Jump to content

Infected with Cryptowall Ransomeware - log attached


Recommended Posts

Has anyone dealt with the Cryptowall ransomware? This system got infected, and now we can't open any files at all. They are all encrypted. Almost every folder has 4 additional files in them named HELP_DECRYPT (different types of files, html, etc.).

And every time the computer is restarted, an HTML page comes up with "instructions on how to fix it" and the links are different each time. (the fix, as you probably know, is to pay a ransom fee)

 

 

Please Help Me!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2015
Ran by Usuario (administrator) on USUARIO1 on 11-07-2015 10:53:21
Running from C:\Users\Usuario\Downloads
Loaded Profiles: Usuario (Available Profiles: Usuario)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Español (España, internacional)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [442467 2008-06-27] (IDT, Inc.)
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Run: [CrashPlanTray] => C:\Users\Usuario\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\MountPoints2: {929a61d3-4316-11e2-b070-001e68db139c} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\drivers\setup.exe
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe, [25088 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Winlogon: [shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2009-03-24] (Autodesk, Inc.)
BootExecute: autocheck autochk /p \??\F:autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ar.msn.com/?ocid=iehp
HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
URLSearchHook: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 - (No Name) - {9c905b42-976e-43c1-bc30-fc5937017909} -  No File
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> {3BA54AB1-02D9-4D05-B788-1AF5CBECCCC8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-08-20] (Sun Microsystems, Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-08-20] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.137.1 192.168.1.1
Tcpip\..\Interfaces\{3E7582BF-93E5-4F84-B0D5-902ED3137A2D}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3E7582BF-93E5-4F84-B0D5-902ED3137A2D}: [DhcpNameServer] 192.168.137.1 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=1.6.0_34 -> C:\Windows\system32\npdeployJava1.dll [2012-08-20] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-08-20] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3091019311-2293192049-2105965127-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3091019311-2293192049-2105965127-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-17] (Google Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-09-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-16]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-01]
CHR Extension: (Google Wallet) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]
StartMenuInternet: Google Chrome - C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [77824 2008-06-27] (Andrea Electronics Corporation)
S4 Automatic LiveUpdate Scheduler; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [238968 2008-02-09] (Symantec Corporation)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-21] (Macrovision Corporation) [File not signed]
S4 LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3220856 2008-09-05] (Symantec Corporation)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S4 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292216 2010-03-08] ()
S4 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116080 2010-03-08] ()
S4 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe [221273 2008-06-27] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [170000 2008-04-14] (AMD Technologies Inc.)
R0 Amddfltr; C:\Windows\System32\DRIVERS\Amddfltr.sys [15416 2008-01-07] (Advanced Micro Devices)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25016 2015-07-03] (Disc Soft Ltd)
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 ma-config_x86; C:\Users\Usuario\Downloads\MaConfig_7_1_7_0\Ma-Config\Drivers\ma-config_x86.sys [16160 2014-02-24] (CybelSoft)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R3 MxlW2k; C:\Windows\system32\Drivers\MxlW2k.sys [28352 2011-02-19] (MusicMatch, Inc.) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44032 2012-07-09] (Apple, Inc.) [File not signed]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263}; C:\Program Files\HP\QuickPlay\000.fcl [87536 2010-03-08] (CyberLink Corp.)
S2 adfs; No ImagePath
S3 cpuz138; \??\C:\Users\Usuario\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-11 10:53 - 2015-07-11 10:53 - 00014263 _____ C:\Users\Usuario\Downloads\FRST.txt
2015-07-11 10:53 - 2015-07-11 10:53 - 00000000 ____D C:\Users\Usuario\Downloads\FRST-OlderVersion
2015-07-11 10:26 - 2015-07-11 10:26 - 00248714 _____ C:\Users\Usuario\Downloads\OCF_20131025.zip
2015-07-11 10:26 - 2015-07-11 10:26 - 00000000 ____D C:\Users\Usuario\Downloads\OCF_20131025
2015-07-08 05:35 - 2015-07-08 05:35 - 00000000 ____D C:\Program Files\IDT
2015-07-08 05:35 - 2008-06-27 20:53 - 00376832 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestecap.dll
2015-07-08 05:35 - 2008-06-27 20:53 - 00133632 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestacap.dll
2015-07-08 05:35 - 2008-06-27 20:53 - 00073728 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCom.dll
2015-07-08 05:35 - 2008-06-27 20:53 - 00053248 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestaren.dll
2015-07-08 05:35 - 2008-06-27 20:42 - 00442467 _____ (IDT, Inc.) C:\Windows\sttray.exe
2015-07-08 05:35 - 2008-06-27 20:41 - 02473984 _____ (IDT, Inc.) C:\Windows\system32\stlang.dll
2015-07-08 05:35 - 2008-06-27 20:40 - 05615715 _____ (IDT, Inc.) C:\Windows\system32\idtcpl.cpl
2015-07-08 05:35 - 2008-06-27 20:40 - 00516096 _____ (IDT, Inc.) C:\Windows\system32\idtmini1.exe
2015-07-08 01:42 - 2015-07-08 01:56 - 00000000 ____D C:\Users\Usuario\AppData\Local\CrashDumps
2015-07-08 01:41 - 2015-07-08 01:41 - 05631619 _____ C:\Users\Usuario\Downloads\MaConfig_7_1_7_0.zip
2015-07-08 01:41 - 2015-07-08 01:41 - 00000000 ____D C:\Users\Usuario\Downloads\MaConfig_7_1_7_0
2015-07-08 00:52 - 2015-07-08 00:52 - 00137072 _____ C:\Users\Usuario\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-08 00:52 - 2015-07-08 00:52 - 00000000 ____D C:\Users\Usuario\AppData\Local\VirtualStore
2015-07-08 00:44 - 2015-07-08 00:46 - 00009216 _____ C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-07 23:35 - 2015-07-07 23:35 - 00008342 _____ C:\Windows\DPINST.LOG
2015-07-07 19:45 - 2008-05-15 03:28 - 00020384 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\jswpslwf.sys
2015-07-07 19:30 - 2015-07-07 19:30 - 00018944 ___SH C:\Users\Public\Thumbs.db
2015-07-06 20:54 - 2015-07-06 20:54 - 00000000 ____D C:\Users\Usuario\AppData\Local\Skype
2015-07-04 21:02 - 2015-07-08 02:12 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-04 20:55 - 2015-07-04 20:55 - 00000211 ____H C:\Users\Usuario\Downloads\DECRYPTED-file.dwl2
2015-07-04 20:55 - 2015-07-04 20:55 - 00000060 ____H C:\Users\Usuario\Downloads\DECRYPTED-file.dwl
2015-07-04 20:05 - 2015-07-07 20:25 - 00000000 ____D C:\Users\Usuario\Desktop\Nueva carpeta
2015-07-03 22:11 - 2015-07-03 22:11 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-03 22:10 - 2015-07-04 00:49 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-03 21:46 - 2015-07-03 21:47 - 17853688 _____ C:\Users\Usuario\Downloads\RogueKiller.exe
2015-07-03 21:42 - 2015-07-11 10:53 - 00000000 ____D C:\FRST
2015-07-03 21:41 - 2015-07-11 10:53 - 01634816 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2015-07-03 20:36 - 2015-07-03 20:41 - 10113976 _____ (SurfRight B.V.) C:\Users\Usuario\Downloads\HitmanPro.exe
2015-07-03 18:47 - 2015-07-03 18:47 - 00000000 ____D C:\Program Files\Disc Soft
2015-07-03 18:45 - 2015-07-03 18:48 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\DAEMON Tools Lite
2015-07-03 18:45 - 2015-07-03 18:45 - 00025016 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-07-03 18:45 - 2015-07-03 18:45 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-07-03 18:29 - 2015-07-08 14:44 - 00008198 _____ C:\Windows\PFRO.log
2015-07-03 18:07 - 2015-07-03 18:07 - 00000802 _____ C:\Windows\setupact.log
2015-07-03 18:07 - 2015-07-03 18:07 - 00000000 _____ C:\Windows\setuperr.log
2015-07-03 14:51 - 2015-07-03 14:51 - 00000000 ____D C:\Users\Usuario\Downloads\Argente Utilities
2015-07-03 13:39 - 2015-07-04 20:21 - 00000000 ____D C:\Users\Usuario\Desktop\Varios
2015-07-03 12:47 - 2009-08-04 05:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-07-03 12:10 - 2015-01-28 22:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-07-03 12:09 - 2015-01-28 22:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-07-03 12:03 - 2015-03-08 22:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-07-03 12:03 - 2014-08-26 21:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-07-03 12:03 - 2014-06-13 15:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-07-03 12:03 - 2014-06-13 15:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-07-03 12:02 - 2014-06-15 19:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-07-03 11:53 - 2014-10-09 22:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-07-03 11:53 - 2014-10-09 22:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-03 11:53 - 2014-10-09 20:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-03 11:52 - 2014-12-18 21:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-07-03 11:51 - 2014-11-03 21:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-07-03 11:50 - 2015-04-30 13:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-03 11:50 - 2015-03-04 23:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-03 11:50 - 2015-01-15 01:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-03 11:50 - 2014-10-09 22:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-03 11:46 - 2015-04-24 12:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-03 11:41 - 2014-10-23 22:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-03 11:40 - 2015-03-04 23:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-07-03 11:40 - 2015-03-04 23:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-07-03 11:39 - 2015-03-13 23:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-03 11:39 - 2015-03-12 22:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-07-03 11:39 - 2015-03-12 22:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-03 11:39 - 2015-01-08 23:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-07-03 11:39 - 2015-01-08 21:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-07-03 11:39 - 2014-10-23 22:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-07-03 11:30 - 2015-04-19 18:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-07-03 11:30 - 2015-04-19 18:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-07-03 11:30 - 2015-04-19 18:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-07-03 11:30 - 2015-04-19 18:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-07-03 11:30 - 2015-04-19 17:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-07-03 11:30 - 2015-04-19 17:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-07-03 11:30 - 2015-04-19 17:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-07-03 11:30 - 2015-04-19 17:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-07-03 11:30 - 2015-04-19 17:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-07-03 11:29 - 2014-11-25 23:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-07-03 11:27 - 2015-02-19 23:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-03 11:27 - 2015-02-19 21:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-03 11:26 - 2015-04-30 10:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-03 11:20 - 2015-01-20 23:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-07-03 11:20 - 2014-08-11 23:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-07-03 11:18 - 2015-05-21 11:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-03 11:17 - 2014-10-12 22:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-03 11:10 - 2015-07-03 11:10 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk
2015-07-03 11:10 - 2015-07-03 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-03 11:10 - 2015-07-03 11:10 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-07-03 11:08 - 2014-12-06 00:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-07-03 11:08 - 2014-12-06 00:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-07-03 11:08 - 2014-12-06 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-07-03 11:08 - 2014-10-02 22:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-07-03 11:08 - 2014-10-02 22:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-07-03 11:08 - 2014-10-02 22:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-03 11:08 - 2014-10-02 22:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-07-03 11:07 - 2015-02-17 23:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-03 10:50 - 2015-04-10 20:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-03 10:46 - 2015-05-08 20:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-03 10:39 - 2014-12-07 22:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-07-03 10:37 - 2012-07-26 00:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-07-03 10:37 - 2012-07-26 00:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-07-03 10:37 - 2012-07-26 00:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-07-03 10:37 - 2012-07-26 00:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-07-03 10:37 - 2012-07-26 00:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-07-03 10:37 - 2012-07-25 23:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-07-03 10:37 - 2012-07-25 23:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-07-03 10:37 - 2012-06-02 11:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-07-03 10:37 - 2009-07-14 09:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2015-07-03 10:36 - 2015-05-04 19:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-03 10:36 - 2015-05-04 19:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-03 10:36 - 2015-05-04 19:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-03 10:36 - 2015-05-04 19:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-03 10:36 - 2015-05-04 18:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-03 10:24 - 2014-12-06 00:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-03 10:20 - 2011-06-15 13:12 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2015-07-03 10:20 - 2011-02-22 11:13 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-07-03 10:15 - 2011-03-12 18:55 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-07-03 10:15 - 2011-03-03 12:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll
2015-07-03 10:15 - 2011-03-03 10:35 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll
2015-07-03 10:14 - 2012-11-22 00:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2015-07-03 10:08 - 2015-05-30 21:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-03 10:08 - 2015-05-30 20:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-03 10:08 - 2015-05-30 20:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-03 10:08 - 2015-05-30 20:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-03 10:08 - 2015-05-30 20:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-03 10:08 - 2015-05-30 20:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-03 10:08 - 2015-05-30 20:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-03 10:08 - 2015-05-30 20:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-03 10:08 - 2015-05-30 20:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-03 10:08 - 2015-05-30 20:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-03 10:08 - 2015-05-30 20:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-03 10:08 - 2015-05-30 20:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-03 10:08 - 2015-05-30 20:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-03 10:08 - 2015-05-30 20:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-03 10:08 - 2015-05-30 20:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-03 10:08 - 2015-05-30 20:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-03 10:08 - 2015-05-30 20:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-03 10:08 - 2015-05-30 20:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-03 10:08 - 2015-05-30 20:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-03 10:08 - 2015-05-30 20:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-03 10:08 - 2015-05-30 20:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-03 10:08 - 2015-05-30 20:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-03 10:03 - 2013-04-17 09:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-07-03 00:31 - 2015-07-03 00:31 - 00001786 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-07-03 00:24 - 2015-07-03 00:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-07-02 23:14 - 2015-07-02 23:14 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2015-07-02 19:49 - 2015-07-02 19:49 - 00000000 ____D C:\Program Files\AVG
2015-07-02 19:40 - 2015-07-02 19:50 - 00000000 ____D C:\ProgramData\AVG
2015-07-02 19:12 - 2015-07-02 19:12 - 00004250 _____ C:\ProgramData\HELP_DECRYPT.TXT
2015-07-02 19:12 - 2015-07-02 19:12 - 00000284 _____ C:\ProgramData\HELP_DECRYPT.URL
2015-07-02 18:59 - 2015-07-02 19:07 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7CC85FE5.sys
2015-07-02 16:30 - 2015-07-02 19:51 - 00000000 ___HD C:\eda44d63
2015-07-01 12:11 - 2015-07-01 12:11 - 00000207 _____ C:\Windows\tweaking.com-regbackup-USUARIO1-Windows-Vista--Home-Premium-(32-bit).dat
2015-07-01 12:10 - 2015-07-08 00:49 - 00000000 ____D C:\RegBackup
2015-07-01 11:33 - 2015-07-01 11:34 - 00177762 _____ C:\Users\Usuario\Downloads\CEMENTERIO.html
2015-06-24 04:15 - 2015-07-07 23:30 - 02383432 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-23 21:19 - 2015-07-02 18:57 - 00000000 ___HD C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-11 10:43 - 2014-08-18 23:25 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-11 10:32 - 2010-09-09 23:44 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091019311-2293192049-2105965127-1000UA.job
2015-07-11 10:31 - 2011-03-05 00:11 - 00000000 ____D C:\Musica
2015-07-11 10:24 - 2006-11-02 09:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-11 10:24 - 2006-11-02 09:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-11 08:24 - 2014-10-29 23:08 - 01838147 _____ C:\Windows\WindowsUpdate.log
2015-07-10 16:32 - 2010-09-09 23:44 - 00001002 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091019311-2293192049-2105965127-1000Core.job
2015-07-10 15:45 - 2006-11-02 07:33 - 01631650 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-10 15:39 - 2006-11-02 10:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-10 12:53 - 2006-11-02 10:01 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-08 05:35 - 2010-03-02 11:38 - 00000000 ____D C:\Users\Usuario
2015-07-08 05:35 - 2008-05-24 21:05 - 00000000 ____D C:\Program Files\Microsoft Office
2015-07-08 02:09 - 2013-10-17 09:07 - 00000000 ____D C:\Users\Usuario\Desktop\Ariel Rubattino
2015-07-08 01:12 - 2010-09-09 23:46 - 00000000 ____D C:\Program Files\Google
2015-07-08 01:10 - 2010-03-21 15:38 - 00000000 ____D C:\Users\Usuario\AppData\Local\Adobe
2015-07-08 01:10 - 2008-05-24 21:22 - 00000000 ____D C:\ProgramData\Adobe
2015-07-08 01:10 - 2008-05-24 21:22 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-08 01:10 - 2008-05-24 21:22 - 00000000 ____D C:\Program Files\Adobe
2015-07-08 01:07 - 2008-05-24 21:04 - 00000000 ____D C:\Windows\system32\Macromed
2015-07-08 00:50 - 2008-05-25 05:35 - 00000000 ___HD C:\HP
2015-07-08 00:46 - 1999-03-30 15:17 - 00000000 ___HD C:\System.sav
2015-07-08 00:44 - 2010-09-13 21:18 - 00000000 ____D C:\Users\Usuario\Tracing
2015-07-08 00:37 - 2010-09-09 18:01 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Outlook
2015-07-08 00:33 - 2011-02-11 00:52 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Skype
2015-07-08 00:25 - 2010-09-09 23:44 - 00000000 ____D C:\Users\Usuario\AppData\Local\Google
2015-07-08 00:22 - 2006-11-02 09:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-08 00:22 - 2006-11-02 08:18 - 00000000 ___RD C:\Users\Public
2015-07-08 00:11 - 2008-05-24 20:07 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-07-08 00:02 - 2011-06-11 17:25 - 00000000 ____D C:\Program Files\Common Files\Research In Motion
2015-07-08 00:01 - 2008-05-24 20:25 - 00000000 ____D C:\Program Files\HP
2015-07-07 23:50 - 2008-05-24 20:02 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-07-07 23:46 - 2010-09-12 19:49 - 00009508 _____ C:\ProgramData\hpzinstall.log
2015-07-07 23:39 - 2010-03-03 11:33 - 00000000 ____D C:\Program Files\Foxit Software
2015-07-07 23:34 - 2006-11-02 09:37 - 00000000 ____D C:\Windows\twain_32
2015-07-07 23:12 - 2011-02-19 01:16 - 00000000 ____D C:\Program Files\Musicmatch
2015-07-07 23:08 - 2010-09-08 16:55 - 00000000 ____D C:\ProgramData\Corel
2015-07-07 22:57 - 2010-09-09 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-07-07 22:57 - 2010-09-09 18:28 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2015-07-07 22:56 - 2010-03-02 11:38 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-07-07 22:56 - 2008-05-24 21:22 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-07-07 22:56 - 2008-05-24 21:22 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-07-07 22:56 - 2008-05-24 21:22 - 00000000 ____D C:\Program Files\CyberLink
2015-07-07 22:56 - 2008-05-24 20:07 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2015-07-07 22:55 - 2010-09-08 17:09 - 00000000 ____D C:\ProgramData\Apple
2015-07-07 22:55 - 2010-09-08 17:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-07 22:53 - 2010-09-13 21:04 - 00000000 ____D C:\Program Files\Windows Live
2015-07-07 22:53 - 2010-09-13 20:35 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2015-07-07 22:53 - 2006-11-02 08:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-07-07 22:50 - 2012-02-05 18:02 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-07 22:49 - 2013-01-08 09:13 - 00000000 ____D C:\Program Files\Common Files\XCPCSync.OEM
2015-07-07 22:45 - 2010-09-09 21:52 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2015-07-07 22:44 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-07-07 22:43 - 2014-10-22 22:30 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-07-07 22:35 - 2008-05-24 21:04 - 00000000 ____D C:\Program Files\Microsoft Works
2015-07-07 22:27 - 2008-05-24 20:48 - 00000000 ____D C:\ProgramData\WildTangent
2015-07-07 22:27 - 2006-11-02 09:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-07 22:26 - 2010-09-09 18:36 - 00000000 ____D C:\ProgramData\Autodesk
2015-07-07 22:26 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\Help
2015-07-07 22:23 - 2010-09-27 23:32 - 00000000 ____D C:\Program Files\AutoCAD 2010
2015-07-07 21:30 - 2010-03-02 11:41 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Adobe
2015-07-07 21:12 - 2010-09-09 23:31 - 00000000 ____D C:\ProgramData\FLEXnet
2015-07-07 19:45 - 2010-03-02 11:07 - 00000000 ____D C:\ProgramData\Atheros
2015-07-06 23:03 - 2011-09-28 17:17 - 00000000 ____D C:\Users\Usuario\Documents\YouCam
2015-07-06 21:08 - 2011-02-11 00:52 - 00000000 ___RD C:\Program Files\Skype
2015-07-06 21:08 - 2011-02-11 00:52 - 00000000 ____D C:\ProgramData\Skype
2015-07-05 07:11 - 2010-08-20 06:07 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 20:42 - 2012-03-03 12:46 - 00000000 ____D C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2015-07-03 20:40 - 2011-05-20 07:58 - 00000000 ____D C:\ProgramData\Skype Extras
2015-07-03 20:40 - 2008-05-24 20:09 - 00000000 ____D C:\ProgramData\Symantec
2015-07-03 20:38 - 2010-08-20 19:35 - 00000000 ____D C:\ProgramData\HP
2015-07-03 20:38 - 2008-05-24 20:48 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-07-03 20:36 - 2012-11-03 13:30 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-07-03 19:02 - 2011-04-02 12:33 - 00000000 ____D C:\Users\Usuario\Desktop\My Shared Folder
2015-07-03 17:27 - 2014-11-30 16:26 - 00000000 ____D C:\Users\Usuario\Desktop\PAULINA
2015-07-03 16:25 - 2010-09-08 02:58 - 00000000 ____D C:\ProgramData\Temp
2015-07-03 15:39 - 2011-02-24 16:45 - 00000000 ____D C:\Windows\pss
2015-07-03 15:39 - 2010-09-09 18:00 - 00000000 ____D C:\Users\Usuario\AppData\Local\Outlook
2015-07-03 15:39 - 2008-05-25 05:45 - 00000000 ____D C:\Windows\panther
2015-07-03 15:39 - 2008-04-10 07:26 - 00000000 ____D C:\Windows\SMINST
2015-07-03 15:39 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\system32\Msdtc
2015-07-03 15:39 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\system32\catroot2.bak
2015-07-03 13:41 - 2013-04-07 21:26 - 00000000 ____D C:\Users\Usuario\Desktop\CANCUN
2015-07-03 13:40 - 2011-09-09 19:19 - 00000000 ____D C:\Users\Usuario\Desktop\imprimir
2015-07-03 12:49 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\rescache
2015-07-03 12:11 - 2006-11-02 09:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-07-03 12:05 - 2008-05-24 21:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-02 21:37 - 2012-02-25 13:52 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-02 18:41 - 2014-08-18 23:24 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-02 16:34 - 2014-08-18 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-02 16:34 - 2013-10-02 22:24 - 00000859 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-02 14:28 - 2010-08-20 04:37 - 00000304 _____ C:\ProgramData\hpqp.txt
2015-06-18 08:41 - 2014-08-18 23:24 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-08-18 23:24 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2013-10-02 22:24 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
==================== Files in the root of some directories =======
 
2015-07-08 00:44 - 2015-07-08 00:46 - 0009216 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-08-20 04:37 - 2010-09-08 22:18 - 2989660 _____ (Macromedia, Inc.) C:\ProgramData\DVD.exe
2010-08-20 04:37 - 2010-08-20 04:37 - 2231606 _____ (Macromedia, Inc.) C:\ProgramData\Games.exe
2015-07-02 19:12 - 2015-07-02 19:12 - 0045476 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-07-02 19:12 - 2015-07-02 19:12 - 0004250 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-07-02 19:12 - 2015-07-02 19:12 - 0000284 _____ () C:\ProgramData\HELP_DECRYPT.URL
2010-08-20 04:30 - 2011-02-24 16:24 - 0000269 _____ () C:\ProgramData\hpqp.ini
2010-08-20 04:37 - 2015-07-02 14:28 - 0000304 _____ () C:\ProgramData\hpqp.txt
2010-09-12 19:49 - 2015-07-07 23:46 - 0009508 _____ () C:\ProgramData\hpzinstall.log
2010-08-20 04:37 - 2010-08-20 04:37 - 2331174 _____ (Macromedia, Inc.) C:\ProgramData\Karaoke.exe
2010-08-20 04:37 - 2012-04-30 02:31 - 3063561 _____ (Macromedia, Inc.) C:\ProgramData\MobileTV.exe
2010-08-20 04:37 - 2012-02-05 15:25 - 2864396 _____ (Macromedia, Inc.) C:\ProgramData\MPV.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-11 03:46
 
==================== End of log ============================

Addition.txt

Roguekiller1.txt

Link to post
Share on other sites

We would like to help you but there's evidence of pirated software on the system. (Adobe)

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

The topic will be closed.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.