Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: C0000135 The program can't start because %hs is missing. Try resintalling


  • This topic is locked This topic is locked
15 replies to this topic

#1 merced25

merced25

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 06 December 2017 - 02:51 PM

Hello, today when turning on my computer the error of the title of this post is presented. I have Windows 7 pro. I paste the FRST report. Thank you very much!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2017

Ran by SYSTEM on MININT-TE55EHV (06-12-2017 16:43:38)

Running from G:\ Platform: Windows 7 Professional Service Pack 1 (X64)

Language: Inglés (Estados Unidos) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36800 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [823224 2012-07-27] (Adobe Systems Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [6153128 2017-05-22] (LogMeIn Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast Business\avastUI.exe [4770952 2016-10-24] (Avast Software s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\Users\Tandem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2017-12-04] ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * aswBoot.exe /A:"* " /L:"3082" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:4 /wow /dir:"C:\Program Files\AVAST Software\Avast Business"

 

==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 avast! Antivirus;

C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe [54344 2016-10-24] (Avast Software s.r.o.) S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-23] (Lenovo.) S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3760040 2017-05-22] (LogMeIn Inc.) S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-06] (Lenovo Group Limited) S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes) S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH) S2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-12] (Symantec Corporation) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) S4 avast! Firewall; "C:\Program Files\AVAST Software\Avast Business\afwServ.exe" [X]

 

===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [32096 2016-10-24] (Avast Software s.r.o.) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90344 2016-10-24] (Avast Software s.r.o.) S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [80376 2016-10-24] (Avast Software s.r.o.) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74680 2016-10-24] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1053392 2016-10-24] (Avast Software s.r.o.) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [441944 2016-10-24] (Avast Software s.r.o.) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [78264 2016-10-24] (Avast Software s.r.o.) S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292840 2016-10-24] () S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-12-04] (Malwarebytes) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-21] () S2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.) S3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.) S0 Partizan; system32\drivers\Partizan.sys [X]

 

