Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

avast! and Malwarebytes pop-ups that say "potentially maliciou


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes once IE8 is installed then go for a quick surf, let me know if either Avast or MBAM give any alerts

If Avast alerts could you screenshot the warning and post it here
  • 0

Advertisements


#17
byayoi

byayoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello.
I installed Vuze and hated it. It installed automatically a tool bar in Firefox that took me ages to remove. And it kept pleading that I installed other things, so I killed it.
And I'm having troubles with the things IE 8 asks me to install before I can install IE 8. The automatic installation keeps failing and I have to download them "by hand". Maybe tomorrow I'll be able to give IE 8 the trial run you asked. Sorry.

On the bright side, there doesn't seem to be as much pop-ups as there used to be. Instead of 3-6 every 2-5 minutes, we are down to 1-3 every 5-15 minutes. Something most have worked at least partially.
I'll write again when IE 8 is installed.
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK thanks for the update

If you need a hand with IE8 then just shout
  • 0

#19
byayoi

byayoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello.
I'm writing using IE 8!
Finally I was able to install it. So far, the pop-ups are keeping to a normal (no more than 4 every 5-15 minutes) and neither avast nor Malwarebytes has raised any alarms.
I've been to Tokyo Toshokan, google, wikipedia and youtube. And all I can say is that IE 8 is slow, very slow.
So other than the fact that I hate this browser, everything seems to be alright.

Should I run any kind of tests now?
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are the popups on any specific site ?

Could you run a fresh OTL quick scan please, there will only be one log this time
  • 0

#21
byayoi

byayoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
They don't seem to be related to any specific site. The pop-ups appear at any time, whether there is a web browser in use or not. Although they seem to have gone into a frenzy in the few minutes it took me to write this.
During the OTL run they seemed to calm down, but didn't disappear, and now all is calmed.


Here's the OTL.Txt:

OTL logfile created on: 19/05/2012 01:36:48 p.m. - Run 4
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Casita\Escritorio
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 66.04% Memory free
4.85 Gb Paging File | 4.03 Gb Available in Paging File | 83.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 127.99 Gb Total Space | 53.50 Gb Free Space | 41.80% Space Free | Partition Type: NTFS
Drive E: | 104.90 Gb Total Space | 24.04 Gb Free Space | 22.92% Space Free | Partition Type: NTFS
Drive F: | 12.16 Gb Total Space | 8.63 Gb Free Space | 70.92% Space Free | Partition Type: NTFS
Drive G: | 279.46 Gb Total Space | 31.61 Gb Free Space | 11.31% Space Free | Partition Type: NTFS
Drive H: | 97.66 Gb Total Space | 20.42 Gb Free Space | 20.91% Space Free | Partition Type: NTFS
Drive I: | 123.06 Gb Total Space | 33.07 Gb Free Space | 26.88% Space Free | Partition Type: NTFS

Computer Name: NEGRITA | User Name: Casita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Archivos de programa\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Documents and Settings\Casita\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Archivos de programa\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Archivos de programa\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Archivos de programa\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Archivos de programa\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstw09.exe (HP)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Archivos de programa\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Archivos de programa\AVAST Software\Avast\defs\12051900\algo.dll ()
MOD - C:\Archivos de programa\AVAST Software\Avast\defs\12051701\algo.dll ()
MOD - C:\Archivos de programa\Mozilla Firefox\mozjs.dll ()
MOD - C:\Archivos de programa\WinRAR\RarExt.dll ()
MOD - C:\Archivos de programa\OpenOffice.org 3\program\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (McMPFSvc) -- C:\Archivos de programa\Archivos comunes\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Archivos de programa\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (InCDRm) -- system32\drivers\InCDRm.sys File not found
DRV - (InCDPass) -- system32\drivers\InCDPass.sys File not found
DRV - (InCDFs) -- system32\drivers\InCDFs.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Casita\CONFIG~1\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (aswFW) -- C:\WINDOWS\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswNdis2) -- C:\WINDOWS\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
DRV - (ScFBPNT2) -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-602162358-1563985344-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-602162358-1563985344-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-602162358-1563985344-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-602162358-1563985344-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKU\S-1-5-21-602162358-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Tokyo Toshokan"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.8
FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.01.110527
FF - prefs.js..extensions.enabledItems: [email protected]:2.01.110527
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.7.1
FF - prefs.js..extensions.enabledItems: {db131c55-60c8-4adc-84dc-9e76ab06e2dc}:3.8.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.2.23.17022012
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.1
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.1.0.30
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..extensions.enabledItems: {558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB}:3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.7
FF - prefs.js..keyword.URL: "http://mx.search.yah...8&fr=megaup&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Archivos de programa\AVAST Software\Avast\WebRep\FF [2012/04/10 11:09:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2012/04/19 19:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2012/04/19 19:59:49 | 000,000,000 | ---D | M]

