Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird issue with ZeroAccess removal tools


  • This topic is locked This topic is locked
10 replies to this topic

#1 Ricardo Barreiro

Ricardo Barreiro

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 02 March 2012 - 06:06 PM

Here is what happened last night.

My girlfriend told me that my desktop computer had a virus alert. I'm currently using AVG Free Edition 2012. She tried rebooting the computer but, as you would expect, the virus alert returned.

When I looked at it, there was a message titled "AVG Identity Protection" that said "threat detected", it listed a dll file in the system32 folder as the victim and the threat was a variety of "zeroaccess". The alert offered me to move the file to the vault or do nothing. I tried the first option, but another alert would pop up right away with a different dll file and the same virus. After trying that 5 or 6 times to no avail, I took my notebook computer (which does not seem to be affected) and looked it up online. AVG offered a free tool that is supposed to fix this issue (this is the website from which I downloaded that tool: http://free.avg.com/us-en/remove-win32zeroacces). I disabled system restored as the website advised.

I ran the program and, after a few hours, it told me that, in order to fix some files that were in use by the OS, I had to reboot. When I tried to do just that, the desktop disappeared but, instead of the usual "Windows is shutting down" blue screen, nothing appeared. The HD seemed to be working, so I let it run, just in case the removal tool was actually doing its thing, even though the lack of any visible indication seemed odd.

After three or four hours of black screen and sporadic HD activity, I decided that it was not doing anything, so I turned power off and then on again. However, after the usual BIOS messages, when it came to actually loading the OS, nothing happened, except the same black screen and random HD light flicker. I tried to start in safe mode, but it didn't work either. Finally, I tried to restore my system to the last configuration that worked. That seemed to work, because Windows started in its normal, unsafe mode. However, the virus alert appeared again. It still points to a random dll file in the system32 folder, but instead of identifying the attacker, it just says that the threat is "unknown". When I bring up the task manager, there is no process with a long line of random numbers, which is how most online forums identify the threat. I made sure to check "show processes from all users".

That's the reason why I am not sure if I still have the virus itself or my antivirus is acting up, or maybe both. Just to be on the safe side, I unplugged my desktop computer from the router.

Any help with this case is greatly appreciated. Also, I apologize in advance for any mistakes I might have made while performing the tests, since this is my first time here (I've never found a virus so tenacious that I couldn't just get rid of it by following simple instructions).

Here are the logs (please note that when I performed the following tests I was not connected to the Internet. Also, I had the CD emulator disabled)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Ricardo Barreiro at 16:32:07 on 2012-03-02
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2046.1573 [GMT -3:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
D:\ARCHIV~1\AVG\AVG2012\avgrsx.exe
D:\Archivos de programa\AVG\AVG2012\avgcsrvx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Archivos de programa\AVG\AVG2012\avgwdsvc.exe
D:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
D:\Archivos de programa\Java\jre6\bin\jqs.exe
D:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Archivos de programa\AVG\AVG2012\avgnsx.exe
D:\Archivos de programa\AVG\AVG2012\avgemcx.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Archivos de programa\TomTom HOME 2\TomTomHOMEService.exe
D:\Archivos de programa\AVG\AVG2012\AVGIDSAgent.exe
D:\WINDOWS\Explorer.EXE
D:\Archivos de programa\AVG\AVG2012\avgtray.exe
D:\Archivos de programa\TortoiseSVN\bin\TSVNCache.exe
D:\WINDOWS\DAODx.exe
D:\Archivos de programa\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Archivos de programa\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\WlanCU.exe
D:\Archivos de programa\D-Tools\daemon.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.ar/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\archivos de programa\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\archivos de programa\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] d:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] "d:\archivos de programa\tomtom home 2\TomTomHOMERunner.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG_TRAY] "d:\archivos de programa\avg\avg2012\avgtray.exe"
mRun: [NeroFilterCheck] d:\windows\system32\NeroCheck.exe
mRun: [RunDAOD] d:\windows\DAODx.exe
mRun: [HDAudDeck] d:\archivos de programa\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [NUSB3MON] "d:\archivos de programa\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [APSDaemon] "d:\archivos de programa\archivos comunes\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "d:\archivos de programa\quicktime\QTTask.exe" -atboottime
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] d:\archivos de programa\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\alluse~1\menini~1\progra~1\inicio\adobeg~1.lnk - d:\archivos de programa\archivos comunes\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: d:\docume~1\alluse~1\menini~1\progra~1\inicio\adober~1.lnk - d:\archivos de programa\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: d:\docume~1\alluse~1\menini~1\progra~1\inicio\wirele~1.lnk - d:\archivos de programa\802.11 wireless lan\802.11g usb 2.0 wlan dongle\WlanCU.exe
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - d:\archiv~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\archivos de programa\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{153D2C9D-4B1A-4113-8C59-ADE29297796E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4005C817-8EAE-4754-A3E9-EE452FC6DBFD} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\archivos de programa\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\ricardo barreiro\datos de programa\mozilla\firefox\profiles\lirkv1ga.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (es)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/
FF - prefs.js: network.proxy.type - 0
FF - component: d:\archivos de programa\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: d:\archivos de programa\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\archivos de programa\google\picasa3\npPicasa3.dll
FF - plugin: d:\archivos de programa\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: d:\archivos de programa\microsoft silverlight\4.1.10111.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;d:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;d:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 d347bus;d347bus;d:\windows\system32\drivers\d347bus.sys [2010-12-23 155136]
R0 d347prt;d347prt;d:\windows\system32\drivers\d347prt.sys [2010-12-23 5248]
R1 Avgldx86;AVG AVI Loader Driver;d:\windows\system32\drivers\avgldx86.sys [2010-12-8 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;d:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;d:\windows\system32\drivers\avgtdix.sys [2010-11-12 295248]
R2 AVGIDSAgent;AVGIDSAgent;d:\archivos de programa\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;WatchDog de AVG;d:\archivos de programa\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 nvUpdatusService;NVIDIA Update Service Daemon;d:\archivos de programa\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-5 2253120]
R2 TomTomHOMEService;TomTomHOMEService;d:\archivos de programa\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 AVGIDSDriver;AVGIDSDriver;d:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;d:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;d:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;d:\windows\system32\drivers\nusb3hub.sys [2010-4-26 64904]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;d:\windows\system32\drivers\nusb3xhc.sys [2010-4-26 146568]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;d:\windows\system32\drivers\nvhda32.sys [2011-10-26 119656]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;d:\windows\system32\drivers\viahduaa.sys [2011-10-26 2116480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);d:\archivos de programa\google\update\GoogleUpdate.exe [2011-1-17 135664]
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [2010-12-22 1691480]
S3 gupdatem;Google Update Servicio (gupdatem);d:\archivos de programa\google\update\GoogleUpdate.exe [2011-1-17 135664]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;d:\windows\system32\drivers\RTL8187B.sys [2011-1-8 215040]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-02 09:41:37 4142080 ----a-w- d:\windows\system32\rmzeroaccess.nt
2012-03-02 02:19:54 0 --sha-w- d:\windows\system32\dds_log_trash.cmd
2012-03-02 02:13:47 12288 ----a-w- d:\windows\system32\a.exe
2012-02-25 15:14:50 3072 -c----w- d:\windows\system32\dllcache\iacenc.dll
2012-02-25 15:14:50 3072 ------w- d:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-02-28 17:46:20 285176 ----a-w- d:\windows\system32\nvdrsdb0.bin
2012-02-28 17:46:20 1 ----a-w- d:\windows\system32\nvdrssel.bin
2012-02-28 17:35:59 285176 ----a-w- d:\windows\system32\nvdrsdb1.bin
2012-01-12 17:20:19 1860096 ----a-w- d:\windows\system32\win32k.sys
2011-12-17 19:41:52 916992 ----a-w- d:\windows\system32\wininet.dll
2011-12-17 19:41:52 43520 ------w- d:\windows\system32\licmgr10.dll
2011-12-17 19:41:52 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-12-16 12:23:17 385024 ------w- d:\windows\system32\html.iec
.
============= FINISH: 16:33:33,29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:48 PM

Posted 04 March 2012 - 03:30 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Ricardo Barreiro

Ricardo Barreiro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 05 March 2012 - 10:09 AM

I'm still having exactly the same problem I wrote about in the original post.

Some days ago, my antivirus (AVG Free Edition 2012) reported that a threat had been detected. It identified the threat as a variety of ZeroAccess that infected one DLL file at windows\system32. I don't know exactly what caused that problem, because another person was using the computer at that time. The antivirus offered to move the infected file to the vault, which I did, but then another alert came up mentioning a different DLL file. After trying to move those files to the vault a couple of times, I realized I wasn't getting anywhere, so I looked online.

On the AVG website, they offered a special tool for this particular virus. I downloaded and executed it. It ran fine for about three hours. Then, it asked me to reboot so it could work on files that were in use by the OS. I tried to reset, but the Windows desktop closed to a black screen instead of the usual blue screen with the "Windows is closing" caption. At first, I thought it might actually be doing something, because the HD light came on and off, so I left it alone for a while. After two or three hours, I realized it might have stopped working, so I just turned off the computer and on again. The problem now was that it would not boot. I tried again in safe mode, but it didn't work either. Finally, I tried restoring to the last good configuration and I was able to open Windows again. AVG still showed an alert on a different DLL file, but this time it would not identify the threat, it just says "unknown". If I try to move it to the vault, it shows another alert with a different DLL file. I haven't tried anything else.

Right now, my computer appears to be working fine, except for the virus alerts. I unplugged it from the Internet, just to be on the safe side (I'm not sure if that helps, but it doesn't hurt).

Here are the result you asked for. Since I have the Spanish version of Windows, some items are in Spanish. I hope that's okay with you, otherwise just ask me. Thank you.


OTL

OTL logfile created on: 05/03/2012 10:51:03 a.m. - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = D:\Documents and Settings\Ricardo Barreiro\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,56% Memory free
3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,32% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Archivos de programa
Drive C: | 698,64 Gb Total Space | 227,38 Gb Free Space | 32,55% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 172,90 Gb Free Space | 58,00% Space Free | Partition Type: NTFS
Drive E: | 7,06 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 3,67 Gb Total Space | 1,91 Gb Free Space | 51,94% Space Free | Partition Type: FAT32

Computer Name: HAL-9000 | User Name: Ricardo Barreiro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/05 10:47:16 | 000,584,704 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Archivos de programa\AVG\AVG2012\avgtray.exe
PRC - [2011/11/30 20:07:34 | 000,274,712 | ---- | M] (http://tortoisesvn.net) -- D:\Archivos de programa\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Archivos de programa\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Archivos de programa\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Archivos de programa\AVG\AVG2012\avgemcx.exe
PRC - [2011/10/08 01:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- D:\Archivos de programa\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Archivos de programa\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Archivos de programa\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/10 13:22:48 | 000,032,256 | ---- | M] (C-Dilla Ltd) -- D:\WINDOWS\system32\drivers\CDANTSRV.EXE
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Archivos de programa\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/22 09:21:10 | 000,247,728 | ---- | M] (TomTom) -- D:\Archivos de programa\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 09:21:10 | 000,092,592 | ---- | M] (TomTom) -- D:\Archivos de programa\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/04/26 23:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- D:\Archivos de programa\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/03/30 03:32:40 | 000,032,768 | R--- | M] () -- D:\WINDOWS\DAODx.exe
PRC - [2008/04/13 23:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007/08/29 11:12:10 | 000,606,208 | ---- | M] () -- D:\Archivos de programa\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\WlanCU.exe
PRC - [2005/07/24 23:35:00 | 000,053,248 | ---- | M] (Hewlett-Packard Company) -- D:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/30 20:07:16 | 000,070,424 | ---- | M] () -- D:\Archivos de programa\TortoiseSVN\bin\libsasl32.dll
MOD - [2011/03/27 17:11:04 | 000,094,208 | ---- | M] () -- D:\Archivos de programa\FileZilla FTP Client\fzshellext.dll
MOD - [2009/03/30 03:32:40 | 000,032,768 | R--- | M] () -- D:\WINDOWS\DAODx.exe
MOD - [2007/08/29 11:12:10 | 000,606,208 | ---- | M] () -- D:\Archivos de programa\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\WlanCU.exe
MOD - [2007/08/27 16:18:00 | 000,045,056 | ---- | M] () -- D:\Archivos de programa\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\WlanDll.dll
MOD - [2005/07/20 04:53:04 | 000,966,765 | ---- | M] () -- D:\Archivos de programa\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Archivos de programa\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/08 01:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Archivos de programa\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/10 13:22:48 | 000,032,256 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- D:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Archivos de programa\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/22 09:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- D:\Archivos de programa\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- D:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/07/24 23:35:00 | 000,053,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- D:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- D:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/10 13:22:48 | 000,057,392 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- D:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/07 20:21:30 | 000,119,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/12/22 14:24:50 | 006,088,296 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/12/22 14:24:49 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2010/12/22 14:24:48 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2010/07/06 15:13:10 | 000,234,392 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/04/26 22:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/04/26 22:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/03/09 07:09:24 | 002,116,480 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/09/15 07:56:34 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/09/15 07:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/09/15 07:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/09/15 07:56:24 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 23:19:12 | 000,005,120 | ---- | M] () [Kernel | Disabled | Stopped] -- D:\WINDOWS\System32\i2omp.dll -- (i2omp)
DRV - [2008/04/13 23:19:12 | 000,005,120 | ---- | M] () [Kernel | Disabled | Stopped] -- D:\WINDOWS\System32\cd20xrnt.dll -- (cd20xrnt)
DRV - [2008/04/13 23:19:12 | 000,005,120 | ---- | M] () [Kernel | Disabled | Stopped] -- D:\WINDOWS\System32\atdisk.dll -- (Atdisk)
DRV - [2008/04/13 23:19:12 | 000,005,120 | ---- | M] () [Kernel | Disabled | Stopped] -- D:\WINDOWS\System32\aic78xx.dll -- (aic78xx)
DRV - [2007/05/04 20:40:22 | 000,215,040 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2004/08/12 23:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/08/11 10:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-796845957-854245398-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-796845957-854245398-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-796845957-854245398-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-796845957-854245398-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.ar/
IE - HKU\S-1-5-21-796845957-854245398-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-796845957-854245398-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-796845957-854245398-839522115-1003\..\SearchScopes,DefaultScope = {65B9EA9D-5886-4484-BDD6-397C14DE5DFA}
IE - HKU\S-1-5-21-796845957-854245398-839522115-1003\..\SearchScopes\{3FA8CC6B-842D-4DBA-B243-5FFC9010BE28}: "URL" = http://es.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKU\S-1-5-21-796845957-854245398-839522115-1003\..\SearchScopes\{65B9EA9D-5886-4484-BDD6-397C14DE5DFA}: "URL" = http://www.google.com/search?hl=es&q={searchTerms}&lr=
IE - HKU\S-1-5-21-796845957-854245398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (es)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.ar/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Archivos de programa\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Archivos de programa\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Archivos de programa\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Archivos de programa\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Archivos de programa\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/02/07 15:18:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: D:\Archivos de programa\AVG\AVG2012\Firefox4\ [2012/02/01 08:53:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Archivos de programa\Mozilla Firefox\components [2012/02/29 22:51:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Archivos de programa\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: D:\Archivos de programa\Mozilla Thunderbird\components [2012/02/25 21:36:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: D:\Archivos de programa\Mozilla Thunderbird\plugins [2011/10/31 11:41:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: D:\Archivos de programa\AVG\AVG2012\Thunderbird\ [2011/12/23 09:58:53 | 000,000,000 | ---D | M]

[2010/12/22 13:27:18 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Ricardo Barreiro\Datos de programa\Mozilla\Extensions
[2010/12/22 13:27:18 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Ricardo Barreiro\Datos de programa\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/20 17:42:42 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Ricardo Barreiro\Datos de programa\Mozilla\Extensions\home2@tomtom.com
[2012/02/16 22:25:21 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Ricardo Barreiro\Datos de programa\Mozilla\Firefox\Profiles\lirkv1ga.default\extensions
[2011/03/22 10:24:03 | 000,000,000 | ---D | M] (Simple RSS Reader (SRR)) -- D:\Documents and Settings\Ricardo Barreiro\Datos de programa\Mozilla\Firefox\Profiles\lirkv1ga.default\extensions\{A5475360-A7EA-437b-9A79-29208F476940}
[2012/02/16 22:25:21 | 000,000,000 | ---D | M] (New Tab King) -- D:\Documents and Settings\Ricardo Barreiro\Datos de programa\Mozilla\Firefox\Profiles\lirkv1ga.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2011/07/08 09:45:46 | 000,000,000 | ---D | M] (No name found) -- D:\Archivos de programa\Mozilla Firefox\extensions
[2011/07/08 09:45:46 | 000,000,000 | ---D | M] (Skype extension) -- D:\Archivos de programa\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/01 08:53:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- D:\ARCHIVOS DE PROGRAMA\AVG\AVG2012\FIREFOX4
() (No name found) -- D:\DOCUMENTS AND SETTINGS\RICARDO BARREIRO\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\LIRKV1GA.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012/02/29 22:51:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2012/02/29 22:51:21 | 000,002,252 | ---- | M] () -- D:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2012/02/29 22:51:21 | 000,003,996 | ---- | M] () -- D:\Archivos de programa\mozilla firefox\searchplugins\drae.xml
[2012/02/29 22:51:21 | 000,001,143 | ---- | M] () -- D:\Archivos de programa\mozilla firefox\searchplugins\eBay-es.xml
[2012/02/29 22:51:21 | 000,002,040 | ---- | M] () -- D:\Archivos de programa\mozilla firefox\searchplugins\twitter.xml
[2012/02/29 22:51:21 | 000,001,178 | ---- | M] () -- D:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-es.xml
[2012/02/29 22:51:21 | 000,001,102 | ---- | M] () -- D:\Archivos de programa\mozilla firefox\searchplugins\yahoo-es.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Documents and Settings\Ricardo Barreiro\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = D:\Documents and Settings\Ricardo Barreiro\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = D:\Documents and Settings\Ricardo Barreiro\Configuraci\u00F3n local\Datos de programa\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Archivos de programa\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = D:\Archivos de programa\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Archivos de programa\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = D:\Documents and Settings\Ricardo Barreiro\Configuraci\u00F3n local\Datos de programa\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/08/14 21:21:30 | 000,000,835 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Archivos de programa\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [APSDaemon] D:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] D:\Archivos de programa\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NUSB3MON] D:\Archivos de programa\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\Archivos de programa\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [RunDAOD] D:\WINDOWS\DAODx.exe ()
O4 - HKU\S-1-5-21-796845957-854245398-839522115-1003..\Run: [TomTomHOME.exe] D:\Archivos de programa\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: D:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Gamma Loader.lnk = D:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Speed Launch.lnk = D:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: D:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Wireless Configuration Utility HW.14.lnk = D:\Archivos de programa\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\WlanCU.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-854245398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-854245398-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{153D2C9D-4B1A-4113-8C59-ADE29297796E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4005C817-8EAE-4754-A3E9-EE452FC6DBFD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Archivos de programa\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: D:\Documents and Settings\Ricardo Barreiro\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Ricardo Barreiro\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/21 18:35:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (D:\ARCHIV~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Generación de gráficos vectoriales (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Enlace dinámico de datos HTML para Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autoría avanzada
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Clases Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Actualización de seguridad para Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Carpetas Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Programador de tareas
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - D:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "D:\WINDOWS\system32\rundll32.exe" "D:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - D:\WINDOWS\System32\nwcworkstation.dll ()
NetSvcs: Nwsapagent - File not found
NetSvcs: vnxservice - File not found
NetSvcs: symantecantibotagent - File not found
NetSvcs: Ndisipo - File not found
NetSvcs: svcwrsssdk - File not found
NetSvcs: sfsync02 - File not found
NetSvcs: CTEDSPSY.DLL - File not found
NetSvcs: WmaCDriverV32 - File not found
NetSvcs: mssql$sony_mediamgr - D:\WINDOWS\System32\mssql$sony_mediamgr.dll ()
NetSvcs: ONSIO - File not found
NetSvcs: nsysaudm - File not found
NetSvcs: epson_pm_rpcv4_01 - File not found
NetSvcs: ptserial - File not found
NetSvcs: sqlagent$sony_mediamgr - File not found
NetSvcs: RIOUNIV - File not found
NetSvcs: s117unic - File not found
NetSvcs: iaantmon - File not found
NetSvcs: genmcmn - File not found
NetSvcs: penrendezvous - D:\WINDOWS\System32\penrendezvous.dll ()
NetSvcs: avg7updsvc - File not found
NetSvcs: se59mgmt - File not found
NetSvcs: padfsvr - File not found
NetSvcs: eaps2kbd - File not found
NetSvcs: avgtdi - File not found
NetSvcs: sfsync04 - File not found
NetSvcs: atiavaiw - File not found
NetSvcs: sisidex - File not found
NetSvcs: wap3gx - File not found
NetSvcs: mctskshd.exe - File not found
NetSvcs: ctxhttp - File not found
NetSvcs: elservice - File not found
NetSvcs: wg4n - File not found
NetSvcs: USIUDF - File not found
NetSvcs: hpqwmiex - File not found
NetSvcs: rp_fws - D:\WINDOWS\System32\rp_fws.dll ()
NetSvcs: RimSerPort - D:\WINDOWS\System32\RimSerPort.dll ()
NetSvcs: se2Eunic - D:\WINDOWS\System32\se2Eunic.dll ()
NetSvcs: phnxvcdservice - File not found
NetSvcs: iaimtv4 - D:\WINDOWS\System32\iaimtv4.dll ()
NetSvcs: sis315 - File not found
NetSvcs: caccprovsp - D:\WINDOWS\System32\caccprovsp.dll ()
NetSvcs: SRTSPL - File not found
NetSvcs: incdrm - File not found
NetSvcs: tmesbs32 - File not found
NetSvcs: EpmPsd - File not found
NetSvcs: UpdateCenterService - File not found
NetSvcs: eamon - File not found
NetSvcs: btcsrusb - File not found
NetSvcs: rpaservice - File not found
NetSvcs: retrowdsvc - File not found
NetSvcs: s116mgmt - File not found
NetSvcs: aksusb - File not found