==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ====================

One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-06 16:43 - 2017-12-06 16:43 - 000000000 ____D C:\FRST 2017-12-04 05:00 - 2017-12-04 05:00 - 000151882 _____ C:\Users\Tandem\Downloads\Instructivo workshop EOD - EED (1).zip 2017-12-04 04:45 - 2017-12-04 04:48 - 000167778 _____ C:\Users\Tandem\Downloads\Tandem - Piloto Refillables Framework Colombia - Detalle Dinámicas.pptx 2017-12-04 04:42 - 2017-12-04 04:42 - 000000000 ____D C:\ProgramData\Package Cache 2017-12-01 12:45 - 2017-12-01 12:45 - 001304491 _____ C:\Users\Tandem\Desktop\Encuesta.pptx 2017-11-30 14:15 - 2017-11-30 14:15 - 010037229 _____ C:\Users\Tandem\Downloads\Taller estrategia BBVA 21-12-09 con tablero 2.rar 2017-11-30 14:13 - 2017-11-30 14:13 - 000151882 _____ C:\Users\Tandem\Downloads\Instructivo workshop EOD - EED.zip 2017-11-30 09:57 - 2017-11-30 09:57 - 000090043 _____ C:\Users\Tandem\Downloads\Time Report_2017-11-27.xlsx 2017-11-29 11:07 - 2017-11-29 11:07 - 026218873 _____ C:\Users\Tandem\Downloads\Reunión Clárin 23-11 (1).m4a 2017-11-28 09:08 - 2017-11-28 09:08 - 001485300 _____ C:\Users\Tandem\Downloads\Proyecto Modern Trade Leadership - reunion de kick off v1.pptx 2017-11-27 04:31 - 2017-11-27 04:31 - 000089933 _____ C:\Users\Tandem\Downloads\Time Report_2017-11-13.xlsx 2017-11-24 06:12 - 2017-11-24 06:12 - 000001897 _____ C:\Users\Tandem\Desktop\Zoom.lnk 2017-11-23 05:03 - 2017-11-23 05:04 - 010475979 _____ C:\Users\Tandem\Downloads\2017-11-21 Tandem staffing.xlsm 2017-11-22 06:22 - 2017-11-22 06:22 - 000000000 ____D C:\Users\Tandem\Documents\Zoom 2017-11-22 06:21 - 2017-11-22 06:21 - 000133640 _____ (Zoom Video Communications, Inc.) C:\Users\Tandem\Downloads\Zoom_launcher.exe 2017-11-22 06:21 - 2017-11-22 06:21 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\Zoom 2017-11-21 05:59 - 2017-12-04 13:26 - 003431519 _____ C:\Users\Tandem\Desktop\Agenda reunión de lanzamiento 06.12.pptx 2017-11-21 05:50 - 2017-11-21 05:50 - 002850407 _____ C:\Users\Tandem\Downloads\CP - Consultoria - V12.xlsm 2017-11-17 19:05 - 2017-11-17 19:05 - 000553987 _____ ( ) C:\Users\Tandem\Downloads\palisade_risk_industrial_5.7_crack.exe 2017-11-17 10:26 - 2017-11-17 10:26 - 000022134 _____ C:\Users\Tandem\Downloads\00 Inventario de Notas.xlsx 2017-11-17 10:24 - 2017-11-17 10:24 - 000253987 _____ C:\Users\Tandem\Downloads\La-nueva-era-analítica-de-las-decisiones.pdf 2017-11-17 10:11 - 2017-11-17 10:11 - 007834621 _____ C:\Users\Tandem\Downloads\Almuerzo de contenido SFP v2 .pptx 2017-11-17 05:56 - 2017-11-17 05:56 - 000000476 _____ C:\Users\Tandem\Desktop\Network Security Settings.txt 2017-11-16 12:35 - 2017-11-16 12:35 - 001552636 _____ C:\Users\Tandem\Downloads\Strategic Investment Decision Processes and Organizational Performance - An Empirical Examination - Papadakis 1998.pdf 2017-11-16 12:34 - 2017-11-16 12:34 - 002731426 _____ C:\Users\Tandem\Downloads\Target+Setting.pdf 2017-11-16 12:34 - 2017-11-16 12:34 - 000068931 _____ C:\Users\Tandem\Downloads\6938632d1a8049e1bb07bc5534ffde20.pdf 2017-11-16 10:51 - 2017-11-16 10:51 - 028013601 _____ C:\Users\Tandem\Downloads\Pipeline al 13-11-2017.xlsx 2017-11-15 09:27 - 2017-11-15 09:27 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\PollEverywhere 2017-11-15 09:27 - 2017-11-15 09:27 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\LiveSlides 2017-11-15 09:27 - 2017-11-15 09:27 - 000000000 ____D C:\Users\Tandem\AppData\Local\Microsoft_Corporation 2017-11-15 04:32 - 2017-11-15 09:27 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\Microsoft Corporation 2017-11-15 04:32 - 2017-11-15 04:32 - 000000000 ____D C:\ProgramData\Microsoft Corporation 2017-11-15 04:31 - 2017-11-15 04:31 - 000000000 ____D C:\ProgramData\polleverywhere 2017-11-14 18:19 - 2017-11-14 18:20 - 000000000 ____D C:\Users\Tandem\Desktop\Ingles 2017-11-09 11:20 - 2017-11-09 11:20 - 001611999 _____ C:\Users\Tandem\Downloads\Marketing Channel Strategy in Rural Emerging Markets Ben Neuwirth (1).pdf 2017-11-09 11:18 - 2017-11-09 11:18 - 001611999 _____ C:\Users\Tandem\Downloads\Marketing Channel Strategy in Rural Emerging Markets Ben Neuwirth.pdf 2017-11-09 05:25 - 2017-11-09 05:25 - 000000000 ____D C:\Users\Tandem\AppData\Local\Power-user 2017-11-09 05:20 - 2017-11-09 05:24 - 054257824 _____ (Power-user) C:\Users\Tandem\Downloads\Power-user.exe 2017-11-09 05:07 - 2017-11-09 05:07 - 000000000 ____D C:\Users\Tandem\Downloads\Nueva carpeta 2017-11-08 13:24 - 2017-11-08 13:24 - 002556933 _____ C:\Users\Tandem\Downloads\Tandem - Modelos Accountability_v0.pptx 2017-11-08 13:24 - 2017-11-08 13:24 - 000681245 _____ C:\Users\Tandem\Downloads\Tandem - Accountability and Engagement.pptx 2017-11-08 13:24 - 2017-11-08 13:24 - 000011567 _____ C:\Users\Tandem\Downloads\Accountability - guía de desarrollo.xlsx 2017-11-08 13:19 - 2017-11-08 13:19 - 000374784 _____ C:\Users\Tandem\Downloads\21949903-La-Matriz-de-McKinsey[1].ppt 2017-11-07 06:26 - 2017-11-07 06:26 - 000000000 ____D C:\Users\Tandem\Documents\Blocs de notas de OneNote 2017-11-07 06:13 - 2017-12-04 15:55 - 000000000 ___RD C:\Users\Tandem\OneDrive - SOLUCIONES DE DECISION S.A., 2017-11-07 06:11 - 2017-11-07 06:11 - 000003174 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2497024322-3653266925-2419587985-1000 2017-11-07 06:11 - 2017-11-07 06:09 - 024855752 _____ (Microsoft Corporation) C:\Users\Tandem\Downloads\OneDriveSetup.exe 2017-11-06 14:19 - 2017-12-04 04:27 - 000252232 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys 2017-11-06 14:19 - 2017-11-06 14:19 - 000000744 _____ C:\Windows\SysWOW64\PARTIZAN.TXT 2017-11-06 14:14 - 2017-11-06 14:14 - 008261584 _____ (Malwarebytes) C:\Users\Tandem\Downloads\adwcleaner_7.0.4.0.exe 2017-11-06 13:58 - 2017-11-06 13:58 - 000000000 ____D C:\ProgramData\RegRun 2017-11-06 13:58 - 2017-05-23 13:24 - 000000922 _____ C:\Windows\System32\Drivers\etc\hosts.old 2017-11-06 13:57 - 2017-11-06 14:23 - 000000000 ____D C:\Program Files (x86)\UnHackMe 2017-11-06 13:57 - 2017-11-06 14:16 - 000000000 ____D C:\Users\Tandem\Documents\RegRun2 2017-11-06 13:57 - 2017-11-06 13:57 - 000000002 RSHOT C:\Windows\winstart.bat 2017-11-06 13:57 - 2017-11-06 13:57 - 000000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT 2017-11-06 13:55 - 2017-11-06 13:57 - 019046431 _____ C:\Users\Tandem\Downloads\unhackmeb.zip 2017-11-06 13:41 - 2017-12-04 15:49 - 000004200 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2017-11-06 13:41 - 2016-10-24 00:22 - 001053392 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSnx.sys 2017-11-06 13:41 - 2016-10-24 00:22 - 000441944 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSP.sys 2017-11-06 13:41 - 2016-10-24 00:22 - 000292840 _____ C:\Windows\System32\Drivers\aswVmm.sys 2017-11-06 13:41 - 2016-10-24 00:22 - 000090344 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswMonFlt.sys 2017-11-06 13:41 - 2016-10-24 00:22 - 000080376 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswRdr2.sys 2017-11-06 13:41 - 2016-10-24 00:22 - 000078264 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswTdi.sys 2017-11-06 13:41 - 2016-10-24 00:22 - 000074680 _____ C:\Windows\System32\Drivers\aswRvrt.sys 2017-11-06 13:41 - 2016-10-24 00:22 - 000032096 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswKbd.sys 2017-11-06 13:41 - 2016-10-24 00:20 - 000050760 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2017-11-06 13:41 - 2016-10-24 00:19 - 000306320 _____ (Avast Software s.r.o.) C:\Windows\System32\aswBoot.exe 2017-11-06 13:40 - 2017-11-06 13:40 - 000000000 ____D C:\Program Files\AVAST Software 2017-11-06 13:38 - 2017-11-06 13:38 - 001790024 _____ (Malwarebytes) C:\Users\Tandem\Downloads\JRT.exe 2017-11-06 13:35 - 2017-11-13 15:22 - 000002192 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-11-06 13:34 - 2017-11-15 09:40 - 000003468 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-06 13:34 - 2017-11-15 09:40 - 000003340 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-06 13:30 - 2017-11-17 06:11 - 000004130 _____ C:\Windows\System32\Tasks\CCleaner Update 2017-11-06 13:30 - 2017-11-06 13:30 - 000002792 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-11-06 13:29 - 2017-11-06 13:30 - 000000000 ____D C:\Program Files\CCleaner 2017-11-06 13:19 - 2017-11-06 14:15 - 000000000 ____D C:\AdwCleaner 2017-11-06 13:19 - 2017-11-06 13:19 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Tandem\Downloads\rkill.exe 2017-11-06 13:18 - 2017-11-06 13:19 - 008261584 _____ (Malwarebytes) C:\Users\Tandem\Downloads\AdwCleaner.exe 2017-11-06 13:17 - 2017-11-06 13:17 - 000027337 _____ C:\Users\Tandem\Downloads\bookmarks_6_11_17.html 2017-11-06 10:45 - 2017-11-06 10:45 - 000000043 _____ C:\Users\Tandem\Downloads\hbpix (1) 2017-11-06 07:28 - 2017-11-06 07:28 - 002219244 _____ C:\Users\Tandem\Downloads\TMT2017Spanish.pdf 2017-11-06 07:08 - 2017-11-06 07:08 - 004949025 _____ C:\Users\Tandem\Downloads\GMO Report_2016_Industry overview_v3.pdf 2017-11-06 07:03 - 2017-11-06 07:03 - 004016918 _____ C:\Users\Tandem\Downloads\Copy of McKinsey Global Media Report 2015.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-04 15:46 - 2017-03-06 12:58 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\Skype 2017-12-04 15:46 - 2017-03-06 11:31 - 000003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher 2017-12-04 15:46 - 2017-03-06 11:31 - 000000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job 2017-12-04 15:46 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\tracing 2017-12-04 14:56 - 2017-03-06 11:42 - 000000000 ____D C:\Users\Tandem\AppData\Local\Deployment 2017-12-04 13:42 - 2017-03-13 15:11 - 000000000 ____D C:\Users\Tandem\Desktop\Proyectos 2017-12-04 13:26 - 2017-07-14 11:01 - 000420352 ___SH C:\Users\Tandem\Desktop\Thumbs.db 2017-12-04 06:54 - 2017-03-13 15:12 - 000000000 ____D C:\Users\Tandem\Desktop\Time Report 2017-12-04 04:43 - 2017-03-06 12:58 - 000000000 ____D C:\ProgramData\Skype 2017-12-04 04:43 - 2009-07-13 20:45 - 000031072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-12-04 04:43 - 2009-07-13 20:45 - 000031072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-12-04 04:33 - 2011-08-21 11:42 - 000838852 _____ C:\Windows\System32\perfh00A.dat 2017-12-04 04:33 - 2011-08-21 11:42 - 000191540 _____ C:\Windows\System32\perfc00A.dat 2017-12-04 04:33 - 2009-07-13 21:13 - 001895106 _____ C:\Windows\System32\PerfStringBackup.INI 2017-12-04 04:33 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf 2017-12-04 04:30 - 2017-03-06 12:02 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-12-04 04:29 - 2017-03-06 13:02 - 000000000 ____D C:\Users\Tandem\AppData\Local\LogMeIn Hamachi 2017-12-04 04:28 - 2017-03-06 13:21 - 001915446 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2017-12-04 04:27 - 2017-06-08 17:40 - 000000176 _____ C:\Users\Tandem\BullseyeCoverageError.txt 2017-12-04 04:27 - 2011-08-21 02:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-12-04 04:27 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-12-01 08:02 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\NDF 2017-11-25 18:18 - 2017-03-06 12:25 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2017-11-21 04:20 - 2017-11-01 11:45 - 000018509 _____ C:\Users\Tandem\Downloads\circular-calculo.xlsx 2017-11-17 04:10 - 2017-04-28 12:07 - 000000000 ____D C:\Users\Tandem\AppData\Local\ElevatedDiagnostics 2017-11-16 04:45 - 2017-03-06 12:27 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-11-09 05:25 - 2017-03-07 06:57 - 000000000 ____D C:\Users\Tandem\Documents\Power-user 2017-11-09 05:24 - 2017-03-07 06:55 - 000000000 ____D C:\Users\Tandem\AppData\Local\Downloaded Installations 2017-11-08 13:26 - 2017-11-01 11:45 - 000019169 _____ C:\Users\Tandem\Downloads\circular-calculo (1).xlsx 2017-11-07 16:54 - 2017-03-06 12:35 - 000000000 ____D C:\Users\Tandem\AppData\LocalLow\Mozilla 2017-11-07 06:13 - 2017-03-06 12:17 - 000000000 ___RD C:\Users\Tandem\OneDrive 2017-11-07 06:13 - 2017-03-06 11:30 - 000000000 ____D C:\users\Tandem 2017-11-07 06:11 - 2017-03-06 12:17 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive 2017-11-06 14:27 - 2017-03-06 11:47 - 004233307 ____H C:\Users\Tandem\AppData\Local\IconCache.db.backup 2017-11-06 14:18 - 2017-03-06 12:13 - 000002000 ____H C:\Users\Tandem\Documents\Default.rdp 2017-11-06 13:40 - 2017-10-24 17:03 - 000000000 ____D C:\ProgramData\AVAST Software 2017-11-06 13:35 - 2017-03-06 11:42 - 000000000 ____D C:\Users\Tandem\AppData\Local\Google 2017-11-06 13:35 - 2017-03-06 11:42 - 000000000 ____D C:\Program Files (x86)\Google Some files in TEMP: ==================== 2017-06-08 17:40 - 2017-06-08 17:40 - 000008720 ____N () C:\Users\Tandem\AppData\Local\Temp\BullseyeCoverage-2-x86.dll 2017-10-12 15:43 - 2017-10-12 15:43 - 000701512 _____ (Microsoft) C:\Users\Tandem\AppData\Local\Temp\Validator.exe 2017-12-04 04:42 - 2017-12-04 04:42 - 014456872 _____ (Microsoft Corporation) C:\Users\Tandem\AppData\Local\Temp\vc_redist.x86.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2017-11-30 08:27 ==================== Memory info =========================== Percentage of memory in use: 20% Total physical RAM: 3979.23 MB Available physical RAM: 3167.1 MB Total Virtual: 3977.43 MB Available Virtual: 3171.66 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:210.98 GB) (Free:135.46 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:2.8 GB) NTFS Drive g: () (Removable) (Total:14.65 GB) (Free:12.32 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM_DRV) (Fixed) (Total:0.87 GB) (Free:0.53 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 223.6 GB) (Disk ID: 25B7D966) Partition 1: (Active) - (Size=895 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=211 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.7 GB) (Disk ID: 000026AD) Partition 1: (Active) - (Size=14.6 GB) - (Type=07 NTFS) LastRegBack: 2017-11-30 19:33 ==================== End of FRST.txt ============================


Hello, today when turning on my computer the error of the title of this post is presented. I have Windows 7 pro. I paste the FRST report. Thank you very much!


Edited by hamluis, 06 December 2017 - 03:09 PM.


BC AdBot (Login to Remove)

 


#2 merced25

merced25
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 07 December 2017 - 02:31 PM

Hello, any help?



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 PM

Posted 08 December 2017 - 09:18 PM

Greetings merced25 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I need to see a properly formatted report. Please attempt to post the FRST report and if you are unable to post it with the proper format rerun the scan and attach the report to your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 merced25

merced25
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 10 December 2017 - 08:33 PM

Hi, thank you very much for your response and sorry for my insistence. Attach the report, I hope you can read it correctly. thank you very much

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2017
Ran by SYSTEM on MININT-TE55EHV (06-12-2017 16:43:38)
Running from G:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Inglés (Estados Unidos)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36800 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [823224 2012-07-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [6153128 2017-05-22] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast Business\avastUI.exe [4770952 2016-10-24] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\Tandem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2017-12-04]
ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * aswBoot.exe /A:"* " /L:"3082" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:4 /wow /dir:"C:\Program Files\AVAST Software\Avast Business"

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe [54344 2016-10-24] (Avast Software s.r.o.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-23] (Lenovo.)
S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3760040 2017-05-22] (LogMeIn Inc.)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-06] (Lenovo Group Limited)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-12] (Symantec Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S4 avast! Firewall; "C:\Program Files\AVAST Software\Avast Business\afwServ.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [32096 2016-10-24] (Avast Software s.r.o.)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90344 2016-10-24] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [80376 2016-10-24] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74680 2016-10-24] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1053392 2016-10-24] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [441944 2016-10-24] (Avast Software s.r.o.)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [78264 2016-10-24] (Avast Software s.r.o.)
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292840 2016-10-24] ()
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-12-04] (Malwarebytes)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-21] ()
S2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
S3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-06 16:43 - 2017-12-06 16:43 - 000000000 ____D C:\FRST
2017-12-04 05:00 - 2017-12-04 05:00 - 000151882 _____ C:\Users\Tandem\Downloads\Instructivo workshop EOD - EED (1).zip
2017-12-04 04:45 - 2017-12-04 04:48 - 000167778 _____ C:\Users\Tandem\Downloads\Tandem - Piloto Refillables Framework Colombia - Detalle Dinámicas.pptx
2017-12-04 04:42 - 2017-12-04 04:42 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-01 12:45 - 2017-12-01 12:45 - 001304491 _____ C:\Users\Tandem\Desktop\Encuesta.pptx
2017-11-30 14:15 - 2017-11-30 14:15 - 010037229 _____ C:\Users\Tandem\Downloads\Taller estrategia BBVA 21-12-09 con tablero 2.rar
2017-11-30 14:13 - 2017-11-30 14:13 - 000151882 _____ C:\Users\Tandem\Downloads\Instructivo workshop EOD - EED.zip
2017-11-30 09:57 - 2017-11-30 09:57 - 000090043 _____ C:\Users\Tandem\Downloads\Time Report_2017-11-27.xlsx
2017-11-29 11:07 - 2017-11-29 11:07 - 026218873 _____ C:\Users\Tandem\Downloads\Reunión Clárin 23-11 (1).m4a
2017-11-28 09:08 - 2017-11-28 09:08 - 001485300 _____ C:\Users\Tandem\Downloads\Proyecto Modern Trade Leadership - reunion de kick off v1.pptx
2017-11-27 04:31 - 2017-11-27 04:31 - 000089933 _____ C:\Users\Tandem\Downloads\Time Report_2017-11-13.xlsx
2017-11-24 06:12 - 2017-11-24 06:12 - 000001897 _____ C:\Users\Tandem\Desktop\Zoom.lnk
2017-11-23 05:03 - 2017-11-23 05:04 - 010475979 _____ C:\Users\Tandem\Downloads\2017-11-21 Tandem staffing.xlsm
2017-11-22 06:22 - 2017-11-22 06:22 - 000000000 ____D C:\Users\Tandem\Documents\Zoom
2017-11-22 06:21 - 2017-11-22 06:21 - 000133640 _____ (Zoom Video Communications, Inc.) C:\Users\Tandem\Downloads\Zoom_launcher.exe
2017-11-22 06:21 - 2017-11-22 06:21 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\Zoom
2017-11-21 05:59 - 2017-12-04 13:26 - 003431519 _____ C:\Users\Tandem\Desktop\Agenda reunión de lanzamiento 06.12.pptx
2017-11-21 05:50 - 2017-11-21 05:50 - 002850407 _____ C:\Users\Tandem\Downloads\CP - Consultoria - V12.xlsm
2017-11-17 19:05 - 2017-11-17 19:05 - 000553987 _____ ( ) C:\Users\Tandem\Downloads\palisade_risk_industrial_5.7_crack.exe
2017-11-17 10:26 - 2017-11-17 10:26 - 000022134 _____ C:\Users\Tandem\Downloads\00 Inventario de Notas.xlsx
2017-11-17 10:24 - 2017-11-17 10:24 - 000253987 _____ C:\Users\Tandem\Downloads\La-nueva-era-analítica-de-las-decisiones.pdf
2017-11-17 10:11 - 2017-11-17 10:11 - 007834621 _____ C:\Users\Tandem\Downloads\Almuerzo de contenido SFP v2 .pptx
2017-11-17 05:56 - 2017-11-17 05:56 - 000000476 _____ C:\Users\Tandem\Desktop\Network Security Settings.txt
2017-11-16 12:35 - 2017-11-16 12:35 - 001552636 _____ C:\Users\Tandem\Downloads\Strategic Investment Decision Processes and Organizational Performance - An Empirical Examination - Papadakis 1998.pdf
2017-11-16 12:34 - 2017-11-16 12:34 - 002731426 _____ C:\Users\Tandem\Downloads\Target+Setting.pdf
2017-11-16 12:34 - 2017-11-16 12:34 - 000068931 _____ C:\Users\Tandem\Downloads\6938632d1a8049e1bb07bc5534ffde20.pdf
2017-11-16 10:51 - 2017-11-16 10:51 - 028013601 _____ C:\Users\Tandem\Downloads\Pipeline al 13-11-2017.xlsx
2017-11-15 09:27 - 2017-11-15 09:27 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\PollEverywhere
2017-11-15 09:27 - 2017-11-15 09:27 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\LiveSlides
2017-11-15 09:27 - 2017-11-15 09:27 - 000000000 ____D C:\Users\Tandem\AppData\Local\Microsoft_Corporation
2017-11-15 04:32 - 2017-11-15 09:27 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\Microsoft Corporation
2017-11-15 04:32 - 2017-11-15 04:32 - 000000000 ____D C:\ProgramData\Microsoft Corporation
2017-11-15 04:31 - 2017-11-15 04:31 - 000000000 ____D C:\ProgramData\polleverywhere
2017-11-14 18:19 - 2017-11-14 18:20 - 000000000 ____D C:\Users\Tandem\Desktop\Ingles
2017-11-09 11:20 - 2017-11-09 11:20 - 001611999 _____ C:\Users\Tandem\Downloads\Marketing Channel Strategy in Rural Emerging Markets Ben Neuwirth (1).pdf
2017-11-09 11:18 - 2017-11-09 11:18 - 001611999 _____ C:\Users\Tandem\Downloads\Marketing Channel Strategy in Rural Emerging Markets Ben Neuwirth.pdf
2017-11-09 05:25 - 2017-11-09 05:25 - 000000000 ____D C:\Users\Tandem\AppData\Local\Power-user
2017-11-09 05:20 - 2017-11-09 05:24 - 054257824 _____ (Power-user) C:\Users\Tandem\Downloads\Power-user.exe
2017-11-09 05:07 - 2017-11-09 05:07 - 000000000 ____D C:\Users\Tandem\Downloads\Nueva carpeta
2017-11-08 13:24 - 2017-11-08 13:24 - 002556933 _____ C:\Users\Tandem\Downloads\Tandem - Modelos Accountability_v0.pptx
2017-11-08 13:24 - 2017-11-08 13:24 - 000681245 _____ C:\Users\Tandem\Downloads\Tandem - Accountability and Engagement.pptx