[2012/04/02 07:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Extensions
[2012/05/17 02:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions
[2012/04/02 07:14:52 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/04/02 07:15:00 | 000,000,000 | ---D | M] (MAFIAAFIRE: Gee! No evil!) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:15:00 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:15:00 | 000,000,000 | ---D | M] (Diccionario español Mexico) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:14:58 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:14:58 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:14:57 | 000,000,000 | ---D | M] (Rikaichan Japanese Names Dictionary File) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:14:53 | 000,000,000 | ---D | M] (MAFIAAFire: ThePirateBay Dancing!) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2012/04/02 07:14:53 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\[email protected]
[2008/10/05 15:20:22 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\searchplugins\wwwjdic.xml
[2012/04/11 22:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2012/04/11 22:24:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/03 05:56:19 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Archivos de programa\Mozilla Firefox\extensions\[email protected]
[2011/02/14 21:44:38 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Archivos de programa\Mozilla Firefox\extensions\[email protected]_bak
[2012/03/07 16:19:52 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Archivos de programa\Mozilla Firefox\extensions\[email protected]_bak2
[2012/04/11 22:24:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARCHIVOS DE PROGRAMA\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/03/09 14:57:50 | 000,014,961 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\CASITA\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\PB6LMCSS.DEFAULT\EXTENSIONS\[email protected]
[2012/02/16 09:55:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2012/04/11 22:24:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/02 08:58:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Archivos de programa\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/02/16 06:08:43 | 000,001,538 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/16 05:48:01 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:08:43 | 000,000,947 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/16 06:08:43 | 000,001,180 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/16 06:08:43 | 000,001,135 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/05/11 22:04:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Archivos de programa\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Software Update] C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Archivos de programa\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-602162358-1563985344-839522115-1003..\Run: [AnyDVD] C:\Archivos de programa\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - Startup: C:\Documents and Settings\Casita\Menú Inicio\Programas\Inicio\OpenOffice.org 3.1.lnk = C:\Archivos de programa\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1563985344-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1563985344-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-602162358-1563985344-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-602162358-1563985344-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1563985344-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89217D2B-BAF0-4C3E-8291-AA70B0D640AA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Archivos de programa\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TuneUp Software\TuneUp Utilities 2012\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TuneUp Software\TuneUp Utilities 2012\WinStyler\tu_logonui.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Casita\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Casita\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/04 21:47:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/18 00:37:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Casita\IECompatCache
[2012/05/17 23:51:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Casita\PrivacIE
[2012/05/17 19:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Menú Inicio\Programas\Accessories
[2012/05/17 19:47:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Casita\IETldCache
[2012/05/17 19:38:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/05/17 19:38:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/05/17 19:37:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/05/14 21:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\.swt
[2012/05/14 21:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\temp
[2012/05/14 21:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\Conduit
[2012/05/14 20:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Azureus
[2012/05/14 20:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\Azureus
[2012/05/14 20:58:47 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Vuze
[2012/05/14 02:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\Fotos Tiffany
[2012/05/14 00:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\Crochet Stitches VISUAL Encyclopedia
[2012/05/13 19:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\OpenOffice.org
[2012/05/13 19:38:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\OpenOffice.org 3.1
[2012/05/13 19:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\OpenOffice.org 3.1 (es) Installation Files
[2012/05/13 16:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2012/05/13 16:32:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/13 16:32:02 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2012/05/13 15:33:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/12 23:26:36 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Casita\Escritorio\tdsskiller.exe
[2012/05/12 00:51:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Casita\UserData
[2012/05/11 21:55:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/11 21:51:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/11 21:51:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/11 21:51:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/11 21:51:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/11 21:51:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/11 21:51:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/11 21:51:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Casita\Menú Inicio\Programas\Herramientas administrativas
[2012/05/11 21:22:38 | 004,490,121 | R--- | C] (Swearware) -- C:\Documents and Settings\Casita\Escritorio\ComboFix.exe
[2012/05/10 19:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\uTorrent
[2012/05/10 18:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\uTorrent
[2012/05/08 21:33:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/07 14:15:39 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Casita\Escritorio\OTL.exe
[2012/05/07 03:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\RK_Quarantine
[2012/05/06 12:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\NortonInstaller
[2012/05/05 23:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\utmp
[2012/05/05 03:53:49 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2012/05/05 03:40:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Icons
[2012/05/05 01:25:06 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2012/05/05 01:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\TuneUp Utilities 2012
[2012/05/05 01:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\TuneUp Software
[2012/05/05 01:24:41 | 000,000,000 | ---D | C] -- C:\Archivos de programa\TuneUp Utilities 2012
[2012/05/05 01:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TuneUp Software
[2012/05/05 01:22:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/05/05 01:22:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Common Files
[2012/05/04 12:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\uTorrent 3.0.0
[2012/05/03 23:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\Alien Skin
[2012/04/30 21:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\Musica Angela
[2012/04/29 04:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\Malwarebytes
[2012/04/29 04:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes
[2012/04/29 04:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Mis documentos\AnyDVDHD
[2012/04/29 04:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\SlySoft
[2012/04/29 04:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\SlySoft
[2012/04/29 04:39:24 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SlySoft
[2012/04/29 03:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\FLEXnet
[2012/04/29 03:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\Adobe
[2012/04/29 03:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\Zachtronics Industries
[2012/04/29 03:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Adobe
[2012/04/26 23:42:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2012/04/26 23:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Zachtronics Industries
[2012/04/24 03:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\Shetland Island Quartet
[2012/04/22 23:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\AVS4YOU
[2012/04/22 23:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Menú Inicio\Programas\AVS4YOU
[2012/04/22 22:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\AVS4YOU
[2012/04/22 22:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\AVS4YOU
[2012/04/22 22:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\AVS video conv
[2012/04/20 00:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Mis documentos\BotaniculaSaves
[2012/04/19 20:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\GOG.com
[2012/04/19 20:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\Apple Computer
[2012/04/19 19:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\QuickTime
[2012/04/19 19:49:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Apple
[2012/04/19 19:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Apple Computer
[2012/04/19 19:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\Apple
[2012/04/19 19:48:55 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Apple Software Update
[2012/04/19 19:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Apple
[2012/04/19 19:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\Apple Computer

========== Files - Modified Within 30 Days ==========

[2012/05/19 13:25:15 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/19 11:58:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2012/05/19 02:11:50 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/17 19:51:12 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/17 19:48:34 | 000,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\.zreglib
[2012/05/17 19:47:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/17 19:47:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/17 19:38:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/14 02:02:25 | 001,580,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/13 19:40:14 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Casita\Menú Inicio\Programas\Inicio\OpenOffice.org 3.1.lnk
[2012/05/13 19:38:30 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\OpenOffice.org 3.1.lnk
[2012/05/13 16:32:04 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/05/12 23:27:12 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Casita\Escritorio\tdsskiller.exe
[2012/05/12 14:26:26 | 004,490,121 | R--- | M] (Swearware) -- C:\Documents and Settings\Casita\Escritorio\ComboFix.exe
[2012/05/11 22:04:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/11 21:55:33 | 000,000,530 | RHS- | M] () -- C:\boot.ini
[2012/05/10 19:55:01 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\µTorrent.lnk
[2012/05/08 21:58:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\MBR.dat
[2012/05/08 00:58:03 | 000,000,269 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2012/05/07 14:15:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Casita\Escritorio\OTL.exe
[2012/05/07 03:41:59 | 001,413,120 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\RogueKiller.exe
[2012/05/05 03:24:12 | 000,000,413 | ---- | M] () -- C:\Boot.bak
[2012/05/05 01:25:04 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp 1-Click Maintenance.lnk
[2012/05/05 01:25:04 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp Utilities 2012.lnk
[2012/05/03 22:01:46 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\The Font Thing.lnk
[2012/04/29 04:39:32 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\AnyDVD.lnk
[2012/04/26 23:41:22 | 000,494,786 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2012/04/26 23:41:22 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/26 23:41:22 | 000,085,472 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2012/04/26 23:41:22 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/26 23:00:04 | 000,000,474 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\SpaceChem.lnk
[2012/04/22 22:59:36 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\AVS Video Converter.lnk
[2012/04/20 00:10:54 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Botanicula.lnk

========== Files Created - No Company Name ==========

[2012/05/17 19:48:10 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Casita\Menú Inicio\Programas\Internet Explorer.lnk
[2012/05/13 19:40:14 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\Casita\Menú Inicio\Programas\Inicio\OpenOffice.org 3.1.lnk
[2012/05/13 19:38:30 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\OpenOffice.org 3.1.lnk
[2012/05/13 16:32:04 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/05/11 21:55:33 | 000,000,413 | ---- | C] () -- C:\Boot.bak
[2012/05/11 21:55:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/11 21:51:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/11 21:51:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/11 21:51:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/11 21:51:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/11 21:51:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/10 19:55:01 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\µTorrent.lnk
[2012/05/08 21:58:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\MBR.dat
[2012/05/07 03:42:26 | 001,413,120 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\RogueKiller.exe
[2012/05/05 01:25:04 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp 1-Click Maintenance.lnk
[2012/05/05 01:25:04 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp Utilities 2012.lnk
[2012/05/05 01:25:03 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\TuneUp Utilities 2012.lnk
[2012/05/03 22:01:46 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\The Font Thing.lnk
[2012/04/29 04:45:13 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\.zreglib
[2012/04/29 04:39:32 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\AnyDVD.lnk
[2012/04/29 03:26:46 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Adobe Photoshop CS3.lnk
[2012/04/29 03:22:21 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Adobe Stock Photos CS3.lnk
[2012/04/29 03:20:50 | 000,001,149 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Adobe ExtendScript Toolkit 2.lnk
[2012/04/29 03:20:20 | 000,000,960 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Adobe Device Central CS3.lnk
[2012/04/29 03:16:02 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Adobe Bridge CS3.lnk
[2012/04/26 23:00:04 | 000,000,474 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\SpaceChem.lnk
[2012/04/22 22:59:36 | 000,000,939 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\AVS Video Converter.lnk
[2012/04/20 00:10:54 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Botanicula.lnk
[2012/04/02 10:02:59 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2012/04/02 09:22:33 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/04/02 08:40:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/02 08:40:03 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/02 08:30:55 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2012/04/02 08:10:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2012/04/02 07:56:11 | 000,019,824 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2012/04/02 07:56:11 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2012/04/02 07:55:56 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2012/04/02 07:55:50 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2012/04/02 07:30:17 | 000,000,269 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2012/04/02 07:25:55 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012/04/02 07:25:52 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/04/02 07:25:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/04/02 07:16:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/04/02 07:11:45 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/04/02 06:55:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/02 06:55:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/02 06:55:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/02 06:55:22 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/04/01 23:52:05 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/04/01 23:50:46 | 001,580,472 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2010/08/24 00:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\2monkeys
[2009/11/24 01:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Ableton
[2010/02/25 01:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Aegisub
[2011/12/13 00:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Alawar Stargaze
[2011/02/01 04:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Alien Skin
[2012/01/09 04:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Amaranth Games
[2010/08/22 22:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Anarchy
[2009/10/19 17:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Anvil Studio
[2011/03/27 18:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Artogon
[2010/12/11 23:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Aveyond 3
[2010/11/20 18:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Aveyond I
[2011/11/12 18:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Beep Industries
[2011/12/07 23:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Big Fish Games
[2009/07/02 01:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\BloodTies
[2011/12/05 21:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Blue Tea Games
[2011/11/05 02:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Boomzap
[2011/11/01 00:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\BULKYPIX
[2011/08/26 03:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\calibre
[2011/12/07 22:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\CardBoard Castle
[2011/09/06 00:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Casual Box
[2011/09/08 01:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\casualArts
[2011/07/29 00:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Colibri Games
[2011/07/20 23:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\combustion2008
[2008/09/07 13:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\COWON
[2011/03/20 18:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\DarkParablesBriarRose_BFG
[2011/03/29 00:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Dying for Daylight
[2011/03/27 20:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Dying for Daylight Shared
[2011/05/16 00:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Elephant Games
[2011/11/10 22:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Enki Games
[2011/03/29 23:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Enlightenus
[2011/03/30 19:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Enlightenus2_BFG
[2010/09/17 18:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\ERS G-Studio
[2011/10/17 21:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\ERS Game Studios
[2011/04/03 11:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\FileZilla
[2011/01/18 01:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Flood Light Games
[2011/01/20 20:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Floodlight Games
[2009/12/24 17:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\FreeFLVConverter
[2010/09/23 16:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Freeze Tag
[2011/11/01 22:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Funzai!
[2010/12/12 16:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\GameMill Entertainment
[2010/09/19 21:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Ghost Ship Studios
[2011/09/22 21:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\GO Games
[2011/04/22 23:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\HdO Adventure
[2012/01/19 06:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Hue Forest Entertainment
[2009/09/10 18:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\ImgBurn
[2009/12/06 04:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\inkscape
[2011/09/11 03:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\IOMediaSupport6SZZ001s
[2010/09/19 23:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Lazy Turtle Games
[2010/03/05 21:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Leadertech
[2011/04/28 17:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\LG Electronics
[2010/05/17 00:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\LucasArts
[2011/12/26 21:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\MagicIndie
[2011/04/27 22:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\margrave3_full
[2010/10/04 18:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\MastersOfMystery2
[2010/08/30 00:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Meridian93
[2010/08/18 19:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\MysteryStudio
[2009/02/10 18:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Nokia
[2009/12/03 23:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\OpenOffice.org
[2011/01/16 21:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Phantasmat_bf_ce1
[2011/08/18 14:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\PlayFirst
[2010/09/27 02:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Playrix Entertainment
[2012/03/07 04:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\PriceGong
[2011/08/14 22:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\ProtectDISC
[2011/03/05 22:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Relentless Software
[2011/04/19 17:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Samsung
[2010/09/19 01:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Settlement. Colossus
[2011/07/20 23:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Sony
[2011/09/11 03:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Spinapse
[2011/01/20 22:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\SpinTop Games
[2011/08/18 22:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\SulusGames
[2011/09/11 03:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Suspects and Clues Players
[2011/09/11 03:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Suspects and Clues Prefs
[2010/09/19 23:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Ten Heavens
[2010/09/27 02:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\TheFixerUpper
[2010/01/07 02:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Thinstall
[2012/03/07 19:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\uTorrent
[2010/09/16 22:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\V-Games
[2011/09/17 16:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Vast Studios
[2010/12/24 20:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Virtual Prophecy
[2011/11/06 19:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Vogat Interactive
[2012/01/05 22:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Vso
[2011/02/14 21:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Xoyb
[2010/07/05 01:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Yatec Games
[2011/02/14 23:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Ykry
[2010/09/30 18:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\YoudaGames
[2012/04/10 11:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\AVAST Software
[2012/05/14 20:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Azureus
[2012/05/05 01:22:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Common Files
[2012/04/29 04:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\SlySoft
[2012/05/05 01:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TuneUp Software
[2012/05/05 01:22:18 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/03/10 00:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aqui\Datos de programa\calibre
[2012/03/09 23:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aqui\Datos de programa\COWON
[2012/04/02 04:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aqui\Datos de programa\uTorrent
[2012/05/03 23:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\Alien Skin
[2012/05/14 21:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\Azureus
[2012/04/24 03:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\calibre
[2012/04/02 08:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\COWON
[2012/05/13 19:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\OpenOffice.org
[2012/05/05 03:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\TuneUp Software
[2012/05/19 13:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\uTorrent
[2012/05/08 01:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser.NEGRITA\Datos de programa\TuneUp Software

