avast! and Malwarebytes pop-ups that say "potentially maliciou - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

avast! and Malwarebytes pop-ups that say "potentially maliciou

#31 byayoi

  • Group: Member
  • Posts: 21
  • Joined: 07-May 12

Posted 27 May 2012 - 12:47 PM

Hello.
I suppose you are already on vacation, and I haven't had the time to uninstall uTorrent again.
I had already uninstalled uTorrent once, as I explained on the same May 10th, 2012 replay, but I suppose I can do it again.

Spoiler

I'll try to do it this Wednesday and I'll keep you informed.
Have a nice vacation! :happy:

#32 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,415
  • Joined: 31-May 06

Posted 02 June 2012 - 10:31 AM

Hi i have been doing some research on this with the various cases I am currently running... And it seems as though Malwarebytes does not like some of the torrent servers

So as long as Avast webshield is not having a problem then I consider it to be a Malwarebytes issue as opposed to a malware problem - all scans are coming up clean. Are you experiencing any other problems ?

#33 byayoi

  • Group: Member
  • Posts: 21
  • Joined: 07-May 12

Posted 02 June 2012 - 12:35 PM

Hello, welcome back.
About your question, I'm not sure. The systems seems to run at the same speed as it ran before the pop-ups, and apart from the internet stopping and me having to reboot sometimes, or a windows' "blue screen of the dead" after I tried to run photoshop to edit a really big image file of about 50 layers, or the fact that last week I had to re-install Firefox because it kept announcing that it had crashed and couldn't re-open my tabs instead of just starting a new browser window, apart from all these, everything seems normal.
I had to use a memory stick to move some files and print some others, and the computers I have used that memory stick with haven't found any virus or started behaving like this one.
So I'm a little bit confused. Could this really be just some Malwarebytes issue with some torrent servers? And what is trying to contact them? Because even if I don't run uTorrent something keeps trying to contact them.

I'll await your next instructions. :happy:

#34 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,415
  • Joined: 31-May 06

Posted 02 June 2012 - 12:51 PM

OK next stage will be to update to SP3

Download from here
Then install, once done then run a fresh OTL scan for me please

#35 byayoi

  • Group: Member
  • Posts: 21
  • Joined: 07-May 12

Posted 02 June 2012 - 01:40 PM

Ok. I'm downloading the SP3... I'll let you know when it's finished and I've run the OTL scan.

#36 byayoi

  • Group: Member
  • Posts: 21
  • Joined: 07-May 12

Posted 03 June 2012 - 08:46 PM

Hello!
The Service pack 3 is installed.
The pop-ups stopped while uTorrent it's not running, and they begin to appear when it starts.
Here's the OTL.txt:


OTL logfile created on: 03/06/2012 07:48:09 p.m. - Run 5
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Casita\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 77.81% Memory free
4.84 Gb Paging File | 4.38 Gb Available in Paging File | 90.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 127.99 Gb Total Space | 36.74 Gb Free Space | 28.70% Space Free | Partition Type: NTFS
Drive E: | 104.90 Gb Total Space | 13.75 Gb Free Space | 13.11% Space Free | Partition Type: NTFS
Drive F: | 12.16 Gb Total Space | 8.63 Gb Free Space | 70.94% Space Free | Partition Type: NTFS
Drive G: | 279.46 Gb Total Space | 15.32 Gb Free Space | 5.48% Space Free | Partition Type: NTFS
Drive H: | 97.66 Gb Total Space | 20.44 Gb Free Space | 20.93% Space Free | Partition Type: NTFS
Drive I: | 123.06 Gb Total Space | 33.01 Gb Free Space | 26.83% Space Free | Partition Type: NTFS