2017-11-08 13:24 - 2017-11-08 13:24 - 000011567 _____ C:\Users\Tandem\Downloads\Accountability - guía de desarrollo.xlsx
2017-11-08 13:19 - 2017-11-08 13:19 - 000374784 _____ C:\Users\Tandem\Downloads\21949903-La-Matriz-de-McKinsey[1].ppt
2017-11-07 06:26 - 2017-11-07 06:26 - 000000000 ____D C:\Users\Tandem\Documents\Blocs de notas de OneNote
2017-11-07 06:13 - 2017-12-04 15:55 - 000000000 ___RD C:\Users\Tandem\OneDrive - SOLUCIONES DE DECISION S.A.,
2017-11-07 06:11 - 2017-11-07 06:11 - 000003174 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2497024322-3653266925-2419587985-1000
2017-11-07 06:11 - 2017-11-07 06:09 - 024855752 _____ (Microsoft Corporation) C:\Users\Tandem\Downloads\OneDriveSetup.exe
2017-11-06 14:19 - 2017-12-04 04:27 - 000252232 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2017-11-06 14:19 - 2017-11-06 14:19 - 000000744 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2017-11-06 14:14 - 2017-11-06 14:14 - 008261584 _____ (Malwarebytes) C:\Users\Tandem\Downloads\adwcleaner_7.0.4.0.exe
2017-11-06 13:58 - 2017-11-06 13:58 - 000000000 ____D C:\ProgramData\RegRun
2017-11-06 13:58 - 2017-05-23 13:24 - 000000922 _____ C:\Windows\System32\Drivers\etc\hosts.old
2017-11-06 13:57 - 2017-11-06 14:23 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2017-11-06 13:57 - 2017-11-06 14:16 - 000000000 ____D C:\Users\Tandem\Documents\RegRun2
2017-11-06 13:57 - 2017-11-06 13:57 - 000000002 RSHOT C:\Windows\winstart.bat
2017-11-06 13:57 - 2017-11-06 13:57 - 000000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2017-11-06 13:55 - 2017-11-06 13:57 - 019046431 _____ C:\Users\Tandem\Downloads\unhackmeb.zip
2017-11-06 13:41 - 2017-12-04 15:49 - 000004200 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-11-06 13:41 - 2016-10-24 00:22 - 001053392 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSnx.sys
2017-11-06 13:41 - 2016-10-24 00:22 - 000441944 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSP.sys
2017-11-06 13:41 - 2016-10-24 00:22 - 000292840 _____ C:\Windows\System32\Drivers\aswVmm.sys
2017-11-06 13:41 - 2016-10-24 00:22 - 000090344 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswMonFlt.sys
2017-11-06 13:41 - 2016-10-24 00:22 - 000080376 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswRdr2.sys
2017-11-06 13:41 - 2016-10-24 00:22 - 000078264 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswTdi.sys
2017-11-06 13:41 - 2016-10-24 00:22 - 000074680 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2017-11-06 13:41 - 2016-10-24 00:22 - 000032096 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswKbd.sys
2017-11-06 13:41 - 2016-10-24 00:20 - 000050760 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2017-11-06 13:41 - 2016-10-24 00:19 - 000306320 _____ (Avast Software s.r.o.) C:\Windows\System32\aswBoot.exe
2017-11-06 13:40 - 2017-11-06 13:40 - 000000000 ____D C:\Program Files\AVAST Software
2017-11-06 13:38 - 2017-11-06 13:38 - 001790024 _____ (Malwarebytes) C:\Users\Tandem\Downloads\JRT.exe
2017-11-06 13:35 - 2017-11-13 15:22 - 000002192 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-06 13:34 - 2017-11-15 09:40 - 000003468 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-06 13:34 - 2017-11-15 09:40 - 000003340 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-06 13:30 - 2017-11-17 06:11 - 000004130 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-11-06 13:30 - 2017-11-06 13:30 - 000002792 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-11-06 13:29 - 2017-11-06 13:30 - 000000000 ____D C:\Program Files\CCleaner
2017-11-06 13:19 - 2017-11-06 14:15 - 000000000 ____D C:\AdwCleaner
2017-11-06 13:19 - 2017-11-06 13:19 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Tandem\Downloads\rkill.exe
2017-11-06 13:18 - 2017-11-06 13:19 - 008261584 _____ (Malwarebytes) C:\Users\Tandem\Downloads\AdwCleaner.exe
2017-11-06 13:17 - 2017-11-06 13:17 - 000027337 _____ C:\Users\Tandem\Downloads\bookmarks_6_11_17.html
2017-11-06 10:45 - 2017-11-06 10:45 - 000000043 _____ C:\Users\Tandem\Downloads\hbpix (1)
2017-11-06 07:28 - 2017-11-06 07:28 - 002219244 _____ C:\Users\Tandem\Downloads\TMT2017Spanish.pdf
2017-11-06 07:08 - 2017-11-06 07:08 - 004949025 _____ C:\Users\Tandem\Downloads\GMO Report_2016_Industry overview_v3.pdf
2017-11-06 07:03 - 2017-11-06 07:03 - 004016918 _____ C:\Users\Tandem\Downloads\Copy of McKinsey Global Media Report 2015.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-04 15:46 - 2017-03-06 12:58 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\Skype
2017-12-04 15:46 - 2017-03-06 11:31 - 000003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2017-12-04 15:46 - 2017-03-06 11:31 - 000000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2017-12-04 15:46 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\tracing
2017-12-04 14:56 - 2017-03-06 11:42 - 000000000 ____D C:\Users\Tandem\AppData\Local\Deployment
2017-12-04 13:42 - 2017-03-13 15:11 - 000000000 ____D C:\Users\Tandem\Desktop\Proyectos
2017-12-04 13:26 - 2017-07-14 11:01 - 000420352 ___SH C:\Users\Tandem\Desktop\Thumbs.db
2017-12-04 06:54 - 2017-03-13 15:12 - 000000000 ____D C:\Users\Tandem\Desktop\Time Report
2017-12-04 04:43 - 2017-03-06 12:58 - 000000000 ____D C:\ProgramData\Skype
2017-12-04 04:43 - 2009-07-13 20:45 - 000031072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-04 04:43 - 2009-07-13 20:45 - 000031072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-04 04:33 - 2011-08-21 11:42 - 000838852 _____ C:\Windows\System32\perfh00A.dat
2017-12-04 04:33 - 2011-08-21 11:42 - 000191540 _____ C:\Windows\System32\perfc00A.dat
2017-12-04 04:33 - 2009-07-13 21:13 - 001895106 _____ C:\Windows\System32\PerfStringBackup.INI
2017-12-04 04:33 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-12-04 04:30 - 2017-03-06 12:02 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-04 04:29 - 2017-03-06 13:02 - 000000000 ____D C:\Users\Tandem\AppData\Local\LogMeIn Hamachi
2017-12-04 04:28 - 2017-03-06 13:21 - 001915446 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-12-04 04:27 - 2017-06-08 17:40 - 000000176 _____ C:\Users\Tandem\BullseyeCoverageError.txt
2017-12-04 04:27 - 2011-08-21 02:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-04 04:27 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-01 08:02 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\NDF
2017-11-25 18:18 - 2017-03-06 12:25 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-11-21 04:20 - 2017-11-01 11:45 - 000018509 _____ C:\Users\Tandem\Downloads\circular-calculo.xlsx
2017-11-17 04:10 - 2017-04-28 12:07 - 000000000 ____D C:\Users\Tandem\AppData\Local\ElevatedDiagnostics
2017-11-16 04:45 - 2017-03-06 12:27 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-09 05:25 - 2017-03-07 06:57 - 000000000 ____D C:\Users\Tandem\Documents\Power-user
2017-11-09 05:24 - 2017-03-07 06:55 - 000000000 ____D C:\Users\Tandem\AppData\Local\Downloaded Installations
2017-11-08 13:26 - 2017-11-01 11:45 - 000019169 _____ C:\Users\Tandem\Downloads\circular-calculo (1).xlsx
2017-11-07 16:54 - 2017-03-06 12:35 - 000000000 ____D C:\Users\Tandem\AppData\LocalLow\Mozilla
2017-11-07 06:13 - 2017-03-06 12:17 - 000000000 ___RD C:\Users\Tandem\OneDrive
2017-11-07 06:13 - 2017-03-06 11:30 - 000000000 ____D C:\users\Tandem
2017-11-07 06:11 - 2017-03-06 12:17 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2017-11-06 14:27 - 2017-03-06 11:47 - 004233307 ____H C:\Users\Tandem\AppData\Local\IconCache.db.backup
2017-11-06 14:18 - 2017-03-06 12:13 - 000002000 ____H C:\Users\Tandem\Documents\Default.rdp
2017-11-06 13:40 - 2017-10-24 17:03 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-06 13:35 - 2017-03-06 11:42 - 000000000 ____D C:\Users\Tandem\AppData\Local\Google
2017-11-06 13:35 - 2017-03-06 11:42 - 000000000 ____D C:\Program Files (x86)\Google

Some files in TEMP:
====================
2017-06-08 17:40 - 2017-06-08 17:40 - 000008720 ____N () C:\Users\Tandem\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2017-10-12 15:43 - 2017-10-12 15:43 - 000701512 _____ (Microsoft) C:\Users\Tandem\AppData\Local\Temp\Validator.exe
2017-12-04 04:42 - 2017-12-04 04:42 - 014456872 _____ (Microsoft Corporation) C:\Users\Tandem\AppData\Local\Temp\vc_redist.x86.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2017-11-30 08:27

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3979.23 MB
Available physical RAM: 3167.1 MB
Total Virtual: 3977.43 MB
Available Virtual: 3171.66 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:210.98 GB) (Free:135.46 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:2.8 GB) NTFS
Drive g: () (Removable) (Total:14.65 GB) (Free:12.32 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM_DRV) (Fixed) (Total:0.87 GB) (Free:0.53 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 25B7D966)
Partition 1: (Active) - (Size=895 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=211 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.7 GB) (Disk ID: 000026AD)
Partition 1: (Active) - (Size=14.6 GB) - (Type=07 NTFS)

LastRegBack: 2017-11-30 19:33

==================== End of FRST.txt ============================

Attached Files

  • Attached File  FRST.txt   21.55KB   2 downloads

Edited by Oh My!, 10 December 2017 - 09:17 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 PM

Posted 10 December 2017 - 09:44 PM

Thank you for the report.

Do you recognize these?

PollEverywhere
LiveSlides

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 merced25

merced25
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 11 December 2017 - 07:53 AM

Hello, yes, they are two tools that the owner of this computer uses.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 PM

Posted 11 December 2017 - 10:12 AM

Thank you.

Please do this.

===================================================

System Restore from System Recovery Options
  • Boot your computer to the System Recovery Options menu
  • Select System Restore
  • Select Next
  • If necessary check Show restore points older than 5 days
  • Left click on the Restore Point dated 2017-11-30 08:27 Next
  • Click Finish and allow System Restore to run
  • Attempt to boot your computer into Normal Mode or, if unsuccessful, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Can you boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 merced25

merced25
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 11 December 2017 - 07:19 PM

Hello, when I try to use restore system, the system tells me that no restoration point was created.
I can not boot either in normal mode or in safe mode.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 PM

Posted 11 December 2017 - 07:57 PM

OK, thank you. Please run this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • Using your USB containing FRST press the Windows Key + R on your keyboard at the same time. Type notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the USB device as fixlist.txt
LastRegBack: 2017-11-30 19:33
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options as you previously did then select Command Prompt.
  • Launch FRST again and press the Fix button
  • The tool will create a Fixlog.txt document on your USB device. Copy and paste that information in your reply.
  • Attempt to boot your computer in Normal or Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 merced25

merced25
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 11 December 2017 - 08:40 PM

Hi, I paste the report. I was able to enter normal mode. Excellent work. Any recommendations so that it does not happen again? Thank you very much!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-12-2017

Ran by SYSTEM (11-12-2017 22:36:22) Run:1
Running from G:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
LastRegBack: 2017-11-30 19:33
*****************
 
DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up
 
==== End of Fixlog 22:36:27 ====


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 PM

Posted 11 December 2017 - 08:43 PM

Very good, but we are not done yet.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Run a fresh FRST scan and copy/paste both reports in your reply. Use multiple posts if necessary.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FRST.txt
  • Addition.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 merced25

merced25
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 11 December 2017 - 10:51 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-12-2017
Ran by Tandem (11-12-2017 22:48:52) Run:2
Running from F:\
Loaded Profiles: Tandem (Available Profiles: Tandem)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
 
*****************
 
Error: (0) Failed to create a restore point.
 
==== End of Fixlog 22:48:53 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2017
Ran by Tandem (administrator) on TANDEM09 (11-12-2017 22:50:04)
Running from F:\
Loaded Profiles: Tandem (Available Profiles: Tandem)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corp.) C:\Users\Tandem\AppData\Local\Microsoft\OffCAT\OffCAT_RTS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast Business\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Blue Jeans) C:\Users\Tandem\AppData\Local\Blue Jeans\App\BlueJeans.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Tandem\AppData\Local\Google\Chrome\User Data\SwReporter\23.135.200\software_reporter_tool.exe
(Google) C:\Users\Tandem\AppData\Local\Google\Chrome\User Data\SwReporter\23.135.200\software_reporter_tool.exe
(Google) C:\Users\Tandem\AppData\Local\Google\Chrome\User Data\SwReporter\23.135.200\software_reporter_tool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36800 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [823224 2012-07-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [6153128 2017-05-22] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast Business\avastUI.exe [4770952 2016-10-24] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-2497024322-3653266925-2419587985-1000\...\Run: [OffCAT] => C:\Users\Tandem\AppData\Local\Microsoft\OffCAT\OffCAT_RTS.exe [365440 2016-08-01] (Microsoft Corp.)
HKU\S-1-5-21-2497024322-3653266925-2419587985-1000\...\Run: [BlueJeans] => C:\Users\Tandem\AppData\Local\Blue Jeans\App\BlueJeans.exe [37697984 2017-08-11] (Blue Jeans)
HKU\S-1-5-21-2497024322-3653266925-2419587985-1000\...\MountPoints2: {3ee13db6-cbdb-11e0-a100-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\Tandem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2017-12-04]
ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 190.55.60.130
Tcpip\..\Interfaces\{0FB8A906-445D-414F-93DA-D940809E6235}: [DhcpNameServer] 8.8.8.8 8.8.4.4 190.55.60.130
Tcpip\..\Interfaces\{C5E88507-BC18-4E28-9E38-883DBAB7B259}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2497024322-3653266925-2419587985-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.ar/?gfe_rd=cr&ei=c7u9WJWXLauB8Qe3_L6wBg&gws_rd=ssl
HKU\S-1-5-21-2497024322-3653266925-2419587985-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
SearchScopes: HKLM -> DefaultScope {31E2683E-3B5B-4FB8-A405-B8DE5766100E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {31E2683E-3B5B-4FB8-A405-B8DE5766100E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {31E2683E-3B5B-4FB8-A405-B8DE5766100E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {31E2683E-3B5B-4FB8-A405-B8DE5766100E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2497024322-3653266925-2419587985-1000 -> DefaultScope {31E2683E-3B5B-4FB8-A405-B8DE5766100E} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-17] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-11-06] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-04-13] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-25] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-20] (Microsoft Corporation)
BHO-x32: Aplicación auxiliar de inicio de sesión de Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-12-01] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-04-13] (Symantec Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: ul6y6urz.default-1507645815428
FF ProfilePath: C:\Users\Tandem\AppData\Roaming\Mozilla\Firefox\Profiles\ul6y6urz.default-1507645815428 [2017-11-07]
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Tandem\AppData\Roaming\Mozilla\Firefox\Profiles\ul6y6urz.default-1507645815428\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-25] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2011-08-21] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-25] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-25] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2497024322-3653266925-2419587985-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Tandem\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-11-22] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2017-05-24] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Tandem\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-05-24] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR Profile: C:\Users\Tandem\AppData\Local\Google\Chrome\User Data\Default [2017-12-11]
CHR Extension: (Presentaciones) - C:\Users\Tandem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-06]
CHR Extension: (Documentos) - C:\Users\Tandem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-06]
CHR Extension: (Google Drive) - C:\Users\Tandem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-06]
CHR Extension: (YouTube) - C:\Users\Tandem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-06]
CHR Extension: (Adobe Acrobat) - C:\Users\Tandem\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-06]
CHR Extension: (Hojas de cálculo) - C:\Users\Tandem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-06]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Tandem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-06]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Tandem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-06]
CHR Extension: (Gmail) - C:\Users\Tandem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-06]
CHR Extension: (Chrome Media Router) - C:\Users\Tandem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe [54344 2016-10-24] (Avast Software s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-23] (Lenovo.)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3760040 2017-05-22] (LogMeIn Inc.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-13] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast Business\afwServ.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [32096 2016-10-24] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90344 2016-10-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [80376 2016-10-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74680 2016-10-24] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1053392 2016-10-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [441944 2016-10-24] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [78264 2016-10-24] (Avast Software s.r.o.)
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292840 2016-10-24] ()
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-12-11] (Malwarebytes)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-21] ()
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
U0 Partizan; system32\drivers\Partizan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-12 03:36 - 2017-12-12 03:36 - 000000000 ____D C:\Windows\system32\config\HiveBackup
2017-12-11 22:49 - 2017-12-11 22:49 - 000006124 _____ C:\Windows\system32\PerfStringBackup.TMP
2017-12-11 22:44 - 2017-12-11 22:44 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2017-12-11 22:44 - 2017-12-11 22:44 - 000000000 ____D C:\Program Files\Common Files\avast software
2017-12-11 22:41 - 2017-12-11 22:41 - 000000000 ___HD C:\OneDriveTemp
2017-12-06 21:43 - 2017-12-11 22:50 - 000000000 ____D C:\FRST
2017-12-04 10:00 - 2017-12-04 10:00 - 000151882 _____ C:\Users\Tandem\Downloads\Instructivo workshop EOD - EED (1).zip
2017-12-04 09:45 - 2017-12-04 09:48 - 000167778 _____ C:\Users\Tandem\Downloads\Tandem - Piloto Refillables Framework Colombia - Detalle Dinámicas.pptx
2017-12-04 09:42 - 2017-12-04 09:42 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-01 17:45 - 2017-12-01 17:45 - 001304491 _____ C:\Users\Tandem\Desktop\Encuesta.pptx
2017-11-30 19:15 - 2017-11-30 19:15 - 010037229 _____ C:\Users\Tandem\Downloads\Taller estrategia BBVA 21-12-09 con tablero 2.rar
2017-11-30 19:13 - 2017-11-30 19:13 - 000151882 _____ C:\Users\Tandem\Downloads\Instructivo workshop EOD - EED.zip
2017-11-30 14:57 - 2017-11-30 14:57 - 000090043 _____ C:\Users\Tandem\Downloads\Time Report_2017-11-27.xlsx
2017-11-29 16:07 - 2017-11-29 16:07 - 026218873 _____ C:\Users\Tandem\Downloads\Reunión Clárin 23-11 (1).m4a
2017-11-28 14:08 - 2017-11-28 14:08 - 001485300 _____ C:\Users\Tandem\Downloads\Proyecto Modern Trade Leadership - reunion de kick off v1.pptx
2017-11-27 09:31 - 2017-11-27 09:31 - 000089933 _____ C:\Users\Tandem\Downloads\Time Report_2017-11-13.xlsx
2017-11-24 11:12 - 2017-11-24 11:12 - 000001897 _____ C:\Users\Tandem\Desktop\Zoom.lnk
2017-11-23 10:03 - 2017-11-23 10:04 - 010475979 _____ C:\Users\Tandem\Downloads\2017-11-21 Tandem staffing.xlsm
2017-11-22 11:22 - 2017-11-22 11:22 - 000000000 ____D C:\Users\Tandem\Documents\Zoom
2017-11-22 11:21 - 2017-11-22 11:21 - 000133640 _____ (Zoom Video Communications, Inc.) C:\Users\Tandem\Downloads\Zoom_launcher.exe
2017-11-22 11:21 - 2017-11-22 11:21 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\Zoom
2017-11-22 11:21 - 2017-11-22 11:21 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2017-11-21 10:59 - 2017-12-04 18:26 - 003431519 _____ C:\Users\Tandem\Desktop\Agenda reunión de lanzamiento 06.12.pptx
2017-11-21 10:50 - 2017-11-21 10:50 - 002850407 _____ C:\Users\Tandem\Downloads\CP - Consultoria - V12.xlsm
2017-11-18 00:05 - 2017-11-18 00:05 - 000553987 _____ ( ) C:\Users\Tandem\Downloads\palisade_risk_industrial_5.7_crack.exe
2017-11-17 15:26 - 2017-11-17 15:26 - 000022134 _____ C:\Users\Tandem\Downloads\00 Inventario de Notas.xlsx
2017-11-17 15:24 - 2017-11-17 15:24 - 000253987 _____ C:\Users\Tandem\Downloads\La-nueva-era-analítica-de-las-decisiones.pdf
2017-11-17 15:11 - 2017-11-17 15:11 - 007834621 _____ C:\Users\Tandem\Downloads\Almuerzo de contenido SFP v2 .pptx
2017-11-17 10:56 - 2017-11-17 10:56 - 000000476 _____ C:\Users\Tandem\Desktop\Network Security Settings.txt
2017-11-16 17:35 - 2017-11-16 17:35 - 001552636 _____ C:\Users\Tandem\Downloads\Strategic Investment Decision Processes and Organizational Performance - An Empirical Examination - Papadakis 1998.pdf
2017-11-16 17:34 - 2017-11-16 17:34 - 002731426 _____ C:\Users\Tandem\Downloads\Target+Setting.pdf
2017-11-16 17:34 - 2017-11-16 17:34 - 000068931 _____ C:\Users\Tandem\Downloads\6938632d1a8049e1bb07bc5534ffde20.pdf
2017-11-16 15:51 - 2017-11-16 15:51 - 028013601 _____ C:\Users\Tandem\Downloads\Pipeline al 13-11-2017.xlsx
2017-11-15 14:27 - 2017-11-15 14:27 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\PollEverywhere
2017-11-15 14:27 - 2017-11-15 14:27 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\LiveSlides
2017-11-15 14:27 - 2017-11-15 14:27 - 000000000 ____D C:\Users\Tandem\AppData\Local\Microsoft_Corporation
2017-11-15 09:32 - 2017-11-15 14:27 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\Microsoft Corporation
2017-11-15 09:32 - 2017-11-15 09:32 - 000000000 ____D C:\ProgramData\Microsoft Corporation
2017-11-15 09:31 - 2017-11-15 09:31 - 000000000 ____D C:\ProgramData\polleverywhere
2017-11-14 23:19 - 2017-11-14 23:20 - 000000000 ____D C:\Users\Tandem\Desktop\Ingles
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-11 22:49 - 2017-11-06 18:35 - 000002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-11 22:49 - 2017-11-06 18:35 - 000002192 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-11 22:49 - 2011-08-21 16:42 - 000853700 _____ C:\Windows\system32\perfh00A.dat
2017-12-11 22:49 - 2011-08-21 16:42 - 000196554 _____ C:\Windows\system32\perfc00A.dat
2017-12-11 22:44 - 2017-11-07 11:13 - 000000000 ___RD C:\Users\Tandem\OneDrive - SOLUCIONES DE DECISION S.A.,
2017-12-11 22:44 - 2017-06-08 22:40 - 000000176 _____ C:\Users\Tandem\BullseyeCoverageError.txt
2017-12-11 22:44 - 2017-03-06 18:02 - 000000000 ____D C:\Users\Tandem\AppData\Local\LogMeIn Hamachi
2017-12-11 22:44 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-11 22:44 - 2009-07-14 01:45 - 000031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-11 22:44 - 2009-07-14 01:45 - 000031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-11 22:43 - 2017-03-06 16:31 - 000000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2017-12-11 22:42 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\tracing
2017-12-11 22:37 - 2017-11-06 19:19 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-04 20:49 - 2017-11-06 18:41 - 000004200 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-12-04 20:46 - 2017-03-06 17:58 - 000000000 ____D C:\Users\Tandem\AppData\Roaming\Skype
2017-12-04 20:46 - 2017-03-06 16:31 - 000003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2017-12-04 19:56 - 2017-03-06 16:42 - 000000000 ____D C:\Users\Tandem\AppData\Local\Deployment
2017-12-04 18:42 - 2017-03-13 20:11 - 000000000 ____D C:\Users\Tandem\Desktop\Proyectos
2017-12-04 18:26 - 2017-07-14 16:01 - 000420352 ___SH C:\Users\Tandem\Desktop\Thumbs.db
2017-12-04 11:54 - 2017-03-13 20:12 - 000000000 ____D C:\Users\Tandem\Desktop\Time Report
2017-12-04 09:43 - 2017-03-06 17:58 - 000000000 ____D C:\ProgramData\Skype
2017-12-04 09:33 - 2009-07-14 02:13 - 001895106 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-04 09:33 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2017-12-04 09:30 - 2017-03-06 17:02 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-04 09:28 - 2017-03-06 18:21 - 001915446 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-12-04 09:27 - 2011-08-21 07:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-01 13:02 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF
2017-11-30 16:30 - 2017-03-06 17:26 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-25 23:18 - 2017-03-06 17:25 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-11-21 09:20 - 2017-11-01 16:45 - 000018509 _____ C:\Users\Tandem\Downloads\circular-calculo.xlsx
2017-11-17 11:11 - 2017-11-06 18:30 - 000004130 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-11-17 09:10 - 2017-04-28 17:07 - 000000000 ____D C:\Users\Tandem\AppData\Local\ElevatedDiagnostics
2017-11-16 09:45 - 2017-03-06 17:27 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-15 14:40 - 2017-11-06 18:34 - 000003468 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 14:40 - 2017-11-06 18:34 - 000003340 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2017-06-07 17:54 - 2017-06-07 17:54 - 000198656 _____ () C:\ProgramData\pollev_xp_util.exe
 
Some files in TEMP:
====================
2017-06-08 22:40 - 2017-06-08 22:40 - 000008720 ____N () C:\Users\Tandem\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2017-10-12 20:43 - 2017-10-12 20:43 - 000701512 _____ (Microsoft) C:\Users\Tandem\AppData\Local\Temp\Validator.exe
2017-12-04 09:42 - 2017-12-04 09:42 - 014456872 _____ (Microsoft Corporation) C:\Users\Tandem\AppData\Local\Temp\vc_redist.x86.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-01 00:33
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2017
Ran by Tandem (11-12-2017 22:51:43)
Running from F:\
Windows 7 Professional Service Pack 1 (X64) (2017-03-06 19:30:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-2497024322-3653266925-2419587985-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2497024322-3653266925-2419587985-1006 - Limited - Enabled)
Invitado (S-1-5-21-2497024322-3653266925-2419587985-501 - Limited - Disabled)
Tandem (S-1-5-21-2497024322-3653266925-2419587985-1000 - Administrator - Enabled) => C:\Users\Tandem
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: avast! Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Active Protection System de ThinkVantage (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - Italiano, Español, Nederlands, Português (HKLM-x32\...\{AC76BA86-1040-7D70-7760-000000000005}) (Version: 10.1.4 - Adobe Systems)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
avast! Endpoint Protection Suite Plus (HKLM-x32\...\avast) (Version: 8.0.1609.0 - AVAST Software)
Blue Jeans (HKLM-x32\...\{CBA99A4D-AADB-40F5-A776-31EF28452C0E}) (Version: 1.30.18 - Blue Jeans)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (HKLM-x32\...\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.0 - Conexant)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (HKLM-x32\...\{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.890 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Decision Strategies Toolbox (HKLM-x32\...\{9C837547-8E20-4F88-89F4-920F2ECE62C2}) (Version: 2.52.0000 - Decision Strategies Inc)
Direct DiscRecorder (HKLM-x32\...\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Direct DiscRecorder (HKLM-x32\...\InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
En pantalla (HKLM\...\OnScreenDisplay) (Version: 6.22.00 - )
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gestor de energía de ThinkPad (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.48 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP LaserJet Professional CP1520 Series (HKLM-x32\...\{5C069542-CA13-4f1b-B90C-28C6430F4992}) (Version:  - Hewlett-Packard)
Icecream Ebook Reader versión 5.04 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 5.04 - Icecream Apps)
IllustratorCs6 versión 16.0 (HKLM-x32\...\{B558D09D-AF45-4008-B73B-409706BC7FF8}_is1) (Version: 16.0 - Nws)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.2 - Lenovo Inc.)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5802.24 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Nombre de su organización)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
LogMeIn Hamachi (HKLM-x32\...\{E59194A0-A215-4C44-8B92-40780387EBE0}) (Version: 2.2.0.578 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.578 - LogMeIn, Inc.)
Malwarebytes versión 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 365 Business - es-es (HKLM\...\O365BusinessRetail - es-es) (Version: 16.0.8625.2127 - Microsoft Corporation)
Microsoft Office Configuration Analyzer Tool 2.2 (HKLM-x32\...\{EA5C0F11-00CA-0321-0801-141002021782}) (Version: 2.2.6018.801 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2497024322-3653266925-2419587985-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 56.0.1 (x64 es-AR) (HKLM\...\Mozilla Firefox 56.0.1 (x64 es-AR)) (Version: 56.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.1.6484 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Paquete de controladores de Windows - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Paquete de controladores de Windows - Intel (MEIx64) System  (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Paquete de controladores de Windows - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Paquete de controladores de Windows - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Paquete de controladores de Windows - Intel System  (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Paquete de controladores de Windows - Intel USB  (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Paquete de controladores de Windows - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Paquete de controladores de Windows - Ricoh Company SD Host Controller (03/23/2011 6.10.10.30) (HKLM\...\4534F449D55EE49DEE206B3D9A3B1811E1A495EA) (Version: 03/23/2011 6.10.10.30 - Ricoh Company)
Paquete de controladores de Windows - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.5.1 - pdfforge GmbH)
Poll Everywhere (HKLM-x32\...\{85702971-C032-4977-BDD5-691A150628A7}) (Version: 2.1.1 - Poll Everywhere)
Power-user (HKLM-x32\...\{C0A34C54-C8F5-46E2-A537-7AC9AD0E9E0E}) (Version: 1.6.101 - Power-user)
Programa de utilidad de ThinkPad UltraNav (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
RapidBoot (HKLM-x32\...\{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo) Hidden
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
Service Pack 2 for Microsoft Project 2010 (KB2687457) 32-Bit Edition (HKLM-x32\...\{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Software Intel® PROSet/Wireless WiFi (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0042 - Lenovo)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.22 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.61.00.11 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.19.0 - )
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.01 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.06 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
VIPAccess (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.1.91 - Nombre de su organización)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2497024322-3653266925-2419587985-1000\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2497024322-3653266925-2419587985-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Tandem\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-2497024322-3653266925-2419587985-1000_Classes\CLSID\{DAE467D6-5C66-404A-BD99-4AC8261A733A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast Business\ashShA64.dll [2016-10-24] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast Business\ashShA64.dll [2016-10-24] (Avast Software s.r.o.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2012-07-27] (Adobe Systems Inc.)
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast Business\ashShA64.dll [2016-10-24] (Avast Software s.r.o.)
ContextMenuHandlers1-x32: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast Business\ashShA64.dll [2016-10-24] (Avast Software s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4-x32: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-03-11] (Intel Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2012-07-27] (Adobe Systems Inc.)
ContextMenuHandlers6-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast Business\ashShA64.dll [2016-10-24] (Avast Software s.r.o.)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6-x32: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B4ADB99-5C2C-415D-856F-2FE93BF49CDD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
Task: {1660A1E9-17F0-46F5-9858-451651EF2C65} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {286C945E-8C57-47BB-8427-1048AD02AD11} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-24] ()
Task: {3A0D6D5D-C3C6-400C-8560-0E9AC6BCCA87} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast Business\AvastEmUpdate.exe [2017-11-07] (Avast Software s.r.o.)
Task: {3ADF11F7-F1B1-4BDB-AF16-E3FC5B13CB91} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-03-23] (Lenovo Group Limited)
Task: {4447D964-F1FC-439D-9B3F-1D8F613AF17B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {4AF170CD-BD36-49E6-A5FC-025F1B685AA8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {53AAE58E-93FA-4D0B-AEA2-D86E0090B846} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-06] (Google Inc.)
Task: {77922717-3A5F-49D7-B1DC-7F6506AA7291} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {98A5E33B-C596-44BC-BB3B-68B09ECF5F43} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2017-12-11] (AVAST Software)
Task: {9A6AB367-09B2-4F2E-AB5A-78E95B199B1D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-24] ()
Task: {9E8E6A0E-4710-4C82-A1D9-F631003DCEC1} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {B5825C47-0A41-448A-810D-5724434579BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-06] (Google Inc.)
Task: {B833D4C6-00AF-4F42-B5EF-28C9A8D836F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-01] (Microsoft Corporation)
Task: {B9559A2C-A9DE-4560-AFEA-8648638DA7DE} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {DC0BB10A-C15F-41C4-B0F1-A84939C73B9C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {F946A698-AB53-4CD6-9BF0-BDD98C328F9B} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-12-17 08:53 - 2010-12-17 08:53 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-08-21 16:35 - 2011-03-24 07:48 - 000057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-08-21 07:04 - 2010-10-26 01:40 - 000049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-08-21 07:08 - 2011-03-11 00:10 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-21 07:11 - 2011-03-23 15:48 - 000052224 _____ () C:\Program Files (x86)\ThinkPad\Utilities\SP\PWMRT64V.DLL
2017-06-08 22:40 - 2017-06-08 22:40 - 000010256 ____N () C:\Windows\TEMP\BullseyeCoverage-2-x64.dll
2017-11-13 20:22 - 2017-11-10 06:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-13 20:22 - 2017-11-10 06:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-12-04 13:30 - 2017-12-04 08:15 - 005116928 _____ () C:\Program Files\AVAST Software\Avast Business\defs\17120402\algo.dll
2012-07-27 17:52 - 2012-07-27 17:52 - 000019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\es_ES\acrotray.esp
2017-06-08 22:40 - 2017-06-08 22:40 - 000008720 ____N () C:\Users\Tandem\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2497024322-3653266925-2419587985-1000\...\sharepoint.com -> hxxps://tandemsd-files.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 23:34 - 2017-11-06 19:20 - 000000922 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2497024322-3653266925-2419587985-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tandem\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupreg: ALCKRESI.EXE => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{106604BE-5444-4331-9923-0889E8C57475}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{90DE2873-7F82-4EAC-8755-1BDABC4D537E}] => (Allow) LPort=2869
FirewallRules: [{DB4B5E6F-2D06-4E0A-9692-C6E98467B91B}] => (Allow) LPort=1900
FirewallRules: [{49B9C364-62B8-447D-A658-C1B9761CCB83}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{08CB3A95-0796-4F89-8AE7-6DC6D4E0B797}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{5E9000F6-983F-4CAE-B0AD-1A90985DFACB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{31EB8E08-3938-4D72-9ACD-13F02B4654BF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A2D66160-F7B9-461F-81A7-041FACE65CAA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5DF2F037-A566-4A40-9D5C-981B02940C17}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3008FC12-97C2-475E-A1EE-5B60AB75888A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{53039C70-320A-4BD9-8C72-29D121117E25}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F6AFE07B-F609-47AA-8662-47F0C13748AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{640FDD55-921B-446B-A3BB-ACE10BB966A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC6CACCB-ED7B-4B5C-B2E8-7C6E6D3D2031}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5EABAE82-7F62-4699-B0C0-372A3A28AAC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
FirewallRules: [{67FAB8E8-FE57-4B53-A18B-6A3ECC055F49}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
FirewallRules: [{7FC0D5F0-96EF-4400-B344-E6B07A605708}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{795F5826-8EA9-4357-BF46-C932289A543B}C:\users\tandem\appdata\local\blue jeans\app\bluejeans.exe] => (Block) C:\users\tandem\appdata\local\blue jeans\app\bluejeans.exe
FirewallRules: [UDP Query User{2FBD5C9F-5F63-40F1-BBF2-A5F2FBC4D394}C:\users\tandem\appdata\local\blue jeans\app\bluejeans.exe] => (Block) C:\users\tandem\appdata\local\blue jeans\app\bluejeans.exe
FirewallRules: [{72691900-94B1-46CC-BB95-302AAD28DA2D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{4EFF933B-3318-454A-9AFE-0709B942C58B}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Block) C:\program files (x86)\microsoft office\root\office16\lync.exe
FirewallRules: [UDP Query User{1CB37F4E-DB3E-4A0B-9B35-7B93A240578F}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Block) C:\program files (x86)\microsoft office\root\office16\lync.exe
FirewallRules: [{6B0F3E79-B012-4C6A-9BE8-DBE55409F939}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/11/2017 10:49:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: El valor de cadena de nombre del contador de rendimiento del Registro tiene un formato incorrecto. La cadena incorrecta es 13346. El primer valor DWORD de la sección de datos contiene el valor del índice de la cadena incorrecta, mientras que el segundo y tercer valor DWORD de la sección de datos contienen los últimos valores del índice válidos.
 
Error: (12/11/2017 10:49:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: El valor de cadena de nombre del contador de rendimiento del Registro tiene un formato incorrecto. La cadena incorrecta es 13346. El primer valor DWORD de la sección de datos contiene el valor del índice de la cadena incorrecta, mientras que el segundo y tercer valor DWORD de la sección de datos contienen los últimos valores del índice válidos.
 
Error: (12/11/2017 10:49:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.
 
Error: (12/11/2017 10:49:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: El valor de cadena de nombre del contador de rendimiento del Registro tiene un formato incorrecto. La cadena incorrecta es 13346. El primer valor DWORD de la sección de datos contiene el valor del índice de la cadena incorrecta, mientras que el segundo y tercer valor DWORD de la sección de datos contienen los últimos valores del índice válidos.
 
Error: (12/11/2017 10:49:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: El valor de cadena de nombre del contador de rendimiento del Registro tiene un formato incorrecto. La cadena incorrecta es 13346. El primer valor DWORD de la sección de datos contiene el valor del índice de la cadena incorrecta, mientras que el segundo y tercer valor DWORD de la sección de datos contienen los últimos valores del índice válidos.
 
Error: (12/11/2017 10:48:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: No se pudo crear el punto de restauración (proceso = F:\FRST64.exe ; descripción = Restore Point Created by FRST; error = 0x80070422).
 
Error: (12/11/2017 10:44:51 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
 
Error: (12/11/2017 10:44:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
 
Error: (12/11/2017 10:44:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.
 
Error: (12/11/2017 10:44:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: El valor de cadena de nombre del contador de rendimiento del Registro tiene un formato incorrecto. La cadena incorrecta es 13346. El primer valor DWORD de la sección de datos contiene el valor del índice de la cadena incorrecta, mientras que el segundo y tercer valor DWORD de la sección de datos contienen los últimos valores del índice válidos.
 
 
System errors:
=============
Error: (12/04/2017 10:48:42 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.
 
Error: (12/01/2017 09:29:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 20.
 
Error: (12/01/2017 09:27:44 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (12/01/2017 09:27:40 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (12/01/2017 09:27:09 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (12/01/2017 12:35:22 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {FE9617F6-E606-42AA-BECC-0E9CDA246D63} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (12/01/2017 12:34:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {C332C124-340D-4430-AA0D-C75602876FCC} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (12/01/2017 12:17:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {F9717507-6651-4EDB-BFF7-AE615179BCCF} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (11/29/2017 06:52:51 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (11/27/2017 02:26:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio Schedule.
 
 
CodeIntegrity:
===================================
  Date: 2017-06-08 22:40:55.058
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2017-06-08 22:40:55.056
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2017-06-08 22:40:55.052
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2017-06-08 22:40:55.050
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2017-06-07 09:17:12.161
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2017-06-07 09:17:12.083
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2017-05-24 08:55:38.660
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2017-05-24 08:55:38.582
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2017-05-21 11:39:25.635
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2017-05-21 11:39:25.448
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 53%
Total physical RAM: 3979.23 MB
Available physical RAM: 1834.39 MB
Total Virtual: 7956.68 MB
Available Virtual: 5757.77 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:210.98 GB) (Free:134.74 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:2.8 GB) NTFS
Drive f: () (Removable) (Total:14.65 GB) (Free:12.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 25B7D966)
Partition 1: (Active) - (Size=895 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=211 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.7 GB) (Disk ID: 000026AD)
Partition 1: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 PM

Posted 12 December 2017 - 09:29 AM

Greetings,

At this point your computer looks pretty good, except that a System Restore Point could not be created by FRST. The entries I see that can be removed are inconsequential and are doing no harm. There is some follow up work we can do like secondary scans and checking for updates. The reason why I tell you this is because in order for me to continue assisting you I must advise you of the following:

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall all unlicensed Adobe products and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan after removal and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 merced25

merced25
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 12 December 2017 - 04:26 PM

Hi Gary, first of all, thank you very much for your patient and effective help. I went to seek help for the excellent reputation it has in the treatment of viruses, malware and other obstacles that we live who are dedicated to IT. Please suggested that you close this post, the computer is not my property and I should check with the owner who wants to do with the software warning you all these problems that you tell me. Again, thanks for your help and what you need and as long as I can help you I will.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 PM

Posted 12 December 2017 - 09:16 PM

Greetings.

You are quite welcome. I am glad we at least got it to boot properly.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users