Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't start firewall windows 10


  • Please log in to reply
12 replies to this topic

#1 gallego33

gallego33

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 11 June 2016 - 10:24 PM

Hi.

I read a lot of "solutions" on the Internet, but none worked for me.

Can you help me?

Thanks in advance and sorry for my poor english (I speak spanish)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-06-2016
Ran by ingJMG (administrator) on INGJMG-PC (11-06-2016 17:21:32)
Running from C:\Users\ingJMG\Desktop\bleeping-farbar
Loaded Profiles: ingJMG (Available Profiles: ingJMG & yo & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google, Inc) C:\Users\ingJMG\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.19761.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2918173747-3376708851-2645080872-1000\...\Run: [Google Update] => C:\Users\ingJMG\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2918173747-3376708851-2645080872-1000\...\Run: [Google Photos Backup] => C:\Users\ingJMG\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175368 2015-12-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [153208 2015-12-16] (NVIDIA Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 200.49.130.40 200.42.4.203 192.168.1.1
Tcpip\..\Interfaces\{57c9bf78-0ca6-4bb3-9e6c-6aa813d14cc1}: [NameServer] 10.120.16.71,10.120.16.203
Tcpip\..\Interfaces\{64ad379a-93d5-49fb-8616-62286d34a14c}: [DhcpNameServer] 200.42.4.204 200.49.130.41
Tcpip\..\Interfaces\{a31b19c2-0fb3-47fb-b926-ff549958afe8}: [DhcpNameServer] 200.49.130.40 200.42.4.203 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2918173747-3376708851-2645080872-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2918173747-3376708851-2645080872-1000 - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
SearchScopes: HKU\S-1-5-21-2918173747-3376708851-2645080872-1000 -> DefaultScope {0424D9AC-8B0B-484B-A9A1-E3B56E7C04E4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2918173747-3376708851-2645080872-1000 -> {0424D9AC-8B0B-484B-A9A1-E3B56E7C04E4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2918173747-3376708851-2645080872-1000 -> {A22CD843-1577-4E91-8D8A-5AE3DE1674FE} URL = hxxp://www.google.com.ar/#hl=es&source=hp&biw=1016&bih=471&q={searchTerms}&oq={searchTerms}&aq=f&aqi=g10&aql=&gs_sm=e&gs_upl=42588l44164l0l4l4l0l0l0l0l905l1639l2-1.0.1.0.1&bav=on.2,or.r_gc.r_pw.&fp=20e71736004aac94
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-23] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-23] (Oracle Corporation)
DPF: HKLM-x32 {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll [2013-12-04] (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-23] (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2016-01-08] (Reto-Moto ApS)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2918173747-3376708851-2645080872-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ingJMG\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-2918173747-3376708851-2645080872-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ingJMG\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxps://calendar.google.com/calendar/render#main_7"
CHR Profile: C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Heroes & Generals) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2015-09-15]
CHR Extension: (IE Tab) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2016-04-16]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Cacoo - Diagramación & Colaboración en tiempo real) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcflmbddgcmomcfngehfhlajjapabojh [2015-04-25]
CHR Profile: C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Presentaciones de Google) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-03]
CHR Extension: (Google Docs) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-03]
CHR Extension: (Google Drive) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-03]
CHR Extension: (YouTube) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-03]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-03]
CHR Extension: (Heroes & Generals) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2016-04-03]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]
CHR Extension: (Gantter for Google Drive) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\himomacamcpodhkahelbnmaddladgjgo [2016-04-03]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
StartMenuInternet: Google Chrome - C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome.BPZBXBRQ3XPFFKKZTHESBVUERI - C:\Users\ingJMG\AppData\Local\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome.jdivsist - C:\Users\jdivsist\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-16] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-16] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-16] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-12-16] (NVIDIA Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-11 17:21 - 2016-06-11 17:21 - 00000000 ____D C:\FRST
2016-06-11 17:12 - 2016-06-11 17:21 - 00000000 ____D C:\Users\ingJMG\Desktop\bleeping-farbar
2016-06-07 21:22 - 2016-06-07 21:23 - 00037376 _____ C:\Users\ingJMG\Downloads\MA_AX04.xls
2016-06-05 21:40 - 2016-06-05 21:42 - 00175499 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2016-06-05 21:37 - 2016-06-05 21:40 - 21381936 _____ (Tweaking.com) C:\Users\ingJMG\Downloads\tweaking.com_windows_repair_aio_setup (1).exe
2016-06-05 19:43 - 2016-06-05 19:46 - 00073572 _____ C:\TDSSKiller.3.1.0.9_05.06.2016_19.43.55_log.txt
2016-06-05 16:19 - 2016-06-05 16:21 - 02870984 _____ (ESET) C:\Users\ingJMG\Downloads\esetsmartinstaller_esn.exe
2016-06-05 15:29 - 2016-06-05 15:31 - 00002204 _____ C:\Users\ingJMG\Desktop\Rkill.txt
2016-06-05 15:29 - 2016-06-05 15:29 - 00001448 _____ C:\Users\ingJMG\Desktop\instrucciones d elimpieza.doc - Acceso directo.lnk
2016-06-05 15:27 - 2016-06-05 15:29 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ingJMG\Desktop\iExplore.exe
2016-06-02 23:32 - 2016-06-02 23:32 - 00362597 _____ C:\Users\ingJMG\Downloads\pp.zip
2016-06-02 23:17 - 2016-06-02 23:17 - 00990370 _____ C:\Users\ingJMG\Downloads\Escritorio.zip
2016-05-30 22:07 - 2016-05-30 22:07 - 02662800 _____ (Google) C:\Users\ingJMG\Downloads\gpautobackup_setup.exe
2016-05-30 22:07 - 2016-05-30 22:07 - 00000000 ____D C:\Users\ingJMG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
2016-05-25 22:50 - 2016-05-25 22:51 - 03566768 _____ C:\Users\ingJMG\Downloads\HeroesAndGenerals-setup-117238.exe
2016-05-22 23:06 - 2016-05-22 23:06 - 00000000 ___DL C:\Users\yo\My Documents
2016-05-22 23:06 - 2016-05-22 23:06 - 00000000 ___DL C:\Users\yo\Documents\My Videos
2016-05-22 23:06 - 2016-05-22 23:06 - 00000000 ___DL C:\Users\yo\Documents\My Pictures
2016-05-22 23:06 - 2016-05-22 23:06 - 00000000 ___DL C:\Users\yo\Documents\My Music
2016-05-22 23:05 - 2016-05-22 23:05 - 00000000 ___DL C:\Users\UpdatusUser\My Documents
2016-05-22 23:05 - 2016-05-22 23:05 - 00000000 ___DL C:\Users\UpdatusUser\Documents\My Videos
2016-05-22 23:05 - 2016-05-22 23:05 - 00000000 ___DL C:\Users\UpdatusUser\Documents\My Pictures
2016-05-22 23:05 - 2016-05-22 23:05 - 00000000 ___DL C:\Users\UpdatusUser\Documents\My Music
2016-05-22 23:05 - 2016-05-22 23:05 - 00000000 ___DL C:\Users\UpdatusUser.ingJMG-PC\My Documents
2016-05-22 23:05 - 2016-05-22 23:05 - 00000000 ___DL C:\Users\UpdatusUser.ingJMG-PC\Documents\My Videos
2016-05-22 23:05 - 2016-05-22 23:05 - 00000000 ___DL C:\Users\UpdatusUser.ingJMG-PC\Documents\My Pictures
2016-05-22 23:05 - 2016-05-22 23:05 - 00000000 ___DL C:\Users\UpdatusUser.ingJMG-PC\Documents\My Music
2016-05-22 23:05 - 2016-05-22 23:05 - 00000000 ___DL C:\Users\jdivsist\My Documents
2016-05-22 23:04 - 2016-05-22 23:04 - 00000000 ___DL C:\Users\ingJMG\My Documents
2016-05-22 23:04 - 2016-05-22 23:04 - 00000000 ___DL C:\Users\ingJMG\Documents\My Videos
2016-05-22 23:04 - 2016-05-22 23:04 - 00000000 ___DL C:\Users\ingJMG\Documents\My Pictures
2016-05-22 23:04 - 2016-05-22 23:04 - 00000000 ___DL C:\Users\ingJMG\Documents\My Music
2016-05-22 23:04 - 2016-05-22 23:04 - 00000000 ___DL C:\Users\DefaultAppPool\My Documents
2016-05-22 23:04 - 2016-05-22 23:04 - 00000000 ___DL C:\Users\DefaultAppPool\Documents\My Videos
2016-05-22 23:04 - 2016-05-22 23:04 - 00000000 ___DL C:\Users\DefaultAppPool\Documents\My Pictures
2016-05-22 23:04 - 2016-05-22 23:04 - 00000000 ___DL C:\Users\DefaultAppPool\Documents\My Music
2016-05-22 23:03 - 2016-05-22 23:03 - 00000000 ___DL C:\Users\Default\My Documents
2016-05-22 23:03 - 2016-05-22 23:03 - 00000000 ___DL C:\Users\Default\Documents\My Videos
2016-05-22 23:03 - 2016-05-22 23:03 - 00000000 ___DL C:\Users\Default\Documents\My Pictures
2016-05-22 23:03 - 2016-05-22 23:03 - 00000000 ___DL C:\Users\Default\Documents\My Music
2016-05-22 23:03 - 2016-05-22 23:03 - 00000000 ___DL C:\Users\Default User\Documents\My Videos
2016-05-22 23:03 - 2016-05-22 23:03 - 00000000 ___DL C:\Users\Default User\Documents\My Pictures
2016-05-22 23:03 - 2016-05-22 23:03 - 00000000 ___DL C:\Users\Default User\Documents\My Music
2016-05-22 22:44 - 2016-06-07 22:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-05-22 22:23 - 2016-05-22 22:23 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-INGJMG-PC-Windows-10-Pro-(64-bit).dat
2016-05-22 22:23 - 2016-05-22 22:23 - 00000000 ____D C:\RegBackup
2016-05-22 22:21 - 2016-06-05 21:42 - 00002240 _____ C:\Users\ingJMG\Desktop\Tweaking.com - Windows Repair.lnk
2016-05-22 22:21 - 2016-05-22 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-05-22 22:21 - 2016-05-22 22:21 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-05-22 22:13 - 2016-05-22 22:21 - 21382440 _____ (Tweaking.com) C:\Users\ingJMG\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-05-22 21:52 - 2016-05-22 21:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Windows OneCare Live
2016-05-22 21:44 - 2016-05-22 21:44 - 00000639 _____ C:\Users\ingJMG\Downloads\WindowsUpdateDiagnostic.diagcab
2016-05-22 20:47 - 2016-05-22 20:49 - 00430280 _____ (ESET) C:\Users\ingJMG\Desktop\ESETSirefefCleaner.exe
2016-05-22 20:18 - 2016-05-22 21:26 - 04014904 _____ (ESET) C:\Users\ingJMG\Downloads\SysInspector.exe
2016-05-22 17:54 - 2016-05-22 17:54 - 00002860 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-05-22 17:54 - 2016-05-22 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-05-22 17:54 - 2016-05-22 17:54 - 00000000 ____D C:\Program Files\CCleaner
2016-05-22 17:15 - 2016-05-22 17:17 - 00075984 _____ C:\TDSSKiller.3.1.0.9_22.05.2016_17.15.08_log.txt
2016-05-22 17:14 - 2015-12-11 22:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\ingJMG\Desktop\TDSSKiller.exe
2016-05-22 17:13 - 2016-05-22 17:14 - 04633146 _____ C:\Users\ingJMG\Downloads\tdsskiller.zip
2016-05-21 20:02 - 2016-05-21 20:02 - 00000731 _____ C:\Users\ingJMG\Desktop\USB agenda.lnk
2016-05-14 22:18 - 2016-05-14 22:24 - 00000008 __RSH C:\Users\ingJMG\ntuser.pol
2016-05-13 02:27 - 2016-05-13 02:27 - 00000000 ____D C:\Program Files (x86)\ESET
2016-05-12 22:58 - 2016-06-05 15:36 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-12 22:58 - 2016-05-12 22:58 - 00001179 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-12 22:58 - 2016-05-12 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-12 22:58 - 2016-05-12 22:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-12 22:58 - 2016-05-12 22:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-12 22:58 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-12 22:58 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-12 22:58 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-12 22:32 - 2016-05-12 22:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-11 16:51 - 2012-06-25 13:22 - 00000838 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-11 16:35 - 2014-06-01 19:50 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-11 16:28 - 2011-05-14 11:35 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2918173747-3376708851-2645080872-1000UA.job
2016-06-11 14:59 - 2011-05-14 11:35 - 00000998 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2918173747-3376708851-2645080872-1000Core.job
2016-06-11 14:56 - 2014-06-01 19:50 - 00001096 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-11 14:09 - 2015-09-16 21:09 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf4edac1f33b.job
2016-06-11 14:03 - 2015-12-05 04:15 - 01913758 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-11 14:03 - 2015-10-30 15:59 - 00834726 _____ C:\WINDOWS\system32\perfh00A.dat
2016-06-11 14:03 - 2015-10-30 15:59 - 00167548 _____ C:\WINDOWS\system32\perfc00A.dat
2016-06-11 14:03 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-11 13:58 - 2015-12-05 04:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-11 12:59 - 2015-10-30 03:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-06-11 10:18 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-08 21:45 - 2014-10-05 14:36 - 00000000 ____D C:\Users\ingJMG\AppData\LocalLow\Heroes and Generals
2016-06-08 21:29 - 2011-05-14 11:36 - 00002503 _____ C:\Users\ingJMG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 21:21 - 2016-01-08 21:14 - 00000000 ____D C:\Program Files (x86)\Heroes & Generals
2016-06-08 21:21 - 2015-12-05 04:16 - 00000000 ____D C:\Users\ingJMG
2016-06-07 23:44 - 2013-03-07 23:09 - 00004606 _____ C:\Users\ingJMG\Desktop\HACER.txt
2016-06-07 22:43 - 2015-12-05 04:06 - 00349176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-07 22:42 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-07 22:42 - 2009-07-14 07:11 - 00000000 ____D C:\WINDOWS\CSC
2016-06-07 22:28 - 2012-02-24 23:13 - 00007603 _____ C:\Users\ingJMG\AppData\Local\resmon.resmoncfg
2016-06-07 21:29 - 2011-05-13 21:58 - 00000000 ____D C:\mis_docs
2016-06-07 19:28 - 2015-07-15 03:01 - 00001082 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2918173747-3376708851-2645080872-1000Core1d0bec3aa11bc53.job
2016-06-06 00:31 - 2015-12-27 00:46 - 00000000 ____D C:\Users\ingJMG\AppData\Local\CrashDumps
2016-06-05 22:25 - 2009-07-13 23:34 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_855
2016-06-05 20:43 - 2009-07-13 23:34 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_269
2016-06-05 19:06 - 2011-05-15 08:23 - 00000000 ____D C:\Users\ingJMG\AppData\Roaming\uTorrent
2016-06-02 23:23 - 2016-04-03 21:52 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-02 22:21 - 2016-03-19 11:13 - 00017516 _____ C:\Users\ingJMG\Desktop\agendacelu.txt
2016-05-31 18:18 - 2015-05-07 20:02 - 00000000 ____D C:\Users\ingJMG\AppData\Roaming\TeamViewer
2016-05-30 22:09 - 2011-05-14 11:35 - 00000000 ____D C:\Users\ingJMG\AppData\Local\Google
2016-05-30 22:02 - 2015-10-17 17:18 - 00001218 _____ C:\Users\Public\Desktop\Map Utility.lnk
2016-05-30 22:02 - 2015-10-17 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-05-29 12:23 - 2012-07-10 09:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-23 20:16 - 2009-07-13 23:34 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_773
2016-05-22 23:06 - 2016-03-06 00:20 - 00000000 ____D C:\Users\yo
2016-05-22 23:06 - 2014-01-31 22:27 - 00000000 ____D C:\Users\UpdatusUser.ingJMG-PC
2016-05-22 23:05 - 2013-02-04 15:31 - 00000000 ____D C:\Users\UpdatusUser
2016-05-22 23:05 - 2011-05-16 09:17 - 00000000 ____D C:\Users\jdivsist
2016-05-22 23:04 - 2015-12-05 04:16 - 00000000 ____D C:\Users\DefaultAppPool
2016-05-22 21:00 - 2015-08-12 21:18 - 00004210 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EE5EB7AE-ABBC-4F8B-A1CA-15CAFCD3B197}
2016-05-22 19:42 - 2011-05-14 09:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-22 18:57 - 2011-05-17 21:28 - 00000000 ____D C:\Users\ingJMG\Tracing
2016-05-22 18:57 - 2011-05-14 18:35 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-22 18:56 - 2015-12-05 00:05 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-22 18:56 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-05-15 18:54 - 2011-05-15 11:59 - 00000000 ____D C:\Users\ingJMG\AppData\Local\ElevatedDiagnostics
2016-05-15 15:49 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-15 13:14 - 2011-06-15 10:32 - 00000000 ____D C:\OANET2002
2016-05-15 12:07 - 2012-11-12 21:10 - 00000000 ____D C:\AFIP
2016-05-15 10:20 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-05-14 12:50 - 2016-01-08 20:57 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-05-14 12:50 - 2016-01-08 20:57 - 00000000 ____D C:\WINDOWS\system32\NV
2016-05-13 17:26 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-13 02:32 - 2015-03-21 22:55 - 00000160 _____ C:\Users\ingJMG\Desktop\macs dhcp.txt
2016-05-12 19:30 - 2015-09-16 21:09 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0bf4edac1f33b
2016-05-12 19:30 - 2014-06-01 19:50 - 00004186 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-12 19:23 - 2015-08-30 10:59 - 00003912 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2918173747-3376708851-2645080872-1000Core1d0bec3aa11bc53
2016-05-12 19:23 - 2011-05-14 11:35 - 00004258 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2918173747-3376708851-2645080872-1000UA
2016-05-12 19:13 - 2015-01-26 19:50 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2013-03-06 16:46 - 2013-03-06 16:46 - 0000288 _____ () C:\Users\ingJMG\AppData\Roaming\.backup.dm
2012-04-01 11:59 - 2012-04-01 11:59 - 0064792 _____ () C:\Users\ingJMG\AppData\Roaming\icarus-dxdiag.xml
2011-10-11 16:54 - 2015-01-10 22:45 - 0028133 _____ () C:\Users\ingJMG\AppData\Roaming\phpdesigner.xml
2011-08-07 14:10 - 2014-03-21 13:24 - 0052227 _____ () C:\Users\ingJMG\AppData\Roaming\Rim.Desktop.Exception.log
2011-08-07 14:03 - 2014-03-30 17:25 - 0005333 _____ () C:\Users\ingJMG\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-08-07 14:10 - 2014-03-21 13:24 - 0001848 _____ () C:\Users\ingJMG\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-07-03 09:28 - 2012-08-20 18:50 - 0000154 _____ () C:\Users\ingJMG\AppData\Roaming\Rim.Transcoder.Exception.log
2011-08-07 14:13 - 2012-07-03 09:41 - 0005120 _____ () C:\Users\ingJMG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-02 23:29 - 2014-12-02 23:29 - 0001306 _____ () C:\Users\ingJMG\AppData\Local\recently-used.xbel
2012-02-24 23:13 - 2016-06-07 22:28 - 0007603 _____ () C:\Users\ingJMG\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-09 22:50
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:18 AM

Posted 12 June 2016 - 08:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this old version of Java via the Control Panel > Programs > Programs and Features applet.
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)


MyFreeCodec (HKU\S-1-5-21-2918173747-3376708851-2645080872-1000\...\MyFreeCodec) (Version: - ) <==
MyFree Codec contains files which are necessary to play various media files from your device to Samsung Kies. It is automatically installed when upgrading or installing Samsung Kies. KIES utilizes the playing functionality and if it is not installed then you might experience errors when using various features or playing some media files, typically AVI or MPEGs or other movie or audio files.
Your call if you want to keep it.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2918173747-3376708851-2645080872-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2918173747-3376708851-2645080872-1000 - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
U3 idsvc; no ImagePath
Task: {52C25917-40E0-4622-8A13-2AFC5694D350} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {54D0766D-F727-440D-AFDB-512F82B03CF9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5FF0F92B-E7F4-430A-A879-6C521D63E8A6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6F10B983-81E9-4C51-9D19-4F581069F2BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle -> No File <==== ATTENTION
Task: {7BEA6C74-858D-46AA-B1CA-22E0616FF17E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {86F9BBCC-6159-4AD3-BED1-F8E650A3BE65} - \Microsoft\Windows\Setup\GWXTriggers\Logon -> No File <==== ATTENTION
Task: {AEC70238-5DBF-48C1-9E9E-F239B0DCDB95} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\ingJMG:Heroes & Generals [38]
C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\ingJMG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

After a restart of the computer if the Firewall cannot be restarted please download an run this tool.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

Please post the logs and let me know if the problem persists.

#3 gallego33

gallego33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 12 June 2016 - 02:47 PM

Hi Nasdaq!!
The problem persist.
 
I create fixlist.txt and run FRST.
I attach de log file.
Firewall cannot be restarted, I download FSS and run it.[/size]
This is te FSS.txt[/size]

 
Farbar Service Scanner Version: 27-01-2016
Ran by ingJMG (administrator) on 12-06-2016 at 16:33:37
Running from "C:\Users\ingJMG\Desktop\bleeping-farbar"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

 

And I attach FSS results

Attached Files

  • Attached File  FSS.txt   2.41KB   1 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:18 AM

Posted 13 June 2016 - 07:27 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

If nothing is found and the problem persists continue.

Navigate to this Microsoft page.
Fix: System Restore not working in Windows 10 / 8 / 7
http://www.thewindowsclub.com/system-restore-not-working-windows

Execute the steps in the article.

If at any time you need help before proceeding please ask.

#5 gallego33

gallego33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 13 June 2016 - 09:25 PM

Hi.

Here is content of ReportRogue.txt

 

RogueKiller V12.3.3.0 (x64) [Jun 13 2016] (Free) by Adlice Software

 
Sistema Operativo : Windows 10 (10.0.10586) 64 bits version
Iniciado en : Modo Normal
Usuario : ingJMG [Administrador]
Started from : C:\Users\ingJMG\Desktop\bleeping-farbar\RogueKillerX64.exe
Modo : Escanear -- Fecha : 06/13/2016 22:56:55
 
¤¤¤ Procesos : 0 ¤¤¤
 
¤¤¤ Registro : 4 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2918173747-3376708851-2645080872-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Encontrado
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2918173747-3376708851-2645080872-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Encontrado
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2918173747-3376708851-2645080872-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Encontrado
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2918173747-3376708851-2645080872-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Encontrado
 
¤¤¤ Tareas : 0 ¤¤¤
 
¤¤¤ Archivos : 0 ¤¤¤
 
¤¤¤ Archivo de hosts : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Cargado) ¤¤¤
 
¤¤¤ Navegadores Web : 0 ¤¤¤
 
¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 368c36a5ecca238ec107669920efebe4
[BSP] e525e08fc0b026bbfe09736c5377b70b : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 29362176 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29566976 | Size: 462502 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
I wait.... thank you.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:18 AM

Posted 14 June 2016 - 09:00 AM

Have a look at this page and set your Firewall to start Automatically.

http://computerstepbystep.com/windows_firewall_service.html

If that fail Open the Registry using the RegEdit tool and let me know how the Start REG_WORD is set. (what is listed on the right if any.)

#7 gallego33

gallego33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 14 June 2016 - 08:05 PM

Hi.
If I try to start the Windows Firewall Services.msc (which is stopped)
When beginning. Message: Windows can not start firewall ... bla bla ... error code 13.
 
Through regedit: the key is the same as that of the web ..... computerstepbystep start key is of type REG_DWORD and the value is 0x000000002 (2), which is fine, but the firewall does not start ... .. whole branch HKLM \ SYSTEM \ CurrentControlSet \ Services \ MpsSvc on my PC is just like the image on the web.
 
regards


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:18 AM

Posted 15 June 2016 - 08:17 AM

Please Download Tweaking.com - Windows Repair from Here

  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    06 - Repair Windows Firewall
    10 - Remove Policies Set By Infections
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===


#9 gallego33

gallego33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 20 June 2016 - 08:48 PM

hi Nasdaq, I was away for a few days.

I run windows repair v3.9.3 on june 20.

I see a few errors in C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs\20.06.2016_22.00.31.

 

THANK YOU for your time!!!!!

 

/**************************** HKLM_Set_Owner_Error_Log.txt  ***********************************

 

ERROR: Writing Security Info to <MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009> failed with: Acceso denegado.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\00A> failed with: Acceso denegado.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage> failed with: Acceso denegado.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009> failed with: Acceso denegado.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\00A> failed with: Acceso denegado.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage> failed with: Acceso denegado.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Control\NetworkSetup2> failed with: Acceso denegado.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\Final> failed with: Acceso denegado.

***************************************************************/

 

/***************************  HKLM_Set_Permissions_Error_Log.txt  ************************************

ERROR: Writing Security Info to <MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009> failed with: Controlador no válido.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\00A> failed with: Controlador no válido.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage> failed with: Controlador no válido.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009> failed with: Controlador no válido.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\00A> failed with: Controlador no válido.
ERROR: Writing Security Info to <MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage> failed with: Controlador no válido.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Control\NetworkSetup2> failed with: Acceso denegado.
ERROR: Getting Security Info from <MACHINE\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\Final> failed with: Acceso denegado.

***************************************************************/

 
 

/*********************  HKU_Set_Owner_Error_Log.txt   ******************************************

ERROR: Getting Security Info from <USERS\S-1-5-19\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots> failed with: Acceso denegado.
ERROR: Getting Security Info from <USERS\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots> failed with: Acceso denegado.

***************************************************************/

 
 

/***********************  HKU_Set_Permissions_Error_Log.txt  ****************************************

ERROR: Getting Security Info from <USERS\S-1-5-19\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots> failed with: Acceso denegado.
ERROR: Getting Security Info from <USERS\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots> failed with: Acceso denegado.

***************************************************************/

 

/********************  Repair_Windows_Firewall.txt  *******************************************

El servicio de Firewall de Windows no se ha iniciado.
 
Puede obtener m s ayuda con el comando NET HELPMSG 3521.
 
El servicio de Conexi¢n compartida a Internet (ICS) no se ha iniciado.
 
Puede obtener m s ayuda con el comando NET HELPMSG 3521.
 
Los siguientes servicios son dependientes del servicio de Motor de filtrado de base.
Detener el servicio de Motor de filtrado de base tambi‚n detendr  estos servicios:
 
   GlassWire Control Service
   Servicio de inspecci¢n de red de Windows Defender
   Controlador del Sistema de inspecci¢n de red de Windows Defender
   M¢dulos de creaci¢n de claves de IPsec para IKE y AuthIP
 
..
El servicio de GlassWire Control Service se detuvo correctamente.
 
Error de sistema 5.
 
Acceso denegado.
 
[SC] ChangeServiceConfig CORRECTO
[SC] ChangeServiceConfig CORRECTO
[SC] ChangeServiceConfig CORRECTO
[SC] ChangeServiceConfig CORRECTO
El servicio de Firewall de Windows no se ha iniciado.
 
Puede obtener m s ayuda con el comando NET HELPMSG 3521.
 
El servicio de Conexi¢n compartida a Internet (ICS) no se ha iniciado.
 
Puede obtener m s ayuda con el comando NET HELPMSG 3521.
 
Los siguientes servicios son dependientes del servicio de Motor de filtrado de base.
Detener el servicio de Motor de filtrado de base tambi‚n detendr  estos servicios:
 
   Servicio de inspecci¢n de red de Windows Defender
   Controlador del Sistema de inspecci¢n de red de Windows Defender
   M¢dulos de creaci¢n de claves de IPsec para IKE y AuthIP
 
Error de sistema 5.
 
Acceso denegado.
 
[SC] ChangeServiceConfig CORRECTO
[SC] ChangeServiceConfig CORRECTO
[SC] ChangeServiceConfig CORRECTO
[SC] ChangeServiceConfig CORRECT
***************************************************************/
 
 

/*****************************   Services_Set_Permissions_Error_Log.txt  **********************************

 

ERROR: Writing Security Info to <AppIDSvc> failed with: Acceso denegado.
ERROR: Writing Security Info to <AppXSvc> failed with: Acceso denegado.
ERROR: Writing Security Info to <ClipSVC> failed with: Acceso denegado.
ERROR: Writing Security Info to <DPS> failed with: Acceso denegado.
ERROR: Writing Security Info to <EntAppSvc> failed with: Acceso denegado.
ERROR: Writing Security Info to <msiserver> failed with: Acceso denegado.
ERROR: Writing Security Info to <sppsvc> failed with: Acceso denegado.
ERROR: Writing Security Info to <StateRepository> failed with: Acceso denegado.
ERROR: Writing Security Info to <tiledatamodelsvc> failed with: Acceso denegado.
ERROR: Writing Security Info to <WdNisSvc> failed with: Acceso denegado.
ERROR: Writing Security Info to <WinDefend> failed with: Acceso denegado.
ERROR: Writing Security Info to <WpnService> failed with: Acceso denegado.
ERROR: Writing Security Info to <WSService> failed with: Acceso denegado.
ERROR: Writing Security Info to <AppIDSvc> failed with: Acceso denegado.
ERROR: Writing Security Info to <AppXSvc> failed with: Acceso denegado.
ERROR: Writing Security Info to <ClipSVC> failed with: Acceso denegado.
ERROR: Writing Security Info to <EntAppSvc> failed with: Acceso denegado.
ERROR: Writing Security Info to <msiserver> failed with: Acceso denegado.
ERROR: Writing Security Info to <sppsvc> failed with: Acceso denegado.
ERROR: Writing Security Info to <StateRepository> failed with: Acceso denegado.
ERROR: Writing Security Info to <tiledatamodelsvc> failed with: Acceso denegado.
ERROR: Writing Security Info to <WdNisSvc> failed with: Acceso denegado.
ERROR: Writing Security Info to <WinDefend> failed with: Acceso denegado.
ERROR: Writing Security Info to <WpnService> failed with: Acceso denegado.
ERROR: Writing Security Info to <WSService> failed with: Acceso denegado.

***************************************************************/

 

 

these are the records in order of execution

 Pre scan run whith errors:

+--------------------------------------------------------------------------------+
¦ Tweaking.com - Windows Repair v3.9.3 - Pre-Scan
¦ Computer: INGJMG-PC (Windows 10 Pro 10.0.10586.218 ) (64-bit)
¦ [Started Scan - 20/06/2016 21:39:53]
+--------------------------------------------------------------------------------+
+--------------------------------------------------------------------------------+
¦ Scanning Windows Packages Files.
¦ Started at (20/06/2016 21:39:53)
¦ 
¦ No problems were found with the Packages Files.
¦ 
¦ Files Checked & Verified: 8.884
¦ 
¦ Done Scanning Windows Packages Files.(20/06/2016 21:52:35)
+--------------------------------------------------------------------------------+
+--------------------------------------------------------------------------------+
¦ Scanning Reparse Points.
¦ Started at (20/06/2016 21:52:35)
¦ 
Reparse Point: (Type: JUNCTION) (Name: Cookies) (Original Path: C:\Users\UpdatusUser\Cookies) (Target Path: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\INetCookies) (Creation Time: 22/05/2016 23:03:25)
Target Path doesn't exist!
 
¦ Missing Default Reparse Point: (Original Path: C:\Users\ingJMG\Application Data) (Target Path: C:\Users\ingJMG\AppData\Roaming)
¦ A Default Reparse Point is missing and this can cause problems on the system.
¦ 
¦ Missing Default Reparse Point: (Original Path: C:\Users\jdivsist\Documents\My Music) (Target Path: C:\Users\jdivsist\Music)
¦ A Default Reparse Point is missing and this can cause problems on the system.
¦ 
¦ Missing Default Reparse Point: (Original Path: C:\Users\jdivsist\Documents\My Pictures) (Target Path: C:\Users\jdivsist\Pictures)
¦ A Default Reparse Point is missing and this can cause problems on the system.
¦ 
¦ Missing Default Reparse Point: (Original Path: C:\Users\jdivsist\Documents\My Videos) (Target Path: C:\Users\jdivsist\Videos)
¦ A Default Reparse Point is missing and this can cause problems on the system.
¦ 
¦ Problems were found with the Reparse Points.
¦ You can use the Repair Reparse Points Tool at the bottom of this Window to try and fix these problems.
¦ 
¦ Files & Folders Searched: 339.151
¦ Reparse Points Found: 4.210
¦ 
¦ Done Scanning Reparse Points.(20/06/2016 21:54:52)
+--------------------------------------------------------------------------------+
+--------------------------------------------------------------------------------+
¦ Checking Environment Variables.
¦ Started at (20/06/2016 21:54:52)
¦ 
¦ No problems were found with the Environment Variables.
¦ 
¦ Done Checking Environment Variables. (20/06/2016 21:54:52)
+--------------------------------------------------------------------------------+
+--------------------------------------------------------------------------------+
¦ [Finished Scan - 20/06/2016 21:54:52]
¦ 
¦ [x] Scan Complete - Problems Found!
¦ [x] 
¦ [x] You can use the Repair Reparse Points or Repair Environment Variables tools at the bottom of this Window if needed.
¦ [x] 
¦ [x] While problems have been found, you can still run the repairs in the program.
¦ [x] But for the best results it is recommended to fix the problems reported in this scan if possible.
¦ [x] If you need help fixing any of the items in the log, just post in the forums at Tweaking.com for help.
+--------------------------------------------------------------------------------+
 
thats log repairs :
+-------------------------------+
¦[STARTED] [20/06/2016 21:57:11]¦
+-------------------------------+
Running Repair on C:\Users\UpdatusUser\Cookies
 
   [x] Command to Run: Create Target Path/Folder C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\INetCookies
   [x] Calling SHCreateDirectoryExW
   [x] Create Target Path/Folder Done.
 
Running Repair on C:\Users\ingJMG\Application Data
 
   [x] Command to Run: Create Default Reparse Point (This Is A Default Windows Reparse Point, Lets Put It Back The Way It Should Be)
   [x] Calling Checking If Link Folder Exists
   [x] Link Folder Does Exist, We need to remove it as we can't make Reparse Points for exisiting folders.
   [x] Setting Owner On Folder (So We Have A Better Chance For Permission To Remove It).
   [x] Calling RemoveDirectoryW (Only Removes Empty Folders, Just In Case)
   [x] RemoveDirectoryW Returned An Error, Error: 0 - El directorio no está vacío.
   [x] Even Though We Got An Error, Lets Keep Going.
   [x] Type is JUNCTION, Calling: mklink /J "C:\Users\ingJMG\Application Data" "C:\Users\ingJMG\AppData\Roaming"
   [x] Setting Owner To System And Everyone Read Access To Denied (This Is The Default) To The Link Folder: C:\Users\ingJMG\Application Data
 
Running Repair on C:\Users\jdivsist\Documents\My Music
 
   [x] Command to Run: Create Default Reparse Point (This Is A Default Windows Reparse Point, Lets Put It Back The Way It Should Be)
   [x] Calling Checking If Link Folder Exists
   [x] Type is JUNCTION, Calling: mklink /J "C:\Users\jdivsist\Documents\My Music" "C:\Users\jdivsist\Music"
   [x] Setting Owner To System And Everyone Read Access To Denied (This Is The Default) To The Link Folder: C:\Users\jdivsist\Documents\My Music
 
Running Repair on C:\Users\jdivsist\Documents\My Pictures
 
   [x] Command to Run: Create Default Reparse Point (This Is A Default Windows Reparse Point, Lets Put It Back The Way It Should Be)
   [x] Calling Checking If Link Folder Exists
   [x] Type is JUNCTION, Calling: mklink /J "C:\Users\jdivsist\Documents\My Pictures" "C:\Users\jdivsist\Pictures"
   [x] Setting Owner To System And Everyone Read Access To Denied (This Is The Default) To The Link Folder: C:\Users\jdivsist\Documents\My Pictures
 
Running Repair on C:\Users\jdivsist\Documents\My Videos
 
   [x] Command to Run: Create Default Reparse Point (This Is A Default Windows Reparse Point, Lets Put It Back The Way It Should Be)
   [x] Calling Checking If Link Folder Exists
   [x] Type is JUNCTION, Calling: mklink /J "C:\Users\jdivsist\Documents\My Videos" "C:\Users\jdivsist\Videos"
   [x] Setting Owner To System And Everyone Read Access To Denied (This Is The Default) To The Link Folder: C:\Users\jdivsist\Documents\My Videos
 
+--------------------------------+
¦[FINISHED] [20/06/2016 21:57:19]¦
+--------------------------------+
 
the windows repair log txt is:
Tweaking.com - Windows Repair v3.9.3
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 10 Pro
OS Architecture: 64-bit
OS Version: 10.0.10586.218
OS Service Pack: 
Computer Name: INGJMG-PC
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\ingJMG
Current Profile SID: S-1-5-21-2918173747-3376708851-2645080872-1000
Current Profile Classes: S-1-5-21-2918173747-3376708851-2645080872-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\ingJMG\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 08 Days 05:41:32
 
Process Count: 101
Commit Total: 3,11 GB
Commit Limit: 7,43 GB
Commit Peak: 6,46 GB
Handle Count: 42831
Kernel Total: 541,20 MB
Kernel Paged: 397,74 MB
Kernel Non Paged: 143,46 MB
System Cache: 1,34 GB
Thread Count: 1421
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3,68 GB
Memory Used: 2,57 GB(69,763%)
Memory Avail.: 1,11 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3,68 GB
Memory Used: 1,88 GB(51,1591%)
Memory Avail.: 1,80 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (20/06/2016 22:00:33)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 2
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (20/06/2016 22:00:36)
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hku.7z
Done,  0,5 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hklm.7z
Done,  15,88 seconds.
 
   Running Repair Under System Account
   Done (20/06/2016 22:17:51)
 
03 - Reset Service Permissions
   Start (20/06/2016 22:17:51)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/06/2016 22:18:17)
 
06 - Repair Windows Firewall
   Start (20/06/2016 22:18:17)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0,2 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/06/2016 22:18:45)
 
10 - Remove Policies Set By Infections
   Start (20/06/2016 22:18:45)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (20/06/2016 22:18:49)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (20/06/2016 22:18:49)
   Total Repair Time: 00:18:18
 
 
...YOU MUST RESTART YOUR SYSTEM...
 
 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:18 AM

Posted 21 June 2016 - 07:36 AM

Please run the Tweaking tool and fix the No 2 on all drivers.

02 - Reset File Permissions (2)
.. 02.01 File Permissions C:\
.. 02.02 File Permissions D:\


Post the logs and let me know what problem persists.

#11 gallego33

gallego33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 21 June 2016 - 10:42 PM

here is the file _Windows_Repair_Log.txt:

 

Tweaking.com - Windows Repair v3.9.3
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 10 Pro
OS Architecture: 64-bit
OS Version: 10.0.10586.218
OS Service Pack: 
Computer Name: INGJMG-PC
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\ingJMG
Current Profile SID: S-1-5-21-2918173747-3376708851-2645080872-1000
Current Profile Classes: S-1-5-21-2918173747-3376708851-2645080872-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\ingJMG\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 01 Day 00:33:02
 
Process Count: 90
Commit Total: 2,15 GB
Commit Limit: 7,43 GB
Commit Peak: 2,58 GB
Handle Count: 34644
Kernel Total: 409,39 MB
Kernel Paged: 296,29 MB
Kernel Non Paged: 113,10 MB
System Cache: 1,23 GB
Thread Count: 1566
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3,68 GB
Memory Used: 2,03 GB(55,111%)
Memory Avail.: 1,65 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3,68 GB
Memory Used: 1,62 GB(43,991%)
Memory Avail.: 2,06 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (21/06/2016 23:50:32)
 
Reset File Permissions: C:
   C: & Sub Folders
   Start (21/06/2016 23:50:34)
 
   Running Repair Under Current User Account
   Done (22/06/2016 0:19:17)
 
Reset File Permissions
   Restore Windows 7/8/10 Default File Permissions
   Start (22/06/2016 0:19:17)
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\default.7z
Done,  0,26 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\profile.7z
Done,  0,34 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files.7z
Done,  0,95 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files_x86.7z
Done,  0,58 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\programdata.7z
Done,  0,35 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\windows.7z
Done,  4,23 seconds.
 
   Running Repair Under Current User Account
   Done (22/06/2016 0:26:31)
 
Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (22/06/2016 0:26:31)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (22/06/2016 0:26:33)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (22/06/2016 0:26:33)
   Total Repair Time: 00:36:03
 
 
...YOU MUST RESTART YOUR SYSTEM...
 
Firewall can't start.
Thanks


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:18 AM

Posted 22 June 2016 - 08:14 AM

Lets have a look at the registry key.

Please download SystemLook if your system is a 64bit system, then download the SystemLook_x64.exe save it to your Desktop.
SystemLook.exe
SystemLook_x64.exe
  • Double-click SystemLook.exe/SystemLook_x64.exe
  • to run it.
  • Copy and paste the content of the following bold text into the main textfield:
  • :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
  • ===



#13 gallego33

gallego33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 22 June 2016 - 07:05 PM

Hi Nasdaq, here is log. 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 21:03 on 22/06/2016 by ingJMG
Administrator - Elevation successful
 
========== reg ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc]
"DisplayName"="@%SystemRoot%\system32\FirewallAPI.dll,-23090"
"ErrorControl"= 0x0000000001 (1)
"Group"="NetworkProvider"
"ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork"
"Start"= 0x0000000002 (2)
"Type"= 0x0000000020 (32)
"Description"="@%SystemRoot%\system32\FirewallAPI.dll,-23091"
"DependOnService"="mpsdrv bfe"
"ObjectName"="NT Authority\LocalService"
"ServiceSidType"= 0x0000000003 (3)
"RequiredPrivileges"="SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeChangeNotifyPrivilege SeCreateGlobalPrivilege SeImpersonatePrivilege SeIncreaseQuotaPrivilege"
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 c0 d4 01 00 01 00 00 00 e0 93 04 00 00 00 00 00 00 00 00 00  (REG_BINARY)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Parameters]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
"ServiceDllUnloadOnStop"= 0x0000000001 (1)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Parameters\ACService]
(No values found)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Parameters\AppCs]
(Unable to open key)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Parameters\PortKeywords]
(No values found)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Parameters\PortKeywords\DHCP]
(Unable to open key)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Parameters\PortKeywords\IPTLSIn]
(Unable to open key)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Parameters\PortKeywords\IPTLSOut]
(Unable to open key)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Parameters\PortKeywords\RPC-EPMap]
(Unable to open key)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Parameters\PortKeywords\Teredo]
(Unable to open key)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Security]
"Security"=01 00 14 80 b4 00 00 00 c0 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 84 00 05 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 00 00 28 00 15 00 00 00 01 06 00 00 00 00 00 05 50 00 00 00 49 59 9d 77 91 56 e5 55 dc f4 e2 0e a7 8b eb ca 7b 42 13 56 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  (REG_BINARY)
 
 
-= EOF =-





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users