Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

avast! and Malwarebytes pop-ups that say "potentially maliciou

Started by byayoi , May 07 2012 05:12 PM

  • This topic is locked This topic is locked

#1
byayoi
Posted 07 May 2012 - 05:12 PM

byayoi

    Member

  • Member
  • PipPip
  • 21 posts
Hello.
First of all, English is not my first language, so I apologise in advance for my weird way of writing.
I'll try to describe the symptoms that my computer is displaying in detail, I just hope it doesn't end up as a boring litany. I think I should warn you that this will be a horrifying tale of foolishness, recklessness, poor eye-hand coordination, very bad luck and misplaced trust, but here I go.

My computer has Windows XP professional in Spanish with Service Pack 2. I'm a regular uTorrent user and my poor computer it's always on, 24/7, downloading and seeding torrents.
About a month ago, I downloaded and installed avast! Free Antivirus into my computer. Everything was fine until about 2 weeks ago, when avast started popping up a message, telling me that "avast network shield has blocked an URL site" and that it has successfully stopped DVDsomething.dll (I don't recall the exact file name) from connecting to a website that started with "http://vip.coralplay...full_full.jpg". Those first few times, I was so shocked that it never occurred to me to pin down the message on the screen and read everything slowly. I didn't even knew I could do that until just 5 minutes ago.
I checked where DVDsomething.dll was, and it was part of a program named "DVD Region Free" that I have been using for a very long time. So, I ran a "Quick scan" with avast, and it found nothing. Then I ran a "full system scan", and it didn't find anything. Then I ran a "Select folder to scan" in the DVD Region Free directory, and again it didn't find anything.
After all this, I started to get a little desperate, and I uninstalled DVD Region Free. But that .dll file refused to be uninstalled.
So I tried selecting it and tapping the "delete" key... nothing. A Windows pop-up stated that some other program is using that file, and I can't delete it (figures!). Now more angry than desperate, I tried renaming the file... Windows let me. Then I tried to delete it again... nothing. The next thing I tried was cut-pasting the file into the desktop. Windows let me. Then I dragged the file to the Recycler Bin. And to my amazement, it did drag! So, I though 'That's it!' (Oh! Poor deluded girl!), and not knowing if the real culprit was DVD Region Free or not, I immediately went and downloaded "AnyDVD" from a site I trusted.
I installed AnyDVD with no problems, and then rebooted the computer as I was asked by the AnyDVD installation program. All seemed OK, until I double-clicked uTorrent to start it... and then an avast pop-up message prided itself in having successfully stopped uTorrent.exe from connecting to what looked exactly as the same URL that DVDsomething.dll was trying to reach!
This is the exact message (at least the latest one, they change every time):

Malicious URL BLOCKED
avast! Network Shield has blocked a harmful site.
Object: http://vip.coralplay...pac=1&no_peer=1
Infection: URL:Mal
Process: C:\Archivos de programa\uTorrent\uTorrent.exe


I was horrified! And I panicked.
I downloaded Malwarebytes and ran it. It had encountered 8 viruses and was still checking the system when my computer went out. Did I mentioned that Mexico City is plagued by blackouts, and that my ups went dead last week? By the time I could reboot the computer and run Malwarebytes again, it didn't find anything wrong in the system. But avast's pop-ups kept appearing, and worst: Malwarebytes started to deliver pop-ups of it's own.
This is the text of one of them:


Malwarebytes Anti-Malware
Successfully blocked access to a potentially malicious website:
222.64.10.120
Type: outgoing


The URL changes in every pop-up and the type it's either outgoing or incoming.

No matter how many times I ran either avast or Malwarebytes, non of them found anything.
At about the same time that I installed Malwarebytes, a friend from school gave me TuneUp utilities with a crack included. I installed it and started to erase any file that looked suspicious, but the pop-ups kept coming.
Then, a few days later searching the internet for a way to get rid of whatever is eating my computer alive, I found an entry in a forum that recommended the use of RogueKiller.exe. I downloaded it and ran it. And it found a lot of registry keys that strangely pointed at "C:\Archivos de programa\TuneUp Utilities 2012\TUAutoReactivator32.exe" This was the crack for TuneUp utilities, I think. I asked Rogue Killer to delete the entries, rebooted the computer... and here comes the pop-ups again! I ran RogueKiller another 6 or 7 times, all with different and interesting results, but the pop-ups wont go away.
So, in my last search of the internet for help against the evil and elusive malicious website connecter, I found your forum. And here I am, humbly begging for your help. Would you help me, please?


I've ran OTL.exe, and this is OTL.txt:

OTL logfile created on: 07/05/2012 02:50:30 p.m. - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Casita\Escritorio
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 63.02% Memory free
4.85 Gb Paging File | 3.90 Gb Available in Paging File | 80.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 127.99 Gb Total Space | 44.24 Gb Free Space | 34.57% Space Free | Partition Type: NTFS
Drive E: | 104.90 Gb Total Space | 20.55 Gb Free Space | 19.59% Space Free | Partition Type: NTFS
Drive F: | 12.16 Gb Total Space | 8.62 Gb Free Space | 70.86% Space Free | Partition Type: NTFS
Drive G: | 279.46 Gb Total Space | 6.68 Gb Free Space | 2.39% Space Free | Partition Type: NTFS
Drive H: | 97.66 Gb Total Space | 16.59 Gb Free Space | 16.99% Space Free | Partition Type: NTFS
Drive I: | 123.06 Gb Total Space | 33.01 Gb Free Space | 26.83% Space Free | Partition Type: NTFS

Computer Name: NEGRITA | User Name: Casita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Casita\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Casita\Escritorio\RogueKiller.exe ()
PRC - C:\Archivos de programa\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Archivos de programa\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Archivos de programa\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\Archivos de programa\AVAST Software\Avast\defs\12050700\algo.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
MOD - C:\Archivos de programa\Mozilla Firefox\mozjs.dll ()


========== Win32 Services (SafeList) ==========

SRV - (McMPFSvc) -- C:\Archivos de programa\Archivos comunes\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Archivos de programa\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (InCDRm) -- system32\drivers\InCDRm.sys File not found
DRV - (InCDPass) -- system32\drivers\InCDPass.sys File not found
DRV - (InCDFs) -- system32\drivers\InCDFs.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (TrueSight) -- C:\WINDOWS\system32\drivers\TrueSight.sys ()
DRV - (khvergak) -- C:\WINDOWS\system32\drivers\qonyak.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (aswFW) -- C:\WINDOWS\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswNdis2) -- C:\WINDOWS\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
DRV - (ScFBPNT2) -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Tokyo Toshokan"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.8
FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.01.110527
FF - prefs.js..extensions.enabledItems: [email protected]:2.01.110527
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.7.1
FF - prefs.js..extensions.enabledItems: {db131c55-60c8-4adc-84dc-9e76ab06e2dc}:3.8.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.2.23.17022012
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.1
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.1.0.30
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..extensions.enabledItems: {558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB}:3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.7
FF - prefs.js..keyword.URL: "http://mx.search.yah...8&fr=megaup&p="
FF - prefs.js..keyword.enabled: false


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Archivos de programa\AVAST Software\Avast\WebRep\FF [2012/04/10 11:09:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2012/04/19 19:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2012/04/19 19:59:49 | 000,000,000 | ---D | M]

[2012/04/02 07:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Extensions
[2012/04/14 15:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions
[2012/04/02 07:14:52 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/04/02 07:15:00 | 000,000,000 | ---D | M] (MAFIAAFIRE: Gee! No evil!) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:15:00 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:15:00 | 000,000,000 | ---D | M] (Diccionario español Mexico) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:14:58 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:14:58 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:14:57 | 000,000,000 | ---D | M] (Rikaichan Japanese Names Dictionary File) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:14:53 | 000,000,000 | ---D | M] (MAFIAAFire: ThePirateBay Dancing!) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:14:53 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/14 15:16:42 | 000,000,000 | ---D | M] (BlackFox V2-Blue) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2010/05/01 16:32:51 | 000,000,679 | ---- | M] () -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\searchplugins\tokyo-toshokan.xml
[2008/10/05 15:20:22 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\searchplugins\wwwjdic.xml
[2012/04/11 22:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2012/04/11 22:24:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/03 05:56:19 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Archivos de programa\Mozilla Firefox\extensions\[email protected]
[2011/02/14 21:44:38 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Archivos de programa\Mozilla Firefox\extensions\[email protected]_bak
[2012/03/07 16:19:52 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Archivos de programa\Mozilla Firefox\extensions\[email protected]_bak2
[2012/04/11 22:24:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARCHIVOS DE PROGRAMA\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/03/09 14:57:50 | 000,014,961 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\CASITA\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\PB6LMCSS.DEFAULT\EXTENSIONS\[email protected]
[2012/02/16 09:55:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2012/04/11 22:24:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/02 08:58:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Archivos de programa\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/02/16 06:08:43 | 000,001,538 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/16 05:48:01 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:08:43 | 000,000,947 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/16 06:08:43 | 000,001,180 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/16 06:08:43 | 000,001,135 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/05/07 03:50:34 | 000,000,784 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast] C:\Archivos de programa\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Software Update] C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Archivos de programa\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AnyDVD] C:\Archivos de programa\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89217D2B-BAF0-4C3E-8291-AA70B0D640AA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Archivos de programa\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TuneUp Software\TuneUp Utilities 2012\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TuneUp Software\TuneUp Utilities 2012\WinStyler\tu_logonui.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Casita\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Casita\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/04 21:47:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/07 14:15:39 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Casita\Escritorio\OTL.exe
[2012/05/07 03:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\RK_Quarantine
[2012/05/06 12:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\NortonInstaller
[2012/05/05 23:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\utmp
[2012/05/05 03:53:49 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2012/05/05 03:40:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Icons
[2012/05/05 02:53:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/05 01:25:06 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2012/05/05 01:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\TuneUp Utilities 2012
[2012/05/05 01:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\TuneUp Software
[2012/05/05 01:24:41 | 000,000,000 | ---D | C] -- C:\Archivos de programa\TuneUp Utilities 2012
[2012/05/05 01:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TuneUp Software
[2012/05/05 01:22:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/05/05 01:22:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Common Files
[2012/05/04 12:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\uTorrent
[2012/05/03 23:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\Alien Skin
[2012/04/30 21:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\Musica Angela
[2012/04/29 04:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\Malwarebytes
[2012/04/29 04:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2012/04/29 04:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes
[2012/04/29 04:57:54 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/29 04:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Mis documentos\AnyDVDHD
[2012/04/29 04:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\SlySoft
[2012/04/29 04:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\SlySoft
[2012/04/29 04:39:24 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SlySoft
[2012/04/29 03:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\FLEXnet
[2012/04/29 03:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\Adobe
[2012/04/29 03:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\Zachtronics Industries
[2012/04/29 03:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Adobe
[2012/04/26 23:42:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2012/04/26 23:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Zachtronics Industries
[2012/04/24 03:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\Shetland Island Quartet
[2012/04/22 23:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\AVS4YOU
[2012/04/22 23:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Menú Inicio\Programas\AVS4YOU
[2012/04/22 22:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\AVS4YOU
[2012/04/22 22:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\AVS4YOU
[2012/04/22 22:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\AVS video conv
[2012/04/20 00:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Mis documentos\BotaniculaSaves
[2012/04/19 20:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\GOG.com
[2012/04/19 20:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\Apple Computer
[2012/04/19 19:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\QuickTime
[2012/04/19 19:49:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Apple
[2012/04/19 19:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Apple Computer
[2012/04/19 19:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\Apple
[2012/04/19 19:48:55 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Apple Software Update
[2012/04/19 19:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Apple
[2012/04/19 19:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\Apple Computer
[2012/04/19 17:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Menú Inicio\Programas\Feng Shui Numerology Free 3.16
[2012/04/18 19:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\avast! Free Antivirus
[2012/04/12 01:09:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\DOSBox
[2012/04/12 01:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\the lost vikings
[2012/04/12 01:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\DOSBox-0.73
[2012/04/12 01:08:10 | 000,000,000 | ---D | C] -- C:\Archivos de programa\DOSBox-0.73
[2012/04/12 00:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\Rovio
[2012/04/11 22:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Sun
[2012/04/11 22:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\Sun
[2012/04/10 11:19:07 | 000,112,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/04/10 11:19:03 | 000,196,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/04/10 11:19:03 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/04/10 11:09:59 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/04/10 11:09:59 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/04/10 11:09:58 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/04/10 11:09:58 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/04/10 11:09:58 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/04/10 11:09:58 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/04/10 11:09:58 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/04/10 11:09:58 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/04/10 11:09:43 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/04/10 11:09:43 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/04/10 11:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\AVAST Software
[2012/04/10 11:09:31 | 000,000,000 | ---D | C] -- C:\Archivos de programa\AVAST Software
[9 C:\*.tmp files -> C:\*.tmp -> ]
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/07 14:25:00 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/07 14:15:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Casita\Escritorio\OTL.exe
[2012/05/07 13:51:47 | 000,014,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/05/07 13:51:12 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\qonyak.sys
[2012/05/07 11:58:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2012/05/07 04:05:34 | 000,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\.zreglib
[2012/05/07 04:05:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/07 04:05:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/07 03:41:59 | 001,413,120 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\RogueKiller.exe
[2012/05/07 03:05:54 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/07 00:51:13 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/05 23:39:56 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\u.ini
[2012/05/05 03:24:12 | 000,000,413 | RHS- | M] () -- C:\boot.ini
[2012/05/05 01:59:13 | 001,562,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/05 01:25:04 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp 1-Click Maintenance.lnk
[2012/05/05 01:25:04 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp Utilities 2012.lnk
[2012/05/04 21:55:30 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\µTorrent.lnk
[2012/05/03 22:01:46 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\The Font Thing.lnk
[2012/04/29 04:57:56 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/04/29 04:39:32 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\AnyDVD.lnk
[2012/04/26 23:41:22 | 000,494,786 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2012/04/26 23:41:22 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/26 23:41:22 | 000,085,472 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2012/04/26 23:41:22 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/26 23:38:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/26 23:00:04 | 000,000,474 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\SpaceChem.lnk
[2012/04/22 22:59:36 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\AVS Video Converter.lnk
[2012/04/20 00:10:54 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Botanicula.lnk
[2012/04/19 17:36:30 | 000,000,552 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\Feng Shui Numerology 3.16.lnk
[2012/04/18 19:27:54 | 000,001,752 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\avast! Free Antivirus.lnk
[2012/04/15 00:06:54 | 001,435,240 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\Ultra Surf 1201.exe
[2012/04/13 02:30:31 | 000,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI
[2012/04/12 01:08:11 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\DOSBox 0.73.lnk
[2012/04/10 11:19:03 | 000,002,957 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/09 03:12:13 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\Trine.lnk
[9 C:\*.tmp files -> C:\*.tmp -> ]
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/07 13:51:47 | 000,014,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/05/07 13:51:12 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\qonyak.sys
[2012/05/07 03:42:26 | 001,413,120 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\RogueKiller.exe
[2012/05/05 23:38:34 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\u.ini
[2012/05/05 01:25:04 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp 1-Click Maintenance.lnk
[2012/05/05 01:25:04 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp Utilities 2012.lnk
[2012/05/05 01:25:03 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\TuneUp Utilities 2012.lnk
[2012/05/03 22:01:46 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\The Font Thing.lnk
[2012/05/01 02:38:16 | 001,435,240 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\Ultra Surf 1201.exe
[2012/04/29 04:57:56 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/04/29 04:45:13 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\.zreglib
[2012/04/29 04:39:32 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\AnyDVD.lnk
[2012/04/29 03:26:46 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Adobe Photoshop CS3.lnk
[2012/04/29 03:22:21 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Adobe Stock Photos CS3.lnk
[2012/04/29 03:20:50 | 000,001,149 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Adobe ExtendScript Toolkit 2.lnk
[2012/04/29 03:20:20 | 000,000,960 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Adobe Device Central CS3.lnk
[2012/04/29 03:16:02 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Adobe Bridge CS3.lnk
[2012/04/26 23:00:04 | 000,000,474 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\SpaceChem.lnk
[2012/04/22 22:59:36 | 000,000,939 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\AVS Video Converter.lnk
[2012/04/20 00:10:54 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Botanicula.lnk
[2012/04/19 17:36:30 | 000,000,552 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\Feng Shui Numerology 3.16.lnk
[2012/04/18 19:27:54 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\avast! Free Antivirus.lnk
[2012/04/12 01:08:11 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\DOSBox 0.73.lnk
[2012/04/09 03:12:13 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\Trine.lnk
[2012/04/02 10:02:59 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2012/04/02 09:22:33 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/04/02 08:40:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/02 08:40:03 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/02 08:30:55 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2012/04/02 08:10:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2012/04/02 07:56:11 | 000,019,824 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2012/04/02 07:56:11 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2012/04/02 07:55:56 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2012/04/02 07:55:50 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2012/04/02 07:30:17 | 000,000,211 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2012/04/02 07:25:55 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012/04/02 07:25:52 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/04/02 07:25:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/04/02 07:16:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/04/02 07:11:45 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/04/02 06:55:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/02 06:55:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/02 06:55:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/02 06:55:22 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/04/01 23:52:05 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/04/01 23:50:46 | 001,562,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/04/10 11:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\AVAST Software
[2012/05/05 01:22:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Common Files
[2012/04/29 04:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\SlySoft
[2012/05/05 01:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TuneUp Software
[2012/05/05 01:22:18 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/05/03 23:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\Alien Skin
[2012/04/24 03:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\calibre
[2012/04/02 08:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\COWON
[2012/04/12 00:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\Rovio
[2012/05/05 03:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\TuneUp Software
[2012/05/07 14:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\uTorrent

========== Purity Check ==========



< End of report >

And that's it. I hope I didn't bore you to dead.

Thank you.
  • 0

Advertisements

#2
Essexboy
Posted 08 May 2012 - 12:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi Avast does not like that site as it has been known to distribute malware and the programme that it supposedly provides does not do the job (vip.coralplayer.com)


kubecj : Virus analyst Avast forum

CoralPlayer is scam application and we block its connections/installation.

http://www.theseoinf...coral-scam/621/


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - (khvergak) -- C:\WINDOWS\system32\drivers\qonyak.sys ()
    [2012/05/07 13:51:12 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\qonyak.sys

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
byayoi
Posted 08 May 2012 - 09:23 PM

byayoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi!
I just did what you told me to.
This is the new OTL log:



All processes killed
========== OTL ==========
Error: No service named khvergak was found to stop!
Service\Driver key khvergak not found.
File C:\WINDOWS\system32\drivers\qonyak.sys not found.
File C:\WINDOWS\System32\drivers\qonyak.sys not found.
========== FILES ==========
< ipconfig /flushdns /c >
Configuración IP de Windows
Se vació con éxito la caché de resolución de DNS.
C:\Documents and Settings\Casita\Escritorio\cmd.bat deleted successfully.
C:\Documents and Settings\Casita\Escritorio\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin.NEGRITA
->Temp folder emptied: 10184245253 bytes
->Temporary Internet Files folder emptied: 2609192 bytes
->Java cache emptied: 54293816 bytes
->FireFox cache emptied: 97438590 bytes
->Flash cache emptied: 1632131 bytes

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: ADMIN~1~NEG

User: All Users

User: All Users.WINDOWS

User: Aqui
->Temp folder emptied: 160276780 bytes
->Temporary Internet Files folder emptied: 1636618 bytes
->FireFox cache emptied: 86281402 bytes
->Flash cache emptied: 14416 bytes

User: Casita
->Temp folder emptied: 9067055 bytes
->Temporary Internet Files folder emptied: 453653 bytes
->Java cache emptied: 2879434 bytes
->FireFox cache emptied: 412111618 bytes
->Flash cache emptied: 19942 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 367305 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY.001
->Temp folder emptied: 66062 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService.NT AUTHORITY.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser.NEGRITA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33758 bytes

%systemdrive% .tmp files removed: 1928602610 bytes
%systemroot% .tmp files removed: 2114656 bytes
%systemroot%\System32 .tmp files removed: 2909 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65536 bytes
RecycleBin emptied: 5391859884 bytes

Total Files Cleaned = 17,487.00 mb

Unable to start System Restore Service. Error code 1056

OTL by OldTimer - Version 3.2.42.3 log created on 05082012_213329

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...







aswMBR has one more option, AV Scan. I left it in "quick scan" and then clicked the scan button.
And this is the aswMBR log:



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-08 21:48:12
-----------------------------
21:48:12.531 OS Version: Windows 5.1.2600 Service Pack 2
21:48:12.531 Number of processors: 2 586 0x2302
21:48:12.531 ComputerName: NEGRITA UserName: Casita
21:48:13.406 Initialize success
21:48:13.500 AVAST engine defs: 12050801
21:49:12.078 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000067
21:49:12.078 Disk 0 Vendor: ST3300631A 3.04 Size: 286168MB BusType: 3
21:49:12.093 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000069
21:49:12.093 Disk 1 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
21:49:12.093 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\0000006a
21:49:12.093 Disk 2 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
21:49:12.093 Disk 2 MBR read successfully
21:49:12.093 Disk 2 MBR scan
21:49:12.109 Disk 2 Windows XP default MBR code
21:49:12.109 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131059 MB offset 63
21:49:12.109 Disk 2 Partition - 00 0F Extended LBA 107412 MB offset 268410240
21:49:12.125 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 107412 MB offset 268410303
21:49:12.140 Disk 2 scanning sectors +488391120
21:49:12.187 Disk 2 scanning C:\WINDOWS\system32\drivers
21:49:19.953 Service scanning
21:49:30.484 Modules scanning
21:49:34.734 Disk 2 trace - called modules:
21:49:34.750 TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys
21:49:34.750 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x8a130ab8]
21:49:34.765 3 CLASSPNP.SYS[f765805b] -> nt!IofCallDriver -> \Device\0000006c[0x8a145d80]
21:49:34.765 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\0000006a[0x8a17f030]
21:49:35.234 AVAST engine scan C:\WINDOWS
21:49:38.515 AVAST engine scan C:\WINDOWS\system32
21:51:57.000 AVAST engine scan C:\WINDOWS\system32\drivers
21:52:05.406 AVAST engine scan C:\Documents and Settings\Casita
21:57:33.781 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
21:57:53.312 Scan finished successfully
21:58:42.781 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\Casita\Escritorio\MBR.dat"
21:58:42.781 The log file has been saved successfully to "C:\Documents and Settings\Casita\Escritorio\aswMBR 1.txt"



So, how bad is it, doctor?
  • 0

#4
Essexboy
Posted 09 May 2012 - 11:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would like a fresh OTL scan please to confirm that the file I suspected has gone.. Can you confirm that you are still getting the alerts

OTL will only produce one log this time


  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window.
  • Post this log

  • 0

#5
byayoi
Posted 10 May 2012 - 02:25 AM

byayoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello again.
The pop-ups are still appearing, although after the last reboot I've notice that they don't start appearing until after uTorrent is running, and that they take a little while to disappear after uTorrent is turned off.
Also, I forgot to turn off Malwarebytes before running OTL. I don't know if that may affect the scan so I ran it again with Malwarebytes off.
Here is the first OTL.txt, with Malwarebytes on:

Spoiler





And here is the log without Malwarebytes:

OTL logfile created on: 10/05/2012 02:30:44 a.m. - Run 3
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Casita\Escritorio
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 84.55% Memory free
4.85 Gb Paging File | 4.54 Gb Available in Paging File | 93.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 127.99 Gb Total Space | 55.64 Gb Free Space | 43.47% Space Free | Partition Type: NTFS
Drive E: | 104.90 Gb Total Space | 20.55 Gb Free Space | 19.59% Space Free | Partition Type: NTFS
Drive F: | 12.16 Gb Total Space | 8.62 Gb Free Space | 70.86% Space Free | Partition Type: NTFS
Drive G: | 279.46 Gb Total Space | 3.59 Gb Free Space | 1.29% Space Free | Partition Type: NTFS
Drive H: | 97.66 Gb Total Space | 20.42 Gb Free Space | 20.91% Space Free | Partition Type: NTFS
Drive I: | 123.06 Gb Total Space | 33.01 Gb Free Space | 26.83% Space Free | Partition Type: NTFS

Computer Name: NEGRITA | User Name: Casita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Casita\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Archivos de programa\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Archivos de programa\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\Archivos de programa\AVAST Software\Avast\defs\12050901\algo.dll ()


========== Win32 Services (SafeList) ==========

SRV - (McMPFSvc) -- C:\Archivos de programa\Archivos comunes\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Archivos de programa\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (InCDRm) -- system32\drivers\InCDRm.sys File not found
DRV - (InCDPass) -- system32\drivers\InCDPass.sys File not found
DRV - (InCDFs) -- system32\drivers\InCDFs.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (aswFW) -- C:\WINDOWS\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswNdis2) -- C:\WINDOWS\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
DRV - (ScFBPNT2) -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-602162358-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Tokyo Toshokan"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.8
FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.01.110527
FF - prefs.js..extensions.enabledItems: [email protected]:2.01.110527
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.7.1
FF - prefs.js..extensions.enabledItems: {db131c55-60c8-4adc-84dc-9e76ab06e2dc}:3.8.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.2.23.17022012
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.1
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.1.0.30
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..extensions.enabledItems: {558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB}:3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.7
FF - prefs.js..keyword.URL: "http://mx.search.yah...8&fr=megaup&p="
FF - prefs.js..keyword.enabled: false


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Archivos de programa\AVAST Software\Avast\WebRep\FF [2012/04/10 11:09:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2012/04/19 19:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2012/04/19 19:59:49 | 000,000,000 | ---D | M]

[2012/04/02 07:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Extensions
[2012/04/14 15:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions
[2012/04/02 07:14:52 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/04/02 07:15:00 | 000,000,000 | ---D | M] (MAFIAAFIRE: Gee! No evil!) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:15:00 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:15:00 | 000,000,000 | ---D | M] (Diccionario español Mexico) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:14:58 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:14:58 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:14:57 | 000,000,000 | ---D | M] (Rikaichan Japanese Names Dictionary File) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:14:53 | 000,000,000 | ---D | M] (MAFIAAFire: ThePirateBay Dancing!) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:14:53 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/14 15:16:42 | 000,000,000 | ---D | M] (BlackFox V2-Blue) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2010/05/01 16:32:51 | 000,000,679 | ---- | M] () -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\searchplugins\tokyo-toshokan.xml
[2008/10/05 15:20:22 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\searchplugins\wwwjdic.xml
[2012/04/11 22:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2012/04/11 22:24:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/03 05:56:19 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Archivos de programa\Mozilla Firefox\extensions\[email protected]
[2011/02/14 21:44:38 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Archivos de programa\Mozilla Firefox\extensions\[email protected]_bak
[2012/03/07 16:19:52 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Archivos de programa\Mozilla Firefox\extensions\[email protected]_bak2
[2012/04/11 22:24:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARCHIVOS DE PROGRAMA\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/03/09 14:57:50 | 000,014,961 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\CASITA\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\PB6LMCSS.DEFAULT\EXTENSIONS\[email protected]
[2012/02/16 09:55:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2012/04/11 22:24:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/02 08:58:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Archivos de programa\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/02/16 06:08:43 | 000,001,538 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/16 05:48:01 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:08:43 | 000,000,947 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/16 06:08:43 | 000,001,180 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/16 06:08:43 | 000,001,135 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/05/08 21:44:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast] C:\Archivos de programa\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Software Update] C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Archivos de programa\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-602162358-1563985344-839522115-1003..\Run: [AnyDVD] C:\Archivos de programa\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1563985344-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1563985344-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Archivos de programa\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TuneUp Software\TuneUp Utilities 2012\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TuneUp Software\TuneUp Utilities 2012\WinStyler\tu_logonui.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Casita\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Casita\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/04 21:47:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 21:42:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Casita\Escritorio\aswMBR.exe
[2012/05/08 21:33:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/07 14:15:39 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Casita\Escritorio\OTL.exe
[2012/05/07 03:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\RK_Quarantine
[2012/05/06 12:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\NortonInstaller
[2012/05/05 23:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\utmp
[2012/05/05 03:53:49 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2012/05/05 03:40:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Icons
[2012/05/05 02:53:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/05 01:25:06 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2012/05/05 01:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\TuneUp Utilities 2012
[2012/05/05 01:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\TuneUp Software
[2012/05/05 01:24:41 | 000,000,000 | ---D | C] -- C:\Archivos de programa\TuneUp Utilities 2012
[2012/05/05 01:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TuneUp Software
[2012/05/05 01:22:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/05/05 01:22:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Common Files
[2012/05/04 12:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\uTorrent
[2012/05/03 23:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\Alien Skin
[2012/04/30 21:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\Musica Angela
[2012/04/29 04:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\Malwarebytes
[2012/04/29 04:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2012/04/29 04:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes
[2012/04/29 04:57:54 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/29 04:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Mis documentos\AnyDVDHD
[2012/04/29 04:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\SlySoft
[2012/04/29 04:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\SlySoft
[2012/04/29 04:39:24 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SlySoft
[2012/04/29 03:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\FLEXnet
[2012/04/29 03:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\Adobe
[2012/04/29 03:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\Zachtronics Industries
[2012/04/29 03:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Adobe
[2012/04/26 23:42:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2012/04/26 23:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Zachtronics Industries
[2012/04/24 03:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\Shetland Island Quartet
[2012/04/22 23:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\AVS4YOU
[2012/04/22 23:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Menú Inicio\Programas\AVS4YOU
[2012/04/22 22:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\AVS4YOU
[2012/04/22 22:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\AVS4YOU
[2012/04/22 22:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\AVS video conv
[2012/04/20 00:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Mis documentos\BotaniculaSaves
[2012/04/19 20:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\GOG.com
[2012/04/19 20:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\Apple Computer
[2012/04/19 19:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\QuickTime
[2012/04/19 19:49:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Apple
[2012/04/19 19:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Apple Computer
[2012/04/19 19:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\Apple
[2012/04/19 19:48:55 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Apple Software Update
[2012/04/19 19:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Apple
[2012/04/19 19:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\Apple Computer
[2012/04/19 17:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Menú Inicio\Programas\Feng Shui Numerology Free 3.16
[2012/04/18 19:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\avast! Free Antivirus
[2012/04/12 01:09:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\DOSBox
[2012/04/12 01:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\the lost vikings
[2012/04/12 01:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\DOSBox-0.73
[2012/04/12 01:08:10 | 000,000,000 | ---D | C] -- C:\Archivos de programa\DOSBox-0.73
[2012/04/12 00:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\Rovio
[2012/04/11 22:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Sun
[2012/04/11 22:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\Sun
[2012/04/10 11:19:07 | 000,112,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/04/10 11:19:03 | 000,196,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/04/10 11:19:03 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/04/10 11:09:59 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/04/10 11:09:59 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/04/10 11:09:58 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/04/10 11:09:58 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/04/10 11:09:58 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/04/10 11:09:58 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/04/10 11:09:58 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/04/10 11:09:58 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/04/10 11:09:43 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/04/10 11:09:43 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/04/10 11:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\AVAST Software
[2012/04/10 11:09:31 | 000,000,000 | ---D | C] -- C:\Archivos de programa\AVAST Software

========== Files - Modified Within 30 Days ==========

[2012/05/10 02:28:32 | 000,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\.zreglib
[2012/05/10 02:28:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/10 02:28:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/10 02:25:00 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/10 00:40:01 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/09 23:58:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2012/05/08 21:58:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\MBR.dat
[2012/05/08 21:44:07 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/05/08 21:43:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Casita\Escritorio\aswMBR.exe
[2012/05/08 00:58:03 | 000,000,269 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2012/05/07 14:15:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Casita\Escritorio\OTL.exe
[2012/05/07 03:41:59 | 001,413,120 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\RogueKiller.exe
[2012/05/07 03:05:54 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/05 23:39:56 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\u.ini
[2012/05/05 03:24:12 | 000,000,413 | RHS- | M] () -- C:\boot.ini
[2012/05/05 01:59:13 | 001,562,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/05 01:25:04 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp 1-Click Maintenance.lnk
[2012/05/05 01:25:04 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp Utilities 2012.lnk
[2012/05/04 21:55:30 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\µTorrent.lnk
[2012/05/03 22:01:46 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\The Font Thing.lnk
[2012/04/29 04:57:56 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/04/29 04:39:32 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\AnyDVD.lnk
[2012/04/26 23:41:22 | 000,494,786 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2012/04/26 23:41:22 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/26 23:41:22 | 000,085,472 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2012/04/26 23:41:22 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/26 23:38:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/26 23:00:04 | 000,000,474 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\SpaceChem.lnk
[2012/04/22 22:59:36 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\AVS Video Converter.lnk
[2012/04/20 00:10:54 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Botanicula.lnk
[2012/04/19 17:36:30 | 000,000,552 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\Feng Shui Numerology 3.16.lnk
[2012/04/18 19:27:54 | 000,001,752 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\avast! Free Antivirus.lnk
[2012/04/15 00:06:54 | 001,435,240 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\Ultra Surf 1201.exe
[2012/04/13 02:30:31 | 000,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI
[2012/04/12 01:08:11 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\DOSBox 0.73.lnk
[2012/04/10 11:19:03 | 000,002,957 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2012/05/08 21:58:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\MBR.dat
[2012/05/07 03:42:26 | 001,413,120 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\RogueKiller.exe
[2012/05/05 23:38:34 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\u.ini
[2012/05/05 01:25:04 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp 1-Click Maintenance.lnk
[2012/05/05 01:25:04 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp Utilities 2012.lnk
[2012/05/05 01:25:03 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\TuneUp Utilities 2012.lnk
[2012/05/03 22:01:46 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\The Font Thing.lnk
[2012/05/01 02:38:16 | 001,435,240 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\Ultra Surf 1201.exe
[2012/04/29 04:57:56 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/04/29 04:45:13 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\.zreglib
[2012/04/29 04:39:32 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\AnyDVD.lnk
[2012/04/29 03:26:46 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Adobe Photoshop CS3.lnk
[2012/04/29 03:22:21 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Adobe Stock Photos CS3.lnk
[2012/04/29 03:20:50 | 000,001,149 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Adobe ExtendScript Toolkit 2.lnk
[2012/04/29 03:20:20 | 000,000,960 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Adobe Device Central CS3.lnk
[2012/04/29 03:16:02 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Adobe Bridge CS3.lnk
[2012/04/26 23:00:04 | 000,000,474 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\SpaceChem.lnk
[2012/04/22 22:59:36 | 000,000,939 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\AVS Video Converter.lnk
[2012/04/20 00:10:54 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Botanicula.lnk
[2012/04/19 17:36:30 | 000,000,552 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\Feng Shui Numerology 3.16.lnk
[2012/04/18 19:27:54 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\avast! Free Antivirus.lnk
[2012/04/12 01:08:11 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\DOSBox 0.73.lnk
[2012/04/02 10:02:59 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2012/04/02 09:22:33 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/04/02 08:40:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/02 08:40:03 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/02 08:30:55 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2012/04/02 08:10:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2012/04/02 07:56:11 | 000,019,824 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2012/04/02 07:56:11 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2012/04/02 07:55:56 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2012/04/02 07:55:50 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2012/04/02 07:30:17 | 000,000,269 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2012/04/02 07:25:55 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012/04/02 07:25:52 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/04/02 07:25:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/04/02 07:16:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/04/02 07:11:45 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/04/02 06:55:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/02 06:55:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/02 06:55:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/02 06:55:22 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/04/01 23:52:05 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/04/01 23:50:46 | 001,562,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2010/08/24 00:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\2monkeys
[2009/11/24 01:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Ableton
[2010/02/25 01:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Aegisub
[2011/12/13 00:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Alawar Stargaze
[2011/02/01 04:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Alien Skin
[2012/01/09 04:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Amaranth Games
[2010/08/22 22:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Anarchy
[2009/10/19 17:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Anvil Studio
[2011/03/27 18:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Artogon
[2010/12/11 23:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Aveyond 3
[2010/11/20 18:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Aveyond I
[2011/11/12 18:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Beep Industries
[2011/12/07 23:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Big Fish Games
[2009/07/02 01:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\BloodTies
[2011/12/05 21:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Blue Tea Games
[2011/11/05 02:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Boomzap
[2011/11/01 00:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\BULKYPIX
[2011/08/26 03:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\calibre
[2011/12/07 22:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\CardBoard Castle
[2011/09/06 00:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Casual Box
[2011/09/08 01:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\casualArts
[2011/07/29 00:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Colibri Games
[2011/07/20 23:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\combustion2008
[2008/09/07 13:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\COWON
[2011/03/20 18:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\DarkParablesBriarRose_BFG
[2011/03/29 00:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Dying for Daylight
[2011/03/27 20:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Dying for Daylight Shared
[2011/05/16 00:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Elephant Games
[2011/11/10 22:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Enki Games
[2011/03/29 23:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Enlightenus
[2011/03/30 19:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Enlightenus2_BFG
[2010/09/17 18:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\ERS G-Studio
[2011/10/17 21:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\ERS Game Studios
[2011/04/03 11:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\FileZilla
[2011/01/18 01:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Flood Light Games
[2011/01/20 20:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Floodlight Games
[2009/12/24 17:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\FreeFLVConverter
[2010/09/23 16:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Freeze Tag
[2011/11/01 22:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Funzai!
[2010/12/12 16:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\GameMill Entertainment
[2010/09/19 21:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Ghost Ship Studios
[2011/09/22 21:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\GO Games
[2011/04/22 23:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\HdO Adventure
[2012/01/19 06:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Hue Forest Entertainment
[2009/09/10 18:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\ImgBurn
[2009/12/06 04:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\inkscape
[2011/09/11 03:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\IOMediaSupport6SZZ001s
[2010/09/19 23:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Lazy Turtle Games
[2010/03/05 21:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Leadertech
[2011/04/28 17:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\LG Electronics
[2010/05/17 00:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\LucasArts
[2011/12/26 21:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\MagicIndie
[2011/04/27 22:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\margrave3_full
[2010/10/04 18:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\MastersOfMystery2
[2010/08/30 00:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Meridian93
[2010/08/18 19:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\MysteryStudio
[2009/02/10 18:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Nokia
[2009/12/03 23:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\OpenOffice.org
[2011/01/16 21:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Phantasmat_bf_ce1
[2011/08/18 14:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\PlayFirst
[2010/09/27 02:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Playrix Entertainment
[2012/03/07 04:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\PriceGong
[2011/08/14 22:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\ProtectDISC
[2011/03/05 22:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Relentless Software
[2011/04/19 17:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Samsung
[2010/09/19 01:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Settlement. Colossus
[2011/07/20 23:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Sony
[2011/09/11 03:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Spinapse
[2011/01/20 22:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\SpinTop Games
[2011/08/18 22:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\SulusGames
[2011/09/11 03:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Suspects and Clues Players
[2011/09/11 03:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Suspects and Clues Prefs
[2010/09/19 23:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Ten Heavens
[2010/09/27 02:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\TheFixerUpper
[2010/01/07 02:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Thinstall
[2012/03/07 19:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\uTorrent
[2010/09/16 22:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\V-Games
[2011/09/17 16:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Vast Studios
[2010/12/24 20:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Virtual Prophecy
[2011/11/06 19:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Vogat Interactive
[2012/01/05 22:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Vso
[2011/02/14 21:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Xoyb
[2010/07/05 01:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Yatec Games
[2011/02/14 23:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Ykry
[2010/09/30 18:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\YoudaGames
[2012/04/10 11:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\AVAST Software
[2012/05/05 01:22:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Common Files
[2012/04/29 04:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\SlySoft
[2012/05/05 01:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TuneUp Software
[2012/05/05 01:22:18 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/03/10 00:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aqui\Datos de programa\calibre
[2012/03/09 23:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aqui\Datos de programa\COWON
[2012/04/02 04:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aqui\Datos de programa\uTorrent
[2012/05/03 23:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\Alien Skin
[2012/04/24 03:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\calibre
[2012/04/02 08:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\COWON
[2012/04/12 00:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\Rovio
[2012/05/05 03:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\TuneUp Software
[2012/05/10 01:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\uTorrent
[2012/05/08 01:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser.NEGRITA\Datos de programa\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2004/08/19 08:42:48 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=89C8DD146CEAF482D82822766437D93F -- C:\WINDOWS\explorer.exe
[2004/08/19 08:42:48 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=89C8DD146CEAF482D82822766437D93F -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Archivos de programa\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/19 08:43:12 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=FA03E1FC17F38FBDBA81470D08B3E416 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004/08/19 08:43:12 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=FA03E1FC17F38FBDBA81470D08B3E416 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/19 08:43:14 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=7B30B4D55B4562C733A5DDF6D6F72B3F -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/19 08:43:14 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=7B30B4D55B4562C733A5DDF6D6F72B3F -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Archivos de programa\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004/08/19 08:43:16 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=FCB59D25D628B4D3181DC816D14679DD -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/19 08:43:16 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=FCB59D25D628B4D3181DC816D14679DD -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 09:55:36 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 09:55:36 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 09:55:36 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Archivos de programa\Mozilla Firefox\firefox.exe [2012/02/16 09:55:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 09:55:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 09:55:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/19 08:43:10 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/19 08:43:10 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/19 08:43:10 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Archivos de programa\Internet Explorer\iexplore.exe" [2004/08/19 17:42:49 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 09:55:36 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 09:55:36 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 09:55:36 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Archivos de programa\Mozilla Firefox\firefox.exe [2012/02/16 09:55:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 09:55:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Archivos de programa\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 09:55:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/19 08:43:10 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/19 08:43:10 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/19 08:43:10 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Archivos de programa\Internet Explorer\iexplore.exe" [2004/08/19 17:42:49 | 000,093,184 | ---- | M] (Microsoft Corporation)

< End of report >


Sorry and I'll pay more attention next time, I promise.
  • 0

#6
Essexboy
Posted 10 May 2012 - 11:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

The pop-ups are still appearing, although after the last reboot I've notice that they don't start appearing until after uTorrent is running, and that they take a little while to disappear after uTorrent is turned off.

To me this suggests that Utorrent has the infection within its files.. So I would recommend that you totally uninstal the Torrent and get a fresh copy direct from the makers site

Could you do that please and let me know if the alerts re-occur
  • 0

#7
byayoi
Posted 10 May 2012 - 07:36 PM

byayoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello, me again.
I uninstalled uTorrent, and downloaded the newest version from their page. I also re-downloaded the same version (3.0.0).
I'll spare you the details. After about 2 hours of tinkering with both versions, the Malwarebytes pop-ups are still with us, but significantly diminished, at a rate of one about every 10-25 minutes, as oppose to the 3-6 pop-ups every 2-5 minutes. The good news is that the avast pop-ups seem to have disappeared.
That is a good sign, right? And at least no other file is trying to contact vip.coralplayer.com.
So, what's the next step?
  • 0

#8
Essexboy
Posted 11 May 2012 - 11:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets do a final check on the drivers.. Could you post an extract of the MBAM log about the blocked connections - just the last two or three will do.. I am interested in the IP addresses

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#9
byayoi
Posted 11 May 2012 - 09:46 PM

byayoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi, I'm back.
I downloaded ComboFix, disabled avast, unchecked the Malwarebytes' "Start protection module with windows" check-box, re-started windows, doble-clicked ComboFix, allowed it to download and run the windows recovery console, and waited for ComboFix to generate the log file.
After that, I restarted the computer, enabled avast, enabled Malwarebytes, and waited for any pop-up to appear for 3 minutes. Then I started uTorrent and waited... about 3 minutes later, the first pop-up appeared.
These are the last 4 blocked IP addresses:

2012/05/11 22:17:57 -0500 NEGRITA Casita IP-BLOCK 83.128.31.122 (Type: outgoing)
2012/05/11 22:18:42 -0500 NEGRITA Casita IP-BLOCK 203.84.246.241 (Type: outgoing)
2012/05/11 22:24:07 -0500 NEGRITA Casita IP-BLOCK 83.128.31.122 (Type: outgoing) [this one appeared 4 times in a row]
2012/05/11 22:24:39 -0500 NEGRITA Casita IP-BLOCK 85.234.174.64 (Type: incoming)




And here's ComboFix's log.txt file:


ComboFix 12-05-11.04 - Casita 11/05/2012 21:57:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.52.3082.18.3071.2604 [GMT -5:00]
Running from: c:\documents and settings\Casita\Escritorio\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\archivos de programa\Archivos comunes\Logo.ico
c:\documents and settings\Admin.NEGRITA\WINDOWS
c:\documents and settings\Casita\WINDOWS
C:\install.exe
c:\windows\45711553CAE76261.log
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-11 00:53 . 2012-05-12 02:48 -------- d-----w- c:\documents and settings\Casita\Datos de programa\uTorrent
2012-05-09 02:33 . 2012-05-09 02:33 -------- d-----w- C:\_OTL
2012-05-08 06:26 . 2012-05-08 06:26 -------- d-----w- c:\documents and settings\UpdatusUser.NEGRITA\Datos de programa\TuneUp Software
2012-05-06 17:55 . 2012-05-06 17:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\NortonInstaller
2012-05-05 08:53 . 2012-04-05 18:08 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-05-05 08:40 . 2012-05-05 08:40 -------- d--h--w- c:\windows\Icons
2012-05-05 08:24 . 2012-05-05 08:24 2290688 ----a-w- c:\windows\system32\TUKernel.exe
2012-05-05 06:26 . 2012-05-05 06:26 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.001\Escritorio
2012-05-05 06:25 . 2012-04-05 18:08 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-05-05 06:24 . 2012-05-05 08:04 -------- d-----w- c:\documents and settings\Casita\Datos de programa\TuneUp Software
2012-05-05 06:24 . 2012-05-05 06:25 -------- d-----w- c:\archivos de programa\TuneUp Utilities 2012
2012-05-05 06:22 . 2012-05-05 06:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\TuneUp Software
2012-05-05 06:22 . 2012-05-05 06:22 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Datos de programa\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-05-05 06:22 . 2012-05-05 06:22 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Datos de programa\Common Files
2012-05-04 04:09 . 2012-05-04 04:09 -------- d-----w- c:\documents and settings\Casita\Datos de programa\Alien Skin
2012-04-29 09:58 . 2012-04-29 09:58 -------- d-----w- c:\documents and settings\Casita\Datos de programa\Malwarebytes
2012-04-29 09:57 . 2012-04-29 09:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\Malwarebytes
2012-04-29 09:57 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 09:45 . 2012-04-29 09:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\SlySoft
2012-04-29 09:39 . 2012-04-29 09:39 -------- d-----w- c:\archivos de programa\SlySoft
2012-04-29 08:29 . 2012-04-29 08:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\FLEXnet
2012-04-29 08:29 . 2012-05-04 02:50 -------- d-----w- c:\documents and settings\Casita\Configuración local\Datos de programa\Adobe
2012-04-29 08:25 . 2012-04-29 08:25 -------- d-----w- c:\documents and settings\Casita\Configuración local\Datos de programa\Zachtronics Industries
2012-04-27 04:42 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-04-27 04:42 . 2012-04-27 04:42 -------- d-----w- c:\windows\system32\es-ES
2012-04-27 04:40 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-04-27 04:40 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-04-27 04:40 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-04-27 04:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-04-27 04:40 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-04-27 04:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-04-27 04:40 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-04-27 04:40 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-04-27 04:40 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-04-23 04:03 . 2012-04-23 04:03 -------- d-----w- c:\documents and settings\Casita\Datos de programa\AVS4YOU
2012-04-23 03:59 . 2011-09-16 21:05 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-04-23 03:58 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2012-04-23 03:57 . 2012-04-23 04:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\AVS4YOU
2012-04-23 03:57 . 2011-08-22 21:33 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-04-23 03:57 . 2011-08-22 21:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-04-20 01:00 . 2012-04-20 01:00 -------- d-----w- c:\documents and settings\Casita\Datos de programa\Apple Computer
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin7.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin6.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\npqtplugin7.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\npqtplugin6.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\npqtplugin5.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\npqtplugin4.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\npqtplugin3.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\npqtplugin2.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\npqtplugin.dll
2012-04-20 00:49 . 2012-04-20 00:49 -------- d-----w- c:\archivos de programa\Archivos comunes\Apple
2012-04-20 00:49 . 2012-04-20 00:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\Apple Computer
2012-04-20 00:49 . 2012-04-20 00:49 -------- d-----w- c:\documents and settings\Casita\Configuración local\Datos de programa\Apple
2012-04-20 00:48 . 2012-04-20 00:48 -------- d-----w- c:\archivos de programa\Apple Software Update
2012-04-20 00:48 . 2012-04-20 00:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\Apple
2012-04-20 00:47 . 2012-04-20 00:47 -------- d-----w- c:\documents and settings\Casita\Configuración local\Datos de programa\Apple Computer
2012-04-12 06:09 . 2012-04-12 06:09 -------- d-----w- c:\documents and settings\Casita\Configuración local\Datos de programa\DOSBox
2012-04-12 06:08 . 2012-04-12 06:17 -------- d-----w- c:\archivos de programa\DOSBox-0.73
2012-04-12 03:24 . 2012-04-12 03:24 476904 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-12 03:24 . 2012-04-12 03:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-12 03:24 . 2012-04-12 03:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-02 02:45 . 2012-04-02 16:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-02 02:45 . 2012-04-02 16:16 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-02 12:58 . 2012-04-02 12:58 45056 ----a-r- c:\documents and settings\Casita\Datos de programa\Microsoft\Installer\{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2012-03-06 23:15 . 2012-04-10 16:09 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-04-10 16:09 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-04-10 16:19 112984 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-03-06 23:03 . 2012-04-10 16:09 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2012-04-10 16:09 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:03 . 2012-04-10 16:19 196440 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-03-06 23:02 . 2012-04-10 16:19 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-03-06 23:02 . 2012-04-10 16:09 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2012-04-10 16:09 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-04-10 16:09 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2012-04-10 16:09 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2012-04-10 16:09 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2012-04-10 16:09 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-29 23:58 . 2012-04-02 11:55 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2012-04-02 11:55 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2012-04-02 11:55 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2012-04-02 11:55 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2012-04-02 11:55 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2012-04-02 11:55 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2012-04-02 11:55 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2007-09-16 17:07 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2007-09-16 17:07 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2007-09-16 17:07 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2007-09-16 17:07 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 21:15 . 2007-09-16 17:07 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-02-29 21:15 . 2007-09-16 17:07 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-02-29 21:15 . 2007-09-16 17:07 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-02-29 21:15 . 2007-09-16 17:07 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-02-29 21:15 . 2007-09-16 17:07 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-02-29 21:15 . 2007-09-16 17:07 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-02-29 21:15 . 2007-09-16 17:07 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-02-29 21:15 . 2007-09-16 17:07 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-02-29 21:15 . 2007-09-16 17:07 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-02-29 21:15 . 2007-09-16 17:07 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-02-29 21:15 . 2007-09-16 17:07 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-02-29 21:15 . 2007-09-16 17:07 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-02-29 21:15 . 2007-09-16 17:07 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-02-29 21:15 . 2007-09-16 17:07 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-02-29 21:15 . 2007-09-16 17:07 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-02-29 21:15 . 2007-09-16 17:07 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-02-29 21:15 . 2007-09-16 17:07 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-02-29 21:15 . 2007-09-16 17:07 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-02-29 21:15 . 2007-09-16 17:07 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-02-29 21:15 . 2007-09-16 17:07 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-02-29 21:15 . 2007-09-16 17:07 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-02-29 21:15 . 2007-09-16 17:07 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-02-29 21:15 . 2007-09-16 17:07 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-02-29 21:15 . 2007-09-16 17:07 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-02-29 21:15 . 2007-09-16 17:07 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-02-29 21:15 . 2007-09-16 17:07 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-02-29 21:15 . 2007-09-16 17:07 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-02-29 21:15 . 2007-09-16 17:07 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-02-29 20:30 . 2007-09-16 17:07 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2007-09-16 17:07 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2007-09-16 17:07 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2007-09-16 17:07 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 20:30 . 2007-09-16 17:07 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-16 14:55 . 2012-04-02 12:19 134104 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\archivos de programa\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\archivos de programa\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-12-08 5529208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\archivos de programa\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"HP Software Update"="c:\archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-06 491520]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast"="c:\archivos de programa\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users.WINDOWS\Datos de programa\TuneUp Software\TuneUp Utilities 2012\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" -atboottime
"HPHUPD05"=c:\archivos de programa\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"HP Component Manager"="c:\archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
.
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [10/04/2012 11:19 a.m. 196440]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [10/04/2012 11:19 a.m. 112984]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [10/04/2012 11:19 a.m. 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/04/2012 11:09 a.m. 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/04/2012 11:09 a.m. 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/04/2012 11:09 a.m. 20696]
R2 avast! Firewall;avast! Firewall;c:\archivos de programa\AVAST Software\Avast\afwServ.exe [10/04/2012 11:19 a.m. 134920]
R2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [17/10/2010 09:24 p.m. 654408]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [23/11/2010 10:19 a.m. 66560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [09/03/2012 02:36 a.m. 2348352]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [05/04/2012 01:08 p.m. 1529152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/04/2012 04:57 a.m. 22344]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [29/03/2012 04:32 p.m. 10064]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\archivos de programa\Archivos comunes\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\archivos de programa\Archivos comunes\Mcafee\McSvcHost\McSvHost.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02/04/2012 11:16 a.m. 253088]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:45]
.
2012-05-12 c:\windows\Tasks\HP Usg Daily.job
- c:\archivos de programa\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2012-04-02 02:36]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ultrasurf.us/search.htm
uInternet Settings,ProxyOverride = local
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\
FF - prefs.js: browser.search.selectedEngine - Tokyo Toshokan
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mx.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - prefs.js: keyword.enabled - false
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-11 22:04
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500KS-00MJB0 rev.02.01C03 -> Harddisk2\DR2 -> \Device\00000069
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+11): user != kernel
.
**************************************************************************
.
Completion time: 2012-05-11 22:05:23
ComboFix-quarantined-files.txt 2012-05-12 03:05
.
Pre-Run: 59,607,998,464 bytes libres
Post-Run: 59,563,671,552 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin /usepmtimer /TUTag=DNDG8U /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /fastdetect /noexecute=optin /usepmtimer /TUTag=DNDG8U-BAK
.
- - End Of File - - E8150FDB87FB0C68C25BAE31AA15D028




Reading it now, I think I didn't do such a good job disabling avast. Sorry.
On other things, I've noticed that TuneUp Utilities shows up a lot in these logs. Should I uninstall it?
  • 0

#10
Essexboy
Posted 12 May 2012 - 05:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No, no need for that

Could you post the link where you downloaded the torrent programme from please

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\Casita\Datos de programa\Microsoft\Installer\{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

Advertisements

#11
byayoi
Posted 12 May 2012 - 11:20 PM

byayoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
So the plot thickens.
This is the URL from which I downloaded the new version of uTorrent:

http://www.utorrent....complete?os=win

But today I noticed that the pop-ups appear even if uTorrent it's not running. They take a lot of time to start so I hadn't notice before.

I made the CFScript.txt file, closed Firefox, unchecked Malwarebytes' "Start protection module with windows" check-box and restarted the computer, disabled avast and then dragged the CFScript.txt file into ComboFix. It started running and then asked me if I wanted to install the new version of ComboFix. I clicked yes. It downloaded and then announced that it was going to start scanning... And then the dreaded blue screen of windows appeared! It said that some program was about to cause a serious problem in the system, so windows stopped it, and that I had to restart the system. There where some technical bits at the end, but the system restarted by itself and I couldn't write those down.
The computer restarted all right, and after that I ran Malwarebytes (avast enabled at startup), and didn't ran uTorrent. Then I noticed that the CFScript.txt had disappeared from the desktop. Since I didn't had more time at that moment to make another CFScript.txt, drag it into ComboFix and wait for the log to appear, I just left the computer on, playing music. I was hoping the pop-ups would not appear because I hadn't started uTorrent. Obviously, they started. These are the relevant lines of the Malwarebytes protection log:

2012/05/12 14:35:36 -0500 NEGRITA Casita MESSAGE Starting protection
2012/05/12 14:35:44 -0500 NEGRITA Casita MESSAGE Protection started successfully
2012/05/12 14:35:47 -0500 NEGRITA Casita MESSAGE Starting IP protection
2012/05/12 14:35:50 -0500 NEGRITA Casita MESSAGE IP Protection started successfully
2012/05/12 14:50:56 -0500 NEGRITA Casita IP-BLOCK 222.65.37.90 (Type: incoming)

So, it took about 15 minutes for the messages to start popping-up without uTorrent.

At about 10:00 pm I started following your instructions again. I made a new CFScript.txt file, closed firefox, disabled Malwarebytes, restarted the computer, disabled avast, dragged the CFScript.txt file into ComboFix and waited... A window opened, black background and green letters, it close itself and nothing else happened. I checked C: to see if the log was there. Nothing. So once again I dragged the CFScript.txt file into ComboFix. Same result, but this time I noticed that the last 2 lines in the window said something about c:\3278something (the window closed by itself). So I checked that directory trying to find the missing log... and ended in a nested escheresque world. Within c:\32788R22FWJFW was all the content of "Mi PC" (I suppose the spanish equivalent of "My PC"). And inside was another drive C: with another 32788R22FWJFW directory with another drive C: with another 32788R22FWJFW directory... I have a nice image of it that I'd love to share with you.

Spoiler


After taking such an amazing view of my computer's spiritual innards, I noticed that the CFScript.txt file did not disappeared from the desktop this time, so I looked more closely... I had named it CFScript.txt.txt instead of CFScript.txt
I fix my unforgivable error, and then dragged the file into ComboFix. This time it ran perfectly and here's the log:




ComboFix 12-05-12.01 - Casita 12/05/2012 23:11:46.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.52.3082.18.3071.2505 [GMT -5:00]
Running from: c:\documents and settings\Casita\Escritorio\ComboFix.exe
Command switches used :: c:\documents and settings\Casita\Escritorio\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Casita\Datos de programa\Microsoft\Installer\{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))
.
.
2012-05-12 05:51 . 2012-05-12 05:51 -------- d-s---w- c:\documents and settings\Casita\UserData
2012-05-11 00:53 . 2012-05-13 03:00 -------- d-----w- c:\documents and settings\Casita\Datos de programa\uTorrent
2012-05-09 02:33 . 2012-05-09 02:33 -------- d-----w- C:\_OTL
2012-05-08 06:26 . 2012-05-08 06:26 -------- d-----w- c:\documents and settings\UpdatusUser.NEGRITA\Datos de programa\TuneUp Software
2012-05-06 17:55 . 2012-05-06 17:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\NortonInstaller
2012-05-05 08:53 . 2012-04-05 18:08 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-05-05 08:40 . 2012-05-05 08:40 -------- d--h--w- c:\windows\Icons
2012-05-05 08:24 . 2012-05-05 08:24 2290688 ----a-w- c:\windows\system32\TUKernel.exe
2012-05-05 06:26 . 2012-05-05 06:26 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.001\Escritorio
2012-05-05 06:25 . 2012-04-05 18:08 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-05-05 06:24 . 2012-05-05 08:04 -------- d-----w- c:\documents and settings\Casita\Datos de programa\TuneUp Software
2012-05-05 06:24 . 2012-05-05 06:25 -------- d-----w- c:\archivos de programa\TuneUp Utilities 2012
2012-05-05 06:22 . 2012-05-05 06:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\TuneUp Software
2012-05-05 06:22 . 2012-05-05 06:22 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Datos de programa\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-05-05 06:22 . 2012-05-05 06:22 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Datos de programa\Common Files
2012-05-04 04:09 . 2012-05-04 04:09 -------- d-----w- c:\documents and settings\Casita\Datos de programa\Alien Skin
2012-04-29 09:58 . 2012-04-29 09:58 -------- d-----w- c:\documents and settings\Casita\Datos de programa\Malwarebytes
2012-04-29 09:57 . 2012-04-29 09:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\Malwarebytes
2012-04-29 09:57 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 09:45 . 2012-04-29 09:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\SlySoft
2012-04-29 09:39 . 2012-04-29 09:39 -------- d-----w- c:\archivos de programa\SlySoft
2012-04-29 08:29 . 2012-04-29 08:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\FLEXnet
2012-04-29 08:29 . 2012-05-04 02:50 -------- d-----w- c:\documents and settings\Casita\Configuración local\Datos de programa\Adobe
2012-04-29 08:25 . 2012-04-29 08:25 -------- d-----w- c:\documents and settings\Casita\Configuración local\Datos de programa\Zachtronics Industries
2012-04-27 04:42 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-04-27 04:42 . 2012-04-27 04:42 -------- d-----w- c:\windows\system32\es-ES
2012-04-27 04:40 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-04-27 04:40 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-04-27 04:40 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-04-27 04:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-04-27 04:40 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-04-27 04:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-04-27 04:40 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-04-27 04:40 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-04-27 04:40 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-04-23 04:03 . 2012-04-23 04:03 -------- d-----w- c:\documents and settings\Casita\Datos de programa\AVS4YOU
2012-04-23 03:59 . 2011-09-16 21:05 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-04-23 03:58 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2012-04-23 03:57 . 2012-04-23 04:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\AVS4YOU
2012-04-23 03:57 . 2011-08-22 21:33 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-04-23 03:57 . 2011-08-22 21:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-04-20 01:00 . 2012-04-20 01:00 -------- d-----w- c:\documents and settings\Casita\Datos de programa\Apple Computer
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin7.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Internet Explorer\Módulos\npqtplugin6.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\npqtplugin7.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\npqtplugin6.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\npqtplugin5.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\npqtplugin4.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\npqtplugin3.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\npqtplugin2.dll
2012-04-20 00:49 . 2012-04-20 00:59 143360 ----a-w- c:\archivos de programa\Mozilla Firefox\plugins\npqtplugin.dll
2012-04-20 00:49 . 2012-04-20 00:49 -------- d-----w- c:\archivos de programa\Archivos comunes\Apple
2012-04-20 00:49 . 2012-04-20 00:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\Apple Computer
2012-04-20 00:49 . 2012-04-20 00:49 -------- d-----w- c:\documents and settings\Casita\Configuración local\Datos de programa\Apple
2012-04-20 00:48 . 2012-04-20 00:48 -------- d-----w- c:\archivos de programa\Apple Software Update
2012-04-20 00:48 . 2012-04-20 00:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\Apple
2012-04-20 00:47 . 2012-04-20 00:47 -------- d-----w- c:\documents and settings\Casita\Configuración local\Datos de programa\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-02 02:45 . 2012-04-02 16:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-02 02:45 . 2012-04-02 16:16 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-12 03:24 . 2012-04-12 03:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-12 03:24 . 2012-04-12 03:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-02 12:58 . 2012-04-02 12:58 45056 ----a-r- c:\documents and settings\Casita\Datos de programa\Microsoft\Installer\{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2012-03-06 23:15 . 2012-04-10 16:09 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-04-10 16:09 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-04-10 16:19 112984 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-03-06 23:03 . 2012-04-10 16:09 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2012-04-10 16:09 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:03 . 2012-04-10 16:19 196440 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-03-06 23:02 . 2012-04-10 16:19 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-03-06 23:02 . 2012-04-10 16:09 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2012-04-10 16:09 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-04-10 16:09 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2012-04-10 16:09 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2012-04-10 16:09 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2012-04-10 16:09 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-29 23:58 . 2012-04-02 11:55 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2012-04-02 11:55 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2012-04-02 11:55 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2012-04-02 11:55 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2012-04-02 11:55 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2012-04-02 11:55 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2012-04-02 11:55 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2007-09-16 17:07 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2007-09-16 17:07 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2007-09-16 17:07 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2007-09-16 17:07 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 21:15 . 2007-09-16 17:07 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-02-29 21:15 . 2007-09-16 17:07 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-02-29 21:15 . 2007-09-16 17:07 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-02-29 21:15 . 2007-09-16 17:07 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-02-29 21:15 . 2007-09-16 17:07 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-02-29 21:15 . 2007-09-16 17:07 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-02-29 21:15 . 2007-09-16 17:07 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-02-29 21:15 . 2007-09-16 17:07 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-02-29 21:15 . 2007-09-16 17:07 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-02-29 21:15 . 2007-09-16 17:07 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-02-29 21:15 . 2007-09-16 17:07 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-02-29 21:15 . 2007-09-16 17:07 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-02-29 21:15 . 2007-09-16 17:07 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-02-29 21:15 . 2007-09-16 17:07 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-02-29 21:15 . 2007-09-16 17:07 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-02-29 21:15 . 2007-09-16 17:07 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-02-29 21:15 . 2007-09-16 17:07 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-02-29 21:15 . 2007-09-16 17:07 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-02-29 21:15 . 2007-09-16 17:07 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-02-29 21:15 . 2007-09-16 17:07 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-02-29 21:15 . 2007-09-16 17:07 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-02-29 21:15 . 2007-09-16 17:07 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-02-29 21:15 . 2007-09-16 17:07 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-02-29 21:15 . 2007-09-16 17:07 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-02-29 21:15 . 2007-09-16 17:07 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-02-29 21:15 . 2007-09-16 17:07 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-02-29 21:15 . 2007-09-16 17:07 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-02-29 21:15 . 2007-09-16 17:07 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-02-29 20:30 . 2007-09-16 17:07 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2007-09-16 17:07 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2007-09-16 17:07 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2007-09-16 17:07 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 20:30 . 2007-09-16 17:07 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-16 14:55 . 2012-04-02 12:19 134104 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-12_03.04.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-13 04:09 . 2012-05-13 04:09 16384 c:\windows\Temp\Perflib_Perfdata_6f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\archivos de programa\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\archivos de programa\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-12-08 5529208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\archivos de programa\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"HP Software Update"="c:\archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-06 491520]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast"="c:\archivos de programa\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users.WINDOWS\Datos de programa\TuneUp Software\TuneUp Utilities 2012\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" -atboottime
"HPHUPD05"=c:\archivos de programa\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"HP Component Manager"="c:\archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
.
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [10/04/2012 11:19 a.m. 196440]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [10/04/2012 11:19 a.m. 112984]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [10/04/2012 11:19 a.m. 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/04/2012 11:09 a.m. 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/04/2012 11:09 a.m. 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/04/2012 11:09 a.m. 20696]
R2 avast! Firewall;avast! Firewall;c:\archivos de programa\AVAST Software\Avast\afwServ.exe [10/04/2012 11:19 a.m. 134920]
R2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [17/10/2010 09:24 p.m. 654408]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [23/11/2010 10:19 a.m. 66560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [09/03/2012 02:36 a.m. 2348352]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [05/04/2012 01:08 p.m. 1529152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/04/2012 04:57 a.m. 22344]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [29/03/2012 04:32 p.m. 10064]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\archivos de programa\Archivos comunes\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\archivos de programa\Archivos comunes\Mcafee\McSvcHost\McSvHost.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02/04/2012 11:16 a.m. 253088]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:45]
.
2012-05-13 c:\windows\Tasks\HP Usg Daily.job
- c:\archivos de programa\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2012-04-02 02:36]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ultrasurf.us/search.htm
uInternet Settings,ProxyOverride = local
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\
FF - prefs.js: browser.search.selectedEngine - Tokyo Toshokan
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mx.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - prefs.js: keyword.enabled - false
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-12 23:18
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500KS-00MJB0 rev.02.01C03 -> Harddisk2\DR2 -> \Device\0000006b
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+11): user != kernel
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1276)
c:\archivos de programa\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-05-12 23:19:41
ComboFix-quarantined-files.txt 2012-05-13 04:19
ComboFix2.txt 2012-05-12 03:05
.
Pre-Run: 59,613,900,800 bytes libres
Post-Run: 59,599,216,640 bytes libres
.
- - End Of File - - F85E22DFBA2ECB47AEDF1FB5BFB7A956










Then I enabled avast, opened Firefox (Returned it to it's rightful place as the default browser), downloaded tdsskiller.exe, double-clicked it, clicked "Change parameters", selected "Verify file digital signatures" and "Detect TDLFS file system", clicked "OK", clicked "Start scan". 4 suspicious files were found. I clicked "continue", and then I realize that I should have selected "cure" and then click "continue". So I clicked "Start scan" again, and checked the content of the dropdown boxes. And none of them had "Cure" as an option. So I leaved "Skip" and then clicked "continue".
And here's the report:






23:28:54.0500 0932 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
23:28:55.0500 0932 ============================================================
23:28:55.0500 0932 Current date / time: 2012/05/12 23:28:55.0500
23:28:55.0500 0932 SystemInfo:
23:28:55.0500 0932
23:28:55.0500 0932 OS Version: 5.1.2600 ServicePack: 2.0
23:28:55.0500 0932 Product type: Workstation
23:28:55.0500 0932 ComputerName: NEGRITA
23:28:55.0500 0932 UserName: Casita
23:28:55.0500 0932 Windows directory: C:\WINDOWS
23:28:55.0500 0932 System windows directory: C:\WINDOWS
23:28:55.0500 0932 Processor architecture: Intel x86
23:28:55.0500 0932 Number of processors: 2
23:28:55.0500 0932 Page size: 0x1000
23:28:55.0500 0932 Boot type: Normal boot
23:28:55.0500 0932 ============================================================
23:28:56.0250 0932 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8DF2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
23:28:56.0265 0932 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:28:56.0281 0932 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
23:28:56.0296 0932 Drive \Device\Harddisk3\DR9 - Size: 0x1BBA0000 (0.43 Gb), SectorSize: 0x200, Cylinders: 0x38, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:28:56.0296 0932 Drive \Device\Harddisk4\DR10 - Size: 0xA00000 (0.01 Gb), SectorSize: 0x200, Cylinders: 0x1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:28:56.0343 0932 ============================================================
23:28:56.0343 0932 \Device\Harddisk0\DR0:
23:28:56.0343 0932 MBR partitions:
23:28:56.0343 0932 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEC0F1
23:28:56.0343 0932 \Device\Harddisk1\DR1:
23:28:56.0343 0932 MBR partitions:
23:28:56.0343 0932 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x18544F5
23:28:56.0343 0932 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1854534, BlocksNum 0xC35318D
23:28:56.0343 0932 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xDBA76C1, BlocksNum 0xF61CEC0
23:28:56.0343 0932 \Device\Harddisk2\DR2:
23:28:56.0343 0932 MBR partitions:
23:28:56.0343 0932 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFF9D41
23:28:56.0359 0932 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0xFFF9DBF, BlocksNum 0xD1CA411
23:28:56.0359 0932 \Device\Harddisk3\DR9:
23:28:56.0359 0932 MBR partitions:
23:28:56.0359 0932 \Device\Harddisk4\DR10:
23:28:56.0359 0932 MBR partitions:
23:28:56.0359 0932 ============================================================
23:28:56.0390 0932 C: <-> \Device\Harddisk2\DR2\Partition0
23:28:56.0484 0932 H: <-> \Device\Harddisk1\DR1\Partition1
23:28:56.0515 0932 I: <-> \Device\Harddisk1\DR1\Partition2
23:28:56.0562 0932 G: <-> \Device\Harddisk0\DR0\Partition0
23:28:56.0593 0932 E: <-> \Device\Harddisk2\DR2\Partition1
23:28:56.0609 0932 F: <-> \Device\Harddisk1\DR1\Partition0
23:28:56.0609 0932 ============================================================
23:28:56.0609 0932 Initialize success
23:28:56.0625 0932 ============================================================
23:31:31.0765 0384 ============================================================
23:31:31.0765 0384 Scan started
23:31:31.0765 0384 Mode: Manual; SigCheck; TDLFS;
23:31:31.0765 0384 ============================================================
23:31:32.0140 0384 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
23:31:32.0203 0384 Aavmker4 - ok
23:31:32.0203 0384 Abiosdsk - ok
23:31:32.0218 0384 abp480n5 - ok
23:31:32.0250 0384 ACPI (33d1373ee875ce8b063777f7e77815b7) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:31:32.0406 0384 ACPI - ok
23:31:32.0421 0384 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:31:32.0515 0384 ACPIEC - ok
23:31:32.0562 0384 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:31:32.0562 0384 AdobeFlashPlayerUpdateSvc - ok
23:31:32.0578 0384 adpu160m - ok
23:31:32.0609 0384 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
23:31:32.0718 0384 aec - ok
23:31:32.0750 0384 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
23:31:32.0843 0384 AFD - ok
23:31:32.0859 0384 Aha154x - ok
23:31:32.0859 0384 aic78u2 - ok
23:31:32.0875 0384 aic78xx - ok
23:31:32.0953 0384 ALCXWDM (f5d4d3899e16e1f75398297844386226) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:31:33.0093 0384 ALCXWDM - ok
23:31:33.0156 0384 Alerter (ffd14ea04a74ce3aa34e9511c994c590) C:\WINDOWS\system32\alrsvc.dll
23:31:33.0250 0384 Alerter - ok
23:31:33.0281 0384 ALG (906d6932d533f1591caa84e846b9ba06) C:\WINDOWS\System32\alg.exe
23:31:33.0328 0384 ALG - ok
23:31:33.0343 0384 AliIde - ok
23:31:33.0375 0384 AmdK8 (83a4753b1172e0b13dfbedbb4d7dfd45) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:31:33.0390 0384 AmdK8 - ok
23:31:33.0390 0384 amsint - ok
23:31:33.0421 0384 AnyDVD (486cf73f183e7adc5575fcd47f9fb1af) C:\WINDOWS\system32\Drivers\AnyDVD.sys
23:31:33.0437 0384 AnyDVD - ok
23:31:33.0453 0384 AppMgmt (0cf68b185221e5b162ef1b0559428b40) C:\WINDOWS\System32\appmgmts.dll
23:31:33.0515 0384 AppMgmt - ok
23:31:33.0531 0384 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:31:33.0671 0384 Arp1394 - ok
23:31:33.0671 0384 asc - ok
23:31:33.0671 0384 asc3350p - ok
23:31:33.0687 0384 asc3550 - ok
23:31:33.0765 0384 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:31:33.0781 0384 aspnet_state - ok
23:31:33.0781 0384 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:31:33.0781 0384 aswFsBlk - ok
23:31:33.0828 0384 aswFW (80beddcbb4a1417cec0c78a61cac0f66) C:\WINDOWS\system32\drivers\aswFW.sys
23:31:33.0828 0384 aswFW - ok
23:31:33.0843 0384 aswKbd (81e695913fefd4e23360a69c0f151797) C:\WINDOWS\system32\drivers\aswKbd.sys
23:31:33.0843 0384 aswKbd - ok
23:31:33.0859 0384 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
23:31:33.0875 0384 aswMon2 - ok
23:31:33.0875 0384 aswNdis2 (72c8f79d72b4ff6e1627276ddf4b01c9) C:\WINDOWS\system32\drivers\aswNdis2.sys
23:31:33.0890 0384 aswNdis2 - ok
23:31:33.0906 0384 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
23:31:33.0906 0384 AswRdr - ok
23:31:33.0937 0384 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
23:31:33.0953 0384 aswSnx - ok
23:31:34.0000 0384 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
23:31:34.0015 0384 aswSP - ok
23:31:34.0015 0384 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
23:31:34.0031 0384 aswTdi - ok
23:31:34.0062 0384 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:31:34.0187 0384 AsyncMac - ok
23:31:34.0187 0384 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:31:34.0312 0384 atapi - ok
23:31:34.0328 0384 Atdisk - ok
23:31:34.0343 0384 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:31:34.0453 0384 Atmarpc - ok
23:31:34.0468 0384 AudioSrv (f72df7512d92c2abedfae488411c9fe4) C:\WINDOWS\System32\audiosrv.dll
23:31:34.0578 0384 AudioSrv - ok
23:31:34.0593 0384 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:31:34.0703 0384 audstub - ok
23:31:34.0765 0384 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe
23:31:34.0765 0384 avast! Antivirus - ok
23:31:34.0796 0384 avast! Firewall (7d465549dfb0eca6601e9609c72cd20a) C:\Archivos de programa\AVAST Software\Avast\afwServ.exe
23:31:34.0812 0384 avast! Firewall - ok
23:31:34.0843 0384 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:31:34.0953 0384 Beep - ok
23:31:34.0984 0384 BITS (02451268dc47e4dc228210da0e3c3274) C:\WINDOWS\system32\qmgr.dll
23:31:35.0125 0384 BITS - ok
23:31:35.0140 0384 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Archivos de programa\Bonjour\mDNSResponder.exe
23:31:35.0156 0384 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
23:31:35.0156 0384 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
23:31:35.0171 0384 Browser (d01cfcc753b09e70f5b7622501ff5383) C:\WINDOWS\System32\browser.dll
23:31:35.0281 0384 Browser - ok
23:31:35.0359 0384 catchme - ok
23:31:35.0375 0384 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:31:35.0484 0384 cbidf2k - ok
23:31:35.0484 0384 cd20xrnt - ok
23:31:35.0515 0384 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:31:35.0625 0384 Cdaudio - ok
23:31:35.0656 0384 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:31:35.0750 0384 Cdfs - ok
23:31:35.0765 0384 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:31:35.0875 0384 Cdrom - ok
23:31:35.0875 0384 Changer - ok
23:31:35.0906 0384 CiSvc (c2991bbef6836c9b3abce7f87b19b0e8) C:\WINDOWS\system32\cisvc.exe
23:31:36.0015 0384 CiSvc - ok
23:31:36.0031 0384 ClipSrv (7931f88db9b42b3f7b5d9978bbacb22a) C:\WINDOWS\system32\clipsrv.exe
23:31:36.0171 0384 ClipSrv - ok
23:31:36.0218 0384 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:31:36.0218 0384 clr_optimization_v2.0.50727_32 - ok
23:31:36.0234 0384 CmdIde - ok
23:31:36.0234 0384 COMSysApp - ok
23:31:36.0250 0384 Cpqarray - ok
23:31:36.0265 0384 CryptSvc (149cffbf77cc1306fc535557cf513b91) C:\WINDOWS\System32\cryptsvc.dll
23:31:36.0390 0384 CryptSvc - ok
23:31:36.0390 0384 dac2w2k - ok
23:31:36.0406 0384 dac960nt - ok
23:31:36.0421 0384 DcomLaunch (86945706ebf0460631917e967bab3cc4) C:\WINDOWS\system32\rpcss.dll
23:31:36.0546 0384 DcomLaunch - ok
23:31:36.0578 0384 Dhcp (83e48a6e01e8d9b26cfdda050b0a4758) C:\WINDOWS\System32\dhcpcsvc.dll
23:31:36.0703 0384 Dhcp - ok
23:31:36.0718 0384 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:31:36.0828 0384 Disk - ok
23:31:36.0828 0384 dmadmin - ok
23:31:36.0875 0384 dmboot (9fb634a0ed429aa64de57c53dd10ccf9) C:\WINDOWS\system32\drivers\dmboot.sys
23:31:37.0000 0384 dmboot - ok
23:31:37.0015 0384 dmio (67decfaf3b6cdb34b3fa77d965281bb5) C:\WINDOWS\system32\drivers\dmio.sys
23:31:37.0125 0384 dmio - ok
23:31:37.0125 0384 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:31:37.0250 0384 dmload - ok
23:31:37.0250 0384 dmserver (9108afa79d60ebfb2d6af87b9515ba1a) C:\WINDOWS\System32\dmserver.dll
23:31:37.0359 0384 dmserver - ok
23:31:37.0375 0384 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:31:37.0484 0384 DMusic - ok
23:31:37.0500 0384 Dnscache (8739d42144e3687f5d107d1a1b10b9c1) C:\WINDOWS\System32\dnsrslvr.dll
23:31:37.0625 0384 Dnscache - ok
23:31:37.0625 0384 dpti2o - ok
23:31:37.0625 0384 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:31:37.0734 0384 drmkaud - ok
23:31:37.0765 0384 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
23:31:37.0765 0384 ElbyCDIO - ok
23:31:37.0781 0384 ERSvc (90c85a6f2e6529526b897be25343663a) C:\WINDOWS\System32\ersvc.dll
23:31:37.0890 0384 ERSvc - ok
23:31:37.0921 0384 Eventlog (f9852f505e0699bb83d5c6321917040b) C:\WINDOWS\system32\services.exe
23:31:38.0046 0384 Eventlog - ok
23:31:38.0078 0384 EventSystem (86f565e6fdd0c0776089d2f92ab1fc3f) C:\WINDOWS\system32\es.dll
23:31:38.0187 0384 EventSystem - ok
23:31:38.0203 0384 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:31:38.0312 0384 Fastfat - ok
23:31:38.0343 0384 FastUserSwitchingCompatibility (dbcf824ba771a1f27e6f5124d0516358) C:\WINDOWS\System32\shsvcs.dll
23:31:38.0437 0384 FastUserSwitchingCompatibility - ok
23:31:38.0453 0384 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:31:38.0562 0384 Fdc - ok
23:31:38.0578 0384 Fips (6e9d149cfae2af4783f85dbd6cedf7a1) C:\WINDOWS\system32\drivers\Fips.sys
23:31:38.0718 0384 Fips - ok
23:31:38.0750 0384 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:31:38.0781 0384 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:31:38.0781 0384 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:31:38.0812 0384 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:31:38.0921 0384 Flpydisk - ok
23:31:38.0937 0384 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:31:39.0062 0384 FltMgr - ok
23:31:39.0140 0384 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:31:39.0140 0384 FontCache3.0.0.0 - ok
23:31:39.0156 0384 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:31:39.0265 0384 Fs_Rec - ok
23:31:39.0265 0384 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:31:39.0375 0384 Ftdisk - ok
23:31:39.0406 0384 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:31:39.0500 0384 Gpc - ok
23:31:39.0515 0384 helpsvc (e9982061a16ec28239efede6bd6de846) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:31:39.0625 0384 helpsvc - ok
23:31:39.0625 0384 HidServ - ok
23:31:39.0640 0384 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:31:39.0750 0384 hidusb - ok
23:31:39.0750 0384 hpn - ok
23:31:39.0781 0384 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:31:39.0796 0384 HPZid412 - ok
23:31:39.0812 0384 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:31:39.0828 0384 HPZipr12 - ok
23:31:39.0843 0384 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:31:39.0843 0384 HPZius12 - ok
23:31:39.0875 0384 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
23:31:39.0984 0384 HTTP - ok
23:31:40.0000 0384 HTTPFilter (ef167770bd4358b395608f61ba11c6d4) C:\WINDOWS\System32\w3ssl.dll
23:31:40.0125 0384 HTTPFilter - ok
23:31:40.0125 0384 i2omgmt - ok
23:31:40.0140 0384 i2omp - ok
23:31:40.0171 0384 i8042prt (0cab3ee361cfeab260b3906c8b6fb2be) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:31:40.0265 0384 i8042prt - ok
23:31:40.0328 0384 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:31:40.0359 0384 idsvc - ok
23:31:40.0359 0384 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:31:40.0468 0384 Imapi - ok
23:31:40.0500 0384 ImapiService (cee36882ea2298d0ad7e5c1ba750d49c) C:\WINDOWS\system32\imapi.exe
23:31:40.0609 0384 ImapiService - ok
23:31:40.0625 0384 InCDFs - ok
23:31:40.0625 0384 InCDPass - ok
23:31:40.0625 0384 InCDRm - ok
23:31:40.0640 0384 ini910u - ok
23:31:40.0656 0384 IntelIde - ok
23:31:40.0671 0384 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:31:40.0781 0384 Ip6Fw - ok
23:31:40.0796 0384 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:31:40.0921 0384 IpFilterDriver - ok
23:31:40.0937 0384 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:31:41.0046 0384 IpInIp - ok
23:31:41.0062 0384 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:31:41.0156 0384 IpNat - ok
23:31:41.0171 0384 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:31:41.0281 0384 IPSec - ok
23:31:41.0296 0384 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
23:31:41.0359 0384 irda - ok
23:31:41.0375 0384 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:31:41.0437 0384 IRENUM - ok
23:31:41.0468 0384 Irmon (185c3091b037cd0c8dfc141315973d83) C:\WINDOWS\System32\irmon.dll
23:31:41.0515 0384 Irmon - ok
23:31:41.0531 0384 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
23:31:41.0578 0384 irsir - ok
23:31:41.0578 0384 isapnp (90bc6118193b4e8a76f0fc0d4a3572de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:31:41.0687 0384 isapnp - ok
23:31:41.0796 0384 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Archivos de programa\Java\jre6\bin\jqs.exe
23:31:41.0812 0384 JavaQuickStarterService - ok
23:31:41.0828 0384 Kbdclass (71bfdda7b3006b45b18d8bac92bc9993) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:31:41.0921 0384 Kbdclass - ok
23:31:41.0937 0384 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
23:31:42.0046 0384 kmixer - ok
23:31:42.0078 0384 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
23:31:42.0187 0384 KSecDD - ok
23:31:42.0218 0384 lanmanserver (22211f6fb9c4369b64a2b62050241eb3) C:\WINDOWS\System32\srvsvc.dll
23:31:42.0312 0384 lanmanserver - ok
23:31:42.0328 0384 lanmanworkstation (2df7771f82b1a904c319d2519d85eafd) C:\WINDOWS\System32\wkssvc.dll
23:31:42.0453 0384 lanmanworkstation - ok
23:31:42.0453 0384 lbrtfdc - ok
23:31:42.0484 0384 LmHosts (f9801c6f1682a9f3099d694320bffc27) C:\WINDOWS\System32\lmhsvc.dll
23:31:42.0609 0384 LmHosts - ok
23:31:42.0625 0384 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
23:31:42.0640 0384 MBAMProtector - ok
23:31:42.0671 0384 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
23:31:42.0703 0384 MBAMService - ok
23:31:42.0734 0384 McMPFSvc - ok
23:31:42.0750 0384 Messenger (ca33f6547c49e749e47fb6a0d1dbe192) C:\WINDOWS\System32\msgsvc.dll
23:31:42.0859 0384 Messenger - ok
23:31:42.0890 0384 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:31:42.0984 0384 mnmdd - ok
23:31:43.0015 0384 mnmsrvc (a0751c0af862e271fbb135b4b7d56c4d) C:\WINDOWS\system32\mnmsrvc.exe
23:31:43.0109 0384 mnmsrvc - ok
23:31:43.0125 0384 Modem (b65f57d37e8d43089b701ed16e22d0e9) C:\WINDOWS\system32\drivers\Modem.sys
23:31:43.0218 0384 Modem - ok
23:31:43.0234 0384 Mouclass (05e9c75c6797145a4983e9d0a4778bc3) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:31:43.0328 0384 Mouclass - ok
23:31:43.0328 0384 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:31:43.0421 0384 mouhid - ok
23:31:43.0421 0384 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:31:43.0531 0384 MountMgr - ok
23:31:43.0546 0384 mraid35x - ok
23:31:43.0562 0384 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:31:43.0656 0384 MRxDAV - ok
23:31:43.0687 0384 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:31:43.0796 0384 MRxSmb - ok
23:31:43.0812 0384 MSDTC (64cf2b82b89b5dddf04b1c5cfed39518) C:\WINDOWS\system32\msdtc.exe
23:31:43.0906 0384 MSDTC - ok
23:31:43.0921 0384 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:31:44.0015 0384 Msfs - ok
23:31:44.0015 0384 MSIServer - ok
23:31:44.0031 0384 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:31:44.0125 0384 MSKSSRV - ok
23:31:44.0140 0384 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:31:44.0250 0384 MSPCLOCK - ok
23:31:44.0265 0384 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:31:44.0359 0384 MSPQM - ok
23:31:44.0375 0384 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:31:44.0468 0384 mssmbios - ok
23:31:44.0484 0384 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:31:44.0578 0384 Mup - ok
23:31:44.0609 0384 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:31:44.0718 0384 NDIS - ok
23:31:44.0750 0384 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:31:44.0843 0384 NdisTapi - ok
23:31:44.0843 0384 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:31:44.0953 0384 Ndisuio - ok
23:31:44.0953 0384 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:31:45.0046 0384 NdisWan - ok
23:31:45.0046 0384 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:31:45.0156 0384 NDProxy - ok
23:31:45.0156 0384 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:31:45.0250 0384 NetBIOS - ok
23:31:45.0265 0384 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:31:45.0359 0384 NetBT - ok
23:31:45.0375 0384 NetDDE (bcfa51e14e310586a3d199bb8ec0aa4e) C:\WINDOWS\system32\netdde.exe
23:31:45.0484 0384 NetDDE - ok
23:31:45.0484 0384 NetDDEdsdm (bcfa51e14e310586a3d199bb8ec0aa4e) C:\WINDOWS\system32\netdde.exe
23:31:45.0578 0384 NetDDEdsdm - ok
23:31:45.0609 0384 Netlogon (2b0b88652c9f6714fd4886839b3b0442) C:\WINDOWS\system32\lsass.exe
23:31:45.0718 0384 Netlogon - ok
23:31:45.0750 0384 Netman (25128473f0d3fd431f74cc5bafa123ca) C:\WINDOWS\System32\netman.dll
23:31:45.0843 0384 Netman - ok
23:31:45.0921 0384 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:31:45.0937 0384 NetTcpPortSharing - ok
23:31:45.0953 0384 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:31:46.0062 0384 NIC1394 - ok
23:31:46.0078 0384 Nla (10558fed65aaa5dc95125e069ae65036) C:\WINDOWS\System32\mswsock.dll
23:31:46.0187 0384 Nla - ok
23:31:46.0218 0384 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\WINDOWS\system32\nlssrv32.exe
23:31:46.0218 0384 nlsX86cc - ok
23:31:46.0234 0384 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:31:46.0328 0384 Npfs - ok
23:31:46.0343 0384 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
23:31:46.0437 0384 Ntfs - ok
23:31:46.0453 0384 NtLmSsp (2b0b88652c9f6714fd4886839b3b0442) C:\WINDOWS\system32\lsass.exe
23:31:46.0546 0384 NtLmSsp - ok
23:31:46.0562 0384 NtmsSvc (395948dee2b0f534a8c70687cc6dd7ca) C:\WINDOWS\system32\ntmssvc.dll
23:31:46.0671 0384 NtmsSvc - ok
23:31:46.0687 0384 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:31:46.0765 0384 Null - ok
23:31:47.0109 0384 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:31:47.0531 0384 nv - ok
23:31:47.0609 0384 nvatabus (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
23:31:47.0625 0384 nvatabus - ok
23:31:47.0656 0384 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:31:47.0671 0384 NVENETFD - ok
23:31:47.0703 0384 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:31:47.0703 0384 nvnetbus - ok
23:31:47.0718 0384 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
23:31:47.0734 0384 NVSvc - ok
23:31:47.0843 0384 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:31:47.0937 0384 nvUpdatusService - ok
23:31:48.0000 0384 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:31:48.0093 0384 NwlnkFlt - ok
23:31:48.0109 0384 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:31:48.0218 0384 NwlnkFwd - ok
23:31:48.0234 0384 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:31:48.0328 0384 ohci1394 - ok
23:31:48.0375 0384 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE
23:31:48.0375 0384 ose - ok
23:31:48.0406 0384 Parport (0df0b83c90473ccfdc3dc882cbb6e4a9) C:\WINDOWS\system32\DRIVERS\parport.sys
23:31:48.0515 0384 Parport - ok
23:31:48.0515 0384 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:31:48.0609 0384 PartMgr - ok
23:31:48.0640 0384 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
23:31:48.0734 0384 ParVdm - ok
23:31:48.0750 0384 PCI (a566b8da5e70b3237274d418853a87e0) C:\WINDOWS\system32\DRIVERS\pci.sys
23:31:48.0843 0384 PCI - ok
23:31:48.0843 0384 PCIDump - ok
23:31:48.0859 0384 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:31:48.0953 0384 PCIIde - ok
23:31:48.0968 0384 Pcmcia (6374a34b03aea7971c976982a391ad07) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:31:49.0062 0384 Pcmcia - ok
23:31:49.0062 0384 PDCOMP - ok
23:31:49.0078 0384 PDFRAME - ok
23:31:49.0078 0384 PDRELI - ok
23:31:49.0078 0384 PDRFRAME - ok
23:31:49.0093 0384 perc2 - ok
23:31:49.0093 0384 perc2hib - ok
23:31:49.0140 0384 PlugPlay (f9852f505e0699bb83d5c6321917040b) C:\WINDOWS\system32\services.exe
23:31:49.0234 0384 PlugPlay - ok
23:31:49.0265 0384 Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe
23:31:49.0265 0384 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:31:49.0265 0384 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:31:49.0265 0384 PolicyAgent (2b0b88652c9f6714fd4886839b3b0442) C:\WINDOWS\system32\lsass.exe
23:31:49.0375 0384 PolicyAgent - ok
23:31:49.0375 0384 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:31:49.0468 0384 PptpMiniport - ok
23:31:49.0484 0384 Processor (8526ecbc5e6abc0404c3d3d0733f2c00) C:\WINDOWS\system32\DRIVERS\processr.sys
23:31:49.0578 0384 Processor - ok
23:31:49.0593 0384 ProtectedStorage (2b0b88652c9f6714fd4886839b3b0442) C:\WINDOWS\system32\lsass.exe
23:31:49.0671 0384 ProtectedStorage - ok
23:31:49.0687 0384 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:31:49.0781 0384 PSched - ok
23:31:49.0781 0384 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:31:49.0875 0384 Ptilink - ok
23:31:49.0890 0384 ql1080 - ok
23:31:49.0890 0384 Ql10wnt - ok
23:31:49.0906 0384 ql12160 - ok
23:31:49.0906 0384 ql1240 - ok
23:31:49.0906 0384 ql1280 - ok
23:31:49.0937 0384 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:31:50.0015 0384 RasAcd - ok
23:31:50.0046 0384 RasAuto (c6133601f8d4b3c995b51307ee7be086) C:\WINDOWS\System32\rasauto.dll
23:31:50.0140 0384 RasAuto - ok
23:31:50.0140 0384 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
23:31:50.0203 0384 Rasirda - ok
23:31:50.0203 0384 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:31:50.0312 0384 Rasl2tp - ok
23:31:50.0328 0384 RasMan (c680bf19ca33f3fcae850275d7719634) C:\WINDOWS\System32\rasmans.dll
23:31:50.0421 0384 RasMan - ok
23:31:50.0421 0384 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:31:50.0515 0384 RasPppoe - ok
23:31:50.0515 0384 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:31:50.0625 0384 Raspti - ok
23:31:50.0640 0384 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:31:50.0734 0384 Rdbss - ok
23:31:50.0750 0384 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:31:50.0843 0384 RDPCDD - ok
23:31:50.0875 0384 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:31:50.0968 0384 rdpdr - ok
23:31:50.0984 0384 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
23:31:51.0078 0384 RDPWD - ok
23:31:51.0109 0384 RDSessMgr (8c88612f0e863b4f8069fc59c74259d4) C:\WINDOWS\system32\sessmgr.exe
23:31:51.0203 0384 RDSessMgr - ok
23:31:51.0203 0384 redbook (28531a950381da67fc6412dfebcc8c5c) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:31:51.0296 0384 redbook - ok
23:31:51.0328 0384 RemoteAccess (ce85b0049c7f0ac32cb5576affeeec4d) C:\WINDOWS\System32\mprdim.dll
23:31:51.0406 0384 RemoteAccess - ok
23:31:51.0437 0384 RemoteRegistry (d025e953864ebebab5933086d15c4fc6) C:\WINDOWS\system32\regsvc.dll
23:31:51.0546 0384 RemoteRegistry - ok
23:31:51.0562 0384 RpcLocator (08377ebb699418269613903c5340311f) C:\WINDOWS\system32\locator.exe
23:31:51.0656 0384 RpcLocator - ok
23:31:51.0687 0384 RpcSs (86945706ebf0460631917e967bab3cc4) C:\WINDOWS\System32\rpcss.dll
23:31:51.0781 0384 RpcSs - ok
23:31:51.0812 0384 RSVP (5e38212c2c00dc342e2281d2f6bfb746) C:\WINDOWS\system32\rsvp.exe
23:31:51.0921 0384 RSVP - ok
23:31:51.0937 0384 SamSs (2b0b88652c9f6714fd4886839b3b0442) C:\WINDOWS\system32\lsass.exe
23:31:52.0031 0384 SamSs - ok
23:31:52.0046 0384 SCardSvr (71cab99ad55f1daae201e990aa0ebdbf) C:\WINDOWS\System32\SCardSvr.exe
23:31:52.0140 0384 SCardSvr - ok
23:31:52.0156 0384 ScFBPNT2 (50b724c9d03111245df270bc3f49f04d) C:\WINDOWS\system32\drivers\ScFBPNT2.SYS
23:31:52.0156 0384 ScFBPNT2 ( UnsignedFile.Multi.Generic ) - warning
23:31:52.0156 0384 ScFBPNT2 - detected UnsignedFile.Multi.Generic (1)
23:31:52.0203 0384 Schedule (0125649b3c00d037e07fd7bcef7b653b) C:\WINDOWS\system32\schedsvc.dll
23:31:52.0296 0384 Schedule - ok
23:31:52.0312 0384 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:31:52.0359 0384 Secdrv - ok
23:31:52.0375 0384 seclogon (881e212e7d5dbc3a09732a9996c0cfd4) C:\WINDOWS\System32\seclogon.dll
23:31:52.0484 0384 seclogon - ok
23:31:52.0500 0384 SENS (00b0a54474e8f99fd43d108446f0d5be) C:\WINDOWS\system32\sens.dll
23:31:52.0609 0384 SENS - ok
23:31:52.0625 0384 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:31:52.0703 0384 serenum - ok
23:31:52.0718 0384 Serial (fa9c4c4ac544301fa13c5c00a270399f) C:\WINDOWS\system32\DRIVERS\serial.sys
23:31:52.0812 0384 Serial - ok
23:31:52.0859 0384 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:31:52.0953 0384 Sfloppy - ok
23:31:52.0968 0384 SharedAccess (0dc5698be9bbfe9673eb80a0d65d17e5) C:\WINDOWS\System32\ipnathlp.dll
23:31:53.0062 0384 SharedAccess - ok
23:31:53.0093 0384 ShellHWDetection (dbcf824ba771a1f27e6f5124d0516358) C:\WINDOWS\System32\shsvcs.dll
23:31:53.0187 0384 ShellHWDetection - ok
23:31:53.0187 0384 Simbad - ok
23:31:53.0203 0384 Sparrow - ok
23:31:53.0234 0384 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
23:31:53.0328 0384 splitter - ok
23:31:53.0328 0384 Spooler (1cf5af263287cf6febf31539833eaf4a) C:\WINDOWS\system32\spoolsv.exe
23:31:53.0421 0384 Spooler - ok
23:31:53.0437 0384 sr (3c151d50cf3ae1683c6e3ec201b2ad3d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:31:53.0500 0384 sr - ok
23:31:53.0531 0384 srservice (c791d16bf25264738b14873436293bd0) C:\WINDOWS\system32\srsvc.dll
23:31:53.0578 0384 srservice - ok
23:31:53.0593 0384 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
23:31:53.0687 0384 Srv - ok
23:31:53.0718 0384 SSDPSRV (4aff5ea8bf2362c3d5001295fdeb3abd) C:\WINDOWS\System32\ssdpsrv.dll
23:31:53.0781 0384 SSDPSRV - ok
23:31:53.0812 0384 stisvc (fffa385feadc60175c653afb215f539a) C:\WINDOWS\system32\wiaservc.dll
23:31:53.0921 0384 stisvc - ok
23:31:53.0937 0384 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:31:54.0031 0384 swenum - ok
23:31:54.0046 0384 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:31:54.0140 0384 swmidi - ok
23:31:54.0140 0384 SwPrv - ok
23:31:54.0156 0384 symc810 - ok
23:31:54.0156 0384 symc8xx - ok
23:31:54.0171 0384 sym_hi - ok
23:31:54.0171 0384 sym_u3 - ok
23:31:54.0203 0384 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:31:54.0296 0384 sysaudio - ok
23:31:54.0328 0384 SysmonLog (69c20e092a03e619108accdb62fedd18) C:\WINDOWS\system32\smlogsvc.exe
23:31:54.0421 0384 SysmonLog - ok
23:31:54.0437 0384 TapiSrv (c2dc3f102c351fa6d4bdaf2b927eafc2) C:\WINDOWS\System32\tapisrv.dll
23:31:54.0546 0384 TapiSrv - ok
23:31:54.0578 0384 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:31:54.0671 0384 Tcpip - ok
23:31:54.0687 0384 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:31:54.0765 0384 TDPIPE - ok
23:31:54.0796 0384 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:31:54.0875 0384 TDTCP - ok
23:31:54.0890 0384 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:31:54.0984 0384 TermDD - ok
23:31:55.0015 0384 TermService (c2038466be5a6a76efd592fa0b459e17) C:\WINDOWS\System32\termsrv.dll
23:31:55.0125 0384 TermService - ok
23:31:55.0156 0384 Themes (dbcf824ba771a1f27e6f5124d0516358) C:\WINDOWS\System32\shsvcs.dll
23:31:55.0250 0384 Themes - ok
23:31:55.0265 0384 TlntSvr (2b7f532a887e4b942415fcd8ad40af5f) C:\WINDOWS\system32\tlntsvr.exe
23:31:55.0328 0384 TlntSvr - ok
23:31:55.0328 0384 TosIde - ok
23:31:55.0343 0384 TrkWks (bf0b2a43c17c4bbd38b8d8e10be980c1) C:\WINDOWS\system32\trkwks.dll
23:31:55.0453 0384 TrkWks - ok
23:31:55.0515 0384 TuneUp.UtilitiesSvc (a3f474966e0f4cd4b560186896966984) C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
23:31:55.0562 0384 TuneUp.UtilitiesSvc - ok
23:31:55.0609 0384 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
23:31:55.0609 0384 TuneUpUtilitiesDrv - ok
23:31:55.0687 0384 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:31:55.0781 0384 Udfs - ok
23:31:55.0781 0384 ultra - ok
23:31:55.0796 0384 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
23:31:55.0906 0384 Update - ok
23:31:55.0937 0384 upnphost (4b48358383940f6e559da2f64753029f) C:\WINDOWS\System32\upnphost.dll
23:31:55.0984 0384 upnphost - ok
23:31:56.0000 0384 UPS (fcd517bf3db339f5d18ede1a95d72f71) C:\WINDOWS\System32\ups.exe
23:31:56.0093 0384 UPS - ok
23:31:56.0109 0384 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:31:56.0203 0384 usbccgp - ok
23:31:56.0234 0384 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:31:56.0328 0384 usbehci - ok
23:31:56.0328 0384 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:31:56.0437 0384 usbhub - ok
23:31:56.0453 0384 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:31:56.0546 0384 usbohci - ok
23:31:56.0593 0384 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:31:56.0687 0384 usbprint - ok
23:31:56.0718 0384 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:31:56.0796 0384 usbstor - ok
23:31:56.0828 0384 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:31:56.0921 0384 VgaSave - ok
23:31:56.0937 0384 ViaIde - ok
23:31:56.0937 0384 VolSnap (d6ec4aff061665a10f0b1a9517d338e3) C:\WINDOWS\system32\drivers\VolSnap.sys
23:31:57.0031 0384 VolSnap - ok
23:31:57.0046 0384 VSS (e8649ec7621b5ae45a29164cae41a6df) C:\WINDOWS\System32\vssvc.exe
23:31:57.0109 0384 VSS - ok
23:31:57.0140 0384 W32Time (13835c57c973519f82b27ea506239369) C:\WINDOWS\system32\w32time.dll
23:31:57.0234 0384 W32Time - ok
23:31:57.0234 0384 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:31:57.0343 0384 Wanarp - ok
23:31:57.0343 0384 WDICA - ok
23:31:57.0375 0384 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
23:31:57.0468 0384 wdmaud - ok
23:31:57.0484 0384 WebClient (a7096ff98f9ffb9f36e1ba3fcd4591cd) C:\WINDOWS\System32\webclnt.dll
23:31:57.0578 0384 WebClient - ok
23:31:57.0640 0384 winmgmt (3e8df5e4f0e6419801ff5f568cc8c531) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:31:57.0734 0384 winmgmt - ok
23:31:57.0781 0384 WmdmPmSN (482069cda24aa0e94b1351e30eb3d01f) C:\WINDOWS\system32\MsPMSNSv.dll
23:31:57.0781 0384 WmdmPmSN - ok
23:31:57.0828 0384 Wmi (d8f738e92ea2122f5767acd5378c732b) C:\WINDOWS\System32\advapi32.dll
23:31:57.0968 0384 Wmi - ok
23:31:58.0000 0384 WmiApSrv (2710bf9b02bc92d352cfcabac64918fa) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:31:58.0093 0384 WmiApSrv - ok
23:31:58.0109 0384 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:31:58.0203 0384 WS2IFSL - ok
23:31:58.0218 0384 wscsvc (fa7335c49f09d764cd6e507b946cd8d1) C:\WINDOWS\system32\wscsvc.dll
23:31:58.0312 0384 wscsvc - ok
23:31:58.0343 0384 wuauserv (eeda22e0c570c7204724c3a30a0b1a40) C:\WINDOWS\system32\wuauserv.dll
23:31:58.0437 0384 wuauserv - ok
23:31:58.0468 0384 WZCSVC (e28bb7bb83250346eb4e71134acd5627) C:\WINDOWS\System32\wzcsvc.dll
23:31:58.0562 0384 WZCSVC - ok
23:31:58.0578 0384 xmlprov (843e0db8042a8c0d749eb2b9efa54f24) C:\WINDOWS\System32\xmlprov.dll
23:31:58.0687 0384 xmlprov - ok
23:31:58.0703 0384 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk0\DR0
23:32:02.0031 0384 \Device\Harddisk0\DR0 - ok
23:32:02.0046 0384 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:32:02.0281 0384 \Device\Harddisk1\DR1 - ok
23:32:02.0296 0384 MBR (0x1B8) (792f61657fece3d17a9122b4ee282847) \Device\Harddisk2\DR2
23:32:02.0437 0384 \Device\Harddisk2\DR2 - ok
23:32:02.0453 0384 MBR (0x1B8) (776a1c7438328c525f85284196c63a74) \Device\Harddisk3\DR9
23:32:03.0406 0384 \Device\Harddisk3\DR9 - ok
23:32:03.0421 0384 MBR (0x1B8) (72147b53a0cd49ddfa081f91cd2a52fd) \Device\Harddisk4\DR10
23:32:04.0359 0384 \Device\Harddisk4\DR10 - ok
23:32:04.0375 0384 Boot (0x1200) (faa57471e7885b7d2b974d0186faa259) \Device\Harddisk0\DR0\Partition0
23:32:04.0375 0384 \Device\Harddisk0\DR0\Partition0 - ok
23:32:04.0375 0384 Boot (0x1200) (a79a7343789de4da1a06397da95b4e3d) \Device\Harddisk1\DR1\Partition0
23:32:04.0375 0384 \Device\Harddisk1\DR1\Partition0 - ok
23:32:04.0390 0384 Boot (0x1200) (7069e2b580355f60c4142fa02a51bbb3) \Device\Harddisk1\DR1\Partition1
23:32:04.0390 0384 \Device\Harddisk1\DR1\Partition1 - ok
23:32:04.0390 0384 Boot (0x1200) (b7ca1dd3220fa4124ae1909a6ead8e38) \Device\Harddisk1\DR1\Partition2
23:32:04.0390 0384 \Device\Harddisk1\DR1\Partition2 - ok
23:32:04.0390 0384 Boot (0x1200) (75217757b5828ffe5ca73062c4d49cf3) \Device\Harddisk2\DR2\Partition0
23:32:04.0390 0384 \Device\Harddisk2\DR2\Partition0 - ok
23:32:04.0421 0384 Boot (0x1200) (c8e823a6049ef20fb5b0810c58843bb9) \Device\Harddisk2\DR2\Partition1
23:32:04.0421 0384 \Device\Harddisk2\DR2\Partition1 - ok
23:32:04.0421 0384 ============================================================
23:32:04.0421 0384 Scan finished
23:32:04.0421 0384 ============================================================
23:32:04.0531 3288 Detected object count: 4
23:32:04.0531 3288 Actual detected object count: 4
23:33:32.0515 3288 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:32.0515 3288 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:33:32.0515 3288 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:32.0515 3288 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:33:32.0515 3288 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:32.0515 3288 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:33:32.0515 3288 ScFBPNT2 ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:32.0515 3288 ScFBPNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:34:48.0281 1876 ============================================================
23:34:48.0281 1876 Scan started
23:34:48.0281 1876 Mode: Manual; SigCheck; TDLFS;
23:34:48.0281 1876 ============================================================
23:34:48.0625 1876 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
23:34:48.0640 1876 Aavmker4 - ok
23:34:48.0640 1876 Abiosdsk - ok
23:34:48.0656 1876 abp480n5 - ok
23:34:48.0687 1876 ACPI (33d1373ee875ce8b063777f7e77815b7) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:34:48.0843 1876 ACPI - ok
23:34:48.0859 1876 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:34:48.0968 1876 ACPIEC - ok
23:34:49.0031 1876 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:34:49.0046 1876 AdobeFlashPlayerUpdateSvc - ok
23:34:49.0046 1876 adpu160m - ok
23:34:49.0078 1876 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
23:34:49.0187 1876 aec - ok
23:34:49.0218 1876 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
23:34:49.0312 1876 AFD - ok
23:34:49.0312 1876 Aha154x - ok
23:34:49.0328 1876 aic78u2 - ok
23:34:49.0328 1876 aic78xx - ok
23:34:49.0421 1876 ALCXWDM (f5d4d3899e16e1f75398297844386226) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:34:49.0546 1876 ALCXWDM - ok
23:34:49.0609 1876 Alerter (ffd14ea04a74ce3aa34e9511c994c590) C:\WINDOWS\system32\alrsvc.dll
23:34:49.0703 1876 Alerter - ok
23:34:49.0734 1876 ALG (906d6932d533f1591caa84e846b9ba06) C:\WINDOWS\System32\alg.exe
23:34:49.0796 1876 ALG - ok
23:34:49.0796 1876 AliIde - ok
23:34:49.0828 1876 AmdK8 (83a4753b1172e0b13dfbedbb4d7dfd45) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:34:49.0859 1876 AmdK8 - ok
23:34:49.0859 1876 amsint - ok
23:34:49.0890 1876 AnyDVD (486cf73f183e7adc5575fcd47f9fb1af) C:\WINDOWS\system32\Drivers\AnyDVD.sys
23:34:49.0890 1876 AnyDVD - ok
23:34:49.0921 1876 AppMgmt (0cf68b185221e5b162ef1b0559428b40) C:\WINDOWS\System32\appmgmts.dll
23:34:49.0968 1876 AppMgmt - ok
23:34:50.0000 1876 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:34:50.0093 1876 Arp1394 - ok
23:34:50.0109 1876 asc - ok
23:34:50.0109 1876 asc3350p - ok
23:34:50.0109 1876 asc3550 - ok
23:34:50.0203 1876 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:34:50.0218 1876 aspnet_state - ok
23:34:50.0218 1876 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:34:50.0234 1876 aswFsBlk - ok
23:34:50.0265 1876 aswFW (80beddcbb4a1417cec0c78a61cac0f66) C:\WINDOWS\system32\drivers\aswFW.sys
23:34:50.0265 1876 aswFW - ok
23:34:50.0281 1876 aswKbd (81e695913fefd4e23360a69c0f151797) C:\WINDOWS\system32\drivers\aswKbd.sys
23:34:50.0281 1876 aswKbd - ok
23:34:50.0296 1876 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
23:34:50.0312 1876 aswMon2 - ok
23:34:50.0312 1876 aswNdis2 (72c8f79d72b4ff6e1627276ddf4b01c9) C:\WINDOWS\system32\drivers\aswNdis2.sys
23:34:50.0328 1876 aswNdis2 - ok
23:34:50.0328 1876 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
23:34:50.0343 1876 AswRdr - ok
23:34:50.0359 1876 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
23:34:50.0375 1876 aswSnx - ok
23:34:50.0406 1876 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
23:34:50.0421 1876 aswSP - ok
23:34:50.0437 1876 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
23:34:50.0437 1876 aswTdi - ok
23:34:50.0468 1876 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:34:50.0593 1876 AsyncMac - ok
23:34:50.0593 1876 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:34:50.0687 1876 atapi - ok
23:34:50.0703 1876 Atdisk - ok
23:34:50.0718 1876 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:34:50.0812 1876 Atmarpc - ok
23:34:50.0828 1876 AudioSrv (f72df7512d92c2abedfae488411c9fe4) C:\WINDOWS\System32\audiosrv.dll
23:34:50.0921 1876 AudioSrv - ok
23:34:50.0953 1876 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:34:51.0031 1876 audstub - ok
23:34:51.0093 1876 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe
23:34:51.0093 1876 avast! Antivirus - ok
23:34:51.0140 1876 avast! Firewall (7d465549dfb0eca6601e9609c72cd20a) C:\Archivos de programa\AVAST Software\Avast\afwServ.exe
23:34:51.0140 1876 avast! Firewall - ok
23:34:51.0171 1876 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:34:51.0265 1876 Beep - ok
23:34:51.0296 1876 BITS (02451268dc47e4dc228210da0e3c3274) C:\WINDOWS\system32\qmgr.dll
23:34:51.0406 1876 BITS - ok
23:34:51.0437 1876 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Archivos de programa\Bonjour\mDNSResponder.exe
23:34:51.0437 1876 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
23:34:51.0437 1876 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
23:34:51.0453 1876 Browser (d01cfcc753b09e70f5b7622501ff5383) C:\WINDOWS\System32\browser.dll
23:34:51.0546 1876 Browser - ok
23:34:51.0609 1876 catchme - ok
23:34:51.0640 1876 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:34:51.0718 1876 cbidf2k - ok
23:34:51.0718 1876 cd20xrnt - ok
23:34:51.0750 1876 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:34:51.0843 1876 Cdaudio - ok
23:34:51.0843 1876 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:34:51.0937 1876 Cdfs - ok
23:34:51.0968 1876 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:34:52.0046 1876 Cdrom - ok
23:34:52.0062 1876 Changer - ok
23:34:52.0078 1876 CiSvc (c2991bbef6836c9b3abce7f87b19b0e8) C:\WINDOWS\system32\cisvc.exe
23:34:52.0171 1876 CiSvc - ok
23:34:52.0187 1876 ClipSrv (7931f88db9b42b3f7b5d9978bbacb22a) C:\WINDOWS\system32\clipsrv.exe
23:34:52.0281 1876 ClipSrv - ok
23:34:52.0312 1876 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:34:52.0312 1876 clr_optimization_v2.0.50727_32 - ok
23:34:52.0312 1876 CmdIde - ok
23:34:52.0328 1876 COMSysApp - ok
23:34:52.0343 1876 Cpqarray - ok
23:34:52.0359 1876 CryptSvc (149cffbf77cc1306fc535557cf513b91) C:\WINDOWS\System32\cryptsvc.dll
23:34:52.0468 1876 CryptSvc - ok
23:34:52.0468 1876 dac2w2k - ok
23:34:52.0468 1876 dac960nt - ok
23:34:52.0500 1876 DcomLaunch (86945706ebf0460631917e967bab3cc4) C:\WINDOWS\system32\rpcss.dll
23:34:52.0609 1876 DcomLaunch - ok
23:34:52.0640 1876 Dhcp (83e48a6e01e8d9b26cfdda050b0a4758) C:\WINDOWS\System32\dhcpcsvc.dll
23:34:52.0734 1876 Dhcp - ok
23:34:52.0750 1876 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:34:52.0843 1876 Disk - ok
23:34:52.0859 1876 dmadmin - ok
23:34:52.0890 1876 dmboot (9fb634a0ed429aa64de57c53dd10ccf9) C:\WINDOWS\system32\drivers\dmboot.sys
23:34:52.0984 1876 dmboot - ok
23:34:53.0015 1876 dmio (67decfaf3b6cdb34b3fa77d965281bb5) C:\WINDOWS\system32\drivers\dmio.sys
23:34:53.0093 1876 dmio - ok
23:34:53.0109 1876 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:34:53.0187 1876 dmload - ok
23:34:53.0203 1876 dmserver (9108afa79d60ebfb2d6af87b9515ba1a) C:\WINDOWS\System32\dmserver.dll
23:34:53.0281 1876 dmserver - ok
23:34:53.0328 1876 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:34:53.0406 1876 DMusic - ok
23:34:53.0421 1876 Dnscache (8739d42144e3687f5d107d1a1b10b9c1) C:\WINDOWS\System32\dnsrslvr.dll
23:34:53.0531 1876 Dnscache - ok
23:34:53.0531 1876 dpti2o - ok
23:34:53.0546 1876 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:34:53.0640 1876 drmkaud - ok
23:34:53.0671 1876 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
23:34:53.0671 1876 ElbyCDIO - ok
23:34:53.0687 1876 ERSvc (90c85a6f2e6529526b897be25343663a) C:\WINDOWS\System32\ersvc.dll
23:34:53.0781 1876 ERSvc - ok
23:34:53.0812 1876 Eventlog (f9852f505e0699bb83d5c6321917040b) C:\WINDOWS\system32\services.exe
23:34:53.0937 1876 Eventlog - ok
23:34:53.0953 1876 EventSystem (86f565e6fdd0c0776089d2f92ab1fc3f) C:\WINDOWS\system32\es.dll
23:34:54.0046 1876 EventSystem - ok
23:34:54.0078 1876 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:34:54.0156 1876 Fastfat - ok
23:34:54.0171 1876 FastUserSwitchingCompatibility (dbcf824ba771a1f27e6f5124d0516358) C:\WINDOWS\System32\shsvcs.dll
23:34:54.0281 1876 FastUserSwitchingCompatibility - ok
23:34:54.0296 1876 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:34:54.0390 1876 Fdc - ok
23:34:54.0406 1876 Fips (6e9d149cfae2af4783f85dbd6cedf7a1) C:\WINDOWS\system32\drivers\Fips.sys
23:34:54.0500 1876 Fips - ok
23:34:54.0562 1876 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:34:54.0578 1876 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:34:54.0578 1876 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:34:54.0609 1876 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:34:54.0718 1876 Flpydisk - ok
23:34:54.0750 1876 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:34:54.0843 1876 FltMgr - ok
23:34:54.0906 1876 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:34:54.0921 1876 FontCache3.0.0.0 - ok
23:34:54.0921 1876 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:34:55.0031 1876 Fs_Rec - ok
23:34:55.0031 1876 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:34:55.0125 1876 Ftdisk - ok
23:34:55.0140 1876 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:34:55.0218 1876 Gpc - ok
23:34:55.0265 1876 helpsvc (e9982061a16ec28239efede6bd6de846) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:34:55.0343 1876 helpsvc - ok
23:34:55.0359 1876 HidServ - ok
23:34:55.0375 1876 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:34:55.0468 1876 hidusb - ok
23:34:55.0468 1876 hpn - ok
23:34:55.0500 1876 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:34:55.0500 1876 HPZid412 - ok
23:34:55.0515 1876 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:34:55.0531 1876 HPZipr12 - ok
23:34:55.0546 1876 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:34:55.0562 1876 HPZius12 - ok
23:34:55.0593 1876 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
23:34:55.0687 1876 HTTP - ok
23:34:55.0718 1876 HTTPFilter (ef167770bd4358b395608f61ba11c6d4) C:\WINDOWS\System32\w3ssl.dll
23:34:55.0812 1876 HTTPFilter - ok
23:34:55.0812 1876 i2omgmt - ok
23:34:55.0828 1876 i2omp - ok
23:34:55.0859 1876 i8042prt (0cab3ee361cfeab260b3906c8b6fb2be) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:34:55.0953 1876 i8042prt - ok
23:34:56.0015 1876 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:34:56.0046 1876 idsvc - ok
23:34:56.0046 1876 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:34:56.0140 1876 Imapi - ok
23:34:56.0171 1876 ImapiService (cee36882ea2298d0ad7e5c1ba750d49c) C:\WINDOWS\system32\imapi.exe
23:34:56.0265 1876 ImapiService - ok
23:34:56.0265 1876 InCDFs - ok
23:34:56.0281 1876 InCDPass - ok
23:34:56.0281 1876 InCDRm - ok
23:34:56.0296 1876 ini910u - ok
23:34:56.0312 1876 IntelIde - ok
23:34:56.0328 1876 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:34:56.0421 1876 Ip6Fw - ok
23:34:56.0437 1876 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:34:56.0531 1876 IpFilterDriver - ok
23:34:56.0546 1876 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:34:56.0640 1876 IpInIp - ok
23:34:56.0656 1876 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:34:56.0750 1876 IpNat - ok
23:34:56.0750 1876 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:34:56.0843 1876 IPSec - ok
23:34:56.0875 1876 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
23:34:56.0921 1876 irda - ok
23:34:56.0937 1876 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:34:57.0000 1876 IRENUM - ok
23:34:57.0015 1876 Irmon (185c3091b037cd0c8dfc141315973d83) C:\WINDOWS\System32\irmon.dll
23:34:57.0078 1876 Irmon - ok
23:34:57.0078 1876 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
23:34:57.0125 1876 irsir - ok
23:34:57.0156 1876 isapnp (90bc6118193b4e8a76f0fc0d4a3572de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:34:57.0265 1876 isapnp - ok
23:34:57.0359 1876 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Archivos de programa\Java\jre6\bin\jqs.exe
23:34:57.0359 1876 JavaQuickStarterService - ok
23:34:57.0359 1876 Kbdclass (71bfdda7b3006b45b18d8bac92bc9993) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:34:57.0468 1876 Kbdclass - ok
23:34:57.0500 1876 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
23:34:57.0593 1876 kmixer - ok
23:34:57.0609 1876 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
23:34:57.0703 1876 KSecDD - ok
23:34:57.0734 1876 lanmanserver (22211f6fb9c4369b64a2b62050241eb3) C:\WINDOWS\System32\srvsvc.dll
23:34:57.0828 1876 lanmanserver - ok
23:34:57.0828 1876 lanmanworkstation (2df7771f82b1a904c319d2519d85eafd) C:\WINDOWS\System32\wkssvc.dll
23:34:57.0953 1876 lanmanworkstation - ok
23:34:57.0953 1876 lbrtfdc - ok
23:34:57.0984 1876 LmHosts (f9801c6f1682a9f3099d694320bffc27) C:\WINDOWS\System32\lmhsvc.dll
23:34:58.0093 1876 LmHosts - ok
23:34:58.0093 1876 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
23:34:58.0109 1876 MBAMProtector - ok
23:34:58.0171 1876 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
23:34:58.0203 1876 MBAMService - ok
23:34:58.0234 1876 McMPFSvc - ok
23:34:58.0265 1876 Messenger (ca33f6547c49e749e47fb6a0d1dbe192) C:\WINDOWS\System32\msgsvc.dll
23:34:58.0359 1876 Messenger - ok
23:34:58.0390 1876 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:34:58.0468 1876 mnmdd - ok
23:34:58.0500 1876 mnmsrvc (a0751c0af862e271fbb135b4b7d56c4d) C:\WINDOWS\system32\mnmsrvc.exe
23:34:58.0593 1876 mnmsrvc - ok
23:34:58.0593 1876 Modem (b65f57d37e8d43089b701ed16e22d0e9) C:\WINDOWS\system32\drivers\Modem.sys
23:34:58.0687 1876 Modem - ok
23:34:58.0703 1876 Mouclass (05e9c75c6797145a4983e9d0a4778bc3) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:34:58.0796 1876 Mouclass - ok
23:34:58.0796 1876 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:34:58.0906 1876 mouhid - ok
23:34:58.0906 1876 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:34:59.0000 1876 MountMgr - ok
23:34:59.0000 1876 mraid35x - ok
23:34:59.0031 1876 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:34:59.0125 1876 MRxDAV - ok
23:34:59.0156 1876 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:34:59.0250 1876 MRxSmb - ok
23:34:59.0281 1876 MSDTC (64cf2b82b89b5dddf04b1c5cfed39518) C:\WINDOWS\system32\msdtc.exe
23:34:59.0375 1876 MSDTC - ok
23:34:59.0375 1876 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:34:59.0468 1876 Msfs - ok
23:34:59.0468 1876 MSIServer - ok
23:34:59.0484 1876 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:34:59.0578 1876 MSKSSRV - ok
23:34:59.0578 1876 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:34:59.0671 1876 MSPCLOCK - ok
23:34:59.0687 1876 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:34:59.0781 1876 MSPQM - ok
23:34:59.0796 1876 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:34:59.0875 1876 mssmbios - ok
23:34:59.0890 1876 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:34:59.0984 1876 Mup - ok
23:35:00.0015 1876 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:35:00.0109 1876 NDIS - ok
23:35:00.0156 1876 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:35:00.0234 1876 NdisTapi - ok
23:35:00.0250 1876 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:35:00.0328 1876 Ndisuio - ok
23:35:00.0343 1876 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:35:00.0421 1876 NdisWan - ok
23:35:00.0437 1876 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:35:00.0515 1876 NDProxy - ok
23:35:00.0531 1876 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:35:00.0609 1876 NetBIOS - ok
23:35:00.0625 1876 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:35:00.0718 1876 NetBT - ok
23:35:00.0734 1876 NetDDE (bcfa51e14e310586a3d199bb8ec0aa4e) C:\WINDOWS\system32\netdde.exe
23:35:00.0828 1876 NetDDE - ok
23:35:00.0828 1876 NetDDEdsdm (bcfa51e14e310586a3d199bb8ec0aa4e) C:\WINDOWS\system32\netdde.exe
23:35:00.0921 1876 NetDDEdsdm - ok
23:35:00.0953 1876 Netlogon (2b0b88652c9f6714fd4886839b3b0442) C:\WINDOWS\system32\lsass.exe
23:35:01.0062 1876 Netlogon - ok
23:35:01.0093 1876 Netman (25128473f0d3fd431f74cc5bafa123ca) C:\WINDOWS\System32\netman.dll
23:35:01.0187 1876 Netman - ok
23:35:01.0265 1876 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:35:01.0281 1876 NetTcpPortSharing - ok
23:35:01.0296 1876 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:35:01.0390 1876 NIC1394 - ok
23:35:01.0421 1876 Nla (10558fed65aaa5dc95125e069ae65036) C:\WINDOWS\System32\mswsock.dll
23:35:01.0515 1876 Nla - ok
23:35:01.0546 1876 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\WINDOWS\system32\nlssrv32.exe
23:35:01.0562 1876 nlsX86cc - ok
23:35:01.0562 1876 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:35:01.0640 1876 Npfs - ok
23:35:01.0656 1876 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
23:35:01.0765 1876 Ntfs - ok
23:35:01.0765 1876 NtLmSsp (2b0b88652c9f6714fd4886839b3b0442) C:\WINDOWS\system32\lsass.exe
23:35:01.0859 1876 NtLmSsp - ok
23:35:01.0875 1876 NtmsSvc (395948dee2b0f534a8c70687cc6dd7ca) C:\WINDOWS\system32\ntmssvc.dll
23:35:01.0968 1876 NtmsSvc - ok
23:35:01.0984 1876 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:35:02.0078 1876 Null - ok
23:35:02.0421 1876 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:35:02.0843 1876 nv - ok
23:35:02.0953 1876 nvatabus (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
23:35:02.0968 1876 nvatabus - ok
23:35:03.0000 1876 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:35:03.0015 1876 NVENETFD - ok
23:35:03.0062 1876 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:35:03.0062 1876 nvnetbus - ok
23:35:03.0093 1876 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
23:35:03.0109 1876 NVSvc - ok
23:35:03.0234 1876 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:35:03.0328 1876 nvUpdatusService - ok
23:35:03.0406 1876 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:35:03.0500 1876 NwlnkFlt - ok
23:35:03.0500 1876 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:35:03.0609 1876 NwlnkFwd - ok
23:35:03.0625 1876 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:35:03.0703 1876 ohci1394 - ok
23:35:03.0750 1876 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE
23:35:03.0765 1876 ose - ok
23:35:03.0781 1876 Parport (0df0b83c90473ccfdc3dc882cbb6e4a9) C:\WINDOWS\system32\DRIVERS\parport.sys
23:35:03.0890 1876 Parport - ok
23:35:03.0890 1876 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:35:03.0984 1876 PartMgr - ok
23:35:04.0031 1876 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
23:35:04.0109 1876 ParVdm - ok
23:35:04.0125 1876 PCI (a566b8da5e70b3237274d418853a87e0) C:\WINDOWS\system32\DRIVERS\pci.sys
23:35:04.0218 1876 PCI - ok
23:35:04.0218 1876 PCIDump - ok
23:35:04.0234 1876 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:35:04.0328 1876 PCIIde - ok
23:35:04.0359 1876 Pcmcia (6374a34b03aea7971c976982a391ad07) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:35:04.0437 1876 Pcmcia - ok
23:35:04.0453 1876 PDCOMP - ok
23:35:04.0453 1876 PDFRAME - ok
23:35:04.0468 1876 PDRELI - ok
23:35:04.0468 1876 PDRFRAME - ok
23:35:04.0484 1876 perc2 - ok
23:35:04.0484 1876 perc2hib - ok
23:35:04.0515 1876 PlugPlay (f9852f505e0699bb83d5c6321917040b) C:\WINDOWS\system32\services.exe
23:35:04.0609 1876 PlugPlay - ok
23:35:04.0640 1876 Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe
23:35:04.0671 1876 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:35:04.0671 1876 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:35:04.0671 1876 PolicyAgent (2b0b88652c9f6714fd4886839b3b0442) C:\WINDOWS\system32\lsass.exe
23:35:04.0750 1876 PolicyAgent - ok
23:35:04.0765 1876 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:35:04.0843 1876 PptpMiniport - ok
23:35:04.0859 1876 Processor (8526ecbc5e6abc0404c3d3d0733f2c00) C:\WINDOWS\system32\DRIVERS\processr.sys
23:35:04.0953 1876 Processor - ok
23:35:04.0953 1876 ProtectedStorage (2b0b88652c9f6714fd4886839b3b0442) C:\WINDOWS\system32\lsass.exe
23:35:05.0046 1876 ProtectedStorage - ok
23:35:05.0046 1876 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:35:05.0140 1876 PSched - ok
23:35:05.0156 1876 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:35:05.0234 1876 Ptilink - ok
23:35:05.0234 1876 ql1080 - ok
23:35:05.0250 1876 Ql10wnt - ok
23:35:05.0250 1876 ql12160 - ok
23:35:05.0265 1876 ql1240 - ok
23:35:05.0265 1876 ql1280 - ok
23:35:05.0281 1876 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:35:05.0375 1876 RasAcd - ok
23:35:05.0390 1876 RasAuto (c6133601f8d4b3c995b51307ee7be086) C:\WINDOWS\System32\rasauto.dll
23:35:05.0484 1876 RasAuto - ok
23:35:05.0484 1876 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
23:35:05.0546 1876 Rasirda - ok
23:35:05.0546 1876 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:35:05.0625 1876 Rasl2tp - ok
23:35:05.0656 1876 RasMan (c680bf19ca33f3fcae850275d7719634) C:\WINDOWS\System32\rasmans.dll
23:35:05.0750 1876 RasMan - ok
23:35:05.0750 1876 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:35:05.0843 1876 RasPppoe - ok
23:35:05.0859 1876 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:35:05.0968 1876 Raspti - ok
23:35:05.0984 1876 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:35:06.0078 1876 Rdbss - ok
23:35:06.0093 1876 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:35:06.0187 1876 RDPCDD - ok
23:35:06.0218 1876 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:35:06.0328 1876 rdpdr - ok
23:35:06.0343 1876 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
23:35:06.0437 1876 RDPWD - ok
23:35:06.0453 1876 RDSessMgr (8c88612f0e863b4f8069fc59c74259d4) C:\WINDOWS\system32\sessmgr.exe
23:35:06.0546 1876 RDSessMgr - ok
23:35:06.0546 1876 redbook (28531a950381da67fc6412dfebcc8c5c) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:35:06.0640 1876 redbook - ok
23:35:06.0671 1876 RemoteAccess (ce85b0049c7f0ac32cb5576affeeec4d) C:\WINDOWS\System32\mprdim.dll
23:35:06.0750 1876 RemoteAccess - ok
23:35:06.0781 1876 RemoteRegistry (d025e953864ebebab5933086d15c4fc6) C:\WINDOWS\system32\regsvc.dll
23:35:06.0859 1876 RemoteRegistry - ok
23:35:06.0875 1876 RpcLocator (08377ebb699418269613903c5340311f) C:\WINDOWS\system32\locator.exe
23:35:06.0968 1876 RpcLocator - ok
23:35:07.0000 1876 RpcSs (86945706ebf0460631917e967bab3cc4) C:\WINDOWS\System32\rpcss.dll
23:35:07.0093 1876 RpcSs - ok
23:35:07.0125 1876 RSVP (5e38212c2c00dc342e2281d2f6bfb746) C:\WINDOWS\system32\rsvp.exe
23:35:07.0218 1876 RSVP - ok
23:35:07.0250 1876 SamSs (2b0b88652c9f6714fd4886839b3b0442) C:\WINDOWS\system32\lsass.exe
23:35:07.0328 1876 SamSs - ok
23:35:07.0343 1876 SCardSvr (71cab99ad55f1daae201e990aa0ebdbf) C:\WINDOWS\System32\SCardSvr.exe
23:35:07.0437 1876 SCardSvr - ok
23:35:07.0453 1876 ScFBPNT2 (50b724c9d03111245df270bc3f49f04d) C:\WINDOWS\system32\drivers\ScFBPNT2.SYS
23:35:07.0468 1876 ScFBPNT2 ( UnsignedFile.Multi.Generic ) - warning
23:35:07.0468 1876 ScFBPNT2 - detected UnsignedFile.Multi.Generic (1)
23:35:07.0500 1876 Schedule (0125649b3c00d037e07fd7bcef7b653b) C:\WINDOWS\system32\schedsvc.dll
23:35:07.0578 1876 Schedule - ok
23:35:07.0609 1876 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:35:07.0656 1876 Secdrv - ok
23:35:07.0671 1876 seclogon (881e212e7d5dbc3a09732a9996c0cfd4) C:\WINDOWS\System32\seclogon.dll
23:35:07.0765 1876 seclogon - ok
23:35:07.0781 1876 SENS (00b0a54474e8f99fd43d108446f0d5be) C:\WINDOWS\system32\sens.dll
23:35:07.0890 1876 SENS - ok
23:35:07.0921 1876 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:35:08.0000 1876 serenum - ok
23:35:08.0015 1876 Serial (fa9c4c4ac544301fa13c5c00a270399f) C:\WINDOWS\system32\DRIVERS\serial.sys
23:35:08.0125 1876 Serial - ok
23:35:08.0140 1876 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:35:08.0250 1876 Sfloppy - ok
23:35:08.0265 1876 SharedAccess (0dc5698be9bbfe9673eb80a0d65d17e5) C:\WINDOWS\System32\ipnathlp.dll
23:35:08.0359 1876 SharedAccess - ok
23:35:08.0390 1876 ShellHWDetection (dbcf824ba771a1f27e6f5124d0516358) C:\WINDOWS\System32\shsvcs.dll
23:35:08.0468 1876 ShellHWDetection - ok
23:35:08.0484 1876 Simbad - ok
23:35:08.0484 1876 Sparrow - ok
23:35:08.0531 1876 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
23:35:08.0609 1876 splitter - ok
23:35:08.0625 1876 Spooler (1cf5af263287cf6febf31539833eaf4a) C:\WINDOWS\system32\spoolsv.exe
23:35:08.0718 1876 Spooler - ok
23:35:08.0718 1876 sr (3c151d50cf3ae1683c6e3ec201b2ad3d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:35:08.0765 1876 sr - ok
23:35:08.0781 1876 srservice (c791d16bf25264738b14873436293bd0) C:\WINDOWS\system32\srsvc.dll
23:35:08.0843 1876 srservice - ok
23:35:08.0859 1876 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
23:35:08.0953 1876 Srv - ok
23:35:08.0984 1876 SSDPSRV (4aff5ea8bf2362c3d5001295fdeb3abd) C:\WINDOWS\System32\ssdpsrv.dll
23:35:09.0062 1876 SSDPSRV - ok
23:35:09.0078 1876 stisvc (fffa385feadc60175c653afb215f539a) C:\WINDOWS\system32\wiaservc.dll
23:35:09.0187 1876 stisvc - ok
23:35:09.0203 1876 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:35:09.0281 1876 swenum - ok
23:35:09.0296 1876 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:35:09.0390 1876 swmidi - ok
23:35:09.0390 1876 SwPrv - ok
23:35:09.0406 1876 symc810 - ok
23:35:09.0406 1876 symc8xx - ok
23:35:09.0421 1876 sym_hi - ok
23:35:09.0421 1876 sym_u3 - ok
23:35:09.0437 1876 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:35:09.0546 1876 sysaudio - ok
23:35:09.0562 1876 SysmonLog (69c20e092a03e619108accdb62fedd18) C:\WINDOWS\system32\smlogsvc.exe
23:35:09.0671 1876 SysmonLog - ok
23:35:09.0687 1876 TapiSrv (c2dc3f102c351fa6d4bdaf2b927eafc2) C:\WINDOWS\System32\tapisrv.dll
23:35:09.0796 1876 TapiSrv - ok
23:35:09.0812 1876 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:35:09.0906 1876 Tcpip - ok
23:35:09.0921 1876 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:35:10.0000 1876 TDPIPE - ok
23:35:10.0015 1876 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:35:10.0109 1876 TDTCP - ok
23:35:10.0109 1876 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:35:10.0203 1876 TermDD - ok
23:35:10.0218 1876 TermService (c2038466be5a6a76efd592fa0b459e17) C:\WINDOWS\System32\termsrv.dll
23:35:10.0328 1876 TermService - ok
23:35:10.0343 1876 Themes (dbcf824ba771a1f27e6f5124d0516358) C:\WINDOWS\System32\shsvcs.dll
23:35:10.0437 1876 Themes - ok
23:35:10.0453 1876 TlntSvr (2b7f532a887e4b942415fcd8ad40af5f) C:\WINDOWS\system32\tlntsvr.exe
23:35:10.0515 1876 TlntSvr - ok
23:35:10.0515 1876 TosIde - ok
23:35:10.0531 1876 TrkWks (bf0b2a43c17c4bbd38b8d8e10be980c1) C:\WINDOWS\system32\trkwks.dll
23:35:10.0640 1876 TrkWks - ok
23:35:10.0703 1876 TuneUp.UtilitiesSvc (a3f474966e0f4cd4b560186896966984) C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
23:35:10.0796 1876 TuneUp.UtilitiesSvc - ok
23:35:10.0812 1876 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
23:35:10.0812 1876 TuneUpUtilitiesDrv - ok
23:35:10.0875 1876 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:35:10.0968 1876 Udfs - ok
23:35:10.0968 1876 ultra - ok
23:35:10.0984 1876 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
23:35:11.0093 1876 Update - ok
23:35:11.0109 1876 upnphost (4b48358383940f6e559da2f64753029f) C:\WINDOWS\System32\upnphost.dll
23:35:11.0171 1876 upnphost - ok
23:35:11.0171 1876 UPS (fcd517bf3db339f5d18ede1a95d72f71) C:\WINDOWS\System32\ups.exe
23:35:11.0265 1876 UPS - ok
23:35:11.0281 1876 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:35:11.0375 1876 usbccgp - ok
23:35:11.0390 1876 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:35:11.0484 1876 usbehci - ok
23:35:11.0484 1876 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:35:11.0578 1876 usbhub - ok
23:35:11.0609 1876 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:35:11.0687 1876 usbohci - ok
23:35:11.0718 1876 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:35:11.0828 1876 usbprint - ok
23:35:11.0843 1876 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:35:11.0937 1876 usbstor - ok
23:35:11.0968 1876 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:35:12.0046 1876 VgaSave - ok
23:35:12.0062 1876 ViaIde - ok
23:35:12.0062 1876 VolSnap (d6ec4aff061665a10f0b1a9517d338e3) C:\WINDOWS\system32\drivers\VolSnap.sys
23:35:12.0156 1876 VolSnap - ok
23:35:12.0171 1876 VSS (e8649ec7621b5ae45a29164cae41a6df) C:\WINDOWS\System32\vssvc.exe
23:35:12.0234 1876 VSS - ok
23:35:12.0265 1876 W32Time (13835c57c973519f82b27ea506239369) C:\WINDOWS\system32\w32time.dll
23:35:12.0359 1876 W32Time - ok
23:35:12.0359 1876 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:35:12.0453 1876 Wanarp - ok
23:35:12.0453 1876 WDICA - ok
23:35:12.0468 1876 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
23:35:12.0562 1876 wdmaud - ok
23:35:12.0578 1876 WebClient (a7096ff98f9ffb9f36e1ba3fcd4591cd) C:\WINDOWS\System32\webclnt.dll
23:35:12.0671 1876 WebClient - ok
23:35:12.0703 1876 winmgmt (3e8df5e4f0e6419801ff5f568cc8c531) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:35:12.0812 1876 winmgmt - ok
23:35:12.0843 1876 WmdmPmSN (482069cda24aa0e94b1351e30eb3d01f) C:\WINDOWS\system32\MsPMSNSv.dll
23:35:12.0859 1876 WmdmPmSN - ok
23:35:12.0906 1876 Wmi (d8f738e92ea2122f5767acd5378c732b) C:\WINDOWS\System32\advapi32.dll
23:35:13.0031 1876 Wmi - ok
23:35:13.0062 1876 WmiApSrv (2710bf9b02bc92d352cfcabac64918fa) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:35:13.0156 1876 WmiApSrv - ok
23:35:13.0171 1876 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:35:13.0265 1876 WS2IFSL - ok
23:35:13.0296 1876 wscsvc (fa7335c49f09d764cd6e507b946cd8d1) C:\WINDOWS\system32\wscsvc.dll
23:35:13.0375 1876 wscsvc - ok
23:35:13.0390 1876 wuauserv (eeda22e0c570c7204724c3a30a0b1a40) C:\WINDOWS\system32\wuauserv.dll
23:35:13.0484 1876 wuauserv - ok
23:35:13.0500 1876 WZCSVC (e28bb7bb83250346eb4e71134acd5627) C:\WINDOWS\System32\wzcsvc.dll
23:35:13.0609 1876 WZCSVC - ok
23:35:13.0625 1876 xmlprov (843e0db8042a8c0d749eb2b9efa54f24) C:\WINDOWS\System32\xmlprov.dll
23:35:13.0718 1876 xmlprov - ok
23:35:13.0734 1876 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk0\DR0
23:35:17.0031 1876 \Device\Harddisk0\DR0 - ok
23:35:17.0046 1876 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:35:17.0281 1876 \Device\Harddisk1\DR1 - ok
23:35:17.0281 1876 MBR (0x1B8) (792f61657fece3d17a9122b4ee282847) \Device\Harddisk2\DR2
23:35:17.0453 1876 \Device\Harddisk2\DR2 - ok
23:35:17.0453 1876 MBR (0x1B8) (776a1c7438328c525f85284196c63a74) \Device\Harddisk3\DR9
23:35:18.0390 1876 \Device\Harddisk3\DR9 - ok
23:35:18.0390 1876 MBR (0x1B8) (72147b53a0cd49ddfa081f91cd2a52fd) \Device\Harddisk4\DR10
23:35:19.0312 1876 \Device\Harddisk4\DR10 - ok
23:35:19.0328 1876 Boot (0x1200) (faa57471e7885b7d2b974d0186faa259) \Device\Harddisk0\DR0\Partition0
23:35:19.0328 1876 \Device\Harddisk0\DR0\Partition0 - ok
23:35:19.0328 1876 Boot (0x1200) (a79a7343789de4da1a06397da95b4e3d) \Device\Harddisk1\DR1\Partition0
23:35:19.0328 1876 \Device\Harddisk1\DR1\Partition0 - ok
23:35:19.0343 1876 Boot (0x1200) (7069e2b580355f60c4142fa02a51bbb3) \Device\Harddisk1\DR1\Partition1
23:35:19.0343 1876 \Device\Harddisk1\DR1\Partition1 - ok
23:35:19.0359 1876 Boot (0x1200) (b7ca1dd3220fa4124ae1909a6ead8e38) \Device\Harddisk1\DR1\Partition2
23:35:19.0359 1876 \Device\Harddisk1\DR1\Partition2 - ok
23:35:19.0359 1876 Boot (0x1200) (75217757b5828ffe5ca73062c4d49cf3) \Device\Harddisk2\DR2\Partition0
23:35:19.0359 1876 \Device\Harddisk2\DR2\Partition0 - ok
23:35:19.0375 1876 Boot (0x1200) (c8e823a6049ef20fb5b0810c58843bb9) \Device\Harddisk2\DR2\Partition1
23:35:19.0375 1876 \Device\Harddisk2\DR2\Partition1 - ok
23:35:19.0375 1876 ============================================================
23:35:19.0375 1876 Scan finished
23:35:19.0375 1876 ============================================================
23:35:19.0390 2920 Detected object count: 4
23:35:19.0390 2920 Actual detected object count: 4
23:37:50.0250 2920 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:50.0250 2920 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:37:50.0250 2920 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:50.0250 2920 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:37:50.0265 2920 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:50.0265 2920 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:37:50.0265 2920 ScFBPNT2 ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:50.0265 2920 ScFBPNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip




So, is the recursive nested escheresque directory OK?
Should I worry about it?
Is one of Kaspersky suspects the real culprit?

Also, no pop-up message has appeared since I restarted Malwarebytes after closing tdsskiller.exe... and that was about 15 minutes ago. I'll start uTorrent and see what happens.

The first pop-up just greeted me. Oh, well. One can dream, I suppose.

Edited by byayoi, 12 May 2012 - 11:24 PM.

  • 0

#12
Essexboy
Posted 13 May 2012 - 05:00 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have checked out that IP address - it is in China, Shanghai. The analysis can be found here

At the moment that looks to be down

C:\Documents and Settings\Casita\Escritorio\Feng Shui Numerology 3.16.lnk looked to be a Chinese programme so I tracked this one down to the results displayed here which is a tad suspicious

Also your main torrent page is definitiely suspicious Details

Is Firefox your main browser ?
  • 0

#13
byayoi
Posted 13 May 2012 - 02:25 PM

byayoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Yes, Firefox is my main browser. I almost never use Internet Explorer.
I'll uninstall Feng Shui Numerology 3.16, and see what happens.
TokyoToshokan is a veteran anime tracker. I find it very difficult to believe that the problem comes from them, but then again, I'm stuck with a virus/thingy that keeps trying to contact some offline server in China. I'll disable the TokyoToshokan search tool and the RSS Feed.

Would it be a good idea to uninstall uTorrent and install Vuse? Just to see what happens.

Also, is there a way that Malwarebytes might be infected? I ask because it takes about 20 seconds to Malwarebytes to appear after I double-click on it's desktop icon or it's tray icon; and, do you remember that I mentioned that I used Rogue Killer before I asker for your help? This is part of the last log it created:



RogueKiller V7.4.3 [05/04/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Casita [Admin rights]
Mode: Scan -- Date: 05/07/2012 13:52:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[BLACKLIST DLL] HKLM\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript) -> FOUND




Should I uninstall and redownload Malwarebytes?
Am I been too paranoid?
  • 0

#14
Essexboy
Posted 13 May 2012 - 03:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes try Vuse, I am not overly concerned with regards to Malwarebytes blocking as Avast webshield is vastly superior in that field , plus it is incoming so it might just be a probe.

Casita IP-BLOCK 222.65.37.90 (Type: incoming) which means your system is not generating the contact

I would just disable rather than uninstall any programmes at this stage

Also could you try IE and see if you get the same hits generated
  • 0

#15
byayoi
Posted 13 May 2012 - 05:54 PM

byayoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OK, I'll install Vuse (without uninstalling uTorrent) and see what happens.
And I'll download the new version of IE. I think the one I have right now is IE 6 or something like that, and I'm quite sure that's not good.

I re-downloaded, uninstalled and re-installed Malwarebytes. And the Feng Sui programme has gone to meet it's ancestors. But the pop-ups are still popping.


Well, I'm off to download the newest version of IE that can run with WinXP SP2.

Should I run any kind of test after installing the new IE?

Edited by byayoi, 13 May 2012 - 05:55 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP