)
Partition 4: (Not Active) - (Size=22.1 GB) - (Type=27)
==================== End of Addition.txt ============================Has intentado iniciar el Firewall dese la cuenta de invitado o desde la de Administrador??
Hola Miguel, En la cuenta de usuario funcionaba a la perfección pero ahora el problema que tenia la cuenta de Administrador se paso al usuario.Cuando intento activar el firewall desde Panel de control me sale lo siguiente:Firewall de Windows no pudo cambiar algunas de las opciones de configuración Codigo de error:0x8007045b
Tambien otro detalle que quiero decir es que en algunos casos cuando quiero activar el Firewall de windows me dice error:ox6d9, por otro lado cuando voy a panel de control cuando clickeo para activar el Firewall no aparece ninguna ventana para activarlo ,queda cargando pero nunca se abre nada.
Aunque no sale en programas instalados, tienes Norton Interenet Security totalmente instalada, y este trae firewall, por lo que pueda ser motivo de conflicto
Usa la herramienta de desinstalacion de Norton y reinicias el pc
Hola, Use el programa de desinstalación de Norton y reinicie, y sigue sin resolverse 
Deberás desinstalar antes Zone Alarm
Luego realizas.
Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :
-
Para hacerlo descarga Delfix en tu escritorio.
-
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
-
Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO
-
Pulsar en Run.
Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.
En el equipo con los demas programas cerrados:
Inicio >>> Ejecutar >>>Escribes notepad.exe.
Ahora copia y pega estos archivos dentro del Notepad:
Start
CreateRestorePoint:
CloseProcesses:
GroupPolicyScripts: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-297820468-187987108-3971814952-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ar.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180401__yaie&p={searchTerms}
FF Extension: (Symantec Intrusion Prevention) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn [2013-07-01] [Legacy] [not signed]
FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_9_4 [2018-01-31] [Legacy] [not signed]
C:\ProgramData\Norton
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
S3 SRTSP; C:\windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2013-05-30] (Symantec Corporation)
R1 SymIRON; C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
U3 iswSvc; no ImagePath
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
2015-12-09 20:15 - 2015-12-09 20:15 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{0C213795-078D-4192-8894-E55995C86F03}
2017-10-10 19:28 - 2017-10-10 19:28 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{1B062759-EB48-49F3-B2F0-5D9F1C436E80}
2016-03-10 17:25 - 2016-03-10 17:25 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{21D525A5-8C07-4128-A2B6-8EC3B46EC8CF}
2018-01-08 17:16 - 2018-01-08 17:16 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{3A58E67E-862B-4E90-823E-5197843BC769}
2017-05-20 12:16 - 2017-05-20 12:16 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{5EB48E99-BDA6-4981-804B-541663771DA4}
2016-08-21 18:13 - 2016-08-21 18:13 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{61772A00-82B9-4566-89C5-A129FE1A29F1}
2016-08-15 18:40 - 2016-08-15 18:40 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{73AAB017-39E5-4760-931F-74F46E4382FB}
2017-12-16 03:49 - 2017-12-16 03:49 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{755D553A-D990-4308-8CF0-3B185F6AAA48}
2016-08-11 16:22 - 2016-08-11 16:22 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{76B708F8-A444-419C-A1FD-66445CD82DDA}
2018-01-10 12:26 - 2018-01-10 12:26 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{825BAD9F-632A-4ACA-BBE4-A78601F081B5}
2017-10-08 17:48 - 2017-10-08 17:48 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{8FE9FDF2-38C9-4CFB-9A5E-B776F0D0503A}
2017-12-17 05:40 - 2017-12-17 05:40 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{B046ABCE-230A-41BB-8BB2-CDD317710292}
2017-10-04 20:13 - 2017-10-04 20:13 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{BD67F23D-ED39-46CA-8427-6B75A51FFD32}
2016-04-12 12:18 - 2016-04-12 12:18 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{EF0593FD-B03E-477B-B3C2-90DA50F7002C}
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\18.7.2.3\NavShExt.dll [2012-06-07] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\18.7.2.3\NavShExt.dll [2012-06-07] (Symantec Corporation)
C:\Program Files (x86)\Norton Internet Security
Task: {07CB5A75-96E0-4D66-88C7-F2666F94077D} - no filepath
Task: {567AB5F6-7B7F-4D40-9CD6-07C0C881FB7A} - no filepath
Task: {6A02E356-8F73-4897-897D-24DF20596254} - no filepath
Task: {7403A64B-C5F5-45E1-9B83-6418BA37B83D} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {AA8B58E1-3E8D-42FD-A07E-0263B44DA802} - no filepath
Task: {9BB059FE-AF1E-413A-B70E-43D0368471A2} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {AA8B58E1-3E8D-42FD-A07E-0263B44DA802} - no filepath
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":
WMI:subscription\__EventFilter->BVTFilter:
WMI:subscription\CommandLineEventConsumer->BVTConsumer:
ShortcutWithArgument: C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
ShortcutWithArgument: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\nodejs\nodevars.bat"
ShortcutWithArgument: C:\Users\Gabriela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [322]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [322]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [322]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [322]
AlternateDataStreams: C:\Users\Gabriela\Datos de programa:NT [40]
AlternateDataStreams: C:\Users\Gabriela\Datos de programa:NT2 [322]
AlternateDataStreams: C:\Users\Gabriela\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\Gabriela\AppData\Roaming:NT2 [322]
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<
Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.
