Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly Patched Files shown by Rkill, still infected!


  • This topic is locked This topic is locked
7 replies to this topic

#1 NoiroAvecu

NoiroAvecu

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Guadalajara, Jalisco, Mexico
  • Local time:01:48 AM

Posted 29 January 2014 - 11:33 PM

I got this malware trojan agent last week, when downloading a fake "smartdraw" program, whit the following perceptible damage:
 
Google chrome (my default browser) got its star-up page and searche engine changed, again and again.
             Unable to open google, facebook, or any AV page
              slow performance
 
Pc Slow performance
 
Trying to come whit a solution I`ve tried (following various forums advices) iobit malware figther, cclean, malwarebytes, panda, avast, eset online, Rkill, hijackthis, all this aloud me to use chrome, but I got have the Rkill running to do so!
 
I've tried combofix (now I know I shouldn`t) but it always got frozen.
 
Lately I have run Rogue Killer, whit no results, 
 
SAS showed me 2 trojans, I tried to take a look of that log to manifest the type, and its gone!
Task manager shows 7 svchost.exe runing!
 
I'm afraid its getting worst, Every time I used Rkill in order to use chrome, the log shows more "possibly patched files", and "Missing Digital Signatures"!
 
I`ve been asked by xXToffeeXx and Stelios to take the prep guide (tanks for your time and advises guys), combofix didn't work so I dont have log for it, here is the dds log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Ignacio at 21:54:22 on 2014-01-29
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.34.3082.18.758.181 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Archivos de programa\IObit\Advanced SystemCare 7\ASCService.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\SUPERAntiSpyware\SASCORE.EXE
C:\Archivos de programa\Application Updater\ApplicationUpdater.exe
C:\Archivos de programa\IObit\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\IObit\Advanced SystemCare 7\Monitor.exe
C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\Archivos de programa\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\IObit\Advanced SystemCare 7\RealTimeProtector.exe
C:\WINDOWS\System32\Notepad.exe
C:\Archivos de programa\Google\Chrome\Application\chrome.exe
C:\Archivos de programa\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\archivos de programa\iobit apps toolbar\ie\8.6\iobitappsToolbarIE.dll
BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\datos de programa\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\archivos de programa\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Advanced SystemCare 7] "c:\archivos de programa\iobit\advanced systemcare 7\ASCTray.exe" /Auto
mRun: [AvastUI.exe] "c:\archivos de programa\avast software\avast\AvastUI.exe" /nogui
mRun: [GrooveMonitor] "c:\archivos de programa\microsoft office\office12\GrooveMonitor.exe"
mRunOnce: [20131224] c:\archivos de programa\avast software\avast\setup\emupdate\e592c9cf-7ea8-4fb7-b05d-1d465ccfd210.exe /check
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\tp-lin~1.lnk - c:\archivos de programa\tp-link\tp-link wireless configuration utility\TWCU.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archivos de programa\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{28EE186A-339E-4FB0-A045-B2A877C6C7F6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{63F30C3F-E54B-4CBF-9B73-4E9CA84E102A} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archivos de programa\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\archivos de programa\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\archivos de programa\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\archivos de programa\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-12-4 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-12-4 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-3 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-3 410528]
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\archivos de programa\superantispyware\SASCore.exe [2013-10-10 120088]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\archivos de programa\iobit\advanced systemcare 7\ASCService.exe [2014-1-17 878368]
R2 Application Updater;Application Updater;c:\archivos de programa\application updater\ApplicationUpdater.exe [2014-1-16 807800]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-12-4 67824]
R2 avast! Antivirus;avast! Antivirus;c:\archivos de programa\avast software\avast\AvastSvc.exe [2014-1-21 50344]
R2 LiveUpdateSvc;LiveUpdate;c:\archivos de programa\iobit\liveupdate\LiveUpdate.exe [2014-1-17 2151200]
R3 RTL8192cu;TP-LINK 300Mbps Mini Wireless N USB Adapter;c:\windows\system32\drivers\RTL8192cu.sys [2013-12-3 1076968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-11-2 68896]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2011-1-2 627072]
S4 SkypeUpdate;Skype Updater;c:\archivos de programa\skype\updater\Updater.exe [2013-2-28 161384]
.
=============== Created Last 30 ================
.
2014-01-28 16:08:31 -------- d-----w- C:\Chom
2014-01-22 19:45:18 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2014-01-22 19:43:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2014-01-22 19:43:40 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2014-01-22 19:43:39 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2014-01-22 19:43:39 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2014-01-22 19:43:39 2006016 -c----w- c:\windows\system32\dllcache\iertutil.dll
2014-01-22 19:43:38 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2014-01-22 19:43:38 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
2014-01-22 19:42:05 -------- dc-h--w- c:\windows\ie8
2014-01-22 07:23:21 -------- d-----w- c:\documents and settings\ignacio\datos de programa\SUPERAntiSpyware.com
2014-01-22 06:02:22 -------- d-----w- c:\documents and settings\all users\datos de programa\SUPERAntiSpyware.com
2014-01-22 06:02:22 -------- d-----w- c:\archivos de programa\SUPERAntiSpyware
2014-01-21 15:41:40 -------- d-sha-r- C:\cmdcons
2014-01-21 15:39:08 -------- d-----w- c:\documents and settings\all users\Favoritos
2014-01-21 01:58:42 -------- d-----w- c:\documents and settings\ignacio\datos de programa\Panda Security
2014-01-21 01:57:21 -------- d-----w- c:\documents and settings\all users\datos de programa\Panda Security
2014-01-21 01:25:47 -------- d-----w- c:\documents and settings\ignacio\datos de programa\Malwarebytes
2014-01-21 01:24:25 -------- d-----w- c:\documents and settings\all users\datos de programa\Malwarebytes
2014-01-21 01:24:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-21 01:24:11 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2014-01-20 15:02:57 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2014-01-20 15:00:21 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2014-01-20 14:59:28 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2014-01-20 14:59:28 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2014-01-20 14:56:42 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2014-01-20 14:56:42 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2014-01-20 14:56:41 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2014-01-20 04:48:41 -------- d-----w- c:\archivos de programa\CCleaner
2014-01-19 22:18:42 -------- d-----w- C:\ffaa99eb9c4ba6a548c8bb1b450aea60
2014-01-18 05:36:45 -------- d-----w- c:\documents and settings\ignacio\LocalLow
2014-01-18 05:36:25 -------- d-----w- c:\documents and settings\ignacio\datos de programa\Search Settings
2014-01-18 05:36:22 -------- d-----w- c:\documents and settings\all users\datos de programa\ProductData
2014-01-18 05:36:20 -------- d-----w- c:\documents and settings\all users\datos de programa\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-01-18 05:36:02 -------- d-----w- c:\documents and settings\ignacio\datos de programa\EZDownloader
2014-01-18 05:36:02 -------- d-----w- c:\documents and settings\ignacio\configuración local\datos de programa\Cool_Mirage
2014-01-18 05:36:02 -------- d-----w- c:\documents and settings\all users\datos de programa\House Of Soft
2014-01-18 05:36:02 -------- d-----w- c:\archivos de programa\SecretSauce
2014-01-18 05:22:12 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2014-01-18 05:22:12 3072 ------w- c:\windows\system32\iacenc.dll
2014-01-18 05:17:47 214256 ----a-w- c:\windows\system32\muweb.dll
2014-01-18 05:17:46 275696 ----a-w- c:\windows\system32\mucltui.dll
2014-01-18 05:17:46 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2014-01-18 04:38:02 -------- d-----w- c:\documents and settings\ignacio\datos de programa\IObit Apps
2014-01-18 00:19:11 -------- d-----w- c:\documents and settings\ignacio\System
2014-01-18 00:18:55 -------- d-----w- c:\documents and settings\ignacio\datos de programa\SmartDraw
2014-01-18 00:17:28 -------- d-----w- c:\archivos de programa\SmartDraw 2013
2014-01-18 00:13:41 -------- d-----w- c:\archivos de programa\Khurram Softwares
2014-01-18 00:11:33 -------- d-----w- c:\archivos de programa\Application Updater
2014-01-18 00:11:27 -------- d-----w- c:\archivos de programa\IObit Apps Toolbar
2014-01-17 20:15:04 -------- d-----w- c:\archivos de programa\Intelore
2014-01-11 18:36:12 -------- d-----w- c:\documents and settings\ignacio\configuración local\datos de programa\SecondLife
.
==================== Find3M  ====================
.
2014-01-22 05:55:51 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-22 05:55:51 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-22 05:55:51 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-22 05:55:50 43152 ----a-w- c:\windows\avastSS.scr
2013-12-13 03:42:37 249856 ------w- c:\windows\Setup1.exe
2013-12-13 03:42:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-12-12 02:18:10 66936 --sha-w- c:\windows\dlinfo_0.drv
2013-12-04 15:03:24 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-04 01:40:07 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 03:00:05 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:37:57 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:36:42 7680 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 21:54:49.44 ===============
 

Attached Files


Edited by NoiroAvecu, 29 January 2014 - 11:47 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:48 AM

Posted 03 February 2014 - 08:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

You have used this tool before. When your run it you may be asked to update. Please do.

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 NoiroAvecu

NoiroAvecu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Guadalajara, Jalisco, Mexico
  • Local time:01:48 AM

Posted 03 February 2014 - 02:14 PM

Nasdaq, 

 

thanks for your help and assistance, your to kind,

 

The adwcleaner worked just fine, now I`m able to use chrome without starting Rkill, but combofix just get stall, tried twice whit same results, it just doesnt works!

 

This is the log for adw:

 

# AdwCleaner v3.018 - Reporte Creado 03/02/2014 en 10:20:45
# Actualizado 28/01/2014 por Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Nombre de usuario : Ignacio - CUEVA-A0806384E
# Ejecutado desde : C:\Documents and Settings\Ignacio\Escritorio\adwcleaner.exe
# Opción : Limpiar
 
***** [ Servicios ] *****
 
[#] Servicio Borrar : Application Updater
 
***** [ Archivos / Carpetas ] *****
 
Carpeta Borrar : C:\Documents and Settings\All Users\Datos de programa\Premium
Carpeta Borrar : C:\Archivos de programa\Application Updater
Carpeta Borrar : C:\Archivos de programa\IObit Apps Toolbar
Carpeta Borrar : C:\Archivos de programa\Archivos comunes\spigot
Carpeta Borrar : C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\cool_mirage
Carpeta Borrar : C:\Documents and Settings\Ignacio\Datos de programa\EZDownloader
Carpeta Borrar : C:\Documents and Settings\Ignacio\Datos de programa\Search Settings
Carpeta Borrar : C:\Documents and Settings\Ignacio\Datos de programa\Toolbar4
Archivo Borrar : C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
 
***** [ Accesos directos ] *****
 
 
***** [ Registro ] *****
 
Clave Borrar : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Clave Borrar : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Valor Borrar : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Clave Borrar : HKCU\Software\Conduit
Clave Borrar : HKCU\Software\Search Settings
Clave Borrar : HKCU\Software\Softonic
Clave Borrar : HKCU\Software\AppDataLow\Software\Search Settings
Clave Borrar : HKLM\Software\Application Updater
Clave Borrar : HKLM\Software\Conduit
Clave Borrar : HKLM\Software\Search Settings
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v32.0.1700.102
 
[ Archivo : C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4905 octets] - [03/02/2014 10:17:36]
AdwCleaner[S0].txt - [4680 octets] - [03/02/2014 10:20:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4740 octets] ##########
 
 
What should I do now? Run the Security Check?


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:48 AM

Posted 04 February 2014 - 07:57 AM

Run this tool instead of ComboFix.
Let me know what problem persists.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#5 NoiroAvecu

NoiroAvecu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Guadalajara, Jalisco, Mexico
  • Local time:01:48 AM

Posted 04 February 2014 - 11:49 PM

I just run the frst this is the log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014
Ran by Ignacio (administrator) on CUEVA-A0806384E on 04-02-2014 22:30:32
Running from C:\Documents and Settings\Ignacio\Escritorio\Nueva carpeta (2)
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Spanish Modern Sort
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) ===================
 
(IObit) C:\Archivos de programa\IObit\Advanced SystemCare 7\ASCService.exe
(AVAST Software) C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Archivos de programa\SUPERAntiSpyware\SASCore.exe
(IObit) C:\Archivos de programa\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(AVAST Software) C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Archivos de programa\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AvastUI.exe] - C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-21] (AVAST Software)
HKLM\...\Run: [GrooveMonitor] - C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Archivos de programa\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {4F69A35C-3623-4052-90D9-9A6BF52C406F} URL = http://mx.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Archivos de programa\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Archivos de programa\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Archivos de programa\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} -  No File
Toolbar: HKCU - &Dirección - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Vínculos - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://mx.search.yahoo.com/?type=198484&fr=spigot-yhp-ch"
CHR DefaultSearchKeyword: google.com.mx
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Archivos de programa\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Archivos de programa\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Archivos de programa\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Archivos de programa\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Skype Click to Call) - C:\Documents and Settings\Ignacio\Configuraci00C300B3n local\Datos de programa\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Archivos de programa\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Archivos de programa\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft00C200AE DRM) - C:\Archivos de programa\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft00C200AE DRM) - C:\Archivos de programa\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Archivos de programa\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (RIM Handheld Application Loader) - C:\Archivos de programa\Archivos comunes\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll No File
CHR Plugin: (Google Update) - C:\Archivos de programa\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (BlackBerry AppWorld) - C:\Archivos de programa\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll No File
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\archivos de programa\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\archivos de programa\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Ignacio\Configuraci00C300B3n local\Datos de programa\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Archivos de programa\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\archivos de programa\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Extension: (Floorplanner) - C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2014-01-14]
CHR Extension: (SecretSauce) - C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\dbpebffoameokfhnaaedmefjncfboino [2014-01-17]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-03]
CHR Extension: (Fun Poker Games) - C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pmgomajnoljcflijogccfgpaimaddpaf [2012-10-03]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Archivos de programa\Archivos comunes\Spigot\GC\saebay_1.1.crx [2012-10-03]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Archivos de programa\Archivos comunes\Spigot\GC\ErrorAssistant_1.3.crx [2012-10-03]
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Archivos de programa\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-06-03]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-06-17]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\Slick Savings\coupons.crx [2011-06-17]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Archivos de programa\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-01-17]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Archivos de programa\Archivos comunes\Spigot\GC\saamazon_1.0.crx [2014-01-17]
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Archivos de programa\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService7; C:\Archivos de programa\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)
R2 avast! Antivirus; C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-21] (AVAST Software)
S4 gupdate; C:\Archivos de programa\Google\Update\GoogleUpdate.exe [136176 2011-01-12] (Google Inc.)
S4 gupdatem; C:\Archivos de programa\Google\Update\GoogleUpdate.exe [136176 2011-01-12] (Google Inc.)
S4 hpqcxs08; C:\Archivos de programa\HP\Digital Imaging\bin\hpqcxs08.dll [253568 2009-11-18] (Hewlett-Packard Co.)
S4 hpqddsvc; C:\Archivos de programa\HP\Digital Imaging\bin\hpqddsvc.dll [137344 2009-11-18] (Hewlett-Packard Co.)
S4 HPSLPSVC; C:\Archivos de programa\HP\Digital Imaging\bin\HPSLPSVC32.DLL [700032 2010-01-29] (Hewlett-Packard Co.)
S3 IDriverT; C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation)
S4 JavaQuickStarterService; C:\Archivos de programa\Java\jre6\bin\jqs.exe [153376 2011-10-18] (Sun Microsystems, Inc.)
R2 LiveUpdateSvc; C:\Archivos de programa\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
S3 Microsoft Office Groove Audit Service; C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S3 NBService; C:\Archivos de programa\Nero\Nero 7\Nero BackItUp\NBService.exe [779824 2007-03-14] (Nero AG)
S4 NMIndexingService; C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
S3 odserv; C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-30] (SteelWerX)
S4 SkypeUpdate; C:\Archivos de programa\Skype\Updater\Updater.exe [161384 2013-02-28] (Skype Technologies)
S3 WMPNetworkSvc; C:\Archivos de programa\Windows Media Player\WMPNetwk.exe [826368 2006-05-17] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [25256 2012-08-21] (AVAST Software)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2013-12-03] (Cisco Systems, Inc.)
R2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [97608 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-21] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2013-12-04] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2014-01-21] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-21] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [1076968 2011-04-08] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 senfilt; C:\WINDOWS\System32\drivers\senfilt.sys [392832 2005-02-04] (Sensaura)
S3 WUSB54GCv3; C:\WINDOWS\System32\DRIVERS\WUSB54GCv3.sys [627072 2008-12-04] (Ralink Technology, Corp.)
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-04 22:27 - 2014-02-04 22:27 - 00000000 ____D () C:\FRST
2014-02-04 22:24 - 2014-02-04 22:30 - 00000000 ____D () C:\Documents and Settings\Ignacio\Escritorio\Nueva carpeta (2)
2014-02-03 11:09 - 2014-02-03 11:15 - 00000000 ___SD () C:\ComboFix
2014-02-03 10:27 - 2011-06-26 00:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-02-03 10:27 - 2010-11-07 11:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-02-03 10:27 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-02-03 10:27 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-02-03 10:27 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-02-03 10:27 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-02-03 10:27 - 2000-08-30 18:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-02-03 10:27 - 2000-08-30 18:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-02-03 10:27 - 2000-08-30 18:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-02-03 10:26 - 2014-02-03 10:27 - 00000000 ____D () C:\Qoobox
2014-02-03 10:25 - 2014-02-03 10:26 - 05179684 ____R (Swearware) C:\Documents and Settings\Ignacio\Escritorio\ComboFix.exe
2014-02-03 10:24 - 2014-02-03 10:24 - 00000000 ____D () C:\Documents and Settings\Ignacio\Escritorio\Nueva carpeta
2014-02-03 10:17 - 2014-02-03 10:21 - 00000000 ____D () C:\AdwCleaner
2014-02-03 10:08 - 2014-02-03 10:08 - 01166132 _____ () C:\Documents and Settings\Ignacio\Escritorio\adwcleaner.exe
2014-01-29 23:27 - 2014-01-21 23:00 - 29507320 _____ (SUPERAntiSpyware) C:\Documents and Settings\Ignacio\Mis documentos\SUPERAntiSpywarePro.exe
2014-01-29 21:54 - 2014-01-29 21:57 - 00014058 _____ () C:\Documents and Settings\Ignacio\Escritorio\dds.txt
2014-01-29 21:54 - 2014-01-29 21:54 - 00030251 _____ () C:\Documents and Settings\Ignacio\Escritorio\attach.txt
2014-01-28 20:32 - 2014-01-28 20:41 - 00003794 _____ () C:\WINDOWS\setupapi.log
2014-01-28 10:08 - 2014-01-28 10:10 - 00000000 ____D () C:\Chom
2014-01-28 10:03 - 2014-02-04 22:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-01-28 10:03 - 2014-02-04 22:23 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-01-28 10:03 - 2014-01-28 10:03 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-01-24 11:54 - 2014-01-24 11:54 - 00013592 _____ () C:\Documents and Settings\Ignacio\Escritorio\CORRIDA FINANCIERA.xlsx
2014-01-24 05:45 - 2014-01-24 05:45 - 00000000 __SHD () C:\Documents and Settings\Default User\IETldCache
2014-01-23 13:14 - 2014-01-23 13:14 - 00000000 __SHD () C:\Documents and Settings\Administrador\IETldCache
2014-01-22 13:51 - 2014-01-22 13:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-01-22 13:45 - 2013-10-29 01:44 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-01-22 13:44 - 2014-01-22 13:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2467659$
2014-01-22 13:43 - 2013-10-29 13:14 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-01-22 13:43 - 2013-10-29 01:44 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-01-22 13:43 - 2013-10-29 01:44 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-01-22 13:43 - 2013-10-29 01:44 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-01-22 13:43 - 2013-10-29 01:44 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-01-22 13:43 - 2013-10-29 01:44 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-01-22 13:43 - 2013-10-29 01:44 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-01-22 13:42 - 2014-01-22 13:43 - 00000000 __HDC () C:\WINDOWS\ie8
2014-01-22 13:38 - 2014-01-06 16:20 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-22 13:36 - 2014-01-22 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2014-01-22 13:32 - 2014-01-22 13:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2659262$
2014-01-22 13:27 - 2014-01-22 13:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-01-22 13:27 - 2014-01-22 13:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2758857$
2014-01-22 13:26 - 2014-01-22 13:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$
2014-01-22 13:26 - 2014-01-22 13:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2014-01-22 13:26 - 2014-01-22 13:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2014-01-22 13:22 - 2014-01-22 13:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-01-22 13:15 - 2014-01-22 13:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-01-22 13:04 - 2014-01-22 13:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2655992$
2014-01-22 13:00 - 2014-01-22 13:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898785$
2014-01-22 13:00 - 2014-01-22 13:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-01-22 13:00 - 2014-01-22 13:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$
2014-01-22 13:00 - 2014-01-22 13:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2014-01-22 12:59 - 2014-01-22 12:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-01-22 12:59 - 2014-01-22 12:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2014-01-22 12:54 - 2014-01-22 12:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2845187$
2014-01-22 12:54 - 2014-01-22 12:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2510581$
2014-01-22 12:50 - 2014-01-22 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-01-22 12:50 - 2014-01-22 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-01-22 12:39 - 2014-01-22 12:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-01-22 12:38 - 2014-01-22 12:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-01-22 12:38 - 2014-01-22 12:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2014-01-22 12:38 - 2014-01-22 12:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2719985$
2014-01-22 12:37 - 2014-01-22 12:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-01-22 12:33 - 2014-01-22 12:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-01-22 12:33 - 2014-01-22 12:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-01-22 12:33 - 2014-01-22 12:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2014-01-22 12:26 - 2014-01-22 12:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-01-22 12:26 - 2014-01-22 12:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-01-22 12:26 - 2014-01-22 12:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-01-22 12:26 - 2014-01-22 12:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
2014-01-22 12:25 - 2014-01-22 12:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893984$
2014-01-22 12:25 - 2014-01-22 12:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2014-01-22 12:17 - 2014-01-22 12:17 - 00000000 ____D () C:\Documents and Settings\Default User\Configuración local\Datos de programa\Microsoft Help
2014-01-22 12:14 - 2014-01-22 12:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-01-22 12:14 - 2014-01-22 12:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-01-22 12:14 - 2014-01-22 12:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2014-01-22 12:14 - 2014-01-22 12:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-01-22 12:14 - 2014-01-22 12:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-01-22 12:14 - 2014-01-22 12:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2014-01-22 12:13 - 2014-01-22 12:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-01-22 11:54 - 2014-01-22 11:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-22 01:50 - 2014-01-22 01:50 - 00000000 ____D () C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
2014-01-22 01:23 - 2014-01-22 01:23 - 00000000 ____D () C:\Documents and Settings\Ignacio\Datos de programa\SUPERAntiSpyware.com
2014-01-22 00:04 - 2014-01-22 00:04 - 00000000 ___RD () C:\Documents and Settings\Administrador\Mis documentos\Mis vídeos
2014-01-22 00:04 - 2014-01-22 00:04 - 00000000 ___RD () C:\Documents and Settings\Administrador\Mis documentos\Mis imágenes
2014-01-22 00:04 - 2014-01-22 00:04 - 00000000 ___RD () C:\Documents and Settings\Administrador\Mis documentos\Mi música
2014-01-22 00:04 - 2014-01-22 00:04 - 00000000 ___RD () C:\Documents and Settings\Administrador\Menú Inicio\Programas\Herramientas administrativas
2014-01-22 00:03 - 2014-01-22 00:03 - 00000000 ____D () C:\Documents and Settings\Administrador\Datos de programa\TP-LINK
2014-01-22 00:02 - 2014-01-22 00:02 - 00001741 _____ () C:\Documents and Settings\All Users\Escritorio\SUPERAntiSpyware Professional.lnk
2014-01-22 00:02 - 2014-01-22 00:02 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2014-01-22 00:02 - 2014-01-22 00:02 - 00000000 ____D () C:\Documents and Settings\Administrador\Datos de programa\SUPERAntiSpyware.com
2014-01-22 00:02 - 2014-01-22 00:02 - 00000000 ____D () C:\Archivos de programa\SUPERAntiSpyware
2014-01-22 00:00 - 2014-01-23 13:13 - 00000000 __SHD () C:\WINDOWS\CSC
2014-01-21 22:53 - 2014-01-21 23:12 - 91412976 _____ (AVAST Software) C:\Documents and Settings\Ignacio\Escritorio\avast_free_antivirus_setup.exe
2014-01-21 09:41 - 2014-01-21 09:41 - 00000000 _RSHD () C:\cmdcons
2014-01-21 09:41 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-01-21 09:39 - 2014-01-21 09:39 - 00000000 ___RD () C:\Documents and Settings\Ignacio\Menú Inicio\Programas\Herramientas administrativas
2014-01-21 09:39 - 2014-01-21 09:39 - 00000000 ____D () C:\Documents and Settings\All Users\Favoritos
2014-01-21 09:38 - 2014-02-03 10:26 - 00000000 ____D () C:\WINDOWS\erdnt
2014-01-21 01:43 - 2014-01-28 10:53 - 00007806 _____ () C:\Documents and Settings\Ignacio\Escritorio\hijackthis.log
2014-01-20 19:58 - 2014-01-22 00:11 - 00000000 ____D () C:\Documents and Settings\Ignacio\Datos de programa\Panda Security
2014-01-20 19:57 - 2014-01-22 00:10 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\Panda Security
2014-01-20 19:25 - 2014-01-20 19:25 - 00000000 ____D () C:\Documents and Settings\Ignacio\Datos de programa\Malwarebytes
2014-01-20 19:24 - 2014-01-20 19:24 - 00000833 _____ () C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
2014-01-20 19:24 - 2014-01-20 19:24 - 00000000 ____D () C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
2014-01-20 19:24 - 2014-01-20 19:24 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2014-01-20 19:24 - 2014-01-20 19:24 - 00000000 ____D () C:\Archivos de programa\Malwarebytes' Anti-Malware
2014-01-20 19:24 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-20 19:22 - 2014-01-20 19:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Ignacio\Escritorio\mbam-setup-1.75.0.1300.exe
2014-01-20 19:09 - 2014-01-20 19:09 - 00000000 ____D () C:\Documents and Settings\Ignacio\Mis documentos\backups
2014-01-20 18:44 - 2014-01-19 22:12 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Ignacio\Escritorio\iExplore.exe
2014-01-20 18:44 - 2014-01-19 22:10 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Ignacio\Escritorio\HijackThis.exe
2014-01-20 10:39 - 2014-01-20 10:39 - 02359350 _____ () C:\Documents and Settings\Ignacio\Mis documentos\Dibujoolf.bmp
2014-01-20 10:37 - 2014-01-20 10:37 - 02359350 _____ () C:\Documents and Settings\Ignacio\Mis documentos\Dibujool.bmp
2014-01-20 10:35 - 2014-01-20 10:35 - 02359350 _____ () C:\Documents and Settings\Ignacio\Mis documentos\Dibujo.bmp
2014-01-20 09:02 - 2013-07-02 20:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2014-01-20 09:00 - 2013-02-11 18:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2014-01-20 08:59 - 2013-07-16 18:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2014-01-20 08:59 - 2013-07-16 18:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2014-01-20 08:56 - 2013-08-08 18:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2014-01-20 08:56 - 2013-08-08 18:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2014-01-20 08:56 - 2009-03-18 05:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2014-01-20 08:20 - 2014-01-20 08:20 - 37154816 _____ () C:\WINDOWS\system32\config\software.iodefrag.bak
2014-01-20 08:20 - 2014-01-20 08:20 - 00356352 _____ () C:\WINDOWS\system32\config\default.iodefrag.bak
2014-01-20 08:20 - 2014-01-20 08:20 - 00081920 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-01-20 08:20 - 2014-01-20 08:20 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-01-20 00:08 - 2014-02-04 22:14 - 00149132 _____ () C:\Documents and Settings\Ignacio\Escritorio\Rkill.txt
2014-01-19 23:50 - 2014-02-04 22:28 - 02007694 _____ () C:\WINDOWS\WindowsUpdate.log
2014-01-19 22:52 - 2014-01-21 09:00 - 00071072 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
2014-01-19 22:49 - 2014-01-23 21:50 - 00161148 _____ () C:\Documents and Settings\Administrador\Escritorio\Rkill.txt
2014-01-19 22:48 - 2014-01-19 22:48 - 00000731 _____ () C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
2014-01-19 22:48 - 2014-01-19 22:48 - 00000000 ____D () C:\Documents and Settings\All Users\Menú Inicio\Programas\CCleaner
2014-01-19 22:48 - 2014-01-19 22:48 - 00000000 ____D () C:\Archivos de programa\CCleaner
2014-01-19 17:52 - 2014-01-19 17:52 - 00000000 ____D () C:\Documents and Settings\Administrador\Datos de programa\AVAST Software
2014-01-19 17:52 - 2014-01-19 17:52 - 00000000 ____D () C:\Documents and Settings\Administrador\Datos de programa\Adobe
2014-01-19 17:50 - 2014-01-19 17:50 - 00001347 _____ () C:\Documents and Settings\Administrador\Escritorio\IObit Malware Fighter Report.log
2014-01-19 16:27 - 2014-01-22 01:48 - 00000000 ____D () C:\Documents and Settings\Administrador\Datos de programa\IObit
2014-01-19 16:26 - 2014-01-27 08:56 - 00000000 ____D () C:\Documents and Settings\Administrador\Escritorio
2014-01-19 16:26 - 2014-01-26 00:25 - 00000000 __RHD () C:\Documents and Settings\Administrador\Datos de programa
2014-01-19 16:26 - 2014-01-26 00:03 - 00000192 ___SH () C:\Documents and Settings\Administrador\ntuser.ini
2014-01-19 16:26 - 2014-01-23 13:14 - 00000000 ____D () C:\Documents and Settings\Administrador
2014-01-19 16:26 - 2014-01-22 00:04 - 00000000 ___RD () C:\Documents and Settings\Administrador\Menú Inicio\Programas
2014-01-19 16:26 - 2014-01-22 00:04 - 00000000 ____D () C:\Documents and Settings\Administrador\Mis documentos
2014-01-19 16:26 - 2014-01-19 23:49 - 00000000 ____D () C:\Documents and Settings\Administrador\Favoritos
2014-01-19 16:26 - 2014-01-19 22:52 - 00000000 __SHD () C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet
2014-01-19 16:26 - 2014-01-19 22:52 - 00000000 ___HD () C:\Documents and Settings\Administrador\Configuración local\Datos de programa
2014-01-19 16:26 - 2011-01-02 01:51 - 00001599 _____ () C:\Documents and Settings\Administrador\Menú Inicio\Programas\Asistencia remota.lnk
2014-01-19 16:26 - 2011-01-02 01:51 - 00000827 _____ () C:\Documents and Settings\Administrador\Menú Inicio\Programas\Reproductor de Windows Media.lnk
2014-01-19 16:26 - 2011-01-02 01:51 - 00000000 ___RD () C:\Documents and Settings\Administrador\Menú Inicio\Programas\Accesorios
2014-01-19 16:26 - 2011-01-02 01:47 - 00000000 ___HD () C:\Documents and Settings\Administrador\Plantillas
2014-01-19 16:26 - 2011-01-01 18:41 - 00000000 __SHD () C:\Documents and Settings\Administrador\Configuración local\Historial
2014-01-19 16:26 - 2011-01-01 18:41 - 00000000 ___RD () C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio
2014-01-19 16:26 - 2011-01-01 18:41 - 00000000 ___RD () C:\Documents and Settings\Administrador\Menú Inicio
2014-01-19 16:26 - 2011-01-01 18:41 - 00000000 ___HD () C:\Documents and Settings\Administrador\Impresoras
2014-01-19 16:26 - 2011-01-01 18:41 - 00000000 ___HD () C:\Documents and Settings\Administrador\Entorno de red
2014-01-19 16:18 - 2014-01-19 16:18 - 00000000 ____D () C:\ffaa99eb9c4ba6a548c8bb1b450aea60
2014-01-19 16:14 - 2014-01-19 16:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2621440$
2014-01-19 15:53 - 2014-01-19 15:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2653956$
2014-01-19 15:52 - 2014-01-19 15:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958644$
2014-01-19 15:52 - 2014-01-19 15:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954459$
2014-01-19 15:23 - 2014-01-19 15:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2014-01-19 15:23 - 2014-01-19 15:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2661637$
2014-01-19 15:22 - 2014-01-19 15:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975467$
2014-01-17 23:37 - 2014-01-17 23:37 - 00000000 ____D () C:\Documents and Settings\All Users\Menú Inicio\Programas\Google Earth
2014-01-17 23:36 - 2014-02-03 09:57 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\ProductData
2014-01-17 23:36 - 2014-01-17 23:38 - 00000000 ____D () C:\Archivos de programa\SecretSauce
2014-01-17 23:36 - 2014-01-17 23:36 - 00000000 ____D () C:\Documents and Settings\All Users\Menú Inicio\Programas\SmartDraw 2013
2014-01-17 23:36 - 2014-01-17 23:36 - 00000000 ____D () C:\Documents and Settings\All Users\Menú Inicio\Programas\Advanced SystemCare 7
2014-01-17 23:36 - 2014-01-17 23:36 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\House Of Soft
2014-01-17 23:36 - 2014-01-17 23:36 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-01-17 23:29 - 2014-01-17 23:29 - 00000000 ____D () C:\Documents and Settings\NetworkService\Datos de programa\AVAST Software
2014-01-17 23:22 - 2012-01-11 13:06 - 00003072 ____N () C:\WINDOWS\system32\iacenc.dll
2014-01-17 23:22 - 2012-01-11 13:06 - 00003072 ____C () C:\WINDOWS\system32\dllcache\iacenc.dll
2014-01-17 23:17 - 2012-06-02 15:18 - 00275696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll
2014-01-17 23:17 - 2012-06-02 15:18 - 00214256 _____ (Microsoft Corporation) C:\WINDOWS\system32\muweb.dll
2014-01-17 23:17 - 2012-06-02 15:18 - 00018160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll.mui
2014-01-17 22:13 - 2014-01-17 22:13 - 00001964 _____ () C:\Documents and Settings\All Users\Escritorio\Google Earth.lnk
2014-01-17 18:22 - 2014-02-04 22:28 - 00000512 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (SD).job
2014-01-17 18:19 - 2014-01-17 18:19 - 00000736 _____ () C:\Documents and Settings\Ignacio\Menú Inicio\Programas\SmartDraw 2013.lnk
2014-01-17 18:19 - 2014-01-17 18:19 - 00000730 _____ () C:\Documents and Settings\Ignacio\Escritorio\SmartDraw 2013.lnk
2014-01-17 18:19 - 2014-01-17 18:19 - 00000000 ____D () C:\Documents and Settings\Ignacio\System
2014-01-17 18:19 - 2014-01-17 18:19 - 00000000 ____D () C:\Documents and Settings\Ignacio\Mis documentos\SmartDraw
2014-01-17 18:18 - 2014-01-17 23:36 - 00000000 ____D () C:\Documents and Settings\Ignacio\Datos de programa\SmartDraw
2014-01-17 18:18 - 2014-01-17 18:18 - 00000700 _____ () C:\Documents and Settings\All Users\Escritorio\SmartDraw 2013.lnk
2014-01-17 18:17 - 2014-01-20 21:06 - 00000000 ____D () C:\Archivos de programa\SmartDraw 2013
2014-01-17 18:13 - 2014-01-17 18:13 - 00000000 ____D () C:\Archivos de programa\Khurram Softwares
2014-01-17 18:11 - 2014-02-04 22:29 - 00000286 _____ () C:\WINDOWS\Tasks\ASC7_PerformanceMonitor.job
2014-01-17 18:10 - 2014-02-03 21:28 - 00032548 _____ () C:\WINDOWS\Tasks\SCHEDLGU.TXT
2014-01-17 18:10 - 2014-01-29 21:22 - 00001909 _____ () C:\Documents and Settings\All Users\Escritorio\Advanced SystemCare 7.lnk
2014-01-17 14:15 - 2014-01-17 14:15 - 00000000 ____D () C:\Archivos de programa\Intelore
2014-01-17 13:42 - 2014-01-17 13:43 - 00019587 _____ () C:\Documents and Settings\Ignacio\Mis documentos\smartdraw 2013 by 2lets.com.torrent
2014-01-17 08:33 - 2014-01-17 09:01 - 00000000 ____D () C:\Documents and Settings\Ignacio\Mis documentos\sedatu
2014-01-17 08:31 - 2014-01-17 08:31 - 16023573 _____ () C:\Documents and Settings\Ignacio\Mis documentos\fwdreglasdeoperacion2014fonhapo.zip
2014-01-15 23:24 - 2014-01-15 23:24 - 00012019 _____ () C:\Documents and Settings\Ignacio\Mis documentos\SEDATU.xlsx
2014-01-11 12:36 - 2014-01-17 23:35 - 00000000 ____D () C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\SecondLife
2014-01-11 12:36 - 2014-01-11 12:38 - 00000000 ____D () C:\Documents and Settings\Ignacio\Datos de programa\SecondLife
2014-01-10 23:38 - 2014-01-10 23:48 - 00012444 _____ () C:\Documents and Settings\Ignacio\Mis documentos\cuentas Zapo-tamazula.xlsx
2014-01-08 14:56 - 2014-01-08 14:59 - 19836599 _____ () C:\Documents and Settings\Ignacio\Mis documentos\ECEG.zip
2014-01-07 12:22 - 2014-01-07 12:22 - 00000057 _____ () C:\Documents and Settings\Ignacio\Mis documentos\pelon-cobaej.txt
 