========== Purity Check ==========



< End of report >




I've noticed that the Tokyo Toshokan search it's still in Firefox. I'll try to remove it again.
So, what's next?
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will need to go deeper as at the moment I cannot see the cause

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#23
byayoi

byayoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi.
It took 1 day 3 hours and 32 minutes to AVP to finish it's scan... and I mistakenly clicked "Don't delete" in the last moment.


Here's the text file:

Status: Deleted (events: 11)
20/05/2012 12:53:19 p.m. Deleted unknown threat not-a-virus:HackTool.Win32.Agent.heur F:\System Volume Information\_restore{6844B82B-8E32-4C73-8A70-D243C28341BD}\RP57\A0033307.exe Medium
20/05/2012 12:53:19 p.m. Deleted unknown threat not-a-virus:HackTool.Win32.Agent.heur F:\System Volume Information\_restore{6844B82B-8E32-4C73-8A70-D243C28341BD}\RP57\A0033307.exe//PE_Patch.PECompact Medium
20/05/2012 12:53:19 p.m. Deleted unknown threat not-a-virus:HackTool.Win32.Agent.heur F:\System Volume Information\_restore{6844B82B-8E32-4C73-8A70-D243C28341BD}\RP57\A0033307.exe//PE_Patch.PECompact//PecBundle Medium
20/05/2012 12:53:19 p.m. Deleted unknown threat not-a-virus:HackTool.Win32.Agent.heur F:\System Volume Information\_restore{6844B82B-8E32-4C73-8A70-D243C28341BD}\RP57\A0033307.exe//PE_Patch.PECompact//PecBundle//PECompact Medium
20/05/2012 01:55:05 p.m. Deleted unknown threat not-a-virus:HackTool.Win32.Agent.heur G:\Downloads\2fXm3rjF_XBOX Backup Creator 2.8.0.275.rar Medium
20/05/2012 01:55:05 p.m. Deleted unknown threat not-a-virus:HackTool.Win32.Agent.heur G:\Downloads\2fXm3rjF_XBOX Backup Creator 2.8.0.275.rar//XBOX Backup Creator 2.8.0.275/Xbox Backup Creator.exe Medium
20/05/2012 01:55:05 p.m. Deleted unknown threat not-a-virus:HackTool.Win32.Agent.heur G:\Downloads\2fXm3rjF_XBOX Backup Creator 2.8.0.275.rar//XBOX Backup Creator 2.8.0.275/Xbox Backup Creator.exe//PE_Patch.PECompact Medium
20/05/2012 01:55:05 p.m. Deleted unknown threat not-a-virus:HackTool.Win32.Agent.heur G:\Downloads\2fXm3rjF_XBOX Backup Creator 2.8.0.275.rar//XBOX Backup Creator 2.8.0.275/Xbox Backup Creator.exe//PE_Patch.PECompact//PecBundle Medium
20/05/2012 01:55:05 p.m. Deleted unknown threat not-a-virus:HackTool.Win32.Agent.heur G:\Downloads\2fXm3rjF_XBOX Backup Creator 2.8.0.275.rar//XBOX Backup Creator 2.8.0.275/Xbox Backup Creator.exe//PE_Patch.PECompact//PecBundle//PECompact Medium
20/05/2012 05:38:16 p.m. Deleted Trojan program Trojan.Win32.Chifrax.a G:\Downloads\LIMBO.THETA.es un rar High
20/05/2012 05:38:16 p.m. Deleted Trojan program Trojan.Win32.Chifrax.a G:\Downloads\LIMBO.THETA.es un rar//LIMBO.v1.0r4.multi9.cracked-THETA/LIMBO.exe High
Status: Detected (events: 1)
20/05/2012 09:43:20 p.m. Detected Trojan program Trojan.Win32.Chifrax.a G:\Downloads\LIMBO.v1.0r4.multi9.cracked-THETA\LIMBO.exe High