Computer Name: NEGRITA | User Name: Casita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Casita\Escritorio\OTL.exe (OldTimer Tools)
PRC - C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Archivos de programa\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Archivos de programa\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Archivos de programa\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Archivos de programa\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Archivos de programa\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Archivos de programa\AVAST Software\Avast\defs\12060301\algo.dll ()
MOD - C:\Archivos de programa\Mozilla Firefox\mozjs.dll ()
MOD - C:\Archivos de programa\OpenOffice.org 3\program\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (McMPFSvc) -- C:\Archivos de programa\Archivos comunes\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Archivos de programa\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Archivos de programa\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (InCDRm) -- system32\drivers\InCDRm.sys File not found
DRV - (InCDPass) -- system32\drivers\InCDPass.sys File not found
DRV - (InCDFs) -- system32\drivers\InCDFs.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Casita\CONFIG~1\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Archivos de programa\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (aswFW) -- C:\WINDOWS\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswNdis2) -- C:\WINDOWS\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
DRV - (ScFBPNT2) -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-602162358-1563985344-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-602162358-1563985344-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-602162358-1563985344-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-602162358-1563985344-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKU\S-1-5-21-602162358-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Tokyo Toshokan"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: es-MX@dictionaries.addons.mozilla.org:1.1.2
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.8
FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.11
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: rikaichan-jpen@polarcloud.com:2.01.110527
FF - prefs.js..extensions.enabledItems: rikaichan-jpnames@polarcloud.com:2.01.110527
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.7.1
FF - prefs.js..extensions.enabledItems: {db131c55-60c8-4adc-84dc-9e76ab06e2dc}:3.8.0.8
FF - prefs.js..extensions.enabledItems: thepiratebay@mafiaafire.com:0.2.2.23.17022012
FF - prefs.js..extensions.enabledItems: CustomGoogle@mafiaafire.com:1.0.0.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.1
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.1.0.30
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..extensions.enabledItems: {558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB}:3.6
FF - prefs.js..extensions.enabledItems: zigboom.designs@gmail.com:1.3.7
FF - prefs.js..keyword.URL: "http://mx.search.yahoo.com/search?ei=utf-8&fr=megaup&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Archivos de programa\AVAST Software\Avast\WebRep\FF [2012/04/10 11:09:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2012/05/28 17:14:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2012/04/19 19:59:49 | 000,000,000 | ---D | M]

[2012/04/02 07:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Extensions
[2012/05/17 02:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions
[2012/04/02 07:14:52 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2012/04/02 07:14:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/04/02 07:15:00 | 000,000,000 | ---D | M] (MAFIAAFIRE: Gee! No evil!) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\CustomGoogle@mafiaafire.com
[2012/04/02 07:15:00 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012/04/02 07:15:00 | 000,000,000 | ---D | M] (Diccionario español Mexico) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\es-MX@dictionaries.addons.mozilla.org
[2012/04/02 07:14:58 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\firefox@ghostery.com
[2012/04/02 07:14:58 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\rikaichan-jpen@polarcloud.com
[2012/04/02 07:14:57 | 000,000,000 | ---D | M] (Rikaichan Japanese Names Dictionary File) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\rikaichan-jpnames@polarcloud.com
[2012/04/02 07:14:53 | 000,000,000 | ---D | M] (MAFIAAFire: ThePirateBay Dancing!) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\thepiratebay@mafiaafire.com
[2012/04/02 07:14:53 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\extensions\tineye@ideeinc.com
[2008/10/05 15:20:22 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Casita\Datos de programa\Mozilla\Firefox\Profiles\pb6lmcss.default\searchplugins\wwwjdic.xml
[2012/05/28 17:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2012/04/03 05:56:19 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Archivos de programa\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/02/14 21:44:38 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Archivos de programa\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2012/03/07 16:19:52 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Archivos de programa\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012/04/11 22:24:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARCHIVOS DE PROGRAMA\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/03/09 14:57:50 | 000,014,961 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\CASITA\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\PB6LMCSS.DEFAULT\EXTENSIONS\FIREFOX@RED-COG.COM.XPI
[2012/02/16 09:55:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2012/04/11 22:24:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/02 08:58:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Archivos de programa\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/02/16 06:08:43 | 000,001,538 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/16 05:48:01 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:08:43 | 000,000,947 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/16 06:08:43 | 000,001,180 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/16 06:08:43 | 000,001,135 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/05/21 15:16:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Archivos de programa\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Software Update] C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Archivos de programa\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-602162358-1563985344-839522115-1003..\Run: [AnyDVD] C:\Archivos de programa\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - Startup: C:\Documents and Settings\Casita\Menú Inicio\Programas\Inicio\OpenOffice.org 3.1.lnk = C:\Archivos de programa\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1563985344-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1563985344-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-602162358-1563985344-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-602162358-1563985344-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1563985344-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89217D2B-BAF0-4C3E-8291-AA70B0D640AA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Archivos de programa\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Casita\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Casita\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/04 21:47:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/03 19:24:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/06/03 19:02:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/06/03 19:02:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es
[2012/06/03 18:59:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2012/06/03 18:55:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/06/03 17:21:16 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2012/06/03 17:19:53 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2012/06/03 17:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\TuneUp Utilities 2012
[2012/06/03 17:19:33 | 000,000,000 | ---D | C] -- C:\Archivos de programa\TuneUp Utilities 2012
[2012/05/27 17:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\inkscape
[2012/05/27 17:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\Arcos
[2012/05/25 02:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Application Data
[2012/05/24 05:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Mis documentos\NeroVision
[2012/05/22 21:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\Portafolio
[2012/05/22 15:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\Identities
[2012/05/18 00:37:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Casita\IECompatCache
[2012/05/17 23:51:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Casita\PrivacIE
[2012/05/17 19:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Menú Inicio\Programas\Accessories
[2012/05/17 19:47:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Casita\IETldCache
[2012/05/17 19:38:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/05/17 19:38:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/05/17 19:37:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/05/14 21:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\.swt
[2012/05/14 21:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\temp
[2012/05/14 21:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\Conduit
[2012/05/14 20:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Azureus
[2012/05/14 20:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\Azureus
[2012/05/14 20:58:47 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Vuze
[2012/05/14 02:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\Fotos Tiffany
[2012/05/14 00:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\Crochet Stitches VISUAL Encyclopedia
[2012/05/13 19:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\OpenOffice.org
[2012/05/13 19:38:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\OpenOffice.org 3.1
[2012/05/13 19:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\OpenOffice.org 3.1 (es) Installation Files
[2012/05/13 16:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2012/05/13 16:32:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/13 16:32:02 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2012/05/13 15:33:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/12 23:26:36 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Casita\Escritorio\tdsskiller.exe
[2012/05/12 00:51:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Casita\UserData
[2012/05/11 21:55:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/11 21:51:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/11 21:51:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/11 21:51:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/11 21:51:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/11 21:51:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/11 21:51:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/11 21:51:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Casita\Menú Inicio\Programas\Herramientas administrativas
[2012/05/11 21:22:38 | 004,490,121 | R--- | C] (Swearware) -- C:\Documents and Settings\Casita\Escritorio\ComboFix.exe
[2012/05/10 19:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\uTorrent
[2012/05/10 18:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\uTorrent
[2012/05/08 21:33:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/07 14:15:39 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Casita\Escritorio\OTL.exe
[2012/05/07 03:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\RK_Quarantine
[2012/05/06 12:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\NortonInstaller
[2012/05/05 23:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Escritorio\utmp
[2012/05/05 03:40:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Icons
[2012/05/05 01:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Casita\Datos de programa\TuneUp Software
[2012/05/05 01:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TuneUp Software
[2012/05/05 01:22:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/05/05 01:22:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Common Files
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/03 19:46:46 | 000,494,786 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2012/06/03 19:46:46 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/03 19:46:46 | 000,085,472 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2012/06/03 19:46:46 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/03 19:45:23 | 000,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\.zreglib
[2012/06/03 19:44:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/03 19:27:10 | 001,579,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/03 19:25:45 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/03 19:25:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/03 19:22:26 | 000,002,639 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/03 18:58:49 | 000,251,168 | RHS- | M] () -- C:\ntldr
[2012/06/03 17:20:51 | 000,000,353 | RHS- | M] () -- C:\boot.ini
[2012/06/03 17:19:51 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp 1-Click Maintenance.lnk
[2012/06/03 17:19:51 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp Utilities 2012.lnk
[2012/06/03 15:58:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2012/06/03 00:19:41 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/01 17:56:37 | 000,004,792 | ---- | M] () -- C:\Documents and Settings\Casita\.recently-used.xbel
[2012/06/01 17:56:14 | 000,062,979 | ---- | M] () -- C:\Documents and Settings\Casita\Mis documentos\puerta.png
[2012/05/28 21:42:22 | 000,136,005 | ---- | M] () -- C:\Documents and Settings\Casita\Mis documentos\ventana 4.png
[2012/05/28 21:37:47 | 000,149,135 | ---- | M] () -- C:\Documents and Settings\Casita\Mis documentos\ventana 4.svg
[2012/05/28 21:33:02 | 000,211,874 | ---- | M] () -- C:\Documents and Settings\Casita\Mis documentos\ventana 3.svg
[2012/05/28 20:31:39 | 000,145,984 | ---- | M] () -- C:\Documents and Settings\Casita\Mis documentos\ventana 2.svg
[2012/05/28 19:48:16 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/28 17:14:52 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Mozilla Firefox.lnk
[2012/05/28 00:05:08 | 000,032,303 | ---- | M] () -- C:\Documents and Settings\Casita\Mis documentos\ventana.svg
[2012/05/27 21:01:11 | 000,020,083 | ---- | M] () -- C:\Documents and Settings\Casita\Mis documentos\arcos 2.svg
[2012/05/27 19:55:26 | 000,020,107 | ---- | M] () -- C:\Documents and Settings\Casita\Mis documentos\arcos.svg
[2012/05/27 17:44:43 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Inkscape.lnk
[2012/05/25 17:12:31 | 000,000,145 | ---- | M] () -- C:\Documents and Settings\Casita\default.pls
[2012/05/21 15:41:11 | 000,022,107 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\avptool_sysinfo02.zip
[2012/05/21 15:16:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/21 04:33:28 | 000,021,989 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\avptool_sysinfo.zip
[2012/05/19 14:52:44 | 136,117,536 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\AVPTool - setup_11.0.0.1245.x01_2012_05_19_21_09.exe
[2012/05/13 19:40:14 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Casita\Menú Inicio\Programas\Inicio\OpenOffice.org 3.1.lnk
[2012/05/13 19:38:30 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\OpenOffice.org 3.1.lnk
[2012/05/13 16:32:04 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/05/12 23:27:12 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Casita\Escritorio\tdsskiller.exe
[2012/05/12 14:26:26 | 004,490,121 | R--- | M] (Swearware) -- C:\Documents and Settings\Casita\Escritorio\ComboFix.exe
[2012/05/10 19:55:01 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\µTorrent.lnk
[2012/05/08 21:58:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\MBR.dat
[2012/05/08 00:58:03 | 000,000,269 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2012/05/07 14:15:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Casita\Escritorio\OTL.exe
[2012/05/07 03:41:59 | 001,413,120 | ---- | M] () -- C:\Documents and Settings\Casita\Escritorio\RogueKiller.exe
[2012/05/05 03:24:12 | 000,000,413 | ---- | M] () -- C:\Boot.bak
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/03 19:02:36 | 000,666,623 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2012/06/03 19:02:36 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2012/06/03 19:02:36 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2012/06/03 19:02:36 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2012/06/03 19:02:36 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2012/06/03 19:02:36 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2012/06/03 19:02:36 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2012/06/03 19:02:36 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2012/06/03 19:02:36 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2012/06/03 19:02:36 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2012/06/03 19:02:36 | 000,074,638 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2012/06/03 19:02:36 | 000,026,745 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2012/06/03 19:02:36 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2012/06/03 19:02:36 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2012/06/03 19:02:36 | 000,001,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2012/06/03 19:02:36 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2012/06/03 19:02:35 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2012/06/03 19:02:35 | 000,058,412 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2012/06/03 19:02:35 | 000,034,556 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2012/06/03 19:02:35 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2012/06/03 19:02:35 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2012/06/03 19:02:35 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2012/06/03 19:02:35 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2012/06/03 19:02:35 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2012/06/03 19:02:35 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2012/06/03 19:02:35 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2012/06/03 19:02:35 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2012/06/03 19:02:35 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2012/06/03 19:02:35 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2012/06/03 19:02:35 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2012/06/03 19:02:35 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2012/06/03 19:02:35 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2012/06/03 19:02:35 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2012/06/03 19:02:35 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2012/06/03 19:02:35 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2012/06/03 19:02:35 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2012/06/03 19:02:35 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2012/06/03 19:02:35 | 000,001,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2012/06/03 19:02:35 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2012/06/03 19:02:35 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2012/06/03 19:02:35 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2012/06/03 19:02:35 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2012/06/03 19:02:35 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2012/06/03 19:02:34 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2012/06/03 19:02:34 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2012/06/03 19:02:34 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2012/06/03 19:02:34 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2012/06/03 19:02:34 | 000,085,852 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2012/06/03 19:02:34 | 000,066,174 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2012/06/03 19:02:34 | 000,036,714 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2012/06/03 19:02:34 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2012/06/03 19:02:34 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2012/06/03 19:02:34 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2012/06/03 19:02:34 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2012/06/03 19:02:34 | 000,001,488 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2012/06/03 19:02:34 | 000,001,481 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2012/06/03 19:02:34 | 000,001,481 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2012/06/03 19:02:34 | 000,001,453 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2012/06/03 19:02:34 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2012/06/03 19:02:34 | 000,001,251 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2012/06/03 19:02:34 | 000,001,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2012/06/03 19:02:34 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2012/06/03 19:02:34 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2012/06/03 19:02:34 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2012/06/03 19:02:34 | 000,000,812 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2012/06/03 19:02:34 | 000,000,785 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2012/06/03 19:02:34 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2012/06/03 19:02:34 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2012/06/03 19:02:34 | 000,000,736 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2012/06/03 19:02:34 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2012/06/03 19:02:33 | 000,184,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2012/06/03 19:02:33 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2012/06/03 19:02:33 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2012/06/03 19:02:33 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2012/06/03 19:02:33 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2012/06/03 19:02:33 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2012/06/03 19:02:33 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2012/06/03 19:02:33 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2012/06/03 19:02:33 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2012/06/03 19:02:33 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2012/06/03 18:59:05 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2012/06/03 18:59:04 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2012/06/03 18:59:03 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2012/06/03 17:19:51 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\TuneUp Utilities 2012.lnk
[2012/06/03 17:19:51 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp 1-Click Maintenance.lnk
[2012/06/03 17:19:51 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\TuneUp Utilities 2012.lnk
[2012/06/01 17:56:37 | 000,004,792 | ---- | C] () -- C:\Documents and Settings\Casita\.recently-used.xbel
[2012/06/01 17:56:14 | 000,062,979 | ---- | C] () -- C:\Documents and Settings\Casita\Mis documentos\puerta.png
[2012/05/28 21:39:48 | 000,136,005 | ---- | C] () -- C:\Documents and Settings\Casita\Mis documentos\ventana 4.png
[2012/05/28 21:35:27 | 000,149,135 | ---- | C] () -- C:\Documents and Settings\Casita\Mis documentos\ventana 4.svg
[2012/05/28 20:31:50 | 000,211,874 | ---- | C] () -- C:\Documents and Settings\Casita\Mis documentos\ventana 3.svg
[2012/05/28 17:14:52 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Mozilla Firefox.lnk
[2012/05/28 17:14:52 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Mozilla Firefox.lnk
[2012/05/28 16:52:01 | 000,145,984 | ---- | C] () -- C:\Documents and Settings\Casita\Mis documentos\ventana 2.svg
[2012/05/27 21:55:47 | 000,032,303 | ---- | C] () -- C:\Documents and Settings\Casita\Mis documentos\ventana.svg
[2012/05/27 19:58:03 | 000,020,083 | ---- | C] () -- C:\Documents and Settings\Casita\Mis documentos\arcos 2.svg
[2012/05/27 18:33:31 | 000,020,107 | ---- | C] () -- C:\Documents and Settings\Casita\Mis documentos\arcos.svg
[2012/05/27 17:44:47 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Inkscape.lnk
[2012/05/27 17:44:43 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Inkscape.lnk
[2012/05/22 21:14:48 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Casita\default.pls
[2012/05/21 15:42:22 | 000,022,107 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\avptool_sysinfo02.zip
[2012/05/21 04:34:13 | 000,021,989 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\avptool_sysinfo.zip
[2012/05/19 14:25:10 | 136,117,536 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\AVPTool - setup_11.0.0.1245.x01_2012_05_19_21_09.exe
[2012/05/17 19:48:10 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Casita\Menú Inicio\Programas\Internet Explorer.lnk
[2012/05/13 19:40:14 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\Casita\Menú Inicio\Programas\Inicio\OpenOffice.org 3.1.lnk
[2012/05/13 19:38:30 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\OpenOffice.org 3.1.lnk
[2012/05/13 16:32:04 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Malwarebytes Anti-Malware.lnk
[2012/05/11 21:55:33 | 000,000,413 | ---- | C] () -- C:\Boot.bak
[2012/05/11 21:55:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/11 21:51:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/11 21:51:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/11 21:51:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/11 21:51:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/11 21:51:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/10 19:55:01 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\µTorrent.lnk
[2012/05/08 21:58:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\MBR.dat
[2012/05/07 03:42:26 | 001,413,120 | ---- | C] () -- C:\Documents and Settings\Casita\Escritorio\RogueKiller.exe
[2012/04/29 04:45:13 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\.zreglib
[2012/04/02 10:02:59 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2012/04/02 09:22:33 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/04/02 08:40:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/02 08:40:03 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\Casita\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/02 08:30:55 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2012/04/02 08:10:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2012/04/02 07:56:11 | 000,019,824 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2012/04/02 07:56:11 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2012/04/02 07:55:56 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2012/04/02 07:55:50 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2012/04/02 07:30:17 | 000,000,269 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2012/04/02 07:25:55 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012/04/02 07:25:52 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/04/02 07:25:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/04/02 07:16:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/04/02 07:11:45 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/04/02 06:55:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/02 06:55:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/02 06:55:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/02 06:55:22 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/04/01 23:52:05 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/04/01 23:50:46 | 001,579,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2010/08/24 00:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\2monkeys
[2009/11/24 01:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Ableton
[2010/02/25 01:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Aegisub
[2011/12/13 00:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Alawar Stargaze
[2011/02/01 04:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Alien Skin
[2012/01/09 04:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Amaranth Games
[2010/08/22 22:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Anarchy
[2009/10/19 17:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Anvil Studio
[2011/03/27 18:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Artogon
[2010/12/11 23:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Aveyond 3
[2010/11/20 18:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Aveyond I
[2011/11/12 18:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Beep Industries
[2011/12/07 23:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Big Fish Games
[2009/07/02 01:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\BloodTies
[2011/12/05 21:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Blue Tea Games
[2011/11/05 02:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Boomzap
[2011/11/01 00:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\BULKYPIX
[2011/08/26 03:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\calibre
[2011/12/07 22:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\CardBoard Castle
[2011/09/06 00:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Casual Box
[2011/09/08 01:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\casualArts
[2011/07/29 00:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Colibri Games
[2011/07/20 23:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\combustion2008
[2008/09/07 13:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\COWON
[2011/03/20 18:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\DarkParablesBriarRose_BFG
[2011/03/29 00:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Dying for Daylight
[2011/03/27 20:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Dying for Daylight Shared
[2011/05/16 00:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Elephant Games
[2011/11/10 22:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Enki Games
[2011/03/29 23:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Enlightenus
[2011/03/30 19:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Enlightenus2_BFG
[2010/09/17 18:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\ERS G-Studio
[2011/10/17 21:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\ERS Game Studios
[2011/04/03 11:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\FileZilla
[2011/01/18 01:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Flood Light Games
[2011/01/20 20:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Floodlight Games
[2009/12/24 17:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\FreeFLVConverter
[2010/09/23 16:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Freeze Tag
[2011/11/01 22:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Funzai!
[2010/12/12 16:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\GameMill Entertainment
[2010/09/19 21:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Ghost Ship Studios
[2011/09/22 21:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\GO Games
[2011/04/22 23:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\HdO Adventure
[2012/01/19 06:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Hue Forest Entertainment
[2009/09/10 18:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\ImgBurn
[2009/12/06 04:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\inkscape
[2011/09/11 03:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\IOMediaSupport6SZZ001s
[2010/09/19 23:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Lazy Turtle Games
[2010/03/05 21:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Leadertech
[2011/04/28 17:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\LG Electronics
[2010/05/17 00:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\LucasArts
[2011/12/26 21:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\MagicIndie
[2011/04/27 22:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\margrave3_full
[2010/10/04 18:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\MastersOfMystery2
[2010/08/30 00:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Meridian93
[2010/08/18 19:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\MysteryStudio
[2009/02/10 18:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Nokia
[2009/12/03 23:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\OpenOffice.org
[2011/01/16 21:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Phantasmat_bf_ce1
[2011/08/18 14:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\PlayFirst
[2010/09/27 02:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Playrix Entertainment
[2012/03/07 04:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\PriceGong
[2011/08/14 22:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\ProtectDISC
[2011/03/05 22:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Relentless Software
[2011/04/19 17:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Samsung
[2010/09/19 01:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Settlement. Colossus
[2011/07/20 23:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Sony
[2011/09/11 03:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Spinapse
[2011/01/20 22:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\SpinTop Games
[2011/08/18 22:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\SulusGames
[2011/09/11 03:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Suspects and Clues Players
[2011/09/11 03:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Suspects and Clues Prefs
[2010/09/19 23:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Ten Heavens
[2010/09/27 02:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\TheFixerUpper
[2010/01/07 02:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Thinstall
[2012/03/07 19:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\uTorrent
[2010/09/16 22:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\V-Games
[2011/09/17 16:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Vast Studios
[2010/12/24 20:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Virtual Prophecy
[2011/11/06 19:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Vogat Interactive
[2012/01/05 22:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Vso
[2011/02/14 21:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Xoyb
[2010/07/05 01:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Yatec Games
[2011/02/14 23:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\Ykry
[2010/09/30 18:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.NEGRITA\Datos de programa\YoudaGames
[2012/04/10 11:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\AVAST Software
[2012/05/14 20:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Azureus
[2012/05/05 01:22:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Common Files
[2012/04/29 04:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\SlySoft
[2012/05/05 01:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\TuneUp Software
[2012/05/05 01:22:18 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/03/10 00:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aqui\Datos de programa\calibre
[2012/03/09 23:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aqui\Datos de programa\COWON
[2012/04/02 04:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aqui\Datos de programa\uTorrent
[2012/05/03 23:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\Alien Skin
[2012/05/14 21:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\Azureus
[2012/04/24 03:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\calibre
[2012/05/21 18:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\COWON
[2012/05/27 17:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\inkscape
[2012/05/13 19:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\OpenOffice.org
[2012/05/05 03:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\TuneUp Software
[2012/06/03 19:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Casita\Datos de programa\uTorrent
[2012/05/08 01:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser.NEGRITA\Datos de programa\TuneUp Software

========== Purity Check ==========



< End of report >



So uTorrent is the problem, right?

#37 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,415
  • Joined: 31-May 06

Posted 04 June 2012 - 02:09 AM

Yep, MBAM does not like the torrent sites

So you either need to stop the MBAM protection an rely on Avast, or uninstall and cease using torrent

How is the computer behaving otherwise

#38 byayoi

  • Group: Member
  • Posts: 21
  • Joined: 07-May 12

Posted 04 June 2012 - 05:09 PM

It's fine. A little bit faster, I think. It's behaving quite well. I wasn't expecting the installation to be so painless.
No blue screens of death, no un-working internet, everything it's good, at least at the moment.

I think I'll stop using Malwarebytes and rely entirely on avast. At least until I can stop seeding all the torrents that I downloaded last month :happy:

So what's next? :happy:

#39 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,415
  • Joined: 31-May 06

Posted 05 June 2012 - 05:17 AM

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Quote

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image

  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled



Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

#40 byayoi

  • Group: Member
  • Posts: 21
  • Joined: 07-May 12

Posted 06 June 2012 - 06:11 PM

Thank you! :happy:
I have updated Java and downloaded the filehippo update checker.
And the computer seems OK, at least until today.
So I'd like to thank you for all your help and patience, and for all the time you spent thinking in those bizarre pop-ups. I really appreciate all your effort.
I suppose this is good-bye. I'll try hard to stay clean and safe, and I hope Windows XP SP 3 behaves at least for a month or so. ;)

Bye!

#41 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,415
  • Joined: 31-May 06

Posted 07 June 2012 - 11:30 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3