NetSvcs: se27unic - File not found
NetSvcs: USA49W - File not found
NetSvcs: GoBack2K - D:\WINDOWS\System32\GoBack2K.dll ()
NetSvcs: atikmdag - File not found
NetSvcs: n558 - File not found
NetSvcs: nwdls - File not found
NetSvcs: actser - File not found
NetSvcs: symwsc - D:\WINDOWS\System32\symwsc.dll ()
NetSvcs: akshhl - File not found
NetSvcs: NEOFLTR_600_13319 - File not found
NetSvcs: ssdiagn - File not found
NetSvcs: pxfhbus - D:\WINDOWS\System32\pxfhbus.dll ()
NetSvcs: zebrceb - File not found
NetSvcs: Xyz777s - D:\WINDOWS\System32\Xyz777s.dll ()
NetSvcs: ccispwdsvc - File not found
NetSvcs: LHidUsbK - File not found
NetSvcs: RecAgent - D:\WINDOWS\System32\drivers\recagent.sys (Smart Link)
NetSvcs: Si3132 - File not found
NetSvcs: MpFilter - D:\WINDOWS\System32\MpFilter.dll ()
NetSvcs: ehstart - File not found
NetSvcs: radiosvr - File not found
NetSvcs: cq_mem - File not found
NetSvcs: {e2b953a6-195a-44f9-9ba3-3d5f4e32bb55} - File not found
NetSvcs: lvupdtio - File not found
NetSvcs: rtl8185 - File not found
NetSvcs: AYDrvNT_ALYAC - File not found
NetSvcs: tphdexlgsvc - File not found
NetSvcs: websenseuserservice - File not found
NetSvcs: dpfusmgr - File not found
NetSvcs: pepifilter - File not found
NetSvcs: FTSER2K - File not found
NetSvcs: rppkt - D:\WINDOWS\System32\rppkt.dll ()
NetSvcs: WIBUKEY - File not found
NetSvcs: RVIEG01 - File not found
NetSvcs: prosync1 - File not found
NetSvcs: Slpsvdr - File not found
NetSvcs: SISNICXP - File not found
NetSvcs: ASFWHide - File not found
NetSvcs: DivisCTP - File not found
NetSvcs: avgclean - File not found
NetSvcs: SE2Dobex - File not found
NetSvcs: logonsvcid - File not found
NetSvcs: generichidservice - File not found
NetSvcs: dnetc - File not found
NetSvcs: ccalib8 - File not found
NetSvcs: CoachVc - File not found
NetSvcs: alcaudsl - File not found
NetSvcs: s3psddr - File not found
NetSvcs: 3combootp - D:\WINDOWS\System32\3combootp.dll ()
NetSvcs: nuvaud2 - File not found
NetSvcs: cpucoolserver - File not found
NetSvcs: nwlnknb - D:\WINDOWS\System32\drivers\nwlnknb.sys (Microsoft Corporation)
NetSvcs: pgfilter - File not found
NetSvcs: tvichw32 - File not found
NetSvcs: NICSer_WPC300N - File not found
NetSvcs: usnsvc - File not found
NetSvcs: wg6n - File not found
NetSvcs: cpuidlep - File not found
NetSvcs: harmony - D:\WINDOWS\System32\harmony.dll ()
NetSvcs: avgarcln - File not found
NetSvcs: wacommousefilter - File not found
NetSvcs: tosporte - File not found
NetSvcs: SE2Cmdfl - File not found
NetSvcs: tifmsony - File not found
NetSvcs: nvnetbus - File not found
NetSvcs: bdss - File not found
NetSvcs: iaimtv1 - File not found
NetSvcs: sdcoreservice - File not found
NetSvcs: dpc_srv_webcast - File not found
NetSvcs: Ld51ocnucsnp - File not found
NetSvcs: AKSIFDH - File not found
NetSvcs: U81xmdfl - D:\WINDOWS\System32\U81xmdfl.dll ()
NetSvcs: minilog - D:\WINDOWS\System32\minilog.dll ()
NetSvcs: WBHWDOCT - File not found
NetSvcs: avp - File not found
NetSvcs: SE26obex - D:\WINDOWS\System32\SE26obex.dll ()
NetSvcs: tosrfcom - File not found
NetSvcs: SED133x - File not found
NetSvcs: nscservice - File not found
NetSvcs: MSSQL$MSSMLBIZ - File not found
NetSvcs: Appn - D:\WINDOWS\System32\Appn.dll ()
NetSvcs: smartscaps - D:\WINDOWS\System32\smartscaps.dll ()
NetSvcs: ssscsisv - File not found
NetSvcs: SE2Emdfl - File not found
NetSvcs: Tb2RCAssist - File not found
NetSvcs: procexp111 - File not found
NetSvcs: winproxy - File not found
NetSvcs: mssql$pinnaclesys - File not found
NetSvcs: ventrilo - File not found
NetSvcs: s125obex - File not found
NetSvcs: w29n51 - File not found
NetSvcs: com0com - File not found
NetSvcs: tcpipBM - File not found
NetSvcs: MKEMUSB - File not found
NetSvcs: tifm - File not found
NetSvcs: kbfiltr - File not found
NetSvcs: prismxl - File not found
NetSvcs: mfcom - File not found
NetSvcs: cpqfcalm - File not found
NetSvcs: sonypvs1 - File not found
NetSvcs: aolservice - File not found
NetSvcs: cportclm - File not found
NetSvcs: compaq_rba - File not found
NetSvcs: ccs - File not found
NetSvcs: vds - File not found
NetSvcs: vmnetdhcp - File not found
NetSvcs: zpsc - File not found
NetSvcs: citrixwmiservice - File not found
NetSvcs: SQLAgent$MICROSOFTBCM - File not found
NetSvcs: IJPLMSVC - File not found
NetSvcs: intelroam - File not found
NetSvcs: CTERFXFX.DLL - File not found
NetSvcs: MaxtorFrontPanel1 - File not found
NetSvcs: serialkeys - File not found
NetSvcs: ezplay - File not found
NetSvcs: kodakccs - File not found
NetSvcs: WUSB54GCSVC - File not found
NetSvcs: mohfilt - D:\WINDOWS\System32\mohfilt.dll ()
NetSvcs: w800bus - File not found
NetSvcs: WNIPROT5 - D:\WINDOWS\System32\WNIPROT5.dll ()
NetSvcs: awservice - File not found
NetSvcs: afs2k - File not found
NetSvcs: bc_pat_f - File not found
NetSvcs: mlkkbdntdriver - File not found
NetSvcs: server - File not found
NetSvcs: ni_nic - File not found
NetSvcs: pdlnatdl - File not found
NetSvcs: TMBMServer - File not found
NetSvcs: aic116x - File not found
NetSvcs: soma - File not found
NetSvcs: transcode360 - File not found
NetSvcs: sonywbms - File not found
NetSvcs: sysplant - File not found
NetSvcs: sfvfs02 - File not found
NetSvcs: WINFLASH - File not found
NetSvcs: sonicstagemonitoring - D:\WINDOWS\System32\sonicstagemonitoring.dll ()
NetSvcs: inotask - File not found
NetSvcs: PciBus - File not found
NetSvcs: lfsfilt - File not found
NetSvcs: StkASSrv - File not found
NetSvcs: cnmpar21 - File not found
NetSvcs: hpgate - D:\WINDOWS\System32\hpgate.dll ()
NetSvcs: TSHWMDTCP - File not found
NetSvcs: inorpc - File not found
NetSvcs: NMSAccessU - File not found
NetSvcs: se44mdm - File not found
NetSvcs: PSSdk23 - File not found
NetSvcs: oracle_load_balancer_60_server-forms6ip14 - File not found
NetSvcs: lxcj_device - File not found
NetSvcs: rpcsvr4x - File not found
NetSvcs: usnjsvc - File not found
NetSvcs: CdaC15BA - File not found
NetSvcs: irmon - File not found
NetSvcs: snoopfreesvc - D:\WINDOWS\System32\snoopfreesvc.dll ()
NetSvcs: ASDR - File not found
NetSvcs: NVNET - File not found
NetSvcs: mxssvr - File not found
NetSvcs: brmfbags - File not found
NetSvcs: niorbk - File not found
NetSvcs: WmBEnum - File not found
NetSvcs: nod32krn - File not found
NetSvcs: SI3112 - File not found
NetSvcs: fsssvc - File not found
NetSvcs: mclogmanagerservice - File not found
NetSvcs: ELmou - File not found
NetSvcs: tapeware - File not found
NetSvcs: sscdmdfl - File not found
NetSvcs: hcmon - File not found
NetSvcs: pavsrv - File not found
NetSvcs: nmwcdcj - File not found
NetSvcs: WmFilter - File not found
NetSvcs: sifilter - File not found
NetSvcs: zpjobq - File not found
NetSvcs: XDva004 - File not found
NetSvcs: el90xbc - File not found
NetSvcs: dlaudf_m - File not found
NetSvcs: SWNC8U51 - File not found
NetSvcs: sonytvc - File not found
NetSvcs: w300mdfl - File not found
NetSvcs: nicser_wmp11 - File not found
NetSvcs: wcontrol - File not found
NetSvcs: cltnetcnservice - D:\WINDOWS\System32\cltnetcnservice.dll ()
NetSvcs: keriomailserver - File not found
NetSvcs: acdservice - File not found
NetSvcs: UWProSys - D:\WINDOWS\System32\UWProSys.dll ()
NetSvcs: TClass2k - File not found
NetSvcs: ikhlayer - File not found
NetSvcs: FTDIBUS - File not found
NetSvcs: RIOXDRV - File not found
NetSvcs: DSXUSB - File not found
NetSvcs: iaimfp2 - D:\WINDOWS\System32\iaimfp2.dll ()
NetSvcs: winpowermanager - File not found
NetSvcs: srvdpi - File not found
NetSvcs: cimnotify - File not found
NetSvcs: LwUsbHid - File not found
NetSvcs: omniusbl - File not found
NetSvcs: websenseclientdeployservice - File not found
NetSvcs: hpdj - File not found
NetSvcs: symredrv - File not found
NetSvcs: vstor2 - File not found
NetSvcs: wwsecsvc - File not found
NetSvcs: ctsfm2k - File not found
NetSvcs: iwebcal - File not found
NetSvcs: sentinelprotectionserver - File not found
NetSvcs: OsaFsLoc - File not found
NetSvcs: dwusbdnt - File not found
NetSvcs: pivotmou - File not found
NetSvcs: pdlnsv25 - File not found
NetSvcs: FontCache3.0.0.0. - File not found
NetSvcs: diskeeper - File not found
NetSvcs: hwpsgt - File not found
NetSvcs: P16X - File not found
NetSvcs: Cap7134 - File not found
NetSvcs: lanusb - File not found
NetSvcs: mfetdik - File not found
NetSvcs: {834170a7-af3b-4d34-a757-e05eb29ee96d} - File not found
NetSvcs: EUSBMSD - File not found
NetSvcs: avgcoresvc - File not found
NetSvcs: TUWinStylerThemeSvc - File not found
NetSvcs: zntport - File not found
NetSvcs: AF15BDA - File not found
NetSvcs: Wtcls2k - File not found
NetSvcs: carboncopyscheduler - File not found
NetSvcs: winpower - File not found
NetSvcs: obvious - File not found
NetSvcs: nvrd32 - File not found
NetSvcs: pchost - File not found
NetSvcs: UVCFTR - File not found
NetSvcs: zendcoreapache - File not found
NetSvcs: elbydelay - File not found
NetSvcs: WcesComm - File not found
NetSvcs: ood2000 - File not found
NetSvcs: alertmanager - File not found
NetSvcs: Dell1100_FUService - D:\WINDOWS\System32\Dell1100_FUService.dll ()
NetSvcs: clcapsvc - File not found
NetSvcs: Mvc25U870_VID_1262&PID_25FD - File not found
NetSvcs: aalogger - D:\WINDOWS\System32\aalogger.dll ()
NetSvcs: p1131vid - D:\WINDOWS\System32\p1131vid.dll ()
NetSvcs: hpqwmi - File not found
NetSvcs: MRESP50 - File not found
NetSvcs: nvport - File not found
NetSvcs: ISAMSvc - File not found
NetSvcs: ccevtmgr - File not found
NetSvcs: wlancfg - D:\WINDOWS\System32\wlancfg.dll ()
NetSvcs: SE26mgmt - File not found
NetSvcs: dlbx_device - File not found
NetSvcs: pctavsvc - File not found
NetSvcs: incdrec - File not found
NetSvcs: mcmispupdmgr - File not found
NetSvcs: VAIOMediaPlatform-PhotoServer-HTTP - D:\WINDOWS\System32\VAIOMediaPlatform-PhotoServer-HTTP.dll ()
NetSvcs: DMICall - File not found
NetSvcs: pavreport - File not found
NetSvcs: cwafeventrouter - File not found
NetSvcs: sr_watchdog - File not found
NetSvcs: livesrv - File not found
NetSvcs: cebdaldr - File not found
NetSvcs: CTEDSPIO.DLL - File not found
NetSvcs: ctmmfilt - File not found
NetSvcs: NETMDUSB - File not found
NetSvcs: sisnic - D:\WINDOWS\System32\sisnic.dll ()
NetSvcs: houdiniserver - D:\WINDOWS\System32\houdiniserver.dll ()
NetSvcs: pivot - D:\WINDOWS\System32\pivot.dll ()
NetSvcs: WUSB54Gv4SVC - File not found
NetSvcs: pxfhserd - File not found
NetSvcs: raysat3_4_6_18server - File not found
NetSvcs: wpsdrvnt - File not found
NetSvcs: streamloadservice - File not found
NetSvcs: pdengine - File not found
NetSvcs: NetMsmqActivator - D:\WINDOWS\System32\NetMsmqActivator.dll ()
NetSvcs: exfat - File not found
NetSvcs: arcltsrv - File not found
NetSvcs: dirms_defragmentation - File not found
NetSvcs: Gernuwa - File not found
NetSvcs: besclient - File not found
NetSvcs: mcupdmgr.exe - File not found
NetSvcs: nalntservice - D:\WINDOWS\System32\nalntservice.dll ()
NetSvcs: se45bus - File not found
NetSvcs: VAIOMediaPlatform-VideoServer-HTTP - File not found
NetSvcs: vmkbd2 - File not found
NetSvcs: ftrtsvc - File not found
NetSvcs: se58mdm - File not found
NetSvcs: epsonbidirectionalagent - File not found
NetSvcs: cfgwzsvc - File not found
NetSvcs: lxcg_device - File not found
NetSvcs: MR97310_USB_DUAL_CAMERA - File not found
NetSvcs: racsvc - File not found
NetSvcs: HpqKbFiltr - D:\WINDOWS\System32\HpqKbFiltr.dll ()
NetSvcs: cbidf - File not found
NetSvcs: SPLITCAM - File not found
NetSvcs: icam4usb - File not found
NetSvcs: CTEAPSFX.DLL - File not found
NetSvcs: patrol_scheduler - File not found
NetSvcs: APLMp50 - File not found
NetSvcs: idsvc - File not found
NetSvcs: Fd16_700 - File not found
NetSvcs: ctaud2k - File not found
NetSvcs: AmdLLD - File not found
NetSvcs: TBPanel - File not found
NetSvcs: mhn - File not found
NetSvcs: ss_bus - File not found
NetSvcs: nwlnkspx - D:\WINDOWS\System32\drivers\nwlnkspx.sys (Microsoft Corporation)
NetSvcs: GTF32BUS - File not found
NetSvcs: ndiscm - File not found
NetSvcs: qserver - File not found
NetSvcs: avhook - File not found
NetSvcs: IPSECSHM - D:\WINDOWS\System32\IPSECSHM.dll ()
NetSvcs: euq_monitor - File not found
NetSvcs: papycpu2 - File not found
NetSvcs: webrootenterpriseupdateservice - File not found
NetSvcs: googledesktopmanager - File not found
NetSvcs: LHidKe - File not found
NetSvcs: DFUBTUSB - File not found
NetSvcs: slapd-config52 - File not found
NetSvcs: aslm75 - File not found
NetSvcs: usrbridg - File not found
NetSvcs: regmon701 - File not found
NetSvcs: WmHidLo - File not found
NetSvcs: oracle_load_balancer_60_client-forms6i - File not found
NetSvcs: btserial - File not found
NetSvcs: w800obex - File not found
NetSvcs: ibmasrex - File not found
NetSvcs: db2jds - File not found
NetSvcs: tunnelguardservice - File not found
NetSvcs: ireike - File not found
NetSvcs: BTSLBCSP - File not found
NetSvcs: JRAID - File not found
NetSvcs: Jukebox - File not found
NetSvcs: roxupnpserver - File not found
NetSvcs: SiSRaid - File not found
NetSvcs: se58mdfl - File not found
NetSvcs: atksgt - File not found
NetSvcs: EACSvrMngr - D:\WINDOWS\System32\EACSvrMngr.dll ()
NetSvcs: MS1000 - File not found
NetSvcs: iAimFP5 - File not found
NetSvcs: symmpi - File not found
NetSvcs: PBADRV - File not found
NetSvcs: savrt - File not found
NetSvcs: fireport - File not found
NetSvcs: NWADI - File not found
NetSvcs: pcx1nd5 - D:\WINDOWS\System32\pcx1nd5.dll ()
NetSvcs: VNUSB - File not found
NetSvcs: entech - File not found
NetSvcs: msmframework - File not found
NetSvcs: e100b - File not found
NetSvcs: ASNDIS5 - File not found
NetSvcs: nimcdfxk - File not found
NetSvcs: Dfs - File not found
NetSvcs: hpzipr12 - File not found
NetSvcs: RMSvc - File not found
NetSvcs: viairda - File not found
NetSvcs: ZSMC301b - File not found
NetSvcs: z800mdm - File not found
NetSvcs: brmfrmps - File not found
NetSvcs: rspndr - File not found
NetSvcs: w810mdfl - File not found
NetSvcs: dimension4 - File not found
NetSvcs: fallback - File not found
NetSvcs: infrastructure - File not found
NetSvcs: milshieldcleaner - File not found
NetSvcs: naveng - File not found
NetSvcs: vpcnfltr - File not found
NetSvcs: IntuitUpdateService - File not found
NetSvcs: roxliveshare - D:\WINDOWS\System32\roxliveshare.dll ()
NetSvcs: spmd - File not found
NetSvcs: defragfs - File not found
NetSvcs: Mtlstrm - D:\WINDOWS\System32\drivers\mtlstrm.sys (Smart Link)
NetSvcs: scanwscs - File not found
NetSvcs: alcxsens - File not found
NetSvcs: netrcacm - File not found
NetSvcs: mcnasvc - File not found
NetSvcs: tdrpman174 - File not found
NetSvcs: EpmShd - File not found
NetSvcs: tsp - File not found
NetSvcs: netmnt - D:\WINDOWS\System32\netmnt.dll ()
NetSvcs: vhidmini - File not found
NetSvcs: websenserealtimeanalyzer - File not found
NetSvcs: AVerTV - File not found
NetSvcs: RAPIProtocol - File not found
NetSvcs: wlancig - File not found
NetSvcs: MRESP50a64 - D:\WINDOWS\System32\MRESP50a64.dll ()
NetSvcs: NTIDrvr - File not found
NetSvcs: BrUsbSer - File not found
NetSvcs: modemcsa - D:\WINDOWS\System32\modemcsa.dll ()
NetSvcs: i81x - File not found
NetSvcs: alcan5wn - File not found
NetSvcs: se2Bnd5 - File not found
NetSvcs: admservice - File not found
NetSvcs: videX32 - File not found
NetSvcs: BCM43XV - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 10:48:56 | 000,584,704 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\OTL.exe