-
Y ahora usa esta Faq de Windows[SIZE=2][COLOR=#006400][B] https://forospyware.com/t/como-iniciar-el-pc-en-modo-a-prueba-de-fallos/162[/B][/COLOR][/SIZE], para trabajar desde ese modo de windows
-
Ejecutas Frst.exe.
-
Presionas el botón Fix y aguardas a que termine.
-
La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
Lo pegas en tu próxima respuesta, comentado como va el problema
Fix result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by Gabriela (20-01-2019 18:20:50) Run:1
Running from C:\Users\Gabriela\Favorites\Desktop
Loaded Profiles: Gabriela (Available Profiles: UpdatusUser & Gabriela & Invitado)
Boot Mode: Safe Mode (minimal)
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
GroupPolicyScripts: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-297820468-187987108-3971814952-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ar.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180401__yaie&p={searchTerms}
FF Extension: (Symantec Intrusion Prevention) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn [2013-07-01] [Legacy] [not signed]
FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_9_4 [2018-01-31] [Legacy] [not signed]
C:\ProgramData\Norton
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
S3 SRTSP; C:\windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2013-05-30] (Symantec Corporation)
R1 SymIRON; C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
U3 iswSvc; no ImagePath
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
2015-12-09 20:15 - 2015-12-09 20:15 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{0C213795-078D-4192-8894-E55995C86F03}
2017-10-10 19:28 - 2017-10-10 19:28 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{1B062759-EB48-49F3-B2F0-5D9F1C436E80}
2016-03-10 17:25 - 2016-03-10 17:25 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{21D525A5-8C07-4128-A2B6-8EC3B46EC8CF}
2018-01-08 17:16 - 2018-01-08 17:16 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{3A58E67E-862B-4E90-823E-5197843BC769}
2017-05-20 12:16 - 2017-05-20 12:16 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{5EB48E99-BDA6-4981-804B-541663771DA4}
2016-08-21 18:13 - 2016-08-21 18:13 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{61772A00-82B9-4566-89C5-A129FE1A29F1}
2016-08-15 18:40 - 2016-08-15 18:40 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{73AAB017-39E5-4760-931F-74F46E4382FB}
2017-12-16 03:49 - 2017-12-16 03:49 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{755D553A-D990-4308-8CF0-3B185F6AAA48}
2016-08-11 16:22 - 2016-08-11 16:22 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{76B708F8-A444-419C-A1FD-66445CD82DDA}
2018-01-10 12:26 - 2018-01-10 12:26 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{825BAD9F-632A-4ACA-BBE4-A78601F081B5}
2017-10-08 17:48 - 2017-10-08 17:48 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{8FE9FDF2-38C9-4CFB-9A5E-B776F0D0503A}
2017-12-17 05:40 - 2017-12-17 05:40 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{B046ABCE-230A-41BB-8BB2-CDD317710292}
2017-10-04 20:13 - 2017-10-04 20:13 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{BD67F23D-ED39-46CA-8427-6B75A51FFD32}
2016-04-12 12:18 - 2016-04-12 12:18 - 000000000 _____ () C:\Users\Gabriela\AppData\Local\{EF0593FD-B03E-477B-B3C2-90DA50F7002C}
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\18.7.2.3\NavShExt.dll [2012-06-07] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\18.7.2.3\NavShExt.dll [2012-06-07] (Symantec Corporation)
C:\Program Files (x86)\Norton Internet Security
Task: {07CB5A75-96E0-4D66-88C7-F2666F94077D} - no filepath
Task: {567AB5F6-7B7F-4D40-9CD6-07C0C881FB7A} - no filepath
Task: {6A02E356-8F73-4897-897D-24DF20596254} - no filepath
Task: {7403A64B-C5F5-45E1-9B83-6418BA37B83D} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {AA8B58E1-3E8D-42FD-A07E-0263B44DA802} - no filepath
Task: {9BB059FE-AF1E-413A-B70E-43D0368471A2} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {AA8B58E1-3E8D-42FD-A07E-0263B44DA802} - no filepath
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":
WMI:subscription\__EventFilter->BVTFilter:
WMI:subscription\CommandLineEventConsumer->BVTConsumer:
ShortcutWithArgument: C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
ShortcutWithArgument: C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\nodejs\nodevars.bat"
ShortcutWithArgument: C:\Users\Gabriela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [322]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [322]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [322]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [322]
AlternateDataStreams: C:\Users\Gabriela\Datos de programa:NT [40]
AlternateDataStreams: C:\Users\Gabriela\Datos de programa:NT2 [322]
AlternateDataStreams: C:\Users\Gabriela\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\Gabriela\AppData\Roaming:NT2 [322]
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************
Error: Restore point can only be created in normal mode.
Processes closed successfully.
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-297820468-187987108-3971814952-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => removed successfully
HKLM\Software\Classes\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => not found
"C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn" => not found
"C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_9_4" => not found
C:\ProgramData\Norton => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => removed successfully
SRTSP => service not found.
SRTSPX => service not found.
SymDS => service not found.
SymEFA => service not found.
SymEvent => service not found.
SymIRON => service not found.
SymNetS => service not found.
HKLM\System\CurrentControlSet\Services\iswSvc => removed successfully
iswSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\MREMP50a64 => removed successfully
MREMP50a64 => service removed successfully
HKLM\System\CurrentControlSet\Services\MREMPR5 => removed successfully
MREMPR5 => service removed successfully
HKLM\System\CurrentControlSet\Services\MRENDIS5 => removed successfully
MRENDIS5 => service removed successfully
HKLM\System\CurrentControlSet\Services\MRESP50a64 => removed successfully
MRESP50a64 => service removed successfully
C:\Users\Gabriela\AppData\Local\{0C213795-078D-4192-8894-E55995C86F03} => moved successfully
C:\Users\Gabriela\AppData\Local\{1B062759-EB48-49F3-B2F0-5D9F1C436E80} => moved successfully
C:\Users\Gabriela\AppData\Local\{21D525A5-8C07-4128-A2B6-8EC3B46EC8CF} => moved successfully
C:\Users\Gabriela\AppData\Local\{3A58E67E-862B-4E90-823E-5197843BC769} => moved successfully
C:\Users\Gabriela\AppData\Local\{5EB48E99-BDA6-4981-804B-541663771DA4} => moved successfully
C:\Users\Gabriela\AppData\Local\{61772A00-82B9-4566-89C5-A129FE1A29F1} => moved successfully
C:\Users\Gabriela\AppData\Local\{73AAB017-39E5-4760-931F-74F46E4382FB} => moved successfully
C:\Users\Gabriela\AppData\Local\{755D553A-D990-4308-8CF0-3B185F6AAA48} => moved successfully
C:\Users\Gabriela\AppData\Local\{76B708F8-A444-419C-A1FD-66445CD82DDA} => moved successfully
C:\Users\Gabriela\AppData\Local\{825BAD9F-632A-4ACA-BBE4-A78601F081B5} => moved successfully
C:\Users\Gabriela\AppData\Local\{8FE9FDF2-38C9-4CFB-9A5E-B776F0D0503A} => moved successfully
C:\Users\Gabriela\AppData\Local\{B046ABCE-230A-41BB-8BB2-CDD317710292} => moved successfully
C:\Users\Gabriela\AppData\Local\{BD67F23D-ED39-46CA-8427-6B75A51FFD32} => moved successfully
C:\Users\Gabriela\AppData\Local\{EF0593FD-B03E-477B-B3C2-90DA50F7002C} => moved successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => not found
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => not found
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => not found
"C:\Program Files (x86)\Norton Internet Security" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07CB5A75-96E0-4D66-88C7-F2666F94077D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07CB5A75-96E0-4D66-88C7-F2666F94077D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{567AB5F6-7B7F-4D40-9CD6-07C0C881FB7A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{567AB5F6-7B7F-4D40-9CD6-07C0C881FB7A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A02E356-8F73-4897-897D-24DF20596254}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A02E356-8F73-4897-897D-24DF20596254}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7403A64B-C5F5-45E1-9B83-6418BA37B83D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7403A64B-C5F5-45E1-9B83-6418BA37B83D}" => removed successfully
