Jump to content

Infected with Cryptowall Ransomeware - log attached


Recommended Posts

Has anyone dealt with the Cryptowall ransomware? This system got infected, and now we can't open any files at all. They are all encrypted. Almost every folder has 4 additional files in them named HELP_DECRYPT (different types of files, html, etc.).

And every time the computer is restarted, an HTML page comes up with "instructions on how to fix it" and the links are different each time. (the fix, as you probably know, is to pay a ransom fee)

 

 

Please Help Me!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by Usuario (administrator) on USUARIO1 on 03-07-2015 21:43:04
Running from C:\Users\Usuario\Downloads
Loaded Profiles: Usuario &  (Available Profiles: Usuario)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Español (España, internacional)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Hewlett-Packard Company) C:\WINDOWS\System32\hpservice.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
(CGSecurity) C:\Users\Usuario\Downloads\testdisk-7.0.win\testdisk-7.0\qphotorec_win.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Code 42 Software, Inc.) C:\Users\Usuario\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe
(Code 42 Software) C:\Users\Usuario\AppData\Local\Programs\CrashPlan\CrashPlanService.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\RacAgent.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3576664 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Run: [CrashPlanService] => C:\Users\Usuario\AppData\Local\Programs\CrashPlan\CrashPlanService.vbs [399 2015-07-01] ()
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Run: [CrashPlanTray] => C:\Users\Usuario\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe [417560 2015-07-01] (Code 42 Software, Inc.)
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\MountPoints2: {929a61d3-4316-11e2-b070-001e68db139c} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\drivers\setup.exe
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe, [25088 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Winlogon: [shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3576664 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {929a61d3-4316-11e2-b070-001e68db139c} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\drivers\setup.exe
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe, [25088 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2009-03-24] (Autodesk, Inc.)
BootExecute: autocheck autochk /p \??\F:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ar.msn.com/?ocid=iehp
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ar.msn.com/?ocid=iehp
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
URLSearchHook: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 - (No Name) - {9c905b42-976e-43c1-bc30-fc5937017909} -  No File
URLSearchHook: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {9c905b42-976e-43c1-bc30-fc5937017909} -  No File
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> {3BA54AB1-02D9-4D05-B788-1AF5CBECCCC8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {3BA54AB1-02D9-4D05-B788-1AF5CBECCCC8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-08-20] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-08-20] (Sun Microsystems, Inc.)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -  No File
Toolbar: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3E7582BF-93E5-4F84-B0D5-902ED3137A2D}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3E7582BF-93E5-4F84-B0D5-902ED3137A2D}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\0iqgbvnb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll [2013-01-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2012-03-22] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_34 -> C:\Windows\system32\npdeployJava1.dll [2012-08-20] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-08-20] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-01-11] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3091019311-2293192049-2105965127-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3091019311-2293192049-2105965127-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3091019311-2293192049-2105965127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-17] (Google Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-09-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-16]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-01]
CHR Extension: (Google Wallet) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]
StartMenuInternet: Google Chrome - C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [77824 2008-06-27] (Andrea Electronics Corporation)
S4 Automatic LiveUpdate Scheduler; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [238968 2008-02-09] (Symantec Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1034584 2015-06-18] (Disc Soft Ltd)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-21] (Macrovision Corporation) [File not signed]
S4 LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3220856 2008-09-05] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S4 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292216 2010-03-08] ()
S4 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116080 2010-03-08] ()
S4 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe [221273 2008-06-27] (IDT, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [170000 2008-04-14] (AMD Technologies Inc.)
R0 Amddfltr; C:\Windows\System32\DRIVERS\Amddfltr.sys [15416 2008-01-07] (Advanced Micro Devices)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25016 2015-07-03] (Disc Soft Ltd)