[2012/03/02 16:31:59 | 000,607,260 | R--- | C] (Swearware) -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\dds.scr
[2012/03/01 23:23:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Datos de programa\Adobe
[2012/03/01 23:14:12 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Ricardo Barreiro\Configuración local\Datos de programa\4bdf2001
[2012/02/10 12:46:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\URUGUAY 2012
[6 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/05 10:47:16 | 000,584,704 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\OTL.exe
[2012/03/05 10:40:16 | 000,001,374 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2012/03/05 10:40:11 | 000,001,054 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/05 10:39:57 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2012/03/04 02:24:10 | 000,001,058 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/02 16:30:28 | 000,607,260 | R--- | M] (Swearware) -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\dds.scr
[2012/03/02 06:41:37 | 004,142,080 | ---- | M] () -- D:\WINDOWS\System32\rmzeroaccess.nt
[2012/03/02 06:41:37 | 000,000,141 | ---- | M] () -- D:\WINDOWS\System32\rmzeroaccess.lst
[2012/03/01 23:19:54 | 000,000,000 | -HS- | M] () -- D:\WINDOWS\System32\dds_log_trash.cmd
[2012/03/01 23:13:47 | 000,012,288 | ---- | M] () -- D:\WINDOWS\System32\a.exe
[2012/03/01 10:11:35 | 090,501,533 | ---- | M] () -- D:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/29 15:02:12 | 000,266,445 | ---- | M] () -- D:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/29 00:28:15 | 000,001,065 | ---- | M] () -- D:\WINDOWS\winamp.ini
[2012/02/28 14:46:20 | 000,285,176 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2012/02/28 14:46:20 | 000,000,001 | ---- | M] () -- D:\WINDOWS\System32\nvdrssel.bin
[2012/02/28 14:35:59 | 000,285,176 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2012/02/27 16:22:02 | 000,080,896 | ---- | M] () -- D:\Documents and Settings\Ricardo Barreiro\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/26 09:09:52 | 000,145,216 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/26 01:42:53 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2012/02/26 01:37:33 | 000,506,020 | ---- | M] () -- D:\WINDOWS\System32\perfh00A.dat
[2012/02/26 01:37:33 | 000,442,500 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2012/02/26 01:37:33 | 000,089,578 | ---- | M] () -- D:\WINDOWS\System32\perfc00A.dat
[2012/02/26 01:37:33 | 000,069,534 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2012/02/23 23:48:57 | 000,712,854 | ---- | M] () -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\Sebastián 2 bmp.bmp
[2012/02/23 23:37:27 | 000,712,854 | ---- | M] () -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\Sebastián.bmp
[2012/02/23 11:26:08 | 000,031,877 | ---- | M] () -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\monoriel.jpg
[2012/02/22 18:44:00 | 000,000,298 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/22 13:04:39 | 000,044,632 | ---- | M] () -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\sokol.jpg
[2012/02/13 02:13:56 | 000,000,646 | ---- | M] () -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\Acceso directo a Seminario.lnk
[6 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/02 06:41:37 | 004,142,080 | ---- | C] () -- D:\WINDOWS\System32\rmzeroaccess.nt
[2012/03/02 06:41:37 | 000,000,141 | ---- | C] () -- D:\WINDOWS\System32\rmzeroaccess.lst
[2012/03/01 23:19:54 | 000,000,000 | -HS- | C] () -- D:\WINDOWS\System32\dds_log_trash.cmd
[2012/03/01 23:13:47 | 000,012,288 | ---- | C] () -- D:\WINDOWS\System32\a.exe
[2012/02/25 12:14:50 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
[2012/02/25 12:14:50 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/23 23:48:57 | 000,712,854 | ---- | C] () -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\Sebastián 2 bmp.bmp
[2012/02/23 23:37:27 | 000,712,854 | ---- | C] () -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\Sebastián.bmp
[2012/02/23 11:26:07 | 000,031,877 | ---- | C] () -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\monoriel.jpg
[2012/02/22 12:50:55 | 000,044,632 | ---- | C] () -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\sokol.jpg
[2012/02/13 02:13:56 | 000,000,646 | ---- | C] () -- D:\Documents and Settings\Ricardo Barreiro\Escritorio\Acceso directo a Seminario.lnk
[2011/12/18 11:36:59 | 000,023,552 | ---- | C] () -- D:\WINDOWS\System32\jesterss.dll
[2011/11/21 01:01:39 | 000,000,025 | ---- | C] () -- D:\WINDOWS\System32\nvModes.dat
[2011/11/09 19:35:21 | 000,000,445 | ---- | C] () -- D:\WINDOWS\EntPack.dat
[2011/11/05 10:54:00 | 002,130,002 | ---- | C] () -- D:\WINDOWS\System32\nvdata.data
[2011/10/26 04:43:19 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2011/10/26 04:38:33 | 000,285,176 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2011/10/26 04:38:33 | 000,285,176 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2011/10/26 04:38:33 | 000,000,001 | ---- | C] () -- D:\WINDOWS\System32\nvdrssel.bin
[2011/10/26 04:38:17 | 002,294,442 | ---- | C] () -- D:\WINDOWS\System32\nvdata.bin
[2011/10/26 04:32:28 | 000,254,000 | R--- | C] ( ) -- D:\WINDOWS\System32\Audio3D.dll
[2011/10/26 04:32:28 | 000,254,000 | R--- | C] ( ) -- D:\WINDOWS\System32\A3D.dll
[2011/10/26 04:30:19 | 000,032,768 | R--- | C] () -- D:\WINDOWS\DAODx.exe
[2011/10/26 04:30:15 | 000,005,810 | R--- | C] () -- D:\WINDOWS\System32\drivers\ASACPI.sys
[2011/10/26 04:30:11 | 000,001,769 | ---- | C] () -- D:\WINDOWS\Language_trs.ini
[2011/02/15 23:44:30 | 001,143,512 | ---- | C] () -- D:\Documents and Settings\Ricardo Barreiro\Datos de programa\NMM-MetaData.db
[2010/12/28 23:15:51 | 000,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2010/12/27 19:07:36 | 000,000,025 | ---- | C] () -- D:\WINDOWS\popcinfot.dat
[2010/12/25 12:45:01 | 000,000,067 | ---- | C] () -- D:\WINDOWS\entpack.ini
[2010/12/24 12:49:55 | 000,001,065 | ---- | C] () -- D:\WINDOWS\winamp.ini
[2010/12/24 12:33:05 | 000,080,896 | ---- | C] () -- D:\Documents and Settings\Ricardo Barreiro\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 14:39:04 | 000,000,379 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2010/12/22 13:27:18 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2010/12/22 12:31:41 | 000,080,416 | R--- | C] () -- D:\WINDOWS\System32\RtNicProp32.dll
[2010/12/22 12:02:15 | 000,032,301 | ---- | C] () -- D:\WINDOWS\Ascd_tmp.ini
[2010/12/22 12:02:12 | 000,005,824 | ---- | C] () -- D:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/12/22 11:50:23 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2010/12/22 11:45:35 | 000,021,900 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2010/12/22 07:39:10 | 000,004,205 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2010/12/22 07:38:00 | 000,145,216 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 23:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- D:\WINDOWS\explorer.exe
[2008/04/13 23:18:57 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- D:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/10/29 09:00:00 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=89C8DD146CEAF482D82822766437D93F -- D:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2008/04/13 23:19:15 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- D:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 23:19:15 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- D:\WINDOWS\system32\winlogon.exe
[2007/10/29 09:00:00 | 000,509,952 | ---- | M] (Microsoft Corporation) MD5=7634CD90F3A930F4D7DCE1EBB64316D8 -- D:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