C:\windows\System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Symantec\Norton Error Processor 18.7.2.3" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA8B58E1-3E8D-42FD-A07E-0263B44DA802}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA8B58E1-3E8D-42FD-A07E-0263B44DA802}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BB059FE-AF1E-413A-B70E-43D0368471A2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BB059FE-AF1E-413A-B70E-43D0368471A2}" => removed successfully
C:\windows\System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Symantec\Norton Error Analyzer 18.7.2.3" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA8B58E1-3E8D-42FD-A07E-0263B44DA802}" => not found
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removed successfully
"BVTFilter" => removed successfully
"BVTConsumer" => removed successfully
"C:\Users\Gabriela\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk" => not found
C:\Users\Gabriela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk => Shortcut argument removed successfully
C:\Users\Gabriela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk => Shortcut argument removed successfully
C:\ProgramData => ":NT" ADS removed successfully
C:\ProgramData => ":NT2" ADS removed successfully
"C:\Users\All Users" => ":NT" ADS not found.
"C:\Users\All Users" => ":NT2" ADS not found.
"C:\ProgramData\Application Data" => ":NT" ADS not found.
"C:\ProgramData\Application Data" => ":NT2" ADS not found.
C:\ProgramData\MTA San Andreas All => ":NT" ADS removed successfully
C:\ProgramData\MTA San Andreas All => ":NT2" ADS removed successfully
C:\Users\Gabriela\Datos de programa => ":NT" ADS removed successfully
C:\Users\Gabriela\Datos de programa => ":NT2" ADS removed successfully
"C:\Users\Gabriela\AppData\Roaming" => ":NT" ADS not found.
"C:\Users\Gabriela\AppData\Roaming" => ":NT2" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-297820468-187987108-3971814952-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-297820468-187987108-3971814952-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
========= netsh winsock reset =========
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
========= End of CMD: =========
========= ipconfig /renew =========
Configuraci¢n IP de Windows
========= End of CMD: =========
========= ipconfig /flushdns =========
Configuraci¢n IP de Windows
No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to connect to BITS - 0x8007042c
========= End of CMD: =========
========= netsh advfirewall reset =========
Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est ejecutando e intente la solicitud de nuevo.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est ejecutando e intente la solicitud de nuevo.
========= End of CMD: =========
========= netsh int ipv4 reset =========
No hay valores configurados por el usuario para restablecer.
========= End of CMD: =========
========= netsh int ipv6 reset =========
No hay valores configurados por el usuario para restablecer.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16752190 B
Java, Flash, Steam htmlcache => 409925999 B
Windows/system/drivers => 1919747 B
Edge => 0 B
Chrome => 0 B
Firefox => 10519271 B
Opera => 164857958 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83725 B
systemprofile32 => 11739563 B
LocalService => 0 B
NetworkService => 136140 B
UpdatusUser => 0 B
Gabriela => 435517071 B
Invitado => 4093546 B
RecycleBin => 90033096 B
EmptyTemp: => 1.1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 18:24:06 ====El problema persiste. 
Descarga al escritorio FSS
Botón derecho - ejecutar como administrador y marcas las casillas:
- Internet Services
- Windows update
- Windows Defender
Pulsas el botón Scan y me pegas el log que se va a generar
Farbar Service Scanner Version: 27-01-2016
Ran by Gabriela (administrator) on 20-01-2019 at 18:51:46
Running from "C:\Users\Gabriela\Favorites\Desktop"
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****Disculpa, cometi un error.
Realiza lo mismo de antes, pero esta vez solo con las casillas marcadas restantes y desmarcas las que te indique en mi anterior respuesta