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl78b5dbc7; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{391D14B0-013C-4DA7-A8FC-129B5F1E30CC}\MpKsl78b5dbc7.sys [39168 2015-07-03] (Microsoft Corporation)
R3 MxlW2k; C:\Windows\system32\Drivers\MxlW2k.sys [28352 2011-02-19] (MusicMatch, Inc.) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44032 2012-07-09] (Apple, Inc.) [File not signed]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263}; C:\Program Files\HP\QuickPlay\000.fcl [87536 2010-03-08] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-03 21:43 - 2015-07-03 21:46 - 00021958 _____ C:\Users\Usuario\Downloads\FRST.txt
2015-07-03 21:42 - 2015-07-03 21:43 - 00000000 ____D C:\FRST
2015-07-03 21:41 - 2015-07-03 21:41 - 01636352 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2015-07-03 21:24 - 2015-07-03 21:24 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrashPlan
2015-07-03 21:22 - 2015-07-03 21:22 - 00000000 ____D C:\ProgramData\CrashPlan
2015-07-03 21:21 - 2015-07-03 21:25 - 00000000 ____D C:\Users\Usuario\AppData\Local\CrashPlan
2015-07-03 21:16 - 2015-07-03 21:18 - 51511296 _____ (Code 42 Software) C:\Users\Usuario\Downloads\CrashPlan_4.3.0_Win.exe
2015-07-03 20:54 - 2015-07-03 20:54 - 00000000 ____D C:\Users\Usuario\Downloads\testdisk-7.0.win
2015-07-03 20:53 - 2015-07-03 20:53 - 00001594 _____ C:\Users\Public\Desktop\Recuva.lnk
2015-07-03 20:53 - 2015-07-03 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-07-03 20:53 - 2015-07-03 20:53 - 00000000 ____D C:\Program Files\Recuva
2015-07-03 20:45 - 2015-07-03 20:46 - 12444088 _____ C:\Users\Usuario\Downloads\testdisk-7.0.win.zip
2015-07-03 20:37 - 2015-07-03 20:38 - 04426120 _____ (Piriform Ltd) C:\Users\Usuario\Downloads\rcsetup152.exe
2015-07-03 20:36 - 2015-07-03 20:41 - 10113976 _____ (SurfRight B.V.) C:\Users\Usuario\Downloads\HitmanPro.exe
2015-07-03 18:52 - 2015-07-03 19:05 - 00000000 ____D C:\Users\Usuario\Downloads\Kaspersky Rescue2Usb
2015-07-03 18:52 - 2015-07-03 18:52 - 00387584 _____ C:\Users\Usuario\Downloads\rescue2usb.exe
2015-07-03 18:48 - 2015-07-03 18:48 - 00000000 ____D C:\Users\Usuario\AppData\Local\Disc_Soft_Ltd
2015-07-03 18:47 - 2015-07-03 18:47 - 00000000 ____D C:\Program Files\Disc Soft
2015-07-03 18:45 - 2015-07-03 18:48 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\DAEMON Tools Lite
2015-07-03 18:45 - 2015-07-03 18:47 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-07-03 18:45 - 2015-07-03 18:45 - 00025016 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-07-03 18:45 - 2015-07-03 18:45 - 00001725 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-07-03 18:45 - 2015-07-03 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-07-03 18:45 - 2015-07-03 18:45 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-07-03 18:42 - 2015-07-03 18:43 - 01709792 _____ (Disc Soft Ltd.) C:\Users\Usuario\Downloads\DTLiteInstaller.exe
2015-07-03 18:29 - 2015-07-03 18:58 - 00003246 _____ C:\Windows\PFRO.log
2015-07-03 18:07 - 2015-07-03 18:07 - 00000802 _____ C:\Windows\setupact.log
2015-07-03 18:07 - 2015-07-03 18:07 - 00000000 _____ C:\Windows\setuperr.log
2015-07-03 18:06 - 2015-07-03 18:06 - 00000764 _____ C:\Users\Public\Desktop\UltraISO.lnk
2015-07-03 18:06 - 2015-07-03 18:06 - 00000000 ____D C:\Users\Usuario\Documents\My ISO Files
2015-07-03 18:06 - 2015-07-03 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2015-07-03 18:06 - 2015-07-03 18:06 - 00000000 ____D C:\Program Files\UltraISO
2015-07-03 18:06 - 2015-07-03 18:06 - 00000000 ____D C:\Program Files\Common Files\EZB Systems
2015-07-03 18:05 - 2015-07-03 18:05 - 04384520 _____ (EZB Systems, Inc. ) C:\Users\Usuario\Downloads\uiso9_pe.exe
2015-07-03 17:46 - 2015-07-03 18:08 - 299896832 _____ C:\Users\Usuario\Downloads\kav_rescue_10.iso
2015-07-03 17:25 - 2015-07-03 17:25 - 01046528 _____ C:\Users\Usuario\Downloads\MicrosoftFixit50715.msi
2015-07-03 14:51 - 2015-07-03 14:51 - 00000000 ____D C:\Users\Usuario\Downloads\Argente Utilities
2015-07-03 14:49 - 2015-07-03 14:50 - 08558665 _____ C:\Users\Usuario\Downloads\Argente Utilities.zip
2015-07-03 14:44 - 2015-07-03 14:44 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Innovative Solutions
2015-07-03 14:44 - 2015-07-03 14:44 - 00000000 ____D C:\Users\Usuario\AppData\Local\Innovative Solutions
2015-07-03 13:39 - 2015-07-03 17:28 - 00000000 ____D C:\Users\Usuario\Desktop\Varios
2015-07-03 12:54 - 2015-07-03 12:54 - 00001985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-07-03 12:47 - 2009-08-04 05:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-07-03 12:10 - 2015-01-28 22:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-07-03 12:09 - 2015-01-28 22:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-07-03 12:03 - 2015-03-08 22:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-07-03 12:03 - 2014-08-26 21:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-07-03 12:03 - 2014-06-13 15:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-07-03 12:03 - 2014-06-13 15:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-07-03 12:02 - 2014-06-15 19:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-07-03 11:53 - 2014-10-09 22:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-07-03 11:53 - 2014-10-09 22:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-03 11:53 - 2014-10-09 20:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-03 11:52 - 2014-12-18 21:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-07-03 11:51 - 2014-11-03 21:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-07-03 11:50 - 2015-04-30 13:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-03 11:50 - 2015-03-04 23:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-03 11:50 - 2015-01-15 01:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-03 11:50 - 2014-10-09 22:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-03 11:46 - 2015-04-24 12:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-03 11:41 - 2014-10-23 22:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-03 11:40 - 2015-03-04 23:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-07-03 11:40 - 2015-03-04 23:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-07-03 11:39 - 2015-03-13 23:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-03 11:39 - 2015-03-12 22:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-07-03 11:39 - 2015-03-12 22:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-03 11:39 - 2015-01-08 23:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-07-03 11:39 - 2015-01-08 21:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-07-03 11:39 - 2014-10-23 22:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-07-03 11:30 - 2015-04-19 18:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-07-03 11:30 - 2015-04-19 18:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-07-03 11:30 - 2015-04-19 18:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-07-03 11:30 - 2015-04-19 18:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-07-03 11:30 - 2015-04-19 17:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-07-03 11:30 - 2015-04-19 17:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-07-03 11:30 - 2015-04-19 17:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-07-03 11:30 - 2015-04-19 17:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-07-03 11:30 - 2015-04-19 17:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-07-03 11:29 - 2014-11-25 23:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-07-03 11:27 - 2015-02-19 23:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-03 11:27 - 2015-02-19 21:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-03 11:26 - 2015-04-30 10:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-03 11:20 - 2015-01-20 23:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-07-03 11:20 - 2014-08-11 23:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-07-03 11:18 - 2015-05-21 11:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-03 11:17 - 2014-10-12 22:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-03 11:10 - 2015-07-03 11:10 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk
2015-07-03 11:10 - 2015-07-03 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-03 11:10 - 2015-07-03 11:10 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-07-03 11:08 - 2014-12-06 00:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-07-03 11:08 - 2014-12-06 00:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-07-03 11:08 - 2014-12-06 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-07-03 11:08 - 2014-10-02 22:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-07-03 11:08 - 2014-10-02 22:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-07-03 11:08 - 2014-10-02 22:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-03 11:08 - 2014-10-02 22:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-07-03 11:07 - 2015-02-17 23:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-03 10:50 - 2015-04-10 20:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-03 10:46 - 2015-05-08 20:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-03 10:39 - 2014-12-07 22:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-07-03 10:37 - 2012-07-26 00:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-07-03 10:37 - 2012-07-26 00:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-07-03 10:37 - 2012-07-26 00:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-07-03 10:37 - 2012-07-26 00:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-07-03 10:37 - 2012-07-26 00:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-07-03 10:37 - 2012-07-25 23:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-07-03 10:37 - 2012-07-25 23:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-07-03 10:37 - 2012-06-02 11:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-07-03 10:37 - 2009-07-14 09:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2015-07-03 10:36 - 2015-05-04 19:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-03 10:36 - 2015-05-04 19:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-03 10:36 - 2015-05-04 19:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-03 10:36 - 2015-05-04 19:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-03 10:36 - 2015-05-04 18:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-03 10:24 - 2014-12-06 00:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-03 10:20 - 2011-06-15 13:12 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2015-07-03 10:20 - 2011-02-22 11:13 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-07-03 10:15 - 2011-03-12 18:55 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-07-03 10:15 - 2011-03-03 12:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll
2015-07-03 10:15 - 2011-03-03 10:35 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll
2015-07-03 10:14 - 2012-11-22 00:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2015-07-03 10:08 - 2015-05-30 21:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-03 10:08 - 2015-05-30 20:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-03 10:08 - 2015-05-30 20:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-03 10:08 - 2015-05-30 20:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-03 10:08 - 2015-05-30 20:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-03 10:08 - 2015-05-30 20:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-03 10:08 - 2015-05-30 20:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-03 10:08 - 2015-05-30 20:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-03 10:08 - 2015-05-30 20:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-03 10:08 - 2015-05-30 20:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-03 10:08 - 2015-05-30 20:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-03 10:08 - 2015-05-30 20:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-03 10:08 - 2015-05-30 20:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-03 10:08 - 2015-05-30 20:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-03 10:08 - 2015-05-30 20:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-03 10:08 - 2015-05-30 20:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-03 10:08 - 2015-05-30 20:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-03 10:08 - 2015-05-30 20:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-03 10:08 - 2015-05-30 20:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-03 10:08 - 2015-05-30 20:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-03 10:08 - 2015-05-30 20:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-03 10:08 - 2015-05-30 20:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-03 10:03 - 2013-04-17 09:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-07-03 00:31 - 2015-07-03 00:31 - 00001786 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-07-03 00:24 - 2015-07-03 00:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-07-02 23:54 - 2015-07-02 23:54 - 00000000 ____D C:\4b3b39a90b16ab947f6ffafd
2015-07-02 23:14 - 2015-07-02 23:14 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2015-07-02 23:03 - 2015-07-02 23:03 - 00000000 ____D C:\Users\Usuario\AppData\Local\Microsoft Corporation
2015-07-02 23:01 - 2015-07-02 23:01 - 00001956 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asesor de actualizaciones de Windows 7.lnk
2015-07-02 23:01 - 2015-07-02 23:01 - 00000000 ____D C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2015-07-02 19:49 - 2015-07-02 19:49 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\AVG
2015-07-02 19:49 - 2015-07-02 19:49 - 00000000 ____D C:\Program Files\AVG
2015-07-02 19:46 - 2015-07-02 19:46 - 00000000 ____D C:\Users\Usuario\AppData\Local\Avg
2015-07-02 19:40 - 2015-07-02 19:50 - 00000000 ____D C:\ProgramData\AVG
2015-07-02 19:33 - 2015-07-02 19:33 - 00000764 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-02 19:33 - 2015-07-02 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-02 19:33 - 2015-07-02 19:33 - 00000000 ____D C:\Program Files\CCleaner
2015-07-02 19:18 - 2015-07-02 19:18 - 00004250 _____ C:\Users\Usuario\AppData\Roaming\HELP_DECRYPT.TXT
2015-07-02 19:18 - 2015-07-02 19:18 - 00004250 _____ C:\Users\Usuario\AppData\HELP_DECRYPT.TXT
2015-07-02 19:18 - 2015-07-02 19:18 - 00000284 _____ C:\Users\Usuario\AppData\Roaming\HELP_DECRYPT.URL
2015-07-02 19:18 - 2015-07-02 19:18 - 00000284 _____ C:\Users\Usuario\AppData\HELP_DECRYPT.URL
2015-07-02 19:17 - 2015-07-02 19:17 - 00004250 _____ C:\Users\Usuario\AppData\Local\HELP_DECRYPT.TXT
2015-07-02 19:17 - 2015-07-02 19:17 - 00000284 _____ C:\Users\Usuario\AppData\Local\HELP_DECRYPT.URL
2015-07-02 19:13 - 2015-07-02 19:13 - 00004250 _____ C:\Users\Public\HELP_DECRYPT.TXT
2015-07-02 19:13 - 2015-07-02 19:13 - 00004250 _____ C:\Users\Public\Documents\HELP_DECRYPT.TXT
2015-07-02 19:13 - 2015-07-02 19:13 - 00000284 _____ C:\Users\Public\HELP_DECRYPT.URL
2015-07-02 19:13 - 2015-07-02 19:13 - 00000284 _____ C:\Users\Public\Documents\HELP_DECRYPT.URL
2015-07-02 19:12 - 2015-07-02 19:12 - 00004250 _____ C:\ProgramData\HELP_DECRYPT.TXT
2015-07-02 19:12 - 2015-07-02 19:12 - 00000284 _____ C:\ProgramData\HELP_DECRYPT.URL
2015-07-02 18:59 - 2015-07-02 19:07 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7CC85FE5.sys
2015-07-02 16:32 - 2015-07-02 16:32 - 00000680 _____ C:\Users\Usuario\AppData\Local\d3d9caps.dat
2015-07-02 16:30 - 2015-07-02 19:51 - 00000000 ___HD C:\eda44d63
2015-07-02 14:31 - 2015-07-02 14:31 - 00142584 _____ C:\Users\Usuario\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-01 12:11 - 2015-07-01 12:11 - 00000207 _____ C:\Windows\tweaking.com-regbackup-USUARIO1-Windows-Vista--Home-Premium-(32-bit).dat
2015-07-01 12:10 - 2015-07-02 19:12 - 00000000 ____D C:\RegBackup
2015-07-01 11:33 - 2015-07-01 11:34 - 00177762 _____ C:\Users\Usuario\Downloads\CEMENTERIO.html
2015-06-24 04:15 - 2015-07-03 12:16 - 02399576 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-23 21:19 - 2015-07-02 18:57 - 00000000 ___HD C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-03 21:32 - 2010-09-09 23:44 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091019311-2293192049-2105965127-1000UA.job
2015-07-03 21:09 - 2015-01-15 12:30 - 00000000 ____D C:\Users\Usuario\AppData\Local\HP
2015-07-03 21:09 - 2013-01-08 09:53 - 00000000 ____D C:\Users\Usuario\AppData\Local\Research In Motion
2015-07-03 21:09 - 2011-09-28 12:55 - 00000000 ____D C:\Users\Usuario\AppData\Local\Mozilla
2015-07-03 21:09 - 2010-09-09 23:44 - 00000000 ____D C:\Users\Usuario\AppData\Local\Google
2015-07-03 21:09 - 2010-09-09 18:28 - 00000000 ____D C:\Users\Usuario\AppData\Local\Autodesk
2015-07-03 21:09 - 2010-09-08 22:18 - 00000000 ____D C:\Users\Usuario\AppData\Local\QuickPlay
2015-07-03 21:08 - 2010-09-12 22:29 - 00000000 ____D C:\Users\Usuario\AppData\Local\Apple Computer