And the zip file.

I'm going to sleep now.


Edit: I forgot, the pop-ups are still with us. Good night :D

Attached Files


Edited by byayoi, 21 May 2012 - 03:44 AM.

  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is very similar to one that I recently cleaned on the Avast forum... Lets see if we get the same result

  • Re-run AVPTool
  • Select the Manual Disinfection tab and press Script execution

    Posted Image
  • Where it states Insert text script in the following box copy the below script and press Run script
    Copy from Begin until End

    Posted Image

    begin
     QuarantineFile('C:\WINDOWS\system32\DRIVERS\71860022.sys','');
    SetAVZGuardStatus(True);
    SearchRootkit(true, true);
     QuarantineFile('97295664.sys','');
     DeleteFile('97295664.sys');
     BC_DeleteFile('97295664.sys');
     DeleteFile('C:\WINDOWS\system32\DRIVERS\71860022.sys');
     BC_DeleteFile('C:\WINDOWS\system32\DRIVERS\71860022.sys');
    ClearHostsFile;
    BC_ImportDeletedList;
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.

  • Your system will reboot on completion, if it does not please do so yourself
  • On completion please run another analysis scan and attach the zip file

  • 0

#25
byayoi

byayoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello. I'm awake now.
I copy-pasted the script and ran AVPTools.
My computer re-started.
And the pop-ups with it.
Here's the new zip file.

So, what's next?

Attached Files


  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I am missing something here - could you screenshot one of the popups for me please
  • 0

#27
byayoi

byayoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here it is.
Posted Image


Would you like a "Type: incoming" screenshot also?
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does Avast alert at the same time ?

Could you stop Utorrent from running and let me know if the alerts still come
  • 0

#29
byayoi

byayoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello.
Avast doesn't alert any more. Not since 10 May 2012, as I reported to you in this reply:

The good news is that the avast pop-ups seem to have disappeared.
That is a good sign, right? And at least no other file is trying to contact vip.coralplayer.com.


And the Malwarebyte pop-ups appear even if uTorrent is not running. It takes about 15 minutes after re-starting the computer for the first pop-up to appear. But if I re-start the computer and immediately run uTorrent, then the first pop-up appears with uTorrent.
If then I stop uTorrent, the pop-ups keep appearing, but take much more time to appear.

So, what do I do now?
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you uninstall Utorrent and then reinstall a fresh copy, as it appears to be related to that programme
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP