Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06.10.2018 Ran by Usuario (administrator) on USUARIO-D0E7A81 (09-10-2018 17:10:10) Running from C:\Documents and Settings\Usuario\Escritorio Loaded Profiles: Usuario (Available Profiles: Usuario & UpdatusUser & Administrador) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Español (alfabetización internacional) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Archivos de programa\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare) Winlogon\Notify\cscdll: cscdll.dll [X] HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-602162358-1965331169-1801674531-1003\...\Run: [Adobe Reader Synchronizer] => C:\Archivos de programa\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [916968 2014-05-08] (Adobe Systems Incorporated) HKU\S-1-5-21-602162358-1965331169-1801674531-1003\...\Run: [vidnotifier.exe] => C:\Archivos de programa\Archivos comunes\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe [1478118 2017-10-31] (Digital Wave Ltd) HKU\S-1-5-21-602162358-1965331169-1801674531-1003\...\Run: [CCleaner Smart Cleaning] => C:\Archivos de programa\CCleaner\CCleaner.exe [13797712 2018-09-17] (Piriform Ltd) HKU\S-1-5-21-602162358-1965331169-1801674531-1003\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{c46a5d3b-091f-434a-81a4-35e8d6d1edad} <==== ATTENTION (Restriction - IP) Tcpip\Parameters: [DhcpNameServer] 190.55.60.129 200.115.192.30 200.115.192.29 Tcpip\..\Interfaces\{2167E621-DF10-492D-B5D5-F8692BC00A11}: [DhcpNameServer] 190.55.60.129 200.115.192.30 200.115.192.29 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131377803174218750&GUID=56E508AE-A47F-4CE2-A0EC-F561D05E2C7F HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKU\S-1-5-21-602162358-1965331169-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131377803174687500&GUID=56E508AE-A47F-4CE2-A0EC-F561D05E2C7F HKU\S-1-5-21-602162358-1965331169-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKLM -> Default = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll [2013-09-25] (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\a8h8pb1h.default-1459042374656 [2018-10-09] FF Extension: (Adblock Plus) - C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\a8h8pb1h.default-1459042374656\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-09-29] FF Extension: (Application Update Service Helper) - C:\Archivos de programa\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi [2018-09-01] [Legacy] [not signed] FF Extension: (Multi-process staged rollout) - C:\Archivos de programa\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi [2018-09-01] [Legacy] [not signed] FF Extension: (Pocket) - C:\Archivos de programa\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi [2018-09-01] [Legacy] [not signed] FF Extension: (Web Compat) - C:\Archivos de programa\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi [2018-09-01] [Legacy] [not signed] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2018-01-17] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-10-06] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2012-02-21] (Adobe Systems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Archivos de programa\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Archivos de programa\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Archivos de programa\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Archivos de programa\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Archivos de programa\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin: Adobe Reader -> C:\Archivos de programa\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 2 CHR StartupUrls: Profile 2 -> "hxxps://www.google.com.ar/" CHR DefaultSearchKeyword: Profile 2 -> google.com.ar CHR Profile: C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\User Data\Guest Profile [2017-05-30] CHR Profile: C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\User Data\Profile 2 [2018-10-09] CHR Extension: (Adblock Plus) - C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-18] CHR Extension: (PDF Mergy - Merge PDF files) - C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\User Data\Profile 2\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2017-10-11] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02] CHR HKLM\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [fdbpcigaolookbahgdofnimidinicfid] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [fmfbimmedenofcbldjnlhpjfllopglfc] - C:\Archivos de programa\HomeTab\chrome\HomeTab.crx CHR HKLM\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-602162358-1965331169-1801674531-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oliejojcmefdabncddmilelehnlpjfcf] - C:\Documents and Settings\Usuario\Configuración local\Datos de programa\ruyiso\ruyisoapp\extension\RYSNativeMsg.crx [2015-10-21] StartMenuInternet: chrome.exe - Chrome.exe Opera: ======= OPR Extension: (No Name) - C:\Documents and Settings\Usuario\Datos de programa\Opera Software\Opera Stable\Extensions\nklfajnmfbchcceflgddnkignfheooic [2015-11-05] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe [250868 2012-05-24] (Adobe Systems) [File not signed] S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-10-06] (Adobe Systems Incorporated) [File not signed] S2 DigitalWave.Update.Service; C:\Archivos de programa\Archivos comunes\DVDVideoSoft\lib\app_updater.exe [618982 2017-10-31] (Digital Wave Ltd.) S4 ForceWare Intelligent Application Manager (IAM); C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-07-23] () S2 gupdate; C:\Archivos de programa\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.) S3 gupdatem; C:\Archivos de programa\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.) S2 HuaweiHiSuiteService.exe; C:\Archivos de programa\HiSuite\HandSetService\HuaweiHiSuiteService.exe [155848 2017-07-26] () S3 MozillaMaintenance; C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe [174032 2018-09-01] (Mozilla Foundation) S4 nSvcIp; C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-07-23] () S3 nvUpdatusService; C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1259296 2013-01-31] (NVIDIA Corporation) S3 odserv; C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE [618972 2011-07-20] (Microsoft Corporation) S3 ose; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation) S4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [66872 2013-04-20] () S4 SkypeUpdate; C:\Archivos de programa\Skype\Updater\Updater.exe [327808 2016-03-23] (Skype Technologies) R2 TermService; C:\WINDOWS\System32\termsrv.dll [296960 2017-05-22] (Microsoft Corporation) [File not signed] S3 WMPNetworkSvc; C:\Archivos de programa\Windows Media Player\WMPNetwk.exe [916480 2009-02-04] (Microsoft Corporation) S2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2015-04-13] (Microsoft Corporation) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2014-04-25] (Creative) S1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R0 B6974C1C; C:\WINDOWS\System32\drivers\B6974C1C.sys [153784 2018-02-20] (Kaspersky Lab ZAO) S3 dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [223128 2013-03-13] (DT Soft Ltd.) [File not signed] S3 eapihdrv; C:\WINDOWS\TEMP\ehdrv.sys [135760 2018-10-09] (ESET) S1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [25744 2018-05-10] (Glarysoft Ltd) S3 HTCAND32; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [25088 2013-10-07] (HTC, Corporation) [File not signed] S1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2017-04-27] (REALiX(tm)) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2014-04-25] (Creative Technology Ltd.) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2013-10-08] (NVIDIA Corporation) R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2013-10-08] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2013-10-08] (NVIDIA Corporation) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2013-03-09] (Duplex Secure Ltd.) S3 WinRing0_1_2_0; C:\Archivos de programa\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org) R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [10144 2003-05-14] (Logitech Inc.) S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [21216 2003-05-14] (Logitech Inc.) S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [5728 2003-05-14] (Logitech Inc.) R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [44288 2003-05-14] (Logitech Inc.) S3 catchme; \??\C:\WINDOWS\TEMP\catchme.sys [X] U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2017-07-26] (Huawei Technologies Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: mshdp -> no filepath. ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-09 17:10 - 2018-10-09 17:11 - 000015478 _____ C:\Documents and Settings\Usuario\Escritorio\FRST.txt 2018-10-09 14:24 - 2018-10-09 14:24 - 000006992 _____ C:\WINDOWS\SchedLgU.Txt 2018-10-09 14:04 - 2018-10-09 17:09 - 000287948 _____ C:\WINDOWS\ntbtlog.txt 2018-10-09 09:10 - 2018-10-09 09:10 - 000000000 ____D C:\Documents and Settings\All Users\Datos de programa\MB3CoreBackup 2018-10-09 08:44 - 2018-09-30 04:16 - 000350178 _____ C:\Documents and Settings\Usuario\Escritorio\KoresH_.exe 2018-10-09 01:23 - 2018-10-09 17:10 - 000000000 ____D C:\FRST 2018-10-07 05:39 - 2018-10-07 05:39 - 000000020 ___SH C:\Documents and Settings\TEMP.USUARIO-D0E7A81\ntuser.ini 2018-10-07 05:39 - 2018-10-07 05:39 - 000000000 ____D C:\Documents and Settings\TEMP.USUARIO-D0E7A81 2018-10-07 05:39 - 2018-04-11 06:21 - 000000000 __SHD C:\Documents and Settings\TEMP.USUARIO-D0E7A81\IETldCache 2018-10-07 05:39 - 2018-04-11 06:21 - 000000000 ___HD C:\Documents and Settings\TEMP.USUARIO-D0E7A81\Plantillas 2018-10-07 05:39 - 2013-09-08 14:15 - 000000000 __RHD C:\Documents and Settings\TEMP.USUARIO-D0E7A81\Datos de programa 2018-10-07 05:39 - 2013-09-08 14:15 - 000000000 ____D C:\Documents and Settings\TEMP.USUARIO-D0E7A81\Datos de programa\Macromedia 2018-10-07 05:39 - 2012-04-04 18:44 - 000000000 ___RD C:\Documents and Settings\TEMP.USUARIO-D0E7A81\Menú Inicio\Programas 2018-10-07 05:39 - 2012-04-04 16:12 - 000001599 _____ C:\Documents and Settings\TEMP.USUARIO-D0E7A81\Menú Inicio\Programas\Asistencia remota.lnk 2018-10-07 05:39 - 2012-04-04 16:12 - 000000000 ___RD C:\Documents and Settings\TEMP.USUARIO-D0E7A81\Menú Inicio\Programas\Accesorios 2018-10-07 05:39 - 2012-04-04 12:03 - 000000000 __RHD C:\Documents and Settings\TEMP.USUARIO-D0E7A81\Configuración local 2018-10-07 05:39 - 2012-04-04 12:03 - 000000000 ___RD C:\Documents and Settings\TEMP.USUARIO-D0E7A81\Menú Inicio\Programas\Inicio 2018-10-07 05:39 - 2012-04-04 12:03 - 000000000 ___RD C:\Documents and Settings\TEMP.USUARIO-D0E7A81\Menú Inicio 2018-10-07 05:39 - 2012-04-04 12:03 - 000000000 ___HD C:\Documents and Settings\TEMP.USUARIO-D0E7A81\Reciente 2018-10-07 05:39 - 2012-04-04 12:03 - 000000000 ___HD C:\Documents and Settings\TEMP.USUARIO-D0E7A81\Impresoras 2018-10-07 05:39 - 2012-04-04 12:03 - 000000000 ___HD C:\Documents and Settings\TEMP.USUARIO-D0E7A81\Entorno de red 2018-10-07 05:39 - 2012-04-04 12:03 - 000000000 ____D C:\Documents and Settings\TEMP.USUARIO-D0E7A81\Mis documentos 2018-10-07 05:39 - 2012-04-04 12:03 - 000000000 ____D C:\Documents and Settings\TEMP.USUARIO-D0E7A81\Favoritos 2018-10-07 05:39 - 2012-04-04 12:03 - 000000000 ____D C:\Documents and Settings\TEMP.USUARIO-D0E7A81\Escritorio 2018-10-05 05:29 - 2018-10-09 14:03 - 000001874 _____ C:\Documents and Settings\All Users\Escritorio\Google Chrome.lnk 2018-10-05 05:10 - 2018-10-09 09:52 - 000000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes 2018-10-05 00:22 - 2018-10-05 00:22 - 000008090 _____ C:\JPABA-DECRYPT.txt 2018-10-04 22:13 - 2018-10-04 22:13 - 001826021 _____ C:\Documents and Settings\Usuario\Mis documentos\pensmiento jorge.xcf 2018-10-04 21:07 - 2018-10-04 21:07 - 000000000 ____D C:\Documents and Settings\Usuario\LOCAL_APPDATA_FONTCONFIG_CACHE 2018-09-29 17:43 - 2018-09-29 17:43 - 000008090 _____ C:\Archivos de programa\JPABA-DECRYPT.txt 2018-09-29 17:07 - 2018-09-29 17:08 - 000291211 _____ C:\WINDOWS\system32\ntdll.rar 2018-09-29 16:44 - 2018-09-29 16:45 - 002991248 _____ (Alexander Roshal) C:\Documents and Settings\Usuario\Escritorio\wrar560es.exe 2018-09-29 12:02 - 2018-09-29 12:03 - 000010529 _____ C:\Documents and Settings\Usuario\Escritorio\sandrasep18.xlsx 2018-09-29 11:58 - 2018-09-30 20:27 - 000012035 _____ C:\Documents and Settings\Usuario\Escritorio\sandra.xlsx 2018-09-22 23:20 - 2018-09-22 23:20 - 001114528 _____ (Tesline-service ) C:\Documents and Settings\Usuario\Mis documentos\kidlogger_pro.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-09 17:10 - 2012-04-04 16:17 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio 2018-10-09 17:09 - 2016-02-12 22:22 - 000000000 ___SD C:\Documents and Settings\Usuario\Escritorio\ANTIVIRUS VARIOS 2018-10-09 17:08 - 2017-04-27 18:36 - 001774592 _____ (Farbar) C:\Documents and Settings\Usuario\Escritorio\FRST.exe 2018-10-09 17:01 - 2012-04-04 16:17 - 000000000 ___SD C:\Documents and Settings\Usuario\Mis documentos 2018-10-09 17:00 - 2012-04-04 12:03 - 000000000 ____D C:\Documents and Settings\All Users\Escritorio 2018-10-09 16:59 - 2008-04-14 07:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl 2018-10-09 16:53 - 2018-04-30 09:07 - 000000344 ____H C:\WINDOWS\Tasks\CCleaner Update.job 2018-10-09 16:53 - 2018-04-15 20:07 - 000000578 _____ C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job 2018-10-09 16:53 - 2018-03-18 00:20 - 000000338 _____ C:\WINDOWS\Tasks\GlaryInitialize 5.job 2018-10-09 16:53 - 2016-05-10 21:19 - 000001034 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1ab1ac4507884.job 2018-10-09 16:53 - 2014-12-01 10:43 - 000001034 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2018-10-09 16:53 - 2012-04-04 16:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-10-09 14:57 - 2018-06-15 17:59 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\TORSO MUJER 2018-10-09 14:55 - 2012-06-10 13:05 - 000001324 _____ C:\WINDOWS\system32\d3d9caps.dat 2018-10-09 14:50 - 2018-03-16 17:01 - 000000000 ____D C:\AdwCleaner 2018-10-09 14:36 - 2018-03-02 21:01 - 000000000 ____D C:\Documents and Settings\All Users\Kaspersky Lab Setup Files 2018-10-09 14:23 - 2012-04-04 16:17 - 000000192 ___SH C:\Documents and Settings\Usuario\ntuser.ini 2018-10-09 14:03 - 2016-01-29 16:47 - 000001880 _____ C:\Documents and Settings\All Users\Menú Inicio\Programas\Google Chrome.lnk 2018-10-09 14:03 - 2012-04-04 12:03 - 000000000 ___RD C:\Archivos de programa 2018-10-09 14:02 - 2012-04-11 17:27 - 000000000 ____D C:\Documents and Settings\Usuario\Mis documentos\Descargas 2018-10-09 13:37 - 2012-04-04 19:23 - 000000838 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2018-10-09 13:15 - 2017-11-15 15:03 - 000001038 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2018-10-09 09:52 - 2012-04-04 12:03 - 000000000 __RHD C:\Documents and Settings\All Users\Datos de programa 2018-10-09 09:50 - 2013-05-29 21:41 - 000000000 ____D C:\Documents and Settings\Usuario\Datos de programa\GlarySoft 2018-10-09 09:48 - 2012-04-04 12:03 - 000000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas 2018-10-09 09:29 - 2018-04-30 09:07 - 000000000 ____D C:\Archivos de programa\CCleaner 2018-10-09 08:55 - 2012-04-04 20:31 - 000000000 ____D C:\Archivos de programa\Microsoft Games 2018-10-09 08:47 - 2017-11-26 09:03 - 000000000 ____D C:\Archivos de programa\Malwarebytes 2018-10-09 08:47 - 2017-11-02 16:51 - 000000000 ____D C:\Archivos de programa\HiSuite 2018-10-09 08:47 - 2015-11-05 23:56 - 000000000 ____D C:\Archivos de programa\Malwarebytes Anti-Malware 2018-10-09 08:47 - 2015-10-14 09:07 - 000000000 ____D C:\Archivos de programa\kingsoft 2018-10-09 08:47 - 2013-09-08 14:15 - 000000000 ____D C:\Archivos de programa\HTC 2018-10-09 08:47 - 2012-04-05 20:03 - 000000000 ____D C:\Archivos de programa\Logitech 2018-10-09 08:47 - 2012-04-05 07:55 - 000000000 ____D C:\Archivos de programa\IVAO 2018-10-09 08:47 - 2012-04-04 22:43 - 000000000 ____D C:\Archivos de programa\IObit 2018-10-09 08:47 - 2012-04-04 19:32 - 000000000 ____D C:\Archivos de programa\K-Lite Codec Pack 2018-10-09 08:47 - 2012-04-04 16:32 - 000000000 ___HD C:\Archivos de programa\InstallShield Installation Information 2018-10-09 08:47 - 2012-04-04 16:13 - 000000000 ____D C:\Archivos de programa\microsoft frontpage 2018-10-09 08:46 - 2017-09-18 11:43 - 000000000 ____D C:\Archivos de programa\Freemake 2018-10-09 08:46 - 2017-06-09 09:16 - 000000000 ____D C:\Archivos de programa\GIMP 2 2018-10-09 08:46 - 2017-04-25 13:49 - 000000000 ____D C:\Archivos de programa\GridinSoft Anti-Malware 2018-10-09 08:46 - 2016-08-03 18:12 - 000000000 ____D C:\Archivos de programa\EOD 2018-10-09 08:46 - 2015-12-10 10:47 - 000000000 ____D C:\Archivos de programa\FlashIntegro 2018-10-09 08:46 - 2015-09-17 09:27 - 000000000 ____D C:\Archivos de programa\Hard Disk Sentinel 2018-10-09 08:46 - 2015-06-14 19:35 - 000000000 ____D C:\Archivos de programa\FreeCodecPack 2018-10-09 08:46 - 2013-05-29 20:03 - 000000000 ____D C:\Archivos de programa\Glary Utilities 2018-10-09 08:46 - 2013-05-01 11:47 - 000000000 ____D C:\Archivos de programa\DVDVideoSoft 2018-10-09 08:46 - 2013-04-27 17:33 - 000000000 ____D C:\Archivos de programa\Free Audio Pack 2018-10-09 08:46 - 2012-11-21 09:27 - 000000000 ____D C:\Archivos de programa\GIF Movie Gear 2018-10-09 08:46 - 2012-10-09 08:44 - 000000000 ____D C:\Archivos de programa\FreeTime 2018-10-09 08:46 - 2012-09-17 13:05 - 000000000 ____D C:\Archivos de programa\FS Real Time 2018-10-09 08:46 - 2012-09-10 10:53 - 000000000 ____D C:\Archivos de programa\E.M. PowerPoint Video Converter 2018-10-09 08:46 - 2012-08-26 14:00 - 000000000 ____D C:\Archivos de programa\eMule 2018-10-09 08:46 - 2012-05-24 08:29 - 000000000 ____D C:\Archivos de programa\Google 2018-10-09 08:46 - 2012-04-10 10:52 - 000000000 ____D C:\Archivos de programa\FS Panel Studio 2018-10-09 08:45 - 2018-02-21 10:52 - 000000000 ____D C:\!KillBox 2018-10-09 08:45 - 2018-02-20 11:10 - 000000000 ____D C:\Archivos de programa\Bitdefender Agent 2018-10-09 08:45 - 2017-11-01 19:23 - 000000000 ____D C:\Archivos de programa\Advanced GIF Animator 2018-10-09 08:45 - 2017-05-20 15:07 - 000000000 __SHD C:\$36OSection 2018-10-09 08:45 - 2016-09-30 17:48 - 000000000 ____D C:\Archivos de programa\Apowersoft 2018-10-09 08:45 - 2016-03-12 08:47 - 000000000 ____D C:\Archivos de programa\Aerolineas 2018-10-09 08:45 - 2015-11-05 08:25 - 000000000 ____D C:\Archivos de programa\7k7kWeb 2018-10-09 08:45 - 2015-10-26 23:17 - 000000000 ____D C:\$360Section 2018-10-09 08:45 - 2015-10-26 22:57 - 000000000 ____D C:\Archivos de programa\360 2018-10-09 08:45 - 2015-10-14 09:34 - 000000000 ____D C:\Archivos de programa\1fa9c25b-e925-493d-9342-6163de75fc11 2018-10-09 08:45 - 2015-04-10 12:22 - 000000000 ____D C:\Archivos de programa\DLLSuite 2018-10-09 08:45 - 2013-11-12 11:03 - 000000000 ____D C:\Archivos de programa\Argente Utilities 2018-10-09 08:45 - 2013-03-13 20:17 - 000000000 ____D C:\Archivos de programa\DAEMON Tools 2018-10-09 08:45 - 2013-03-09 18:26 - 000000000 ____D C:\Archivos de programa\Alcohol Soft 2018-10-09 08:45 - 2012-08-25 17:37 - 000000000 ____D C:\Archivos de programa\Aerosoft 2018-10-09 08:45 - 2012-08-15 14:18 - 000000000 ____D C:\Archivos de programa\DsNET Corp 2018-10-09 08:45 - 2012-04-10 14:36 - 000000000 ____D C:\Archivos de programa\Abacus 2018-10-09 08:45 - 2012-04-04 19:19 - 000000000 ____D C:\Archivos de programa\Adobe 2018-10-09 08:45 - 2012-04-04 16:09 - 000000000 ____D C:\Archivos de programa\ComPlus Applications 2018-10-09 08:36 - 2014-06-04 16:55 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\CoSAS CASAS 2018-10-09 01:56 - 2012-04-04 12:03 - 000000000 ___RD C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio 2018-10-09 01:10 - 2012-04-04 16:17 - 000000000 ____D C:\Documents and Settings\Usuario 2018-10-08 04:06 - 2012-06-27 12:11 - 000000000 ____D C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy 2018-10-07 05:39 - 2012-04-04 12:02 - 000000000 ____D C:\Documents and Settings 2018-10-06 23:25 - 2018-08-29 15:32 - 000000918 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2018-10-06 23:25 - 2012-04-04 16:10 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-10-06 23:10 - 2018-03-19 07:37 - 000000910 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job 2018-10-06 20:59 - 2012-04-04 19:23 - 000842240 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2018-10-06 20:59 - 2012-04-04 19:23 - 000175104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2018-10-05 01:23 - 2018-04-16 08:59 - 000371712 ___SH C:\Documents and Settings\Usuario\Mis documentos\Thumbs.db 2018-10-04 22:14 - 2012-05-24 01:08 - 000000000 ____D C:\Documents and Settings\Usuario\.gimp-2.8 2018-10-04 21:39 - 2012-05-24 01:07 - 000000771 _____ C:\Documents and Settings\All Users\Menú Inicio\Programas\GIMP 2.lnk 2018-10-04 20:25 - 2012-04-04 16:17 - 000000000 ___HD C:\Documents and Settings\Usuario\Plantillas 2018-10-02 23:19 - 2012-04-04 16:17 - 000000000 ____D C:\Documents and Settings\Usuario\Datos de programa 2018-10-01 08:13 - 2017-06-14 20:23 - 000000000 ____D C:\Documents and Settings\Usuario\Mis documentos\Victor 2016 2018-09-29 20:06 - 2012-04-04 19:18 - 000000000 ____D C:\Archivos de programa\WinRAR 2018-09-29 17:43 - 2018-04-24 14:24 - 000003438 _____ C:\app_updater.log.jpaba 2018-09-29 16:46 - 2012-04-04 23:11 - 000000000 ____D C:\Documents and Settings\Usuario\Datos de programa\WinRAR 2018-09-29 16:45 - 2012-04-04 19:18 - 000000000 ____D C:\Documents and Settings\Usuario\Menú Inicio\Programas\WinRAR 2018-09-29 16:45 - 2012-04-04 19:18 - 000000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\WinRAR 2018-09-29 15:06 - 2012-04-04 19:34 - 000001912 _____ C:\WINDOWS\epplauncher.mif 2018-09-28 21:07 - 2013-06-02 18:09 - 000000000 ____D C:\Documents and Settings\Usuario\Datos de programa\vlc 2018-09-28 10:03 - 2018-04-26 17:31 - 000131584 ___SH C:\Documents and Settings\Usuario\Escritorio\Thumbs.db ==================== Files in the root of some directories ======= 2014-05-01 21:09 - 2014-07-08 11:46 - 005603475 _____ (video2brain ) C:\Documents and Settings\DVD_PhotoShop\start.exe 2015-02-04 13:21 - 2003-08-23 14:32 - 020655326 _____ (aeroSOFT GmbH) C:\Documents and Settings\FS2004 Aerosoft Gibraltar Scenery\Gibraltar 2004 FS2004.exe 2015-05-21 10:38 - 2015-05-21 14:00 - 012942956 _____ () C:\Documents and Settings\ifly\iFly737-VC-Texture.exe 2015-05-22 12:30 - 2015-05-22 12:54 - 382752078 _____ () C:\Documents and Settings\IFly 737 SP2 + crack\iFly737-FS2004.exe 2015-05-22 12:34 - 2015-05-22 12:53 - 012942956 _____ () C:\Documents and Settings\IFly 737 SP2 + crack\iFly737-VC-Texture.exe 2013-11-23 08:49 - 2013-11-23 09:03 - 058945422 _____ (Macrovision Corporation) C:\Documents and Settings\PMDG Simulations - 747-400 Queen of the Skies v1.12\1_PMDG747_400_v1.1.exe 2013-11-23 08:49 - 2013-11-23 09:03 - 075884268 _____ (Macrovision Corporation) C:\Documents and Settings\PMDG Simulations - 747-400 Queen of the Skies v1.12\2_PMDG747_400F.exe 2013-11-23 08:49 - 2013-11-23 09:03 - 042870039 _____ (Macrovision Corporation) C:\Documents and Settings\PMDG Simulations - 747-400 Queen of the Skies v1.12\3_PMDG747_Sound_Update_FS9.exe 2013-11-23 08:49 - 2013-11-23 09:03 - 024634113 _____ (Macrovision Corporation) C:\Documents and Settings\PMDG Simulations - 747-400 Queen of the Skies v1.12\4_PMDG747_400_V1R12_FSXFS9_Unifier.exe 2015-11-05 09:01 - 2015-11-05 09:31 - 010619688 _____ (VS Revo Group ) C:\Documents and Settings\Revo Uninstaller Pro 3.0.8\RevoUninProSetup v3.0.8.exe 2015-05-28 15:49 - 2015-05-28 15:57 - 071135311 _____ () C:\Documents and Settings\[cese]_PMDG_737_Basepack\PMDG_737_600_700.EXE 2015-05-28 15:49 - 2015-05-28 15:57 - 047114881 _____ () C:\Documents and Settings\[cese]_PMDG_737_Basepack\PMDG_737_800_900.EXE 2018-09-29 17:43 - 2018-09-29 17:43 - 000008090 _____ () C:\Archivos de programa\JPABA-DECRYPT.txt 2013-01-19 04:44 - 2013-01-19 04:44 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Archivos de programa\Archivos comunes\atimpenc.dll 2014-06-19 09:37 - 2014-06-19 09:37 - 000000024 _____ () C:\Documents and Settings\Usuario\Datos de programa\temp.ini 2017-12-06 22:20 - 2017-12-07 13:59 - 000142582 _____ () C:\Documents and Settings\Usuario\Datos de programa\VideoPad.dmp 2017-05-23 00:07 - 2017-05-23 00:07 - 000000532 _____ () C:\Documents and Settings\Usuario\Configuración local\Datos de programa\datos.txt 2018-04-11 06:25 - 2017-05-23 00:07 - 000000544 _____ () C:\Documents and Settings\Usuario\Configuración local\Datos de programa\datos.txt.locked.backup 2012-04-04 22:17 - 2018-08-04 17:05 - 000200704 ____C () C:\Documents and Settings\Usuario\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-02-20 11:58 - 2018-04-08 11:33 - 000000036 _____ () C:\Documents and Settings\Usuario\Configuración local\Datos de programa\housecall.guid.cache 2018-10-04 22:13 - 2018-10-04 22:13 - 000008334 _____ () C:\Documents and Settings\Usuario\Configuración local\Datos de programa\recently-used.xbel 2017-05-23 00:09 - 2017-05-23 00:09 - 000043972 _____ () C:\Documents and Settings\Usuario\Configuración local\Datos de programa\save_en.bmp 2018-04-11 06:27 - 2017-05-23 00:09 - 000043984 _____ () C:\Documents and Settings\Usuario\Configuración local\Datos de programa\save_en.bmp.locked.backup 2017-05-23 00:09 - 2017-05-23 00:09 - 000043972 _____ () C:\Documents and Settings\Usuario\Configuración local\Datos de programa\save_es.bmp 2018-04-11 06:27 - 2017-05-23 00:09 - 000043984 _____ () C:\Documents and Settings\Usuario\Configuración local\Datos de programa\save_es.bmp.locked.backup 2018-02-20 10:48 - 2018-02-20 10:52 - 000000189 _____ () C:\Documents and Settings\All Users\Datos de programa\1519134503.1324.bin 2018-02-20 10:48 - 2018-02-20 10:52 - 000001998 _____ () C:\Documents and Settings\All Users\Datos de programa\1519134503.3580.bin 2018-02-20 10:48 - 2018-02-20 10:48 - 000038662 _____ () C:\Documents and Settings\All Users\Datos de programa\1519134503.3904.bin 2018-02-20 11:10 - 2018-02-20 11:10 - 000014105 _____ () C:\Documents and Settings\All Users\Datos de programa\agent.1519135826.bdinstall.bin 2018-02-20 11:16 - 2018-02-20 11:16 - 000013018 _____ () C:\Documents and Settings\All Users\Datos de programa\agent.1519136195.bdinstall.bin 2018-02-20 11:56 - 2018-02-20 11:56 - 000013018 _____ () C:\Documents and Settings\All Users\Datos de programa\agent.1519138602.bdinstall.bin 2017-05-23 00:01 - 2017-05-23 00:01 - 000000004 _____ () C:\Documents and Settings\All Users\Datos de programa\inf.dat 2018-04-11 06:20 - 2017-05-23 00:01 - 000000016 _____ () C:\Documents and Settings\All Users\Datos de programa\inf.dat.locked.backup ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe [2008-04-14 07:00] - [2017-05-22 22:24] - 000510976 _____ (Microsoft Corporation) 9DD731D8498E529579877F694BD0F88A C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================