==================== One Month Modified Files and Folders =======
 
2014-02-04 22:30 - 2014-02-04 22:24 - 00000000 ____D () C:\Documents and Settings\Ignacio\Escritorio\Nueva carpeta (2)
2014-02-04 22:29 - 2014-01-17 18:11 - 00000286 _____ () C:\WINDOWS\Tasks\ASC7_PerformanceMonitor.job
2014-02-04 22:28 - 2014-01-19 23:50 - 02007694 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-04 22:28 - 2014-01-17 18:22 - 00000512 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (SD).job
2014-02-04 22:28 - 2013-12-03 19:40 - 00000000 _____ () C:\WINDOWS\RTacDbg.txt
2014-02-04 22:28 - 2012-06-03 23:14 - 00000380 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-02-04 22:28 - 2011-11-05 16:54 - 00000296 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-790525478-1647877149-1606980848-1003.job
2014-02-04 22:28 - 2011-01-12 21:24 - 00001036 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 22:28 - 2011-01-02 01:56 - 00000192 ___SH () C:\Documents and Settings\Ignacio\ntuser.ini
2014-02-04 22:28 - 2011-01-02 01:56 - 00000000 ____D () C:\Documents and Settings\Ignacio
2014-02-04 22:27 - 2014-02-04 22:27 - 00000000 ____D () C:\FRST
2014-02-04 22:24 - 2011-01-02 01:56 - 00000000 ____D () C:\Documents and Settings\Ignacio\Escritorio
2014-02-04 22:23 - 2014-01-28 10:03 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-04 22:23 - 2014-01-28 10:03 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-02-04 22:14 - 2014-01-20 00:08 - 00149132 _____ () C:\Documents and Settings\Ignacio\Escritorio\Rkill.txt
2014-02-04 22:04 - 2011-01-12 21:24 - 00001040 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-04 21:52 - 2011-01-02 01:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-04 21:52 - 2008-04-14 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-03 21:28 - 2014-01-17 18:10 - 00032548 _____ () C:\WINDOWS\Tasks\SCHEDLGU.TXT
2014-02-03 21:28 - 2012-06-03 23:16 - 00001914 _____ () C:\Documents and Settings\All Users\Escritorio\Google Chrome.lnk
2014-02-03 21:28 - 2011-01-02 01:55 - 00000192 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2014-02-03 11:15 - 2014-02-03 11:09 - 00000000 ___SD () C:\ComboFix
2014-02-03 11:15 - 2011-01-02 01:56 - 00000000 __RHD () C:\Documents and Settings\Ignacio\Datos de programa
2014-02-03 11:07 - 2011-01-02 01:48 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-02-03 10:27 - 2014-02-03 10:26 - 00000000 ____D () C:\Qoobox
2014-02-03 10:26 - 2014-02-03 10:25 - 05179684 ____R (Swearware) C:\Documents and Settings\Ignacio\Escritorio\ComboFix.exe
2014-02-03 10:26 - 2014-01-21 09:38 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-03 10:24 - 2014-02-03 10:24 - 00000000 ____D () C:\Documents and Settings\Ignacio\Escritorio\Nueva carpeta
2014-02-03 10:21 - 2014-02-03 10:17 - 00000000 ____D () C:\AdwCleaner
2014-02-03 10:20 - 2011-01-02 01:56 - 00000000 ___HD () C:\Documents and Settings\Ignacio\Configuración local\Datos de programa
2014-02-03 10:20 - 2011-01-01 18:42 - 00000000 ___RD () C:\Archivos de programa
2014-02-03 10:20 - 2011-01-01 18:41 - 00000000 __RHD () C:\Documents and Settings\All Users\Datos de programa
2014-02-03 10:08 - 2014-02-03 10:08 - 01166132 _____ () C:\Documents and Settings\Ignacio\Escritorio\adwcleaner.exe
2014-02-03 09:57 - 2014-01-17 23:36 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\ProductData
2014-02-02 00:45 - 2012-06-09 00:10 - 00000838 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-02 00:43 - 2012-08-02 11:38 - 00001018 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-790525478-1647877149-1606980848-1003UA.job
2014-02-01 12:43 - 2012-08-02 11:38 - 00000996 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-790525478-1647877149-1606980848-1003Core.job
2014-01-29 23:27 - 2011-01-02 01:56 - 00000000 ___RD () C:\Documents and Settings\Ignacio\Mis documentos
2014-01-29 23:27 - 2011-01-01 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Escritorio
2014-01-29 22:58 - 2011-06-07 15:58 - 00017920 _____ () C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-29 22:58 - 2011-05-08 18:59 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-01-29 21:57 - 2014-01-29 21:54 - 00014058 _____ () C:\Documents and Settings\Ignacio\Escritorio\dds.txt
2014-01-29 21:54 - 2014-01-29 21:54 - 00030251 _____ () C:\Documents and Settings\Ignacio\Escritorio\attach.txt
2014-01-29 21:22 - 2014-01-17 18:10 - 00001909 _____ () C:\Documents and Settings\All Users\Escritorio\Advanced SystemCare 7.lnk
2014-01-28 20:41 - 2014-01-28 20:32 - 00003794 _____ () C:\WINDOWS\setupapi.log
2014-01-28 10:53 - 2014-01-21 01:43 - 00007806 _____ () C:\Documents and Settings\Ignacio\Escritorio\hijackthis.log
2014-01-28 10:10 - 2014-01-28 10:08 - 00000000 ____D () C:\Chom
2014-01-28 10:03 - 2014-01-28 10:03 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-01-27 09:02 - 2011-01-02 02:10 - 00000000 ____D () C:\Documents and Settings\Ignacio\Mis documentos\musica
2014-01-27 09:00 - 2012-05-20 00:36 - 00000000 ____D () C:\Documents and Settings\Ignacio\Mis documentos\BUFETTE
2014-01-27 08:56 - 2014-01-19 16:26 - 00000000 ____D () C:\Documents and Settings\Administrador\Escritorio
2014-01-26 00:25 - 2014-01-19 16:26 - 00000000 __RHD () C:\Documents and Settings\Administrador\Datos de programa
2014-01-26 00:03 - 2014-01-19 16:26 - 00000192 ___SH () C:\Documents and Settings\Administrador\ntuser.ini
2014-01-26 00:03 - 2011-01-02 01:54 - 00000192 ___SH () C:\Documents and Settings\NetworkService\ntuser.ini
2014-01-24 11:54 - 2014-01-24 11:54 - 00013592 _____ () C:\Documents and Settings\Ignacio\Escritorio\CORRIDA FINANCIERA.xlsx
2014-01-24 05:57 - 2011-01-02 02:24 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2014-01-24 05:47 - 2012-06-03 22:27 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-01-24 05:47 - 2011-01-02 01:48 - 00000000 ____D () C:\Archivos de programa\Archivos comunes\System
2014-01-24 05:47 - 2008-04-14 06:00 - 00000587 _____ () C:\WINDOWS\win.ini
2014-01-24 05:45 - 2014-01-24 05:45 - 00000000 __SHD () C:\Documents and Settings\Default User\IETldCache
2014-01-23 21:50 - 2014-01-19 22:49 - 00161148 _____ () C:\Documents and Settings\Administrador\Escritorio\Rkill.txt
2014-01-23 19:37 - 2011-01-02 01:58 - 00071072 _____ () C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
2014-01-23 14:59 - 2011-01-02 01:56 - 00000000 ___RD () C:\Documents and Settings\Ignacio\Menú Inicio
2014-01-23 14:51 - 2013-11-28 23:27 - 37863424 _____ () C:\WINDOWS\system32\config\software.iobit
2014-01-23 14:51 - 2013-11-28 23:27 - 00356352 _____ () C:\WINDOWS\system32\config\default.iobit
2014-01-23 14:51 - 2013-11-28 23:27 - 00081920 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-01-23 14:51 - 2013-11-28 23:27 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iobit
2014-01-23 14:51 - 2011-01-02 01:55 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-01-23 14:51 - 2011-01-02 01:54 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-01-23 14:32 - 2011-11-05 19:27 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-01-23 14:09 - 2011-01-01 18:42 - 01205912 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-23 14:03 - 2012-05-20 21:13 - 00000000 ___RD () C:\Documents and Settings\Ignacio\Mis documentos\Mis imágenes
2014-01-23 14:03 - 2011-01-02 01:56 - 00000838 _____ () C:\Documents and Settings\Ignacio\Menú Inicio\Programas\Internet Explorer.lnk
2014-01-23 14:03 - 2011-01-02 01:56 - 00000000 ___RD () C:\Documents and Settings\Ignacio\Menú Inicio\Programas
2014-01-23 14:03 - 2011-01-02 01:56 - 00000000 ___RD () C:\Documents and Settings\Ignacio\Favoritos
2014-01-23 14:03 - 2011-01-02 01:47 - 00000000 ___RD () C:\Documents and Settings\All Users\Documentos\Mi música
2014-01-23 13:14 - 2014-01-23 13:14 - 00000000 __SHD () C:\Documents and Settings\Administrador\IETldCache
2014-01-23 13:14 - 2014-01-19 16:26 - 00000000 ____D () C:\Documents and Settings\Administrador
2014-01-23 13:13 - 2014-01-22 00:00 - 00000000 __SHD () C:\WINDOWS\CSC
2014-01-23 13:13 - 2011-01-02 02:41 - 00000000 ____D () C:\Archivos de programa\Microsoft Silverlight
2014-01-23 13:13 - 2011-01-01 19:34 - 00000000 ____D () C:\WINDOWS\Help
2014-01-23 13:13 - 2011-01-01 18:41 - 00287704 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-22 13:51 - 2014-01-22 13:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-01-22 13:45 - 2012-06-03 21:35 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-01-22 13:44 - 2014-01-22 13:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2467659$
2014-01-22 13:43 - 2014-01-22 13:42 - 00000000 __HDC () C:\WINDOWS\ie8
2014-01-22 13:43 - 2011-01-01 19:34 - 00000000 ____D () C:\WINDOWS\Media
2014-01-22 13:36 - 2014-01-22 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2014-01-22 13:32 - 2014-01-22 13:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2659262$
2014-01-22 13:27 - 2014-01-22 13:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-01-22 13:27 - 2014-01-22 13:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2758857$
2014-01-22 13:26 - 2014-01-22 13:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$
2014-01-22 13:26 - 2014-01-22 13:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2014-01-22 13:26 - 2014-01-22 13:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2014-01-22 13:22 - 2014-01-22 13:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-01-22 13:15 - 2014-01-22 13:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-01-22 13:04 - 2014-01-22 13:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2655992$
2014-01-22 13:00 - 2014-01-22 13:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898785$
2014-01-22 13:00 - 2014-01-22 13:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-01-22 13:00 - 2014-01-22 13:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$
2014-01-22 13:00 - 2014-01-22 13:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2014-01-22 12:59 - 2014-01-22 12:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-01-22 12:59 - 2014-01-22 12:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2014-01-22 12:54 - 2014-01-22 12:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2845187$
2014-01-22 12:54 - 2014-01-22 12:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2510581$
2014-01-22 12:50 - 2014-01-22 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-01-22 12:50 - 2014-01-22 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-01-22 12:50 - 2012-06-03 22:50 - 00011900 _____ () C:\WINDOWS\system32\TZLog.log
2014-01-22 12:39 - 2014-01-22 12:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-01-22 12:39 - 2011-11-30 11:24 - 00000000 ____D () C:\Documents and Settings\All Users\Menú Inicio\Programas\Microsoft Silverlight
2014-01-22 12:38 - 2014-01-22 12:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-01-22 12:38 - 2014-01-22 12:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2014-01-22 12:38 - 2014-01-22 12:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2719985$
2014-01-22 12:37 - 2014-01-22 12:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-01-22 12:33 - 2014-01-22 12:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-01-22 12:33 - 2014-01-22 12:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-01-22 12:33 - 2014-01-22 12:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2014-01-22 12:26 - 2014-01-22 12:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-01-22 12:26 - 2014-01-22 12:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-01-22 12:26 - 2014-01-22 12:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-01-22 12:26 - 2014-01-22 12:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
2014-01-22 12:25 - 2014-01-22 12:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893984$
2014-01-22 12:25 - 2014-01-22 12:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2014-01-22 12:20 - 2011-01-02 02:28 - 00000000 ____D () C:\Archivos de programa\Microsoft Works
2014-01-22 12:20 - 2011-01-01 18:42 - 00000000 ____D () C:\Archivos de programa\Archivos comunes\Microsoft Shared
2014-01-22 12:17 - 2014-01-22 12:17 - 00000000 ____D () C:\Documents and Settings\Default User\Configuración local\Datos de programa\Microsoft Help
2014-01-22 12:17 - 2011-01-01 18:41 - 00000000 ___HD () C:\Documents and Settings\Default User\Configuración local\Datos de programa
2014-01-22 12:14 - 2014-01-22 12:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-01-22 12:14 - 2014-01-22 12:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-01-22 12:14 - 2014-01-22 12:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2014-01-22 12:14 - 2014-01-22 12:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-01-22 12:14 - 2014-01-22 12:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-01-22 12:14 - 2014-01-22 12:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2014-01-22 12:13 - 2014-01-22 12:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-01-22 12:08 - 2011-11-25 18:20 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-01-22 11:54 - 2014-01-22 11:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-22 08:08 - 2011-10-18 21:17 - 00000000 ____D () C:\WINDOWS\Sun
2014-01-22 01:50 - 2014-01-22 01:50 - 00000000 ____D () C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
2014-01-22 01:48 - 2014-01-19 16:27 - 00000000 ____D () C:\Documents and Settings\Administrador\Datos de programa\IObit
2014-01-22 01:48 - 2012-05-20 21:18 - 00000000 ____D () C:\Archivos de programa\IObit
2014-01-22 01:48 - 2011-01-01 18:41 - 00000000 ___RD () C:\Documents and Settings\All Users\Menú Inicio\Programas
2014-01-22 01:23 - 2014-01-22 01:23 - 00000000 ____D () C:\Documents and Settings\Ignacio\Datos de programa\SUPERAntiSpyware.com
2014-01-22 00:11 - 2014-01-20 19:58 - 00000000 ____D () C:\Documents and Settings\Ignacio\Datos de programa\Panda Security
2014-01-22 00:10 - 2014-01-20 19:57 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\Panda Security
2014-01-22 00:04 - 2014-01-22 00:04 - 00000000 ___RD () C:\Documents and Settings\Administrador\Mis documentos\Mis vídeos
2014-01-22 00:04 - 2014-01-22 00:04 - 00000000 ___RD () C:\Documents and Settings\Administrador\Mis documentos\Mis imágenes
2014-01-22 00:04 - 2014-01-22 00:04 - 00000000 ___RD () C:\Documents and Settings\Administrador\Mis documentos\Mi música
2014-01-22 00:04 - 2014-01-22 00:04 - 00000000 ___RD () C:\Documents and Settings\Administrador\Menú Inicio\Programas\Herramientas administrativas
2014-01-22 00:04 - 2014-01-19 16:26 - 00000000 ___RD () C:\Documents and Settings\Administrador\Menú Inicio\Programas
2014-01-22 00:04 - 2014-01-19 16:26 - 00000000 ____D () C:\Documents and Settings\Administrador\Mis documentos
2014-01-22 00:03 - 2014-01-22 00:03 - 00000000 ____D () C:\Documents and Settings\Administrador\Datos de programa\TP-LINK
2014-01-22 00:02 - 2014-01-22 00:02 - 00001741 _____ () C:\Documents and Settings\All Users\Escritorio\SUPERAntiSpyware Professional.lnk
2014-01-22 00:02 - 2014-01-22 00:02 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2014-01-22 00:02 - 2014-01-22 00:02 - 00000000 ____D () C:\Documents and Settings\Administrador\Datos de programa\SUPERAntiSpyware.com
2014-01-22 00:02 - 2014-01-22 00:02 - 00000000 ____D () C:\Archivos de programa\SUPERAntiSpyware
2014-01-22 00:02 - 2011-01-01 18:41 - 00000000 ___RD () C:\Documents and Settings\All Users\Menú Inicio
2014-01-21 23:56 - 2013-12-04 09:04 - 00001615 _____ () C:\Documents and Settings\All Users\Escritorio\avast! Free Antivirus.lnk
2014-01-21 23:55 - 2013-12-04 09:03 - 00180248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-01-21 23:55 - 2013-12-04 09:03 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-01-21 23:55 - 2012-06-03 23:14 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-01-21 23:55 - 2012-06-03 23:14 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-01-21 23:55 - 2012-06-03 23:14 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-01-21 23:55 - 2012-06-03 23:14 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-01-21 23:55 - 2012-06-03 23:13 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-01-21 23:55 - 2012-06-03 23:13 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-01-21 23:12 - 2014-01-21 22:53 - 91412976 _____ (AVAST Software) C:\Documents and Settings\Ignacio\Escritorio\avast_free_antivirus_setup.exe
2014-01-21 23:00 - 2014-01-29 23:27 - 29507320 _____ (SUPERAntiSpyware) C:\Documents and Settings\Ignacio\Mis documentos\SUPERAntiSpywarePro.exe
2014-01-21 09:41 - 2014-01-21 09:41 - 00000000 _RSHD () C:\cmdcons
2014-01-21 09:41 - 2011-01-01 19:40 - 00000327 __RSH () C:\boot.ini
2014-01-21 09:39 - 2014-01-21 09:39 - 00000000 ___RD () C:\Documents and Settings\Ignacio\Menú Inicio\Programas\Herramientas administrativas
2014-01-21 09:39 - 2014-01-21 09:39 - 00000000 ____D () C:\Documents and Settings\All Users\Favoritos
2014-01-21 09:27 - 2011-01-02 01:55 - 00000000 ____D () C:\Documents and Settings\LocalService\Datos de programa
2014-01-21 09:00 - 2014-01-19 22:52 - 00071072 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
2014-01-20 21:06 - 2014-01-17 18:17 - 00000000 ____D () C:\Archivos de programa\SmartDraw 2013
2014-01-20 19:44 - 2012-06-03 22:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981322$
2014-01-20 19:25 - 2014-01-20 19:25 - 00000000 ____D () C:\Documents and Settings\Ignacio\Datos de programa\Malwarebytes
2014-01-20 19:24 - 2014-01-20 19:24 - 00000833 _____ () C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
2014-01-20 19:24 - 2014-01-20 19:24 - 00000000 ____D () C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
2014-01-20 19:24 - 2014-01-20 19:24 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2014-01-20 19:24 - 2014-01-20 19:24 - 00000000 ____D () C:\Archivos de programa\Malwarebytes' Anti-Malware
2014-01-20 19:12 - 2014-01-20 19:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Ignacio\Escritorio\mbam-setup-1.75.0.1300.exe
2014-01-20 19:09 - 2014-01-20 19:09 - 00000000 ____D () C:\Documents and Settings\Ignacio\Mis documentos\backups
2014-01-20 13:05 - 2011-01-12 21:26 - 00000304 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-1647877149-1606980848-1003.job
2014-01-20 10:39 - 2014-01-20 10:39 - 02359350 _____ () C:\Documents and Settings\Ignacio\Mis documentos\Dibujoolf.bmp
2014-01-20 10:37 - 2014-01-20 10:37 - 02359350 _____ () C:\Documents and Settings\Ignacio\Mis documentos\Dibujool.bmp
2014-01-20 10:35 - 2014-01-20 10:35 - 02359350 _____ () C:\Documents and Settings\Ignacio\Mis documentos\Dibujo.bmp
2014-01-20 08:20 - 2014-01-20 08:20 - 37154816 _____ () C:\WINDOWS\system32\config\software.iodefrag.bak
2014-01-20 08:20 - 2014-01-20 08:20 - 00356352 _____ () C:\WINDOWS\system32\config\default.iodefrag.bak
2014-01-20 08:20 - 2014-01-20 08:20 - 00081920 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-01-20 08:20 - 2014-01-20 08:20 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-01-19 23:49 - 2014-01-19 16:26 - 00000000 ____D () C:\Documents and Settings\Administrador\Favoritos
2014-01-19 22:52 - 2014-01-19 16:26 - 00000000 __SHD () C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet
2014-01-19 22:52 - 2014-01-19 16:26 - 00000000 ___HD () C:\Documents and Settings\Administrador\Configuración local\Datos de programa
2014-01-19 22:48 - 2014-01-19 22:48 - 00000731 _____ () C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
2014-01-19 22:48 - 2014-01-19 22:48 - 00000000 ____D () C:\Documents and Settings\All Users\Menú Inicio\Programas\CCleaner
2014-01-19 22:48 - 2014-01-19 22:48 - 00000000 ____D () C:\Archivos de programa\CCleaner
2014-01-19 22:12 - 2014-01-20 18:44 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Ignacio\Escritorio\iExplore.exe
2014-01-19 22:10 - 2014-01-20 18:44 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Ignacio\Escritorio\HijackThis.exe
2014-01-19 17:52 - 2014-01-19 17:52 - 00000000 ____D () C:\Documents and Settings\Administrador\Datos de programa\AVAST Software
2014-01-19 17:52 - 2014-01-19 17:52 - 00000000 ____D () C:\Documents and Settings\Administrador\Datos de programa\Adobe
2014-01-19 17:50 - 2014-01-19 17:50 - 00001347 _____ () C:\Documents and Settings\Administrador\Escritorio\IObit Malware Fighter Report.log
2014-01-19 16:18 - 2014-01-19 16:18 - 00000000 ____D () C:\ffaa99eb9c4ba6a548c8bb1b450aea60
2014-01-19 16:15 - 2014-01-19 16:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2621440$
2014-01-19 15:53 - 2014-01-19 15:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2653956$
2014-01-19 15:52 - 2014-01-19 15:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958644$
2014-01-19 15:52 - 2014-01-19 15:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954459$
2014-01-19 15:23 - 2014-01-19 15:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2014-01-19 15:23 - 2014-01-19 15:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2661637$
2014-01-19 15:22 - 2014-01-19 15:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975467$
2014-01-17 23:38 - 2014-01-17 23:36 - 00000000 ____D () C:\Archivos de programa\SecretSauce
2014-01-17 23:38 - 2011-01-12 21:22 - 00000000 ____D () C:\Archivos de programa\Google
2014-01-17 23:37 - 2014-01-17 23:37 - 00000000 ____D () C:\Documents and Settings\All Users\Menú Inicio\Programas\Google Earth
2014-01-17 23:37 - 2011-01-12 21:23 - 00000000 ____D () C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\Google
2014-01-17 23:37 - 2011-01-12 21:22 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\Google
2014-01-17 23:36 - 2014-01-17 23:36 - 00000000 ____D () C:\Documents and Settings\All Users\Menú Inicio\Programas\SmartDraw 2013
2014-01-17 23:36 - 2014-01-17 23:36 - 00000000 ____D () C:\Documents and Settings\All Users\Menú Inicio\Programas\Advanced SystemCare 7
2014-01-17 23:36 - 2014-01-17 23:36 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\House Of Soft
2014-01-17 23:36 - 2014-01-17 23:36 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-01-17 23:36 - 2014-01-17 18:18 - 00000000 ____D () C:\Documents and Settings\Ignacio\Datos de programa\SmartDraw
2014-01-17 23:36 - 2013-12-03 22:14 - 00000000 ____D () C:\Documents and Settings\Ignacio\Datos de programa\IObit
2014-01-17 23:36 - 2012-06-08 23:48 - 00000000 ____D () C:\Archivos de programa\Mozilla Firefox
2014-01-17 23:36 - 2011-12-09 22:31 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\InstallMate
2014-01-17 23:36 - 2011-01-01 18:42 - 00000000 ____D () C:\Archivos de programa\Archivos comunes
2014-01-17 23:35 - 2014-01-11 12:36 - 00000000 ____D () C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\SecondLife
2014-01-17 23:35 - 2013-12-21 12:24 - 00000000 ____D () C:\Archivos de programa\Microsoft Reader
2014-01-17 23:35 - 2013-12-16 17:58 - 00000000 ____D () C:\Documents and Settings\Ignacio\Datos de programa\NCH Software
2014-01-17 23:35 - 2013-12-16 17:49 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\NCH Software
2014-01-17 23:35 - 2013-12-16 17:49 - 00000000 ____D () C:\Archivos de programa\NCH Software
2014-01-17 23:33 - 2013-12-12 21:42 - 00000000 ____D () C:\Archivos de programa\Hero Editor
2014-01-17 23:29 - 2014-01-17 23:29 - 00000000 ____D () C:\Documents and Settings\NetworkService\Datos de programa\AVAST Software
2014-01-17 23:29 - 2011-01-02 01:54 - 00000000 ____D () C:\Documents and Settings\NetworkService\Datos de programa
2014-01-17 23:10 - 2012-07-11 22:46 - 00000000 ____D () C:\Documents and Settings\Ignacio\Mis documentos\orion
2014-01-17 22:13 - 2014-01-17 22:13 - 00001964 _____ () C:\Documents and Settings\All Users\Escritorio\Google Earth.lnk
2014-01-17 18:19 - 2014-01-17 18:19 - 00000736 _____ () C:\Documents and Settings\Ignacio\Menú Inicio\Programas\SmartDraw 2013.lnk
2014-01-17 18:19 - 2014-01-17 18:19 - 00000730 _____ () C:\Documents and Settings\Ignacio\Escritorio\SmartDraw 2013.lnk
2014-01-17 18:19 - 2014-01-17 18:19 - 00000000 ____D () C:\Documents and Settings\Ignacio\System
2014-01-17 18:19 - 2014-01-17 18:19 - 00000000 ____D () C:\Documents and Settings\Ignacio\Mis documentos\SmartDraw
2014-01-17 18:18 - 2014-01-17 18:18 - 00000700 _____ () C:\Documents and Settings\All Users\Escritorio\SmartDraw 2013.lnk
2014-01-17 18:13 - 2014-01-17 18:13 - 00000000 ____D () C:\Archivos de programa\Khurram Softwares
2014-01-17 18:11 - 2011-01-02 01:56 - 00000000 ___HD () C:\Documents and Settings\Ignacio\Plantillas
2014-01-17 18:10 - 2014-01-02 12:15 - 00000322 _____ () C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
2014-01-17 18:10 - 2013-12-16 17:49 - 00000314 _____ () C:\WINDOWS\Tasks\TempoPerfectSevenDays.job
2014-01-17 18:10 - 2012-05-20 21:19 - 00000000 ____D () C:\Documents and Settings\All Users\Datos de programa\IObit
2014-01-17 14:44 - 2012-06-04 03:25 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-01-17 14:15 - 2014-01-17 14:15 - 00000000 ____D () C:\Archivos de programa\Intelore
2014-01-17 13:43 - 2014-01-17 13:42 - 00019587 _____ () C:\Documents and Settings\Ignacio\Mis documentos\smartdraw 2013 by 2lets.com.torrent
2014-01-17 13:09 - 2013-02-24 11:25 - 00000000 ____D () C:\Archivos de programa\Recuva
2014-01-17 09:01 - 2014-01-17 08:33 - 00000000 ____D () C:\Documents and Settings\Ignacio\Mis documentos\sedatu
2014-01-17 08:31 - 2014-01-17 08:31 - 16023573 _____ () C:\Documents and Settings\Ignacio\Mis documentos\fwdreglasdeoperacion2014fonhapo.zip
2014-01-15 23:24 - 2014-01-15 23:24 - 00012019 _____ () C:\Documents and Settings\Ignacio\Mis documentos\SEDATU.xlsx
2014-01-13 14:56 - 2013-12-07 22:32 - 00000000 ____D () C:\Documents and Settings\Ignacio\Mis documentos\comite politico PAS
2014-01-11 12:38 - 2014-01-11 12:36 - 00000000 ____D () C:\Documents and Settings\Ignacio\Datos de programa\SecondLife
2014-01-10 23:48 - 2014-01-10 23:38 - 00012444 _____ () C:\Documents and Settings\Ignacio\Mis documentos\cuentas Zapo-tamazula.xlsx
2014-01-08 14:59 - 2014-01-08 14:56 - 19836599 _____ () C:\Documents and Settings\Ignacio\Mis documentos\ECEG.zip
2014-01-07 12:22 - 2014-01-07 12:22 - 00000057 _____ () C:\Documents and Settings\Ignacio\Mis documentos\pelon-cobaej.txt
2014-01-06 16:20 - 2014-01-22 13:38 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
Files to move or delete:
====================
C:\Documents and Settings\Ignacio\PC Booster 7 Full License.exe
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Ignacio\Configuración local\Temp\ntdll_dump.dll
C:\Documents and Settings\Ignacio\Configuración local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe
[2008-04-14 06:00] - [2008-04-14 06:00] - 1036288 ____A (Microsoft Corporation) 7522f548a84abad8fa516de5ab3931ef 
 
C:\WINDOWS\system32\winlogon.exe
[2008-04-14 06:00] - [2008-04-14 06:00] - 0510976 ____A (Microsoft Corporation) 213c80d912880bbf04453d09ffccb28c 
 
C:\WINDOWS\system32\svchost.exe
[2008-04-14 06:00] - [2008-04-14 06:00] - 0014336 ____A (Microsoft Corporation) 4f2340f0bd5b6365c38e74dd391919a8 
 
C:\WINDOWS\system32\services.exe
[2008-04-14 06:00] - [2009-02-09 05:23] - 0111104 ____A (Microsoft Corporation) 953df7327510df0de048b8e80e504ef9 
 
C:\WINDOWS\system32\User32.dll
[2008-04-14 06:00] - [2008-04-14 06:00] - 0579584 ____A (Microsoft Corporation) da8898129e0075c7de4dee457514a73c 
 
C:\WINDOWS\system32\userinit.exe
[2008-04-14 06:00] - [2008-04-14 06:00] - 0026624 ____A (Microsoft Corporation) f5b8745b9a90eaf17e30c0574e049aa3 
 
C:\WINDOWS\system32\rpcss.dll
[2008-04-14 06:00] - [2009-02-09 04:52] - 0401408 ____A (Microsoft Corporation) 97869c55f562b777987100ea30ad8108 
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-14 06:00] - [2008-04-14 06:00] - 0053248 ____A (Microsoft Corporation) c41ffdc191e6c832e2e53c967eae0a16 
 
 
==================== End Of Log ============================
 
Not quite sure of results till I tried the pc tomorrow, I got night shift so Im leaving now!
 
Tanks ill post asap again

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:48 AM

Posted 05 February 2014 - 09:57 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} -  No File
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://mx.search.yahoo.com/?type=198484&fr=spigot-yhp-ch"
CHR Extension: (SecretSauce) - C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\dbpebffoameokfhnaaedmefjncfboino [2014-01-17]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Archivos de programa\Archivos comunes\Spigot\GC\saebay_1.1.crx [2012-10-03]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Archivos de programa\Archivos comunes\Spigot\GC\ErrorAssistant_1.3.crx [2012-10-03]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\Slick Savings\coupons.crx [2011-06-17]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Archivos de programa\Archivos comunes\Spigot\GC\saamazon_1.0.crx [2014-01-17]
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-30] (SteelWerX)
C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\dbpebffoameokfhnaaedmefjncfboino
C:\Archivos de programa\Archivos comunes\Spigot
C:\Documents and Settings\Ignacio\Configuración local\Datos de programa\Slick Savings

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.

Are you getting some Audio messages?
Please let me know what problem persists.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:48 AM

Posted 11 February 2014 - 09:54 AM

Are you still with me?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:48 AM

Posted 17 February 2014 - 10:54 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users