2015-07-03 21:08 - 2010-03-21 15:38 - 00000000 ____D C:\Users\Usuario\AppData\Local\Adobe
2015-07-03 21:01 - 2006-11-02 07:33 - 01631650 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-03 21:00 - 2006-11-02 09:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-03 21:00 - 2006-11-02 08:18 - 00000000 ___RD C:\Users\Public
2015-07-03 20:45 - 2011-02-11 00:52 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Skype
2015-07-03 20:43 - 2011-09-28 12:55 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Mozilla
2015-07-03 20:43 - 2011-06-11 17:39 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Research In Motion
2015-07-03 20:43 - 2010-09-09 18:01 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Outlook
2015-07-03 20:42 - 2012-03-03 12:46 - 00000000 ____D C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2015-07-03 20:42 - 2011-03-07 11:45 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Apple Computer
2015-07-03 20:42 - 2010-09-09 18:36 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Autodesk
2015-07-03 20:42 - 2010-09-08 16:55 - 00000000 ____D C:\ProgramData\Corel
2015-07-03 20:42 - 2010-03-02 11:41 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Adobe
2015-07-03 20:42 - 2010-03-02 11:40 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Hewlett-Packard
2015-07-03 20:41 - 2008-05-24 20:48 - 00000000 ____D C:\ProgramData\WildTangent
2015-07-03 20:40 - 2011-05-20 07:58 - 00000000 ____D C:\ProgramData\Skype Extras
2015-07-03 20:40 - 2011-02-11 00:52 - 00000000 ____D C:\ProgramData\Skype
2015-07-03 20:40 - 2008-05-24 20:09 - 00000000 ____D C:\ProgramData\Symantec
2015-07-03 20:38 - 2014-10-22 22:30 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-07-03 20:38 - 2010-09-09 18:36 - 00000000 ____D C:\ProgramData\Autodesk
2015-07-03 20:38 - 2010-08-20 19:35 - 00000000 ____D C:\ProgramData\HP
2015-07-03 20:38 - 2008-05-24 20:48 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-07-03 20:37 - 2012-02-05 18:02 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-03 20:36 - 2012-11-03 13:30 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-07-03 20:31 - 2014-10-29 23:08 - 01305987 _____ C:\Windows\WindowsUpdate.log
2015-07-03 20:31 - 2014-08-18 23:25 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-03 20:27 - 2006-11-02 10:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-03 20:27 - 2006-11-02 09:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-03 20:27 - 2006-11-02 09:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-03 19:07 - 2006-11-02 10:01 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-03 19:02 - 2011-04-02 12:33 - 00000000 ____D C:\Users\Usuario\Desktop\My Shared Folder
2015-07-03 18:46 - 2010-03-02 11:38 - 00000000 ____D C:\Users\Usuario
2015-07-03 17:27 - 2014-11-30 16:26 - 00000000 ____D C:\Users\Usuario\Desktop\PAULINA
2015-07-03 17:07 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-07-03 16:32 - 2010-09-09 23:44 - 00001002 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091019311-2293192049-2105965127-1000Core.job
2015-07-03 16:25 - 2010-09-08 02:58 - 00000000 ____D C:\ProgramData\Temp
2015-07-03 15:40 - 2006-11-02 09:37 - 00000000 ____D C:\Windows\twain_32
2015-07-03 15:39 - 2011-09-28 17:17 - 00000000 ____D C:\Users\Usuario\Documents\YouCam
2015-07-03 15:39 - 2011-02-24 16:45 - 00000000 ____D C:\Windows\pss
2015-07-03 15:39 - 2010-09-09 18:00 - 00000000 ____D C:\Users\Usuario\AppData\Local\Outlook
2015-07-03 15:39 - 2008-05-25 05:45 - 00000000 ____D C:\Windows\panther
2015-07-03 15:39 - 2008-04-10 07:26 - 00000000 ____D C:\Windows\SMINST
2015-07-03 15:39 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\system32\Msdtc
2015-07-03 15:39 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\system32\catroot2.bak
2015-07-03 13:41 - 2013-04-07 21:26 - 00000000 ____D C:\Users\Usuario\Desktop\CANCUN
2015-07-03 13:40 - 2011-09-09 19:19 - 00000000 ____D C:\Users\Usuario\Desktop\imprimir
2015-07-03 12:54 - 2010-09-13 21:04 - 00000000 ____D C:\Program Files\Windows Live
2015-07-03 12:52 - 2006-11-02 08:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-07-03 12:49 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\rescache
2015-07-03 12:14 - 2011-11-24 20:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-03 12:11 - 2006-11-02 09:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-07-03 12:05 - 2008-05-24 21:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-03 11:10 - 2011-02-11 00:52 - 00000000 ___RD C:\Program Files\Skype
2015-07-03 10:46 - 2011-11-24 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-03 10:24 - 2013-10-17 09:07 - 00000000 ____D C:\Users\Usuario\Desktop\Ariel Rubattino
2015-07-03 10:16 - 2010-03-02 11:51 - 00000000 ____D C:\Users\Usuario\AppData\Local\VirtualStore
2015-07-02 21:37 - 2012-02-25 13:52 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-02 19:13 - 1999-03-30 15:17 - 00000000 ___HD C:\System.sav
2015-07-02 19:07 - 2011-03-05 00:11 - 00000000 ____D C:\Musica
2015-07-02 18:41 - 2014-08-18 23:24 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-02 16:34 - 2014-08-18 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-02 16:34 - 2013-10-02 22:24 - 00000859 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-02 16:30 - 2008-05-25 05:35 - 00000000 ___HD C:\HP
2015-07-02 14:28 - 2010-08-20 04:37 - 00000304 _____ C:\ProgramData\hpqp.txt
2015-06-18 08:41 - 2014-08-18 23:24 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-08-18 23:24 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2013-10-02 22:24 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
==================== Files in the root of some directories =======
 
2015-07-02 19:18 - 2015-07-02 19:18 - 0045476 _____ () C:\Users\Usuario\AppData\Roaming\HELP_DECRYPT.PNG
2015-07-02 19:18 - 2015-07-02 19:18 - 0004250 _____ () C:\Users\Usuario\AppData\Roaming\HELP_DECRYPT.TXT
2015-07-02 19:18 - 2015-07-02 19:18 - 0000284 _____ () C:\Users\Usuario\AppData\Roaming\HELP_DECRYPT.URL
2013-01-08 09:53 - 2013-03-15 10:02 - 0000308 _____ () C:\Users\Usuario\AppData\Roaming\Rim.Desktop.Exception.log
2013-01-08 09:16 - 2013-01-08 09:16 - 0001147 _____ () C:\Users\Usuario\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-01-08 09:53 - 2013-03-15 10:02 - 0000308 _____ () C:\Users\Usuario\AppData\Roaming\Rim.DesktopHelper.Exception.log
2010-09-12 19:25 - 2011-05-16 19:23 - 0395585 _____ () C:\Users\Usuario\AppData\Roaming\UserTile.png
2015-07-02 16:32 - 2015-07-02 16:32 - 0000680 _____ () C:\Users\Usuario\AppData\Local\d3d9caps.dat
2015-07-02 19:17 - 2015-07-02 19:17 - 0045476 _____ () C:\Users\Usuario\AppData\Local\HELP_DECRYPT.PNG
2015-07-02 19:17 - 2015-07-02 19:17 - 0004250 _____ () C:\Users\Usuario\AppData\Local\HELP_DECRYPT.TXT
2015-07-02 19:17 - 2015-07-02 19:17 - 0000284 _____ () C:\Users\Usuario\AppData\Local\HELP_DECRYPT.URL
2010-08-20 04:37 - 2010-09-08 22:18 - 2989660 _____ (Macromedia, Inc.) C:\ProgramData\DVD.exe
2010-08-20 04:37 - 2010-08-20 04:37 - 2231606 _____ (Macromedia, Inc.) C:\ProgramData\Games.exe
2015-07-02 19:12 - 2015-07-02 19:12 - 0045476 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-07-02 19:12 - 2015-07-02 19:12 - 0004250 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-07-02 19:12 - 2015-07-02 19:12 - 0000284 _____ () C:\ProgramData\HELP_DECRYPT.URL
2010-08-20 04:30 - 2011-02-24 16:24 - 0000269 _____ () C:\ProgramData\hpqp.ini
2010-08-20 04:37 - 2015-07-02 14:28 - 0000304 _____ () C:\ProgramData\hpqp.txt
2010-09-12 19:49 - 2015-01-15 12:27 - 0002273 _____ () C:\ProgramData\hpzinstall.log
2010-08-20 04:37 - 2010-08-20 04:37 - 2331174 _____ (Macromedia, Inc.) C:\ProgramData\Karaoke.exe
2010-08-20 04:37 - 2012-04-30 02:31 - 3063561 _____ (Macromedia, Inc.) C:\ProgramData\MobileTV.exe
2010-08-20 04:37 - 2012-02-05 15:25 - 2864396 _____ (Macromedia, Inc.) C:\ProgramData\MPV.exe
 
Files to move or delete:
====================
C:\ProgramData\DVD.exe
C:\ProgramData\Games.exe
C:\ProgramData\Karaoke.exe
C:\ProgramData\MobileTV.exe
C:\ProgramData\MPV.exe
 
 
Some files in TEMP:
====================
C:\Users\Usuario\AppData\Local\Temp\DAEMON Tools Lite.exe
C:\Users\Usuario\AppData\Local\Temp\jna2580486695704017248.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-03 20:35
 

 

==================== End of log ============================

 

Addition.txt

Link to post
Share on other sites

Hello and Welcome!

Well we would really like to help you further if we could but since the logs show that this computer has entries designed to steal and/or pirate software (from Adobe) we will not be able to assist you without you removing the entries and the pirated software.

This topic will be closed by one of the Admins or Mods due to evidence of cracked or pirated software on this system.

Piracy Policy

Thank you

Link to post
Share on other sites

  • Root Admin

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:23 - 2009-02-17 17:24 - 00001360 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       activate.adobe.com
127.0.0.1       practivate.adobe.com
127.0.0.1       ereg.adobe.com
127.0.0.1       activate.wip3.adobe.com
127.0.0.1       wip3.adobe.com
127.0.0.1       3dns-3.adobe.com
127.0.0.1       3dns-2.adobe.com
127.0.0.1       adobe-dns.adobe.com
127.0.0.1       adobe-dns-2.adobe.com
127.0.0.1       adobe-dns-3.adobe.com
127.0.0.1       ereg.wip3.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.