Lo intenté desde agregar o quitar programas, desde el propio desinstalador del malwarebytes, con el Revo uninstallers y no se cuantos mas, siempre da el mismo mensaje de error: Runtme error (at 407:201). access violation at adress 0f5bc542 in module suhlpr.dll. Read for adress 0000000, le pasé el Adwcleaner, eliminó varias amenazas, pero sigue igual. Alguna ayuda por favor, gracias.
Hola @Marcelo_Bianchi
Bienvenido a esta nueva etapa de InfoSpyware!!!
En tu próxima respuesta pega el reporte de AdwCleaner.
Luego realiza lo siguiente:
1.- Desactiva temporalmente su antivirus y cualquier programa de seguridad.
2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?
- Ejecuta FRST.exe.
- En el mensaje de la ventana del Disclaimer, pulsamos Yes
- En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
- Se abriran dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.
Guía: Como Ejecutar FRST
3.- En tu próxima respuesta, pega los reportes generados.
Guía : ¿Como Pegar reportes en el Foro?
Esperamos esos reporte.
Salu2.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2019 01
Ran by MARCELO (administrator) on MARCELO-PC (BIOSTAR Group N61PA-M2S) (20-04-2019 14:48:04)
Running from D:\!!NO BORRAR\Downloads
Loaded Profiles: MARCELO (Available Profiles: MARCELO)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Windows\Temp\AdAppMgrUpdater.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [170128 2019-04-10] (ESET, spol. s r.o. -> ESET)
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [44016 2019-04-08] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1151016 2016-02-02] (Autodesk, Inc -> Autodesk, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-10] (Google LLC -> Google Inc.)
BootExecute: autocheck autochk *
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1980B2DD-05C6-468C-9589-5AC0E51D9206} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {20C23B6C-DA67-4BFB-8626-CC457B71A906} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1166572213-2147164125-1135358989-1000 => C:\ProgramData\MEGAsync\MEGAupdater.exe (Mega Limited -> Mega Limited)
Task: {297B8544-9FFC-4808-A0C9-116CFC742DCA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {60FE3F3F-D99E-4BA1-82CB-0FCF80A06FA0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6E59EDCE-2C78-4102-9786-8D9A9C8F786A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7E3C529E-403E-4BF3-82F3-3242083FE97D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8B820CB7-3119-47BC-B22A-D7A00DE7C686} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8C92A1FA-4CBD-44C0-9AE3-8D8BF064C75B} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe () [File not signed]
Task: {90E5A160-0087-406A-8AB6-01F833F08DA9} - System32\Tasks\AutoRearm => C:\Windows\AutoRearm\AutoRearm.exe () [File not signed]
Task: {93672AFD-C44D-440E-8CC1-53B241CD3CA1} - System32\Tasks\EPSON L380 Series Update {BED6025A-3492-412D-BE5A-4F9E441E93BF} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSRQE.EXE (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {A58089FB-2FE8-4D7B-A329-63C1B58AD62D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {AF4ABBE4-36F6-4D05-8094-8E983DCD8E06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Inc. -> Adobe)
Task: {F14C3C7E-52A7-418C-820A-EA529844A69C} - System32\Tasks\{BDB4B602-8DB0-43B2-A30E-14D8EEF89860} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
Task: {F1E91C11-F338-4BE9-BE34-190050217A0E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe (Adobe Inc. -> Adobe)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\EPSON L380 Series Update {BED6025A-3492-412D-BE5A-4F9E441E93BF}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSRQE.EXE:/EXE:{BED6025A-3492-412D-BE5A-4F9E441E93BF} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{07796CC6-62EF-48F8-8467-28748D7CB128}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D3088D10-33EA-4247-B2DA-61AC05100460}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 4i68gl3l.default-1548876356353
FF ProfilePath: C:\Users\MARCELO\AppData\Roaming\Mozilla\Firefox\Profiles\4i68gl3l.default-1548876356353 [2019-04-20]
FF HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\MARCELO\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1166572213-2147164125-1135358989-1000: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\MARCELO\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com.ar/
CHR StartupUrls: Default -> "hxxps://www.google.com.ar/"
CHR Profile: C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default [2019-04-14]
CHR Extension: (Documentos) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-13]
CHR Extension: (Google Drive) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-13]
CHR Extension: (YouTube) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-13]
CHR Extension: (Ace Script) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2019-02-10]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-13]
CHR Extension: (Gmail) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-13]
CHR Extension: (Chrome Media Router) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-31]
CHR HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1162616 2018-11-30] (Autodesk, Inc. -> Autodesk Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1887640 2019-04-10] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [1887640 2019-04-10] (ESET, spol. s r.o. -> ESET)
S4 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [591800 2018-06-11] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [223560 2016-04-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S4 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [143424 2013-04-14] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1233376 2019-02-25] (Flexera Software LLC -> Flexera Software LLC)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
S4 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.242\WsAppService.exe [495720 2018-08-29] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 luminati_net_updater_win_hola_org; C:/Program Files/Hola/app/net_updater32.exe --updater win_hola.org [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [125056 2019-03-07] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [147288 2019-03-07] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [94856 2019-03-07] (ESET, spol. s r.o. -> ESET)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [25864 2019-04-17] (Glarysoft LTD -> Glarysoft Ltd)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2007-01-30] (Malwarebytes Corporation -> Malwarebytes)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Microsoft Windows -> Ralink Technology Corp.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-20 14:47 - 2019-04-20 14:48 - 000000000 ____D C:\FRST
2019-04-17 18:45 - 2019-04-17 18:45 - 000025864 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2019-04-17 18:45 - 2019-04-17 18:45 - 000001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2019-04-17 18:45 - 2019-04-17 18:45 - 000001042 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2019-04-17 18:45 - 2019-04-17 18:45 - 000000000 ____D C:\Users\MARCELO\AppData\Roaming\GlarySoft
2019-04-17 18:45 - 2019-04-17 18:45 - 000000000 ____D C:\Users\MARCELO\AppData\Roaming\DiskDefrag
2019-04-17 18:45 - 2019-04-17 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2019-04-17 18:45 - 2019-04-17 18:45 - 000000000 ____D C:\Program Files\Glary Utilities 5
2019-04-10 09:33 - 2019-04-10 17:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-04-03 12:03 - 2019-04-03 12:03 - 000001191 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-04-03 12:03 - 2019-04-03 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-04-03 12:03 - 2019-04-03 12:03 - 000000000 ____D C:\Program Files\VS Revo Group
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-20 14:49 - 2019-02-09 19:13 - 000000000 ____D C:\Windows\system32\Macromed
2019-04-20 13:53 - 2018-12-14 23:53 - 000000917 _____ C:\Windows\Tasks\EPSON L380 Series Update {BED6025A-3492-412D-BE5A-4F9E441E93BF}.job
2019-04-20 13:01 - 2018-12-13 21:21 - 000000000 ____D C:\Users\MARCELO\AppData\LocalLow\Mozilla
2019-04-20 13:01 - 2009-07-14 01:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-20 13:01 - 2009-07-14 01:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-20 12:59 - 2011-04-11 22:30 - 000746992 _____ C:\Windows\system32\perfh00A.dat
2019-04-20 12:59 - 2011-04-11 22:30 - 000158464 _____ C:\Windows\system32\perfc00A.dat
2019-04-20 12:59 - 2010-11-20 18:01 - 001675926 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-20 12:59 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf
2019-04-20 12:55 - 2019-02-24 23:55 - 000000000 ____D C:\ProgramData\Autodesk
2019-04-20 12:54 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-11 02:15 - 2018-12-17 20:06 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-11 02:01 - 2018-12-14 15:12 - 000000000 ____D C:\Users\MARCELO\AppData\Local\ElevatedDiagnostics
2019-04-11 02:01 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\system32\NDF
2019-04-10 17:07 - 2018-12-13 21:21 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-04-10 13:55 - 2018-12-13 18:27 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-10 13:55 - 2018-12-13 18:27 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-09 22:30 - 2019-02-09 19:13 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-04-09 22:30 - 2019-02-09 19:13 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-04-06 04:35 - 2018-12-27 17:11 - 000001268 _____ C:\Users\Public\Desktop\Skype.lnk
2019-04-06 04:35 - 2018-12-27 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-03-28 04:31 - 2009-07-14 01:53 - 000032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2019-01-10 20:01 - 2019-01-10 20:02 - 000012304 _____ () C:\Users\MARCELO\copia de seguridad registro.reg
2018-12-14 22:37 - 2018-09-19 17:21 - 000000741 _____ () C:\Users\MARCELO\Install.cmd
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2019-04-17 17:48
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-04-2019 01
Ran by MARCELO (20-04-2019 14:49:18)
Running from D:\!!NO BORRAR\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2018-12-12 23:11:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-1166572213-2147164125-1135358989-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1166572213-2147164125-1135358989-1002 - Limited - Enabled)
Invitado (S-1-5-21-1166572213-2147164125-1135358989-501 - Limited - Disabled)
MARCELO (S-1-5-21-1166572213-2147164125-1135358989-1000 - Administrator - Enabled) => C:\Users\MARCELO
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
A360 Desktop (HKLM\...\{7758802D-9486-4883-9927-CCAC366A3BA4}) (Version: 7.2.3.1800 - Autodesk)
ACA & MEP 2017 Object Enabler (HKLM\...\{28B89EEF-0004-0000-5002-CF3F3A09B77D}) (Version: 7.9.45.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-0001-0000-3002-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Photoshop CS6 versión 13.0.1 (HKLM\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Aplicación de escritorio de Autodesk (HKLM\...\Autodesk Desktop App) (Version: 7.0.12.84 - Autodesk)
Aplicaciones destacadas de Autodesk 2016-2017 (HKLM\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
aTuner (remove only) (HKLM\...\aTuner) (Version: aTuner 1.9.85 - )
AutoCAD 2017 - Español (Spanish) (HKLM\...\{28B89EEF-0001-040A-2002-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - Español (Spanish) (HKLM\...\{28B89EEF-0001-040A-1002-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (HKLM\...\{28B89EEF-0001-0000-0002-CF3F3A09B77D}) (Version: 21.0.104.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2017 - Español (Spanish) (HKLM\...\AutoCAD 2017 - Español (Spanish)) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD 2017 SP 1 (HKLM\...\AutoCAD 2017 SP1) (Version: 21.0.104.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 32 bit (HKLM\...\{A65662B5-45CC-41D3-AEDC-1448577664EE}) (Version: 4.37.6853 - Autodesk)
Autodesk Material Library 2017 (HKLM\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Desinstalar impresora EPSON L380 Series (HKLM\...\EPSON L380 Series) (Version: - Seiko Epson Corporation)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM\...\{922E2D91-9314-45AA-9AEF-E585F93B59A9}) (Version: 2.6.1.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM\...\{006C8256-3855-43BF-8BA5-4B4C40F41F71}) (Version: 3.10.0065 - Seiko Epson Corporation)
Epson Scan 2 (HKLM\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM\...\{6DBD132B-7F42-4594-BBE7-0BB677EB2926}) (Version: 4.4.2 - SEIKO EPSON CORPORATION)
ESET Security (HKLM\...\{0BA8BBB6-4354-40BD-AA15-D4FF2E551998}) (Version: 12.1.34.0 - ESET, spol. s r.o.)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Glary Utilities 5.117 (HKLM\...\Glary Utilities 5) (Version: 5.117.0.142 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Importación de SketchUp 2016-2017 (HKLM\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Manual Epson L380 (HKLM\...\UsersGuideManual Epson L380_is1) (Version: 1.0 - Epson America, Inc.)
MEGAsync (HKLM\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Mozilla Firefox 66.0.3 (x86 es-AR) (HKLM\...\Mozilla Firefox 66.0.3 (x86 es-AR)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3.7038 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Skype versión 8.42 (HKLM\...\Skype_is1) (Version: 8.42 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1166572213-2147164125-1135358989-1000_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1166572213-2147164125-1135358989-1000_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1166572213-2147164125-1135358989-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\es-ES\acadficn.dll (Autodesk Development Sarl -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-06] (Autodesk, Inc -> Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2016-02-06] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-04-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2019-03-10] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-04-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2019-03-10] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-04-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2019-03-10] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) ==============
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 23:04 - 2019-01-17 15:01 - 000000051 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MARCELO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: ekrn => 2
MSCONFIG\Services: EpsonCustomerResearchParticipation => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: EPSON_PM_RPCV4_06 => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: WsAppService => 2
MSCONFIG\startupfolder: C:^Users^MARCELO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: Autodesk Desktop App => "C:\Program Files\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{C8E371A9-3B4E-4728-9C29-8731276D32B9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0A4FE611-8FB7-4857-A66F-502EA82D2C68}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C1B9A686-061D-44B8-9065-C9DD42E8E54E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5782F712-39CD-4547-AC8D-716056C59B90}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A801C313-D53C-48F7-BAD6-950D3727DFCB}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7083E7F3-860E-4C97-B588-4B3B619797F7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0F91326B-6FEF-4DCF-A211-019EB8130189}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{26E5167A-773D-454B-BF2E-012D1839AFCA}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{D170B6B2-B46A-461C-BDF0-ED2338C290CB}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{25023EC7-C16F-4AAC-800B-89776C6C393E}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{F756C582-5A44-4D17-89B0-53135A7250AF}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{9E456B40-1E0C-46A4-96E2-98B688F22465}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{86BF6AF6-F796-4EF0-BAC1-B5F7955F686A}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8DB4B088-F008-47A5-B009-2043E9CFCA14}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
==================== Restore Points =========================
03-04-2019 12:04:13 Revo Uninstaller's restore point - Malwarebytes versión 3.6.1.2711
03-04-2019 12:15:17 Revo Uninstaller's restore point - Malwarebytes versión 3.6.1.2711
17-04-2019 17:55:22 Punto de control programado
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/20/2019 01:40:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "c:\program files\glary utilities 5\DPInst64.exe".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
Error: (04/20/2019 01:38:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\EPSON Software\Download Navigator\EPSDNLMW64.EXE".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
Error: (04/20/2019 12:56:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/19/2019 10:51:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/19/2019 02:05:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/19/2019 07:36:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/18/2019 01:20:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/17/2019 05:48:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\EPSON Software\Download Navigator\EPSDNLMW64.EXE".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
System errors:
=============
Error: (04/20/2019 02:49:22 PM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk0\DR0.
Error: (04/20/2019 12:59:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {F36AD0D0-B5F0-4C69-AF08-603D177FEF0E} no se registró con DCOM dentro del tiempo de espera requerido.
Error: (04/20/2019 12:54:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Luminati Net Updater no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.
Error: (04/20/2019 12:53:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Autodesk Desktop App Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
Error: (04/20/2019 12:53:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Luminati Net Updater terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.
Error: (04/20/2019 12:53:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.
Error: (04/20/2019 12:53:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Hola VPN Updater terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.
Error: (04/20/2019 12:53:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Hola VPN Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+
Percentage of memory in use: 86%
Total physical RAM: 2942.55 MB
Available physical RAM: 391.63 MB
Total Virtual: 5883.39 MB
Available Virtual: 2947.58 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:124.66 GB) (Free:84.61 GB) NTFS
Drive d: () (Fixed) (Total:806.75 GB) (Free:787.11 GB) NTFS
Drive e: (Mi disco) (CDROM) (Total:0.36 GB) (Free:0 GB) CDFS
\\?\Volume{980f26a4-fe62-11e8-8ff8-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=124.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=806.8 GB) - (Type=05)
==================== End of Addition.txt ============================
No encuentro el informe del Adwcleaner, ni el programa, NO lo desinstalé, solo cerre la ventana, lo unico que encuentro es el instalador.
Aqui encontré lo del Adwcleaner, son dos informes:
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-18.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-20-2019
# Duration: 00:00:17
# OS: Windows 7 Ultimate
# Scanned: 27356
# Detected: 40
***** [ Services ] *****
PUP.Optional.Legacy hola_svc
PUP.Optional.Legacy hola_updater
***** [ Folders ] *****
PUP.Optional.Legacy C:\Program Files\Hola
PUP.Optional.Legacy C:\Users\MARCELO\AppData\LocalLow\.acestream
PUP.Optional.Legacy C:\Users\MARCELO\AppData\Roaming\.acestream
PUP.Optional.Legacy C:\Users\MARCELO\AppData\Roaming\Hola
PUP.Optional.Legacy C:\Users\MARCELO\AppData\Roaming\acestream
PUP.Optional.Legacy C:\_acestream_cache_
***** [ Files ] *****
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola.lnk
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.ASMagicPlayer HKCU\Software\Classes\acestream
PUP.Optional.AceStream HKCU\Software\RegisteredApplications|AceStream
PUP.Optional.Legacy HKCU\SOFTWARE\Classes\Applications\ace_player.exe
PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
PUP.Optional.Legacy HKCU\Software\AceStream
PUP.Optional.Legacy HKCU\Software\Classes\.acelive
PUP.Optional.Legacy HKCU\Software\Classes\.acemedia
PUP.Optional.Legacy HKCU\Software\Classes\.acestream
PUP.Optional.Legacy HKCU\Software\Classes\.tslive
PUP.Optional.Legacy HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
PUP.Optional.Legacy HKCU\Software\Classes\DVD\shell\PlayWithACEStream
PUP.Optional.Legacy HKCU\Software\Hola
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9F581438-8044-4B0E-B954-DE1B13984C93}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F21999E4-D84E-45FE-B8D2-BA505C0C6932}
PUP.Optional.Legacy HKLM\Software\Classes\.acestream
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
PUP.Optional.Legacy HKLM\Software\Hola
PUP.Optional.Legacy HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\hola
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hola
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
AdwCleaner[S00].txt - [1253 octets] - [12/01/2019 12:01:28]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-18.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-20-2019
# Duration: 00:00:27
# OS: Windows 7 Ultimate
# Cleaned: 40
# Failed: 0
***** [ Services ] *****
Deleted hola_svc
Deleted hola_updater
***** [ Folders ] *****
Deleted C:\Program Files\Hola
Deleted C:\Users\MARCELO\AppData\LocalLow\.acestream
Deleted C:\Users\MARCELO\AppData\Roaming\.acestream
Deleted C:\Users\MARCELO\AppData\Roaming\Hola
Deleted C:\Users\MARCELO\AppData\Roaming\acestream
Deleted C:\_acestream_cache_
***** [ Files ] *****
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\SOFTWARE\Classes\Applications\ace_player.exe
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Deleted HKCU\Software\AceStream
Deleted HKCU\Software\Classes\.acelive
Deleted HKCU\Software\Classes\.acemedia
Deleted HKCU\Software\Classes\.acestream
Deleted HKCU\Software\Classes\.tslive
Deleted HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
Deleted HKCU\Software\Classes\DVD\shell\PlayWithACEStream
Deleted HKCU\Software\Classes\acestream
Deleted HKCU\Software\Hola
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Deleted HKCU\Software\RegisteredApplications|AceStream
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9F581438-8044-4B0E-B954-DE1B13984C93}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F21999E4-D84E-45FE-B8D2-BA505C0C6932}
Deleted HKLM\Software\Classes\.acestream
Deleted HKLM\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
Deleted HKLM\Software\Hola
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\hola
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hola
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1253 octets] - [12/01/2019 12:01:28]
AdwCleaner[S01].txt - [4965 octets] - [20/04/2019 12:52:57]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
Hola @Marcelo_Bianchi
Ejecutaste FRST desde un lugar incorrecto, si lees los pasos se indica claramente que debe ser ejecutado desde el escritorio donde esta el SO por lo general C:
Cortas el ejecutable lo colocas en el escritorio, lo ejecutas y nos traes los nuevos reportes.
Salu2.
OK, ejecutado desde el escritorio:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2019 01
Ran by MARCELO (administrator) on MARCELO-PC (BIOSTAR Group N61PA-M2S) (20-04-2019 19:29:59)
Running from D:\!!NO BORRAR\Desktop
Loaded Profiles: MARCELO (Available Profiles: MARCELO)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Windows\Temp\AdAppMgrUpdater.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [170128 2019-04-10] (ESET, spol. s r.o. -> ESET)
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [44016 2019-04-08] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1151016 2016-02-02] (Autodesk, Inc -> Autodesk, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-10] (Google LLC -> Google Inc.)
BootExecute: autocheck autochk *
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1980B2DD-05C6-468C-9589-5AC0E51D9206} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {20C23B6C-DA67-4BFB-8626-CC457B71A906} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1166572213-2147164125-1135358989-1000 => C:\ProgramData\MEGAsync\MEGAupdater.exe (Mega Limited -> Mega Limited)
Task: {297B8544-9FFC-4808-A0C9-116CFC742DCA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {60FE3F3F-D99E-4BA1-82CB-0FCF80A06FA0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6E59EDCE-2C78-4102-9786-8D9A9C8F786A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7E3C529E-403E-4BF3-82F3-3242083FE97D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8B820CB7-3119-47BC-B22A-D7A00DE7C686} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8C92A1FA-4CBD-44C0-9AE3-8D8BF064C75B} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe () [File not signed]
Task: {90E5A160-0087-406A-8AB6-01F833F08DA9} - System32\Tasks\AutoRearm => C:\Windows\AutoRearm\AutoRearm.exe () [File not signed]
Task: {93672AFD-C44D-440E-8CC1-53B241CD3CA1} - System32\Tasks\EPSON L380 Series Update {BED6025A-3492-412D-BE5A-4F9E441E93BF} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSRQE.EXE (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {A58089FB-2FE8-4D7B-A329-63C1B58AD62D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {AF4ABBE4-36F6-4D05-8094-8E983DCD8E06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Inc. -> Adobe)
Task: {F14C3C7E-52A7-418C-820A-EA529844A69C} - System32\Tasks\{BDB4B602-8DB0-43B2-A30E-14D8EEF89860} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
Task: {F1E91C11-F338-4BE9-BE34-190050217A0E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe (Adobe Inc. -> Adobe)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\EPSON L380 Series Update {BED6025A-3492-412D-BE5A-4F9E441E93BF}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSRQE.EXE:/EXE:{BED6025A-3492-412D-BE5A-4F9E441E93BF} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{07796CC6-62EF-48F8-8467-28748D7CB128}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D3088D10-33EA-4247-B2DA-61AC05100460}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 4i68gl3l.default-1548876356353
FF ProfilePath: C:\Users\MARCELO\AppData\Roaming\Mozilla\Firefox\Profiles\4i68gl3l.default-1548876356353 [2019-04-20]
FF HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\MARCELO\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1166572213-2147164125-1135358989-1000: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\MARCELO\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com.ar/
CHR StartupUrls: Default -> "hxxps://www.google.com.ar/"
CHR Profile: C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default [2019-04-14]
CHR Extension: (Documentos) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-13]
CHR Extension: (Google Drive) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-13]
CHR Extension: (YouTube) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-13]
CHR Extension: (Ace Script) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2019-02-10]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-13]
CHR Extension: (Gmail) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-13]
CHR Extension: (Chrome Media Router) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-31]
CHR HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1162616 2018-11-30] (Autodesk, Inc. -> Autodesk Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1887640 2019-04-10] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [1887640 2019-04-10] (ESET, spol. s r.o. -> ESET)
S4 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [591800 2018-06-11] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [223560 2016-04-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S4 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [143424 2013-04-14] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1233376 2019-02-25] (Flexera Software LLC -> Flexera Software LLC)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
S4 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.242\WsAppService.exe [495720 2018-08-29] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 luminati_net_updater_win_hola_org; C:/Program Files/Hola/app/net_updater32.exe --updater win_hola.org [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [125056 2019-03-07] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [147288 2019-03-07] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [94856 2019-03-07] (ESET, spol. s r.o. -> ESET)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [25864 2019-04-17] (Glarysoft LTD -> Glarysoft Ltd)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2007-01-30] (Malwarebytes Corporation -> Malwarebytes)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Microsoft Windows -> Ralink Technology Corp.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-20 14:47 - 2019-04-20 19:29 - 000000000 ____D C:\FRST
2019-04-17 18:45 - 2019-04-17 18:45 - 000025864 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2019-04-17 18:45 - 2019-04-17 18:45 - 000001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2019-04-17 18:45 - 2019-04-17 18:45 - 000001042 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2019-04-17 18:45 - 2019-04-17 18:45 - 000000000 ____D C:\Users\MARCELO\AppData\Roaming\GlarySoft
2019-04-17 18:45 - 2019-04-17 18:45 - 000000000 ____D C:\Users\MARCELO\AppData\Roaming\DiskDefrag
2019-04-17 18:45 - 2019-04-17 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2019-04-17 18:45 - 2019-04-17 18:45 - 000000000 ____D C:\Program Files\Glary Utilities 5
2019-04-10 09:33 - 2019-04-10 17:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-04-03 12:03 - 2019-04-03 12:03 - 000001191 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-04-03 12:03 - 2019-04-03 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-04-03 12:03 - 2019-04-03 12:03 - 000000000 ____D C:\Program Files\VS Revo Group
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-20 18:53 - 2018-12-14 23:53 - 000000917 _____ C:\Windows\Tasks\EPSON L380 Series Update {BED6025A-3492-412D-BE5A-4F9E441E93BF}.job
2019-04-20 18:49 - 2019-02-09 19:13 - 000000000 ____D C:\Windows\system32\Macromed
2019-04-20 17:54 - 2009-07-14 01:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-20 17:54 - 2009-07-14 01:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-20 13:01 - 2018-12-13 21:21 - 000000000 ____D C:\Users\MARCELO\AppData\LocalLow\Mozilla
2019-04-20 12:59 - 2011-04-11 22:30 - 000746992 _____ C:\Windows\system32\perfh00A.dat
2019-04-20 12:59 - 2011-04-11 22:30 - 000158464 _____ C:\Windows\system32\perfc00A.dat
2019-04-20 12:59 - 2010-11-20 18:01 - 001675926 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-20 12:59 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf
2019-04-20 12:55 - 2019-02-24 23:55 - 000000000 ____D C:\ProgramData\Autodesk
2019-04-20 12:54 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-11 02:15 - 2018-12-17 20:06 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-11 02:01 - 2018-12-14 15:12 - 000000000 ____D C:\Users\MARCELO\AppData\Local\ElevatedDiagnostics
2019-04-11 02:01 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\system32\NDF
2019-04-10 17:07 - 2018-12-13 21:21 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-04-10 13:55 - 2018-12-13 18:27 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-10 13:55 - 2018-12-13 18:27 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-09 22:30 - 2019-02-09 19:13 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-04-09 22:30 - 2019-02-09 19:13 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-04-06 04:35 - 2018-12-27 17:11 - 000001268 _____ C:\Users\Public\Desktop\Skype.lnk
2019-04-06 04:35 - 2018-12-27 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-03-28 04:31 - 2009-07-14 01:53 - 000032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2019-01-10 20:01 - 2019-01-10 20:02 - 000012304 _____ () C:\Users\MARCELO\copia de seguridad registro.reg
2018-12-14 22:37 - 2018-09-19 17:21 - 000000741 _____ () C:\Users\MARCELO\Install.cmd
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2019-04-17 17:48
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-04-2019 01
Ran by MARCELO (20-04-2019 19:31:05)
Running from D:\!!NO BORRAR\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2018-12-12 23:11:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-1166572213-2147164125-1135358989-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1166572213-2147164125-1135358989-1002 - Limited - Enabled)
Invitado (S-1-5-21-1166572213-2147164125-1135358989-501 - Limited - Disabled)
MARCELO (S-1-5-21-1166572213-2147164125-1135358989-1000 - Administrator - Enabled) => C:\Users\MARCELO
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
A360 Desktop (HKLM\...\{7758802D-9486-4883-9927-CCAC366A3BA4}) (Version: 7.2.3.1800 - Autodesk)
ACA & MEP 2017 Object Enabler (HKLM\...\{28B89EEF-0004-0000-5002-CF3F3A09B77D}) (Version: 7.9.45.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-0001-0000-3002-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Photoshop CS6 versión 13.0.1 (HKLM\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Aplicación de escritorio de Autodesk (HKLM\...\Autodesk Desktop App) (Version: 7.0.12.84 - Autodesk)
Aplicaciones destacadas de Autodesk 2016-2017 (HKLM\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
aTuner (remove only) (HKLM\...\aTuner) (Version: aTuner 1.9.85 - )
AutoCAD 2017 - Español (Spanish) (HKLM\...\{28B89EEF-0001-040A-2002-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - Español (Spanish) (HKLM\...\{28B89EEF-0001-040A-1002-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (HKLM\...\{28B89EEF-0001-0000-0002-CF3F3A09B77D}) (Version: 21.0.104.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2017 - Español (Spanish) (HKLM\...\AutoCAD 2017 - Español (Spanish)) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD 2017 SP 1 (HKLM\...\AutoCAD 2017 SP1) (Version: 21.0.104.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 32 bit (HKLM\...\{A65662B5-45CC-41D3-AEDC-1448577664EE}) (Version: 4.37.6853 - Autodesk)
Autodesk Material Library 2017 (HKLM\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Desinstalar impresora EPSON L380 Series (HKLM\...\EPSON L380 Series) (Version: - Seiko Epson Corporation)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM\...\{922E2D91-9314-45AA-9AEF-E585F93B59A9}) (Version: 2.6.1.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM\...\{006C8256-3855-43BF-8BA5-4B4C40F41F71}) (Version: 3.10.0065 - Seiko Epson Corporation)
Epson Scan 2 (HKLM\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM\...\{6DBD132B-7F42-4594-BBE7-0BB677EB2926}) (Version: 4.4.2 - SEIKO EPSON CORPORATION)
ESET Security (HKLM\...\{0BA8BBB6-4354-40BD-AA15-D4FF2E551998}) (Version: 12.1.34.0 - ESET, spol. s r.o.)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Glary Utilities 5.117 (HKLM\...\Glary Utilities 5) (Version: 5.117.0.142 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Importación de SketchUp 2016-2017 (HKLM\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Manual Epson L380 (HKLM\...\UsersGuideManual Epson L380_is1) (Version: 1.0 - Epson America, Inc.)
MEGAsync (HKLM\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Mozilla Firefox 66.0.3 (x86 es-AR) (HKLM\...\Mozilla Firefox 66.0.3 (x86 es-AR)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3.7038 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Skype versión 8.42 (HKLM\...\Skype_is1) (Version: 8.42 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1166572213-2147164125-1135358989-1000_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1166572213-2147164125-1135358989-1000_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1166572213-2147164125-1135358989-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\es-ES\acadficn.dll (Autodesk Development Sarl -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-06] (Autodesk, Inc -> Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2016-02-06] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-04-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2019-03-10] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-04-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2019-03-10] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-04-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2019-03-10] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) ==============
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 23:04 - 2019-01-17 15:01 - 000000051 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MARCELO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: ekrn => 2
MSCONFIG\Services: EpsonCustomerResearchParticipation => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: EPSON_PM_RPCV4_06 => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: WsAppService => 2
MSCONFIG\startupfolder: C:^Users^MARCELO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: Autodesk Desktop App => "C:\Program Files\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{C8E371A9-3B4E-4728-9C29-8731276D32B9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0A4FE611-8FB7-4857-A66F-502EA82D2C68}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C1B9A686-061D-44B8-9065-C9DD42E8E54E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5782F712-39CD-4547-AC8D-716056C59B90}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A801C313-D53C-48F7-BAD6-950D3727DFCB}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7083E7F3-860E-4C97-B588-4B3B619797F7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0F91326B-6FEF-4DCF-A211-019EB8130189}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{26E5167A-773D-454B-BF2E-012D1839AFCA}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{D170B6B2-B46A-461C-BDF0-ED2338C290CB}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{25023EC7-C16F-4AAC-800B-89776C6C393E}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{F756C582-5A44-4D17-89B0-53135A7250AF}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{9E456B40-1E0C-46A4-96E2-98B688F22465}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{86BF6AF6-F796-4EF0-BAC1-B5F7955F686A}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8DB4B088-F008-47A5-B009-2043E9CFCA14}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
==================== Restore Points =========================
03-04-2019 12:04:13 Revo Uninstaller's restore point - Malwarebytes versión 3.6.1.2711
03-04-2019 12:15:17 Revo Uninstaller's restore point - Malwarebytes versión 3.6.1.2711
17-04-2019 17:55:22 Punto de control programado
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/20/2019 01:40:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "c:\program files\glary utilities 5\DPInst64.exe".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
Error: (04/20/2019 01:38:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\EPSON Software\Download Navigator\EPSDNLMW64.EXE".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
Error: (04/20/2019 12:56:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/19/2019 10:51:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/19/2019 02:05:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/19/2019 07:36:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/18/2019 01:20:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/17/2019 05:48:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\EPSON Software\Download Navigator\EPSDNLMW64.EXE".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
System errors:
=============
Error: (04/20/2019 03:01:58 PM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk0\DR0.
Error: (04/20/2019 02:49:22 PM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk0\DR0.
Error: (04/20/2019 12:59:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {F36AD0D0-B5F0-4C69-AF08-603D177FEF0E} no se registró con DCOM dentro del tiempo de espera requerido.
Error: (04/20/2019 12:54:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Luminati Net Updater no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.
Error: (04/20/2019 12:53:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Autodesk Desktop App Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
Error: (04/20/2019 12:53:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Luminati Net Updater terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.
Error: (04/20/2019 12:53:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.
Error: (04/20/2019 12:53:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Hola VPN Updater terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+
Percentage of memory in use: 91%
Total physical RAM: 2942.55 MB
Available physical RAM: 246.45 MB
Total Virtual: 5883.39 MB
Available Virtual: 2884.57 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:124.66 GB) (Free:84.16 GB) NTFS
Drive d: () (Fixed) (Total:806.75 GB) (Free:787.11 GB) NTFS
Drive e: (Mi disco) (CDROM) (Total:0.36 GB) (Free:0 GB) CDFS
\\?\Volume{980f26a4-fe62-11e8-8ff8-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=124.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=806.8 GB) - (Type=05)
==================== End of Addition.txt ============================
Lo pegué en el escritorio, lo ejecuté, los informes estan en el escritorio, pero sigue diciendo “running from D”
Hola:
Donde tienes tu Sistema Operativo?
Y que tienes en la unidad D:?
Salu2
Esta en el C, en D esta esa carpeta !no borrar! que me la puso el tecnico y ahi van las descargas, aparte de otras carpetas sin importancia para el sistema.
Hola:
Que navegador usas?
Salu2
Firefox, actualizado a la ultima version.
Hola:
Cambia la carpeta en la que van las descargas de tu Firefox, selecciona el escritorio, vuelve a descargar FRST, y la ejecutas trayéndonos su reporte.
Salu2
A ver si ahora esta bien, ahora corre desde la carpeta Marcelo que esta en el escritorio en C:
S result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2019 01
Ran by MARCELO (administrator) on MARCELO-PC (BIOSTAR Group N61PA-M2S) (20-04-2019 21:15:46)
Running from C:\Users\MARCELO\Desktop
Loaded Profiles: MARCELO (Available Profiles: MARCELO)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Windows\Temp\AdAppMgrUpdater.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [170128 2019-04-10] (ESET, spol. s r.o. -> ESET)
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [44016 2019-04-08] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1151016 2016-02-02] (Autodesk, Inc -> Autodesk, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-10] (Google LLC -> Google Inc.)
BootExecute: autocheck autochk *
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1980B2DD-05C6-468C-9589-5AC0E51D9206} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {20C23B6C-DA67-4BFB-8626-CC457B71A906} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1166572213-2147164125-1135358989-1000 => C:\ProgramData\MEGAsync\MEGAupdater.exe (Mega Limited -> Mega Limited)
Task: {297B8544-9FFC-4808-A0C9-116CFC742DCA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {60FE3F3F-D99E-4BA1-82CB-0FCF80A06FA0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6E59EDCE-2C78-4102-9786-8D9A9C8F786A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7E3C529E-403E-4BF3-82F3-3242083FE97D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8B820CB7-3119-47BC-B22A-D7A00DE7C686} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8C92A1FA-4CBD-44C0-9AE3-8D8BF064C75B} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe () [File not signed]
Task: {90E5A160-0087-406A-8AB6-01F833F08DA9} - System32\Tasks\AutoRearm => C:\Windows\AutoRearm\AutoRearm.exe () [File not signed]
Task: {93672AFD-C44D-440E-8CC1-53B241CD3CA1} - System32\Tasks\EPSON L380 Series Update {BED6025A-3492-412D-BE5A-4F9E441E93BF} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSRQE.EXE (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {A58089FB-2FE8-4D7B-A329-63C1B58AD62D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {AF4ABBE4-36F6-4D05-8094-8E983DCD8E06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Inc. -> Adobe)
Task: {F14C3C7E-52A7-418C-820A-EA529844A69C} - System32\Tasks\{BDB4B602-8DB0-43B2-A30E-14D8EEF89860} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
Task: {F1E91C11-F338-4BE9-BE34-190050217A0E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe (Adobe Inc. -> Adobe)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\EPSON L380 Series Update {BED6025A-3492-412D-BE5A-4F9E441E93BF}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSRQE.EXE:/EXE:{BED6025A-3492-412D-BE5A-4F9E441E93BF} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{07796CC6-62EF-48F8-8467-28748D7CB128}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D3088D10-33EA-4247-B2DA-61AC05100460}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 4i68gl3l.default-1548876356353
FF ProfilePath: C:\Users\MARCELO\AppData\Roaming\Mozilla\Firefox\Profiles\4i68gl3l.default-1548876356353 [2019-04-20]
FF HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\MARCELO\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1166572213-2147164125-1135358989-1000: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\MARCELO\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com.ar/
CHR StartupUrls: Default -> "hxxps://www.google.com.ar/"
CHR Profile: C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default [2019-04-14]
CHR Extension: (Documentos) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-13]
CHR Extension: (Google Drive) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-13]
CHR Extension: (YouTube) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-13]
CHR Extension: (Ace Script) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2019-02-10]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-13]
CHR Extension: (Gmail) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-13]
CHR Extension: (Chrome Media Router) - C:\Users\MARCELO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-31]
CHR HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1162616 2018-11-30] (Autodesk, Inc. -> Autodesk Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1887640 2019-04-10] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [1887640 2019-04-10] (ESET, spol. s r.o. -> ESET)
S4 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [591800 2018-06-11] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [223560 2016-04-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S4 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [143424 2013-04-14] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1233376 2019-02-25] (Flexera Software LLC -> Flexera Software LLC)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
S4 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.242\WsAppService.exe [495720 2018-08-29] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 luminati_net_updater_win_hola_org; C:/Program Files/Hola/app/net_updater32.exe --updater win_hola.org [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [125056 2019-03-07] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [147288 2019-03-07] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [94856 2019-03-07] (ESET, spol. s r.o. -> ESET)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [25864 2019-04-17] (Glarysoft LTD -> Glarysoft Ltd)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2007-01-30] (Malwarebytes Corporation -> Malwarebytes)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Microsoft Windows -> Ralink Technology Corp.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-20 21:15 - 2019-04-20 21:16 - 000013740 _____ C:\Users\MARCELO\Desktop\FRST.txt
2019-04-20 21:15 - 2019-04-20 21:15 - 001793024 _____ (Farbar) C:\Users\MARCELO\Desktop\FRST.exe
2019-04-20 21:15 - 2019-04-20 21:15 - 000000000 ____D C:\FRST
2019-04-17 18:45 - 2019-04-17 18:45 - 000025864 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2019-04-17 18:45 - 2019-04-17 18:45 - 000001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2019-04-17 18:45 - 2019-04-17 18:45 - 000001042 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2019-04-17 18:45 - 2019-04-17 18:45 - 000000000 ____D C:\Users\MARCELO\AppData\Roaming\GlarySoft
2019-04-17 18:45 - 2019-04-17 18:45 - 000000000 ____D C:\Users\MARCELO\AppData\Roaming\DiskDefrag
2019-04-17 18:45 - 2019-04-17 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2019-04-17 18:45 - 2019-04-17 18:45 - 000000000 ____D C:\Program Files\Glary Utilities 5
2019-04-10 09:33 - 2019-04-10 17:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-04-03 12:03 - 2019-04-03 12:03 - 000001191 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-04-03 12:03 - 2019-04-03 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-04-03 12:03 - 2019-04-03 12:03 - 000000000 ____D C:\Program Files\VS Revo Group
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-20 21:12 - 2019-02-09 19:13 - 000000000 ____D C:\Windows\system32\Macromed
2019-04-20 21:09 - 2009-07-14 01:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-20 21:09 - 2009-07-14 01:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-20 21:06 - 2011-04-11 22:30 - 000746992 _____ C:\Windows\system32\perfh00A.dat
2019-04-20 21:06 - 2011-04-11 22:30 - 000158464 _____ C:\Windows\system32\perfc00A.dat
2019-04-20 21:06 - 2010-11-20 18:01 - 001675926 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-20 21:06 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf
2019-04-20 21:02 - 2019-02-24 23:55 - 000000000 ____D C:\ProgramData\Autodesk
2019-04-20 21:02 - 2018-12-13 21:21 - 000000000 ____D C:\Users\MARCELO\AppData\LocalLow\Mozilla
2019-04-20 21:02 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-20 19:53 - 2018-12-14 23:53 - 000000917 _____ C:\Windows\Tasks\EPSON L380 Series Update {BED6025A-3492-412D-BE5A-4F9E441E93BF}.job
2019-04-11 02:15 - 2018-12-17 20:06 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-11 02:01 - 2018-12-14 15:12 - 000000000 ____D C:\Users\MARCELO\AppData\Local\ElevatedDiagnostics
2019-04-11 02:01 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\system32\NDF
2019-04-10 17:07 - 2018-12-13 21:21 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-04-10 13:55 - 2018-12-13 18:27 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-10 13:55 - 2018-12-13 18:27 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-09 22:30 - 2019-02-09 19:13 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-04-09 22:30 - 2019-02-09 19:13 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-04-06 04:35 - 2018-12-27 17:11 - 000001268 _____ C:\Users\Public\Desktop\Skype.lnk
2019-04-06 04:35 - 2018-12-27 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-03-28 04:31 - 2009-07-14 01:53 - 000032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2019-01-10 20:01 - 2019-01-10 20:02 - 000012304 _____ () C:\Users\MARCELO\copia de seguridad registro.reg
2018-12-14 22:37 - 2018-09-19 17:21 - 000000741 _____ () C:\Users\MARCELO\Install.cmd
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2019-04-17 17:48
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-04-2019 01
Ran by MARCELO (20-04-2019 21:16:42)
Running from C:\Users\MARCELO\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2018-12-12 23:11:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-1166572213-2147164125-1135358989-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1166572213-2147164125-1135358989-1002 - Limited - Enabled)
Invitado (S-1-5-21-1166572213-2147164125-1135358989-501 - Limited - Disabled)
MARCELO (S-1-5-21-1166572213-2147164125-1135358989-1000 - Administrator - Enabled) => C:\Users\MARCELO
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
A360 Desktop (HKLM\...\{7758802D-9486-4883-9927-CCAC366A3BA4}) (Version: 7.2.3.1800 - Autodesk)
ACA & MEP 2017 Object Enabler (HKLM\...\{28B89EEF-0004-0000-5002-CF3F3A09B77D}) (Version: 7.9.45.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-0001-0000-3002-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Photoshop CS6 versión 13.0.1 (HKLM\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Aplicación de escritorio de Autodesk (HKLM\...\Autodesk Desktop App) (Version: 7.0.12.84 - Autodesk)
Aplicaciones destacadas de Autodesk 2016-2017 (HKLM\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
aTuner (remove only) (HKLM\...\aTuner) (Version: aTuner 1.9.85 - )
AutoCAD 2017 - Español (Spanish) (HKLM\...\{28B89EEF-0001-040A-2002-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - Español (Spanish) (HKLM\...\{28B89EEF-0001-040A-1002-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (HKLM\...\{28B89EEF-0001-0000-0002-CF3F3A09B77D}) (Version: 21.0.104.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2017 - Español (Spanish) (HKLM\...\AutoCAD 2017 - Español (Spanish)) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD 2017 SP 1 (HKLM\...\AutoCAD 2017 SP1) (Version: 21.0.104.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 32 bit (HKLM\...\{A65662B5-45CC-41D3-AEDC-1448577664EE}) (Version: 4.37.6853 - Autodesk)
Autodesk Material Library 2017 (HKLM\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Desinstalar impresora EPSON L380 Series (HKLM\...\EPSON L380 Series) (Version: - Seiko Epson Corporation)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM\...\{922E2D91-9314-45AA-9AEF-E585F93B59A9}) (Version: 2.6.1.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM\...\{006C8256-3855-43BF-8BA5-4B4C40F41F71}) (Version: 3.10.0065 - Seiko Epson Corporation)
Epson Scan 2 (HKLM\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM\...\{6DBD132B-7F42-4594-BBE7-0BB677EB2926}) (Version: 4.4.2 - SEIKO EPSON CORPORATION)
ESET Security (HKLM\...\{0BA8BBB6-4354-40BD-AA15-D4FF2E551998}) (Version: 12.1.34.0 - ESET, spol. s r.o.)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Glary Utilities 5.117 (HKLM\...\Glary Utilities 5) (Version: 5.117.0.142 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Importación de SketchUp 2016-2017 (HKLM\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Manual Epson L380 (HKLM\...\UsersGuideManual Epson L380_is1) (Version: 1.0 - Epson America, Inc.)
MEGAsync (HKLM\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Mozilla Firefox 66.0.3 (x86 es-AR) (HKLM\...\Mozilla Firefox 66.0.3 (x86 es-AR)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3.7038 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Skype versión 8.42 (HKLM\...\Skype_is1) (Version: 8.42 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1166572213-2147164125-1135358989-1000_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1166572213-2147164125-1135358989-1000_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1166572213-2147164125-1135358989-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\es-ES\acadficn.dll (Autodesk Development Sarl -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-06] (Autodesk, Inc -> Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2016-02-06] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-04-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2019-03-10] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-04-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2019-03-10] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2019-02-07] (Mega Limited -> )
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-04-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2019-03-10] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) ==============
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 23:04 - 2019-01-17 15:01 - 000000051 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MARCELO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: ekrn => 2
MSCONFIG\Services: EpsonCustomerResearchParticipation => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: EPSON_PM_RPCV4_06 => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: WsAppService => 2
MSCONFIG\startupfolder: C:^Users^MARCELO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: Autodesk Desktop App => "C:\Program Files\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{C8E371A9-3B4E-4728-9C29-8731276D32B9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0A4FE611-8FB7-4857-A66F-502EA82D2C68}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C1B9A686-061D-44B8-9065-C9DD42E8E54E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5782F712-39CD-4547-AC8D-716056C59B90}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A801C313-D53C-48F7-BAD6-950D3727DFCB}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7083E7F3-860E-4C97-B588-4B3B619797F7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0F91326B-6FEF-4DCF-A211-019EB8130189}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{26E5167A-773D-454B-BF2E-012D1839AFCA}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{D170B6B2-B46A-461C-BDF0-ED2338C290CB}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{25023EC7-C16F-4AAC-800B-89776C6C393E}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{F756C582-5A44-4D17-89B0-53135A7250AF}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{9E456B40-1E0C-46A4-96E2-98B688F22465}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{86BF6AF6-F796-4EF0-BAC1-B5F7955F686A}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8DB4B088-F008-47A5-B009-2043E9CFCA14}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
==================== Restore Points =========================
03-04-2019 12:04:13 Revo Uninstaller's restore point - Malwarebytes versión 3.6.1.2711
03-04-2019 12:15:17 Revo Uninstaller's restore point - Malwarebytes versión 3.6.1.2711
17-04-2019 17:55:22 Punto de control programado
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/20/2019 09:03:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/20/2019 01:40:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "c:\program files\glary utilities 5\DPInst64.exe".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
Error: (04/20/2019 01:38:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\EPSON Software\Download Navigator\EPSDNLMW64.EXE".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
Error: (04/20/2019 12:56:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/19/2019 10:51:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/19/2019 02:05:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/19/2019 07:36:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/18/2019 01:20:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
System errors:
=============
Error: (04/20/2019 09:02:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Luminati Net Updater no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.
Error: (04/20/2019 07:49:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk0\DR0.
Error: (04/20/2019 03:01:58 PM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk0\DR0.
Error: (04/20/2019 02:49:22 PM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk0\DR0.
Error: (04/20/2019 12:59:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {F36AD0D0-B5F0-4C69-AF08-603D177FEF0E} no se registró con DCOM dentro del tiempo de espera requerido.
Error: (04/20/2019 12:54:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Luminati Net Updater no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.
Error: (04/20/2019 12:53:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Autodesk Desktop App Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
Error: (04/20/2019 12:53:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Luminati Net Updater terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+
Percentage of memory in use: 81%
Total physical RAM: 2942.55 MB
Available physical RAM: 532.36 MB
Total Virtual: 5883.39 MB
Available Virtual: 3463.53 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:124.66 GB) (Free:84.09 GB) NTFS
Drive d: () (Fixed) (Total:806.75 GB) (Free:787.11 GB) NTFS
Drive e: (Mi disco) (CDROM) (Total:0.36 GB) (Free:0 GB) CDFS
\\?\Volume{980f26a4-fe62-11e8-8ff8-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=124.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=806.8 GB) - (Type=05)
==================== End of Addition.txt ============================
Hola @Marcelo_Bianchi
Realiza lo siguiente:
Abre un nuevo archivo Notepad y copia y pega este contenido:
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\...\Policies\Explorer: []
BootExecute: autocheck autochk *
FF HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\MARCELO\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin HKU\S-1-5-21-1166572213-2147164125-1135358989-1000: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\MARCELO\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
C:\Program Files\Malwarebytes
S2 luminati_net_updater_win_hola_org; C:/Program Files/Hola/app/net_updater32.exe --updater win_hola.org [X]
C:/Program Files/Hola
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2007-01-30] (Malwarebytes Corporation -> Malwarebytes)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
MSCONFIG\Services: MBAMService => 2
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
- Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.
Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.
- Ejecutas Frst.exe.
- Presionas el botón Fix y aguardas a que termine.
- La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
- Lo pegas en tu próxima respuesta.
Nos comentas como sigue el problema.
Salu2.
Hola SanMar, el Malwarebytes se desinstaló aunque quedan algunos restos que los pude eliminar manualmente, puedo reinstalarlo sin problemas? muchisimas gracias por tu ayuda y tu paciencia!!! Saludos, Marcelo.
aca va el log:
Fix result of Farbar Recovery Scan Tool (x86) Version: 22-04-2019
Ran by MARCELO (22-04-2019 02:02:48) Run:1
Running from D:\!!NO BORRAR\Desktop
Loaded Profiles: MARCELO (Available Profiles: MARCELO)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\...\Policies\Explorer: []
BootExecute: autocheck autochk *
FF HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\MARCELO\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin HKU\S-1-5-21-1166572213-2147164125-1135358989-1000: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\MARCELO\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
C:\Program Files\Malwarebytes
S2 luminati_net_updater_win_hola_org; C:/Program Files/Hola/app/net_updater32.exe --updater win_hola.org [X]
C:/Program Files/Hola
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2007-01-30] (Malwarebytes Corporation -> Malwarebytes)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
MSCONFIG\Services: MBAMService => 2
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
*****************
Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
"HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\Software\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully.
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.32 => removed successfully.
"C:\Users\MARCELO\AppData\Roaming\ACEStream\player\npace_plugin.dll" => not found
HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo => removed successfully.
HKLM\System\CurrentControlSet\Services\MBAMService => could not remove, key could be protected
C:\Program Files\Malwarebytes => moved successfully
HKLM\System\CurrentControlSet\Services\luminati_net_updater_win_hola_org => removed successfully.
luminati_net_updater_win_hola_org => service removed successfully.
C:/Program Files/Hola => Error: No automatic fix found for this entry.
MBAMChameleon => Unable to stop service.
HKLM\System\CurrentControlSet\Services\MBAMChameleon => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully.
VGPU => service removed successfully.
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removed successfully.
"BVTFilter" => removed successfully.
"BVTConsumer" => removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMService => removed successfully.
HKLM\System\CurrentControlSet\Services\MBAMService => could not remove, key could be protected
========= ipconfig /flushdns =========
Configuraci¢n IP de Windows
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
========= End of CMD: =========
========= ipconfig /renew =========
Configuraci¢n IP de Windows
Adaptador de Ethernet Conexi¢n de rea local:
Sufijo DNS espec¡fico para la conexi¢n. . :
V¡nculo: direcci¢n IPv6 local. . . : fe80::5c9:9e99:7ec4:ffc6%11
Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.3
M scara de subred . . . . . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada . . . . . : 192.168.1.1
Adaptador de t£nel isatap.{07796CC6-62EF-48F8-8467-28748D7CB128}:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de t£nel Teredo Tunneling Pseudo-Interface:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= netsh winsock reset =========
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
========= End of CMD: =========
========= netsh advfirewall reset =========
Aceptar
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Aceptar
========= End of CMD: =========
========= netsh int ipv4 reset =========
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
========= End of CMD: =========
========= netsh int ipv6 reset =========
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
========= End of CMD: =========
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1166572213-2147164125-1135358989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
========= End of RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6995605 B
Java, Flash, Steam htmlcache => 1220 B
Windows/system/drivers => 124384458 B
Edge => 0 B
Chrome => 158585862 B
Firefox => 1094596549 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 29568231 B
LocalService => 132244 B
NetworkService => 1332 B
MARCELO => 4041434 B
RecycleBin => 70259491 B
EmptyTemp: => 1.4 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-04-2019 02:08:00)
Result of scheduled keys to remove after reboot:
HKLM\System\CurrentControlSet\Services\MBAMService => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\MBAMChameleon => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\MBAMService => could not remove, key could be protected
==== End of Fixlog 02:08:01 ====
Hola @Marcelo_Bianchi
Hay algunas entradas en el registro que aun no se eliminaron, pero igualmente intenta instalarlo a ver si puedes ejecutarlo:
Manual de Malwarebytes Anti-Malware
Lo ejecutas, y nos pegas el reporte.
Salu2
Hola SanMar, cuando lo voy a instalar me pide reiniciar, reinicié, intenté de nuevo y me pide reiniciar otra vez, hay algo que no me deja instalarlo, que sera?
Hola @Marcelo_Bianchi
Prueba lo siguiente:
- Presiona las teclas Windows + R
- En la ventana que se abre escribe tal cual; services.msc
- Presiona Aceptar
- En la lista de Servicios busca : Windows Management Instrumentation o en su defecto en español Instrumental de Administración de Windows
- Doble Clic sobre el.
- Cambiar el tipo de inicio a Automático
- Aplicar y Aceptar
- Reiniciar
- En Modo Normal mira si puedes abrir Malwarebytes.
Nos comentas.
Salu2.
ya estaba en automatico