========== Files - Unicode (All) ==========
[2009/06/19 22:11:50 | 000,000,000 | ---D | M](c:\colegio\Mi m?sica) -- c:\colegio\Mi m�sica
[2009/06/19 22:11:50 | 000,000,000 | ---D | C](c:\colegio\Mi m?sica) -- c:\colegio\Mi m�sica

< End of report >

Extras

OTL Extras logfile created on: 05/03/2012 10:51:03 a.m. - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = D:\Documents and Settings\Ricardo Barreiro\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,56% Memory free
3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,32% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Archivos de programa
Drive C: | 698,64 Gb Total Space | 227,38 Gb Free Space | 32,55% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 172,90 Gb Free Space | 58,00% Space Free | Partition Type: NTFS
Drive E: | 7,06 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 3,67 Gb Total Space | 1,91 Gb Free Space | 51,94% Space Free | Partition Type: FAT32

Computer Name: HAL-9000 | User Name: Ricardo Barreiro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-796845957-854245398-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Archivos de programa\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Archivos de programa\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Archivos de programa\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Archivos de programa\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"55004:UDP" = 55004:UDP:*:Disabled:eMule Kad
"80:TCP" = 80:TCP:*:Enabled:Apache puerto 80

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Archivos de programa\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = D:\Archivos de programa\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"D:\Archivos de programa\eMule\emule.exe" = D:\Archivos de programa\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"D:\Archivos de programa\Google\Google Earth\client\googleearth.exe" = D:\Archivos de programa\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Apache\minixampp\mysql\bin\mysqld.exe" = C:\Apache\minixampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"D:\Archivos de programa\Java\jre6\bin\javaw.exe" = D:\Archivos de programa\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Archivos de programa\AVG\AVG10\avgmfapx.exe" = D:\Archivos de programa\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"D:\Archivos de programa\Free SMTP Server\localsrv.exe" = D:\Archivos de programa\Free SMTP Server\localsrv.exe:*:Enabled:localsrv -- ()
"D:\Archivos de programa\Google\Google Earth\plugin\geplugin.exe" = D:\Archivos de programa\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"D:\Archivos de programa\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe" = D:\Archivos de programa\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants vs. Zombies: Game of the Year -- ()
"D:\Archivos de programa\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe" = D:\Archivos de programa\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:BioShock -- ()
"D:\Archivos de programa\Steam\steamapps\common\ironclads high seas\Ironclads_High_Seas.exe" = D:\Archivos de programa\Steam\steamapps\common\ironclads high seas\Ironclads_High_Seas.exe:*:Enabled:Ironclads: High Seas -- (TotemGames.ru for Strategy First)
"D:\Archivos de programa\Steam\steamapps\common\tropico 3\Tropico3.exe" = D:\Archivos de programa\Steam\steamapps\common\tropico 3\Tropico3.exe:*:Enabled:Tropico 3: Absolute Power -- (Haemimont Games)
"D:\Archivos de programa\Steam\Steam.exe" = D:\Archivos de programa\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Archivos de programa\Steam\steamapps\common\railworks\RailWorks.exe" = D:\Archivos de programa\Steam\steamapps\common\railworks\RailWorks.exe:*:Enabled:Train Simulator 2012 -- (RailSimulator.com)
"D:\Archivos de programa\AVG\AVG2012\avgmfapx.exe" = D:\Archivos de programa\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalador de AVG -- (AVG Technologies CZ, s.r.o.)
"D:\Archivos de programa\Steam\steamapps\common\portal 2\portal2.exe" = D:\Archivos de programa\Steam\steamapps\common\portal 2\portal2.exe:*:Enabled:Portal 2 -- ()
"D:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\WebKit2WebProcess.exe" = D:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"D:\Archivos de programa\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = D:\Archivos de programa\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"D:\Archivos de programa\NGD Studios\Regnum Online\LiveServer\ROClientGame.exe" = D:\Archivos de programa\NGD Studios\Regnum Online\LiveServer\ROClientGame.exe:*:Enabled:RegnumOnline -- (NGD Studios)
"D:\Archivos de programa\NetBeans 7.0.1\bin\netbeans.exe" = D:\Archivos de programa\NetBeans 7.0.1\bin\netbeans.exe:*:Enabled:netbeans -- ()
"D:\Archivos de programa\Steam\steamapps\common\deus ex - human revolution\dxhr.exe" = D:\Archivos de programa\Steam\steamapps\common\deus ex - human revolution\dxhr.exe:*:Enabled:Deus Ex: Human Revolution -- (Square Enix Limited)
"D:\Archivos de programa\AVG\AVG2012\avgnsx.exe" = D:\Archivos de programa\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"D:\Archivos de programa\AVG\AVG2012\avgdiagex.exe" = D:\Archivos de programa\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnóstico 2012 -- (AVG Technologies CZ, s.r.o.)
"D:\Archivos de programa\AVG\AVG2012\avgemcx.exe" = D:\Archivos de programa\AVG\AVG2012\avgemcx.exe:*:Enabled:Analizador de correo personal -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}" = Class_50_Content_Update
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}" = MSTS Patch 1.8.0521 EN
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EFDA3AC-8A61-43C0-B023-33866829C816}" = MySQL Control Center
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2B09E2-6B04-4960-B780-4B0CE90780EE}" = LightScribe 1.4.39.1
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280C0A-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional con FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975CD947-C6FB-11D4-96B7-0010B541D591}" = idrop
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel de control de NVIDIA 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Controlador de gráficos 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software del sistema PhysX 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Actualización de NVIDIA 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Controlador de audio HD 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BF7C1B99-A250-45EF-B186-0C33B7308F95}" = SD40-2_Content_Update
"{C35D17CD-BA79-417F-B10C-1FA095FF5B4B}" = TortoiseSVN 1.7.2.22327 (32 bit)
"{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{EFDA6485-85BF-4CCA-B062-CD254D7E2CBC}_is1" = Regnum Online versión 1.7.8
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless USB 2.0 Adapter HW.14
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{FF5D0751-E692-11D4-99D0-0060B0A11DC1}" = 3ds max 4
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Paquete de controladores de Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Paquete de controladores de Windows - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Paquete de controladores de Windows - Nokia Modem (10/27/2008 3.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"ALCo-MLW RSD35 FA 6418 y 6478" = ALCo-MLW RSD35 FA 6418 y 6478
"AnswerWorks" = AnswerWorks Runtime
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2012
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"Cisternas Petroleros de FA" = Cisternas Petroleros de FA
"Coches FIAT-CONCORD" = Coches FIAT-CONCORD
"Coches Materfer-Pisoiesi Esquema Marrón" = Coches Materfer-Pisoiesi Esquema Marrón
"ConTEXTEditor_is1" = ConTEXT
"Deus Ex" = Deus Ex
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011)
"eMule" = eMule
"EngMod 2.0" = EngMod 2.0
"FIAT 7131" = FIAT 7131
"FileZilla Client" = FileZilla Client 3.4.0
"Free FLV Converter_is1" = Free FLV Converter V 6.94.0
"Free SMTP Server_is1" = Free SMTP Server
"General Electric U13C" = General Electric U13C
"GM GR12 W #6605" = GM GR12 W #6605
"GT22CW 9072 FERROBAIRES" = GT22CW 9072 FERROBAIRES
"ie8" = Windows Internet Explorer 8
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless USB 2.0 Adapter HW.14
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"IrfanView" = IrfanView (remove only)
"LMS" = C-Dilla Licence Management System
"Materfer locales FA" = Materfer locales FA
"Materfer Metropolitano 1" = Materfer Metropolitano 1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 10.0.2 (x86 es-ES)" = Mozilla Firefox 10.0.2 (x86 es-ES)
"Mozilla Thunderbird 10.0.2 (x86 es-AR)" = Mozilla Thunderbird 10.0.2 (x86 es-AR)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Pack de coches Argentinos Nº1_is1" = Pack de coches Argentinos Nº1
"Pack de Tolvas Cementeras de Ferrosur Roca con logo nuevo" = Pack de Tolvas Cementeras de Ferrosur Roca con logo nuevo
"Pack de Vagones Ferrosur Roca" = Pack de Vagones Ferrosur Roca
"Pack GM EMD" = Pack GM EMD
"Picasa 3" = Picasa 3
"Programa de instalación de FR-9003" = Programa de instalación de FR-9003
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"ST6UNST #1" = ConEdit - Deus Ex Conversation Editor
"Steam App 24010" = Train Simulator 2012
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 46710" = Ironclads: High Seas
"Steam App 57600" = Tropico 3: Absolute Power
"Steam App 620" = Portal 2
"Steam App 7670" = BioShock
"SystemRequirementsLab" = System Requirements Lab
"Tolva cementera SAAB-Buriasco_is1" = Tolva cementera SAAB-Buriasco
"Tolvas TM Buriasco Ferrosur 2" = Tolvas TM Buriasco Ferrosur 2
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Total English Starter Screensaver" = Total English Starter Screensaver
"Train Simulator 1.0" = Microsoft Train Simulator
"Tranvía de Buenos Aires - Nº 652" = Tranvía de Buenos Aires - Nº 652
"Vagón cerrado Buriasco" = Vagón cerrado Buriasco
"Vagones "Espina" del Ferrocarril General Belgrano" = Vagones "Espina" del Ferrocarril General Belgrano
"VLC media player" = VLC media player 1.1.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Compresor WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-796845957-854245398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EMD GT22CW FerroBaires 9076" = EMD GT22CW FerroBaires 9076
"GM_GT26MC_9403" = GM_GT26MC_9403
"los Materfer para anden elevado" = los Materfer para anden elevado
"RENFE RETALES para Train Simulator (beta3.5)" = RENFE RETALES para Train Simulator (beta3.5)
"TBA 319-214 RETALES para Train Simulator (v1.0)" = TBA 319-214 RETALES para Train Simulator (v1.0)
"Tolva Balasto Ferrosur Roca" = Tolva Balasto Ferrosur Roca
"Toshiba_Roca" = Toshiba_Roca
"Vagones Cisternas Ferrosur Roca" = Vagones Cisternas Ferrosur Roca
"Vagones Codigo 54 de Ferrosur Roca" = Vagones Codigo 54 de Ferrosur Roca

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/02/2012 12:12:48 p.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 15/02/2012 01:19:51 p.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 15/02/2012 02:22:52 p.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 15/02/2012 04:31:53 p.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 15/02/2012 04:32:31 p.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 18/02/2012 10:51:12 a.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 20/02/2012 03:24:31 a.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 22/02/2012 01:57:00 p.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 23/02/2012 10:26:43 a.m. | Computer Name = HAL-9000 | Source = .NET Runtime | ID = 1023
Description = Application: plugin-container.exe CoreCLR Version: 4.0.60831.0 Description:
The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6
(79150000) with exit code 8013150a.

Error - 23/02/2012 10:26:44 a.m. | Computer Name = HAL-9000 | Source = Application Error | ID = 1000
Description = Aplicación con errores: plugin-container.exe, versión: 9.0.1.4371,
módulo con error: coreclr.dll, versión 4.0.60831.0, dirección de error 0x0013d2a6.

[ Application Events ]
Error - 15/02/2012 12:12:48 p.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 15/02/2012 01:19:51 p.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 15/02/2012 02:22:52 p.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 15/02/2012 04:31:53 p.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 15/02/2012 04:32:31 p.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 18/02/2012 10:51:12 a.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 20/02/2012 03:24:31 a.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 22/02/2012 01:57:00 p.m. | Computer Name = HAL-9000 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 23/02/2012 10:26:43 a.m. | Computer Name = HAL-9000 | Source = .NET Runtime | ID = 1023
Description = Application: plugin-container.exe CoreCLR Version: 4.0.60831.0 Description:
The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6
(79150000) with exit code 8013150a.

Error - 23/02/2012 10:26:44 a.m. | Computer Name = HAL-9000 | Source = Application Error | ID = 1000
Description = Aplicación con errores: plugin-container.exe, versión: 9.0.1.4371,
módulo con error: coreclr.dll, versión 4.0.60831.0, dirección de error 0x0013d2a6.

[ System Events ]
Error - 02/03/2012 05:40:55 a.m. | Computer Name = HAL-9000 | Source = Service Control Manager | ID = 7023
Description = El servicio Us30service terminó con el error: %%5

Error - 02/03/2012 05:41:55 a.m. | Computer Name = HAL-9000 | Source = Service Control Manager | ID = 7023
Description = El servicio AffinegyService terminó con el error: %%5

Error - 02/03/2012 12:16:03 p.m. | Computer Name = HAL-9000 | Source = sr | ID = 1
Description = El filtro de Restaurar sistema encontró el error inesperado "0xC000003A"
mientras procesaba el archivo "_filelst.cfg" en el volumen "HarddiskVolume2". Se
ha detenido la supervisión del volumen.

Error - 02/03/2012 06:38:59 p.m. | Computer Name = HAL-9000 | Source = Service Control Manager | ID = 7023
Description = El servicio Ayuda y soporte técnico terminó con el error: %%126

Error - 04/03/2012 01:12:20 a.m. | Computer Name = HAL-9000 | Source = Service Control Manager | ID = 7023
Description = El servicio Ayuda y soporte técnico terminó con el error: %%126

Error - 04/03/2012 09:59:33 p.m. | Computer Name = HAL-9000 | Source = Windows Update Agent | ID = 16
Description = No se pudo conectar: Windows no se pudo conectar al servicio de Actualizaciones
automáticas y, por lo tanto, no pudo descargar e instalar las actualizaciones según
la programación configurada. Windows seguirá intentando establecer una conexión.

Error - 04/03/2012 10:00:11 p.m. | Computer Name = HAL-9000 | Source = Service Control Manager | ID = 7023
Description = El servicio Ayuda y soporte técnico terminó con el error: %%126

Error - 04/03/2012 10:10:18 p.m. | Computer Name = HAL-9000 | Source = Print | ID = 6161
Description = No se puede imprimir el documento Microsoft Word - DEFINITIVO.doc
propiedad de Ricardo Barreiro en la impresora Canon MP250 series Printer. Tipo de
datos: NT EMF 1.008. Tamaño del archivo de cola de impresión en bytes: 1825672.
Número de bytes impresos: 18560. Número de páginas en el documento: 51. Número
de páginas impresas: 0. Equipo cliente: \\HAL-9000. Código de error Win32 devuelto
por el procesador de impresión: 13 (0xd).

Error - 05/03/2012 05:33:19 a.m. | Computer Name = HAL-9000 | Source = Service Control Manager | ID = 7023
Description = El servicio Ayuda y soporte técnico terminó con el error: %%126

Error - 05/03/2012 09:41:34 a.m. | Computer Name = HAL-9000 | Source = Service Control Manager | ID = 7023
Description = El servicio Ayuda y soporte técnico terminó con el error: %%126


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:48 PM

Posted 05 March 2012 - 03:51 PM

Hi,

The spanish is not going to be a problem. :) I speak a decent Spanish. :wink:

You have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Ricardo Barreiro

Ricardo Barreiro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 05 March 2012 - 08:18 PM

I was thinking of reinstalling my OS, not only because of this virus but because it has been a long time since the last reinstall and it is not running as smoothly as before. I have two disk drives. My C drive contains my personal files, whereas the OS and all programs are installed on the D drive. The problem is, I can't really format both disk drives, because I have many important files that are not backed up. I could, however, unplug the C drive and format the D drive, install the OS and antivirus, etcetera. Then I can try to plug the C drive again, but I'm not sure it won't still be infected.

To sum it up, I can reinstall my OS, but I would rather not format both my disk drives without getting my personal files out somehow. If you think it's not worth to try to fix this problem, at least I would like to be able to get my files out. The problem is I don't know exactly how this virus works, so I don't know how to get my files without risking infection again. If you think it's not worth the effort to try and fix my current OS install, at least I would like to know how to get those files out cleanly.

What would you advise? Thank you very much.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:48 PM

Posted 06 March 2012 - 05:31 AM

Hi,

if your C-drive does not contain any executables you should not need to reformat it. Once you're done reformatting and installing an anti virus program, attach the drive while pressing shift and run a scan with your anti virus program on it before opening it. If that comes up clean, it's likely not going to be infected.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Ricardo Barreiro

Ricardo Barreiro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 06 March 2012 - 10:52 PM

Right now, I've formatted and reinstalled Windows on one of my disks. Afterwards, I ran a virus scan on the disk with my personal files. AVG came up with five instances of Trojan Agent.AVKQ. After the scan was complete, two of the files were moved to the vault, whereas the remainder were deleted (they were not system files). Apparently, the problem should be solved now, but I'm not really sure. Do you recommend that I do anything else to make sure the threat is gone? Right now, I have both disks running. I installed AVG 2012 with virus database updated today and also SpyBot S&D. Just to be sure, I am not connected to the Internet. Spybot did not find anything dangerous.

Any suggestions?

Thank you.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:48 PM

Posted 07 March 2012 - 06:59 AM

Hi,

Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Ricardo Barreiro

Ricardo Barreiro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 07 March 2012 - 10:26 AM

Thank you. Your advise has been very useful. I've never had such a complicated issue with a virus before and I really appreciate what you did.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:48 PM

Posted 07 March 2012 - 06:07 PM

Hi,

you're most welcome! :) ZeroAccess is at the moment the most complicated infection to remove I am aware off... So there's nothing worse to come for now... Unfortunately, in the future we will likely see more and more sophisticated stuff as the operating systems get more and more secure.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:48 PM

Posted 29 March 2012 - 08:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users