blocked by thinkpoint

Hi guys,
got infected by thinkpoint a couple of hours ago and it´s blocked my computer almost completely. After reading many posts I´ve managed to get to the task administrator window, but when I try the next step which seems to be explorer.exe it says it is infected by virus. what do I do know? my computer runs windows 7. please help, I´m desperate!

Hi neek65,

Welcome to GeekPolice.net

My name is TheAvatar and I will be tying to help you resolve your issues.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you haven't, please keep reading.
Note Before we start the process you should:

• POST your logs, don't attach them, as it makes it harder to read.
  
• Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
  
• Please be patient, there is no quick fix for malware. Removal can take several attempts. Just because symptoms have gone away, does not mean the infection is gone.
  
• Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.
  
• If I have not replied to your thread within 2 days, please PM me.

=========

I take it you have access to another computer and a USB flash drive? If not please inform me. I want you to download these tools off the clean computer onto the flash drive. Then execute them in safe mode. Thanks.


Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

1.
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr

Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

Once the tool has run, do NOT reboot the machine. Try immediately to run OTL (step 2)

2.

• Download OTL to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    
  
  

Please post all logs.

this is the other stuff u asked for, thanks so much for your help so far. my desktop is still all black, I´m running everything from task adminOTL Extras logfile created on: 21/10/2010 0:31:04 - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = E:\
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1.014,00 Mb Total Physical Memory | 475,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 90,69 Gb Free Space | 77,88% Space Free | Partition Type: NTFS
Drive D: | 116,05 Gb Total Space | 110,56 Gb Free Space | 95,27% Space Free | Partition Type: NTFS
Drive E: | 3,93 Gb Total Space | 2,80 Gb Free Space | 71,40% Space Free | Partition Type: FAT32

Computer Name: PATRICIA-TOSH | User Name: patricia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\patricia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe ()
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe ()
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe ()

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25F6A201-C40C-4669-936D-473877CFEB4C}" = Galería fotográfica de Windows Live
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher
"{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1" = Loaris Trojan Remover 1.2
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call
"{38BB21D5-B0D1-41DA-A0B0-1EFB5EF4AAC2}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{629665AA-86F3-4BC3-AF5A-9D5C6BE3A7FE}" = SupportSoft ActiveX Controls 20100329_Cli
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}" = Windows Live Essentials
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0C0A-0000-0000000FF1CE}" = Paquete de compatibilidad para 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00AF-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Spanish)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{953D4586-9A16-495E-BA1F-EE5AA66604DB}" = Windows Live Sync
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.co.uk
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1034-7B44-A94000000001}" = Adobe Reader 9.4.0 - Español
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B8583CB3-8ABE-407E-8BC6-F9A83EAC9133}" = Windows Live Writer
"{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2FFEEAA-0B48-4342-9B67-12ABB0B58F24}" = Windows Live Messenger
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = Instalación de DivX
"Escritorio movistar" = Escritorio movistar
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Contrasena de supervisor
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = Hardware Setup de TOSHIBA
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"PROR" = Microsoft Office Professional 2007 Trial
"Spotify" = Spotify
"WildTangent toshiba Master Uninstall" = Juegos WildTangent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Compresor WinRAR
"WT084487" = Hotel Mahjong Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/10/2010 10:32:42 | Computer Name = patricia-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2030275

Error - 07/10/2010 10:32:44 | Computer Name = patricia-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 07/10/2010 10:32:44 | Computer Name = patricia-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2031585

Error - 07/10/2010 10:32:44 | Computer Name = patricia-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2031585

Error - 07/10/2010 10:32:45 | Computer Name = patricia-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 07/10/2010 10:32:45 | Computer Name = patricia-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2032631

Error - 07/10/2010 10:32:45 | Computer Name = patricia-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2032631

Error - 07/10/2010 10:32:46 | Computer Name = patricia-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 07/10/2010 10:32:46 | Computer Name = patricia-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2033676

Error - 07/10/2010 10:32:46 | Computer Name = patricia-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2033676

[ OSession Events ]
Error - 07/02/2010 6:55:07 | Computer Name = patricia-TOSH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 82
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 26/09/2010 5:41:06 | Computer Name = patricia-TOSH | Source = Service Control Manager | ID = 7026
Description = El siguiente controlador de inicio del sistema o de inicio del arranque
no se cargó correctamente: cdrom

Error - 29/09/2010 6:58:03 | Computer Name = patricia-TOSH | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
del servicio Netman.

Error - 29/09/2010 7:09:16 | Computer Name = patricia-TOSH | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
del servicio Netman.

Error - 29/09/2010 7:38:36 | Computer Name = patricia-TOSH | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
del servicio ShellHWDetection.

Error - 29/09/2010 10:26:53 | Computer Name = patricia-TOSH | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
del servicio ShellHWDetection.

Error - 29/09/2010 11:09:37 | Computer Name = patricia-TOSH | Source = Disk | ID = 262155
Description = El controlador detectó un error de controladora en \Device\Harddisk1\DR3.

Error - 29/09/2010 11:09:38 | Computer Name = patricia-TOSH | Source = Disk | ID = 262155
Description = El controlador detectó un error de controladora en \Device\Harddisk1\DR3.

Error - 29/09/2010 11:09:38 | Computer Name = patricia-TOSH | Source = Disk | ID = 262155
Description = El controlador detectó un error de controladora en \Device\Harddisk1\DR3.

Error - 29/09/2010 15:03:09 | Computer Name = patricia-TOSH | Source = Disk | ID = 262155
Description = El controlador detectó un error de controladora en \Device\Harddisk1\DR4.

Error - 30/09/2010 8:34:40 | Computer Name = patricia-TOSH | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
del servicio ShellHWDetection.


< End of report >

OTL logfile created on: 21/10/2010 15:42:31 - Run 2
OTL by OldTimer - Version 3.2.16.0 Folder = E:\
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1.014,00 Mb Total Physical Memory | 481,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 90,23 Gb Free Space | 77,49% Space Free | Partition Type: NTFS
Drive D: | 116,05 Gb Total Space | 110,56 Gb Free Space | 95,27% Space Free | Partition Type: NTFS
Drive E: | 3,93 Gb Total Space | 2,80 Gb Free Space | 71,39% Space Free | Partition Type: FAT32

Computer Name: PATRICIA-TOSH | User Name: patricia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Archivos de programa\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Archivos de programa\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
PRC - C:\Archivos de programa\Telefonica\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Archivos de programa\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
PRC - C:\Archivos de programa\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Modules (SafeList) ==========

MOD - E:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Archivos de programa\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_telefonica) SupportSoft Repair Service (telefonica) -- C:\Program Files\Telefonica\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Archivos de programa\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TMachInfo) -- C:\Archivos de programa\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) Instalador de ActiveX (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Thpsrv) -- C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- C:\Windows\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- C:\Windows\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Controlador de interfaz de puerto serie Brother MFC (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (Thpevm) -- C:\Windows\system32\DRIVERS\Thpevm.SYS (TOSHIBA Corporation)
DRV - (Thpdrv) -- C:\Windows\system32\DRIVERS\thpdrv.sys (TOSHIBA Corporation)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (tidnet) -- C:\Windows\System32\drivers\tidnet.sys (Telefónica I+D)
DRV - (Huawei) -- C:\Windows\System32\drivers\ewdcsc.sys (Huawei Tech. Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nixat.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEI&bmod=TSEI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nixat.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Archivos de programa\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Archivos de programa\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Archivos de programa\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Registration] C:\Archivos de programa\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Archivos de programa\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Archivos de programa\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Archivos de programa\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Archivos de programa\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Archivos de programa\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Archivos de programa\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Archivos de programa\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://web.atar.rima-tde.net/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Archivos de programa\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{475f5286-c274-11df-bd1f-002622400631}\Shell - "" = AutoRun
O33 - MountPoints2\{475f5286-c274-11df-bd1f-002622400631}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{633843e5-098b-11df-9d66-002622400631}\Shell - "" = AutoRun
O33 - MountPoints2\{633843e5-098b-11df-9d66-002622400631}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{63384418-098b-11df-9d66-002622400631}\Shell - "" = AutoRun
O33 - MountPoints2\{63384418-098b-11df-9d66-002622400631}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{72584cc9-0838-11df-8d44-002622400631}\Shell - "" = AutoRun
O33 - MountPoints2\{72584cc9-0838-11df-8d44-002622400631}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/20 22:05:11 | 000,000,000 | ---D | C] -- C:\Users\patricia\AppData\Roaming\Malwarebytes
[2010/10/20 22:02:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/20 22:02:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/20 22:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/20 22:02:07 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010/10/20 21:31:10 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Loaris
[2010/10/20 19:28:44 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/10/13 10:25:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/13 10:25:30 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/13 10:25:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/13 10:25:29 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/13 10:25:29 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/13 10:25:29 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/13 10:25:29 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/13 10:25:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/13 10:25:29 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/13 10:25:29 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/13 10:25:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/13 10:25:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/13 10:25:10 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/13 10:24:39 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/13 10:24:37 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/13 10:24:37 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/13 10:24:32 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/13 10:24:31 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010/10/13 10:11:30 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/10/12 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\patricia\AppData\Roaming\Spotify
[2010/10/12 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\patricia\AppData\Local\Spotify
[2010/10/12 13:24:13 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Spotify
[2010/10/12 12:45:39 | 000,000,000 | ---D | C] -- C:\Archivos de programa\iPod
[2010/10/12 12:45:36 | 000,000,000 | ---D | C] -- C:\Archivos de programa\iTunes
[2010/10/12 12:40:01 | 000,000,000 | ---D | C] -- C:\Archivos de programa\QuickTime
[2010/10/12 12:37:07 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Bonjour
[2010/10/07 23:37:27 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Common Files\Adobe
[2010/10/07 23:37:27 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Adobe
[2010/10/07 23:35:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/29 13:22:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/21 15:37:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/21 15:34:51 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/21 15:34:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400816499-3506029819-3345165704-1000UA.job
[2010/10/21 15:34:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400816499-3506029819-3345165704-1000Core.job
[2010/10/21 15:31:48 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-patricia-Startup.job
[2010/10/21 15:28:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/21 07:41:20 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/21 07:41:20 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/21 07:32:24 | 797,777,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/21 07:21:29 | 000,002,385 | ---- | M] () -- C:\Users\patricia\Desktop\Google Chrome.lnk
[2010/10/20 22:02:13 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 21:31:18 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\Loaris Trojan Remover.lnk
[2010/10/20 20:26:22 | 000,694,386 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2010/10/20 20:26:22 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/20 20:26:22 | 000,134,448 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2010/10/20 20:26:22 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/20 19:50:48 | 000,000,006 | ---- | M] () -- C:\Users\patricia\AppData\Roaming\completescan
[2010/10/20 19:46:14 | 000,000,006 | ---- | M] () -- C:\Users\patricia\AppData\Roaming\start
[2010/10/20 19:32:08 | 000,000,010 | ---- | M] () -- C:\Users\patricia\AppData\Roaming\install
[2010/10/20 19:30:28 | 000,000,185 | ---- | M] () -- C:\Users\patricia\AppData\Roaming\39086.bat
[2010/10/20 19:30:28 | 000,000,185 | ---- | M] () -- C:\Users\patricia\AppData\Roaming\36508.bat
[2010/10/20 19:29:40 | 000,000,185 | ---- | M] () -- C:\Users\patricia\AppData\Roaming\39243.bat
[2010/10/20 19:26:19 | 000,173,309 | ---- | M] () -- C:\Users\patricia\Desktop\Mercados_Emergentes_Invitacion.pdf
[2010/10/20 12:39:53 | 000,027,136 | ---- | M] () -- C:\Users\patricia\Documents\factura 131.xls
[2010/10/20 12:31:00 | 000,021,504 | ---- | M] () -- C:\Users\patricia\Documents\factura 130.xls
[2010/10/14 16:40:20 | 000,029,184 | ---- | M] () -- C:\Users\patricia\Documents\factura 125.xls
[2010/10/14 16:39:38 | 000,029,184 | ---- | M] () -- C:\Users\patricia\Documents\factura 129.xls
[2010/10/14 09:28:20 | 000,417,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/12 16:24:22 | 000,021,504 | ---- | M] () -- C:\Users\patricia\Documents\invoice 120.xls
[2010/10/12 13:24:17 | 000,000,960 | ---- | M] () -- C:\Users\patricia\Desktop\Spotify.lnk
[2010/10/12 12:46:47 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/12 12:40:26 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/07 23:41:35 | 000,021,504 | ---- | M] () -- C:\Users\patricia\Documents\factura 119.xls
[2010/10/07 23:37:51 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 16:56:37 | 000,029,696 | ---- | M] () -- C:\Users\patricia\Documents\factura 122.xls
[2010/10/06 16:44:58 | 000,029,696 | ---- | M] () -- C:\Users\patricia\Documents\factura 121.xls
[2010/10/04 22:38:37 | 000,029,696 | ---- | M] () -- C:\Users\patricia\Documents\factura 7410.xls
[2010/09/30 10:55:25 | 000,029,184 | ---- | M] () -- C:\Users\patricia\Documents\factura 111.xls
[2010/09/29 13:03:03 | 000,004,608 | ---- | M] () -- C:\Users\patricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/29 09:49:03 | 000,000,914 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/20 22:02:13 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 21:31:18 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\Loaris Trojan Remover.lnk
[2010/10/20 19:41:19 | 000,000,006 | ---- | C] () -- C:\Users\patricia\AppData\Roaming\start
[2010/10/20 19:40:05 | 000,000,006 | ---- | C] () -- C:\Users\patricia\AppData\Roaming\completescan
[2010/10/20 19:32:08 | 000,000,010 | ---- | C] () -- C:\Users\patricia\AppData\Roaming\install
[2010/10/20 19:30:28 | 000,000,185 | ---- | C] () -- C:\Users\patricia\AppData\Roaming\39086.bat
[2010/10/20 19:30:28 | 000,000,185 | ---- | C] () -- C:\Users\patricia\AppData\Roaming\36508.bat
[2010/10/20 19:29:40 | 000,000,185 | ---- | C] () -- C:\Users\patricia\AppData\Roaming\39243.bat
[2010/10/20 19:26:19 | 000,173,309 | ---- | C] () -- C:\Users\patricia\Desktop\Mercados_Emergentes_Invitacion.pdf
[2010/10/20 12:37:40 | 000,027,136 | ---- | C] () -- C:\Users\patricia\Documents\factura 131.xls
[2010/10/20 12:30:59 | 000,021,504 | ---- | C] () -- C:\Users\patricia\Documents\factura 130.xls
[2010/10/14 16:40:19 | 000,029,184 | ---- | C] () -- C:\Users\patricia\Documents\factura 125.xls
[2010/10/14 16:39:37 | 000,029,184 | ---- | C] () -- C:\Users\patricia\Documents\factura 129.xls
[2010/10/12 13:24:17 | 000,000,960 | ---- | C] () -- C:\Users\patricia\Desktop\Spotify.lnk
[2010/10/12 12:46:47 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/12 12:40:26 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/07 23:37:51 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 16:49:40 | 000,029,696 | ---- | C] () -- C:\Users\patricia\Documents\factura 122.xls
[2010/10/06 16:44:57 | 000,029,696 | ---- | C] () -- C:\Users\patricia\Documents\factura 121.xls
[2010/10/04 22:38:37 | 000,029,696 | ---- | C] () -- C:\Users\patricia\Documents\factura 7410.xls
[2010/09/30 11:09:31 | 000,021,504 | ---- | C] () -- C:\Users\patricia\Documents\invoice 120.xls
[2010/09/30 11:00:35 | 000,021,504 | ---- | C] () -- C:\Users\patricia\Documents\factura 119.xls
[2010/09/30 10:55:24 | 000,029,184 | ---- | C] () -- C:\Users\patricia\Documents\factura 111.xls
[2010/06/01 12:03:04 | 000,004,608 | ---- | C] () -- C:\Users\patricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 03:28:42 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/24 03:28:41 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/01/24 03:28:32 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/24 03:28:32 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/24 03:28:29 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/23 20:06:54 | 000,000,000 | ---- | C] () -- C:\Users\patricia\AppData\Roaming\wklnhst.dat
[2009/10/07 01:36:06 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/09/07 06:28:25 | 000,045,056 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2009/09/07 06:27:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/04/28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SPCtl.dll

========== LOP Check ==========

[2010/01/25 14:55:52 | 000,000,000 | ---D | M] -- C:\Users\patricia\AppData\Roaming\FloodLightGames
[2010/01/23 19:57:51 | 000,000,000 | ---D | M] -- C:\Users\patricia\AppData\Roaming\GetRightToGo
[2010/10/12 13:29:21 | 000,000,000 | ---D | M] -- C:\Users\patricia\AppData\Roaming\Spotify
[2010/01/25 10:35:23 | 000,000,000 | ---D | M] -- C:\Users\patricia\AppData\Roaming\Telefónica Móviles
[2010/01/23 17:48:37 | 000,000,000 | ---D | M] -- C:\Users\patricia\AppData\Roaming\Toshiba
[2010/01/24 22:28:51 | 000,000,000 | ---D | M] -- C:\Users\patricia\AppData\Roaming\WildTangent
[2009/07/14 06:53:46 | 000,019,660 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/21 15:31:48 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-patricia-Startup.job

========== Purity Check ==========



< End of report >

forgot to mention I can´t boot in safe mode, pressing f8 does nothing at all. desktop all black except mouse arrow. I can access all programs from task admin and everything seems to work fine except explorer.exe which it won´t run as it says it has virus

Please do the following:

1. Run Rkill again.

2. Please download Malwarebytes' AntiMalware.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform Full Scan, then click Scan.
  The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.

thank you Avatar, followed your instructions. desktop still black. here´s log


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versión de la Base de Datos: 4910

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22/10/2010 14:55:23
mbam-log-2010-10-22 (14-55-23).txt

Tipos de Análisis: Análisis Completo (C:\|D:\|)
Objetos examinados: 239351
Tiempo transcurrido: 1 hora(s), 32 minuto(s), 18 segundo(s)

Procesos en Memoria Infectados: 0
Módulos de Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Archivos Infectados: 2

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos de Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Archivos Infectados:
C:\Users\patricia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TK3Y5A91\tkbvqkfdls[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\patricia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCN6353E\tkbvqkfdls[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

Hi Olangua,

Please do the following:

1.

• To get the latest version of Java please go HERE.
  
• Go to Start -> Control Panel -> Programs and Features.
  
• Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  They should have this icon next to any that are there:
  Select any found and choose Uninstall.
  
• Then install the version you downloaded earlier.
  

2.
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
  
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, adware, dialers, and other riskware
    
  • Archives
    
  • E-mail databases
  
  
• Click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View report... at the bottom.
  
• Click the Save report... button.
  
  
  
  
  
• Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Please also let me know how your PC is running, thanks.

Hi Avatar,
I uninstalled java and downloaded the newest version, but when installing it I got an error message saying there`s a problem with a windows installer DLL. what do I do?

Hi Olangua,


Please download CCleaner and Install it.

• Run CCleaner.
  
• Select the registry section on the left.
  
• Click "Scan For Issues"
  
• When completed click "Fix Selected Issues"
  
• When asked to Backup your registry, click "Yes"
  
• Then when prompted again, click "Fix all"
  

It would be beneficial for you to use CCleaner and run the 'Cleaner' regularly NOT the Registry option we just done.

Reboot your PC and see if the error is still there

thanks Avatar, but I´ve ran cccleaner (twice) and I´m still getting the same error 1721 when I try to install java.

Hi, Lets try another method then

Please download JavaRa from below to your desktop and unzip it to its own folder.
http://raproducts.org/click/click.php?id=1

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  
• Accept any prompts.
  
• Open JavaRa.exe again and select Search For Updates.
  
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Hi Avatar,
finally managed to install Java and ran Karspersky. this is the report:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 24, 2010
Operating system: Microsoft Home Edition (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, October 24, 2010 05:10:27
Records in database: 4176917
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 114749
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 08:32:21


File name / Threat / Threats count
C:\Users\patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-6e304ff7 Infected: Exploit.Java.Agent.f 1

Selected area has been scanned.
Doesn´t seem like a lot of files are infected, but I still don_t have a desktop, just a black screen and can only access my files and programs through task admin. then all progs and files seem fine except for explorer which the system won´t run as it says it is infected by malware.so when you say hit start or open control panel it´s pretty meaningless as there is No start amd No control panel. I hope youcan think of something else to try.
thanks a million for all your time and effort,

Hi,

Run OTL.exe

• Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :Files
  C:\Users\patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-6e304ff7
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]

  
  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• Then post a new OTL log ( dont check the boxes beside LOP Check or Purity this time )
  

Let me know if you are still facing your issues.

ran OTL as you said, and this is the logAll processes killed
========== FILES ==========
C:\Users\patricia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-6e304ff7 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: patricia
->Temp folder emptied: 731714608 bytes
->Temporary Internet Files folder emptied: 105946939 bytes
->Java cache emptied: 259069 bytes
->FireFox cache emptied: 43703678 bytes
->Google Chrome cache emptied: 993491719 bytes
->Flash cache emptied: 81069 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10737931 bytes
RecycleBin emptied: 1112455603 bytes

Total Files Cleaned = 2.860,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: patricia
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.16.0 log created on 10252010_155215

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

I´m afraid my desktop is still black ...

And windows Explorer. exe is still infected by win 32

Hi,

Please do this:

I need to get more information on a file... please perform the following:

Note: Internet Explorer should be used... for best results.

Please go to VirSCAN.org... a free on-line file scanning service.

1. Copy / paste the complete path and file name (below) into the "Suspicious files to scan" box... at the top of the page.
   
   C:\Windows\explorer.exe
   
   
   
2. Click on the Upload button. Once the file is uploaded, the scanning process will begin.
   
3. Once the Scan completes... (scroll down) click on the "Copy to Clipboard" button.
   
4. Open Notepad... then paste (Ctrl &V) the contents of the Clipboard into the open Notepad window.
   
5. Save the Notepad file as "VirScan.txt"... save it to your desktop.
   
6. Paste the contents of the VirScan.txt file, in your next reply.

VirSCAN.org Scanned Report :
Scanned time : 2010/10/26 10:14:16 (CEST)
Scanner results: 39% Escaner (14/36) encontró infección
File Name : explorer.exe
File Size : 2614272 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 4c53a9fff92394ab533a38acded1b2b3
SHA1 : 38ef061eb44ede85b9b7747d1008b03530383f85
Online report : http://virscan.org/report/7cc49ff4e8d8d4cc6388783bc598253c.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.20 20101026050745 2010-10-26 11.09 Virus.Win32.Bamital!IK
AhnLab V3 2010.10.19.02 2010.10.19 2010-10-19 1.83 -
AntiVir 8.2.4.84 7.10.13.37 2010-10-25 0.31 TR/Spy.2614272.5
Antiy 2.0.18 20101026.5491138 2010-10-26 0.22 -
Arcavir 2010 201010261428 2010-10-26 0.32 -
Authentium 5.1.1 201010260232 2010-10-26 3.08 -
AVAST! 4.7.4 101025-1 2010-10-25 0.12 Win32:Bamital-AF
AVG 8.5.850 271.1.1/3219 2010-10-26 0.27 Patched_c.JHW
BitDefender 7.90123.6395871 7.34427 2010-10-26 4.88 Gen:Trojan.Heur.TP.Fs0@b8bf7Wn
ClamAV 0.96.3 12177 2010-10-25 0.77 -
Comodo 4.0 6513 2010-10-26 1.43 TrojWare.Win32.Patched.kl
CP Secure 1.3.0.5 2010.10.26 2010-10-26 0.00 -
Dr.Web 5.0.2.3300 2010.10.26 2010-10-26 9.51 Win32.Dat.11
F-Prot 4.4.4.56 20101025 2010-10-25 2.43 -
F-Secure 7.02.73807 2010.10.26.02 2010-10-26 0.20 -
Fortinet 4.2.249 12.494 2010-10-25 1.49 -
GData 21.1016/21.430 20101026 2010-10-26 30.94 Win32:Bamital-AF [Engine:B]
ViRobot 20101025 2010.10.25 2010-10-25 1.02 -
Ikarus T3.1.32.15.0 2010.10.26.77019 2010-10-26 5.07 Virus.Win32.Bamital
JiangMin 13.0.900 2010.10.26 2010-10-26 3.09 -
Kaspersky 5.5.10 2010.10.25 2010-10-25 0.10 -
KingSoft 2009.2.5.15 2010.10.26.9 2010-10-26 1.84 Win32.Troj.Bamital.EL.2614272
McAfee 5400.1158 6147 2010-10-25 22.94 -
Microsoft 1.6301 2010.10.26 2010-10-26 7.08 Virus:Win32/Bamital.G
Norman 6.06.10 6.06.00 2010-10-25 8.01 -
Panda 9.05.01 2010.10.24 2010-10-24 40.08 -
Trend Micro 9.120-1004 7.570.05 2010-10-25 0.04 -
Quick Heal 11.00 2010.10.22 2010-10-22 38.96 -
Rising 20.0 22.71.00.03 2010-10-25 39.60 -
Sophos 3.12.1 4.58 2010-10-26 4.20 Mal/Patched-O
Sunbelt 3.9.2456.2 7141 2010-10-25 28.94 Virus.Win32.Bamital.c (v)
Symantec 1.3.0.24 20101025.002 2010-10-25 1.04 Trojan.Bamital!inf
nProtect 20101025.01 9214096 2010-10-25 21.53 -
The Hacker 6.7.0.1 v00066 2010-10-25 0.48 -
VBA32 3.12.14.1 20101025.1427 2010-10-25 3.97 -
VirusBuster 4.5.11.10 10.130.3/2052338 2010-10-26 3.77 -

this is what I got from virus scan, hope it helps. Also, my antivirus has detected a virus in windows/system32/wininit.exe which it says is read only and so cannot quarantine.

Hi

Please download Combofix from one of the following locations:

LINK 1
LINK 2

**IMPORTANT! Save Combofix to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not re-run Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

hi Avatar,
I have a desktop!! Here´s the Combo fix log

ComboFix 10-10-25.04 - patricia 26/10/2010 20:29:23.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.34.3082.18.1014.490 [GMT 2:00]
Running from: c:\users\patricia\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys

c:\windows\system32\Drivers\atapi.sys . . . is infected!!

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-09-26 to 2010-10-26 )))))))))))))))))))))))))))))))
.

2010-10-24 08:49 . 2010-10-24 08:49 -------- d-----w- c:\users\patricia\AppData\Local\Mozilla
2010-10-24 08:43 . 2010-10-24 08:43 -------- d-----w- c:\program files\Java
2010-10-24 08:33 . 2010-10-24 08:33 -------- d-----w- c:\program files\Common Files\Java
2010-10-24 08:33 . 2010-10-24 08:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-23 22:53 . 2010-10-23 22:53 -------- d-----w- c:\program files\CCleaner
2010-10-22 11:12 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15545FD0-8B98-471D-A72E-A3376C1B2FD0}\mpengine.dll
2010-10-21 14:11 . 2010-10-21 14:11 -------- d-----w- c:\users\patricia\AppData\Roaming\SUPERAntiSpyware.com
2010-10-21 14:11 . 2010-10-21 14:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-21 14:10 . 2010-10-21 14:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-20 20:05 . 2010-10-20 20:05 -------- d-----w- c:\users\patricia\AppData\Roaming\Malwarebytes
2010-10-20 20:02 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 20:02 . 2010-10-20 20:02 -------- d-----w- c:\programdata\Malwarebytes
2010-10-20 20:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 20:02 . 2010-10-20 20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 19:31 . 2010-10-20 19:31 -------- d-----w- c:\program files\Loaris
2010-10-20 17:30 . 2010-10-20 17:30 185 ----a-w- c:\users\patricia\AppData\Roaming\39086.bat
2010-10-20 17:30 . 2010-10-20 17:30 185 ----a-w- c:\users\patricia\AppData\Roaming\36508.bat
2010-10-20 17:29 . 2010-10-20 17:29 185 ----a-w- c:\users\patricia\AppData\Roaming\39243.bat
2010-10-19 09:15 . 2010-10-19 09:15 171880 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10134.bin
2010-10-13 08:24 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 08:24 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 08:24 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 08:24 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 08:24 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 08:24 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-13 08:24 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 08:24 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 08:24 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 08:24 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 08:11 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-10-13 08:11 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-12 11:24 . 2010-10-13 08:10 -------- d-----w- c:\users\patricia\AppData\Local\Spotify
2010-10-12 11:24 . 2010-10-12 11:29 -------- d-----w- c:\users\patricia\AppData\Roaming\Spotify
2010-10-12 11:24 . 2010-10-12 11:24 -------- d-----w- c:\program files\Spotify
2010-10-12 10:45 . 2010-10-12 10:45 -------- d-----w- c:\program files\iPod
2010-10-12 10:45 . 2010-10-12 10:46 -------- d-----w- c:\program files\iTunes
2010-10-12 10:40 . 2010-10-12 10:40 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin7.dll
2010-10-12 10:40 . 2010-10-12 10:40 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin6.dll
2010-10-12 10:40 . 2010-10-12 10:40 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin5.dll
2010-10-12 10:40 . 2010-10-12 10:40 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin4.dll
2010-10-12 10:40 . 2010-10-12 10:40 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin3.dll
2010-10-12 10:40 . 2010-10-12 10:40 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin2.dll
2010-10-12 10:40 . 2010-10-12 10:40 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin.dll
2010-10-12 10:40 . 2010-10-12 10:40 -------- d-----w- c:\program files\QuickTime
2010-10-12 10:37 . 2010-10-12 10:37 -------- d-----w- c:\program files\Bonjour
2010-10-07 21:37 . 2010-10-07 21:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-29 11:22 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 11:22 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-01-23 16:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-07-03 09:14 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-01-23 16:10 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-01-23 16:10 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-01-23 16:10 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-01-23 16:10 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-01-23 16:10 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-01-23 16:10 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-21 05:32 . 2010-09-15 08:21 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-29 06:30 . 2010-08-12 07:26 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 07:26 82944 ----a-w- c:\windows\system32\iccvid.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-07 39408]
"Google Update"="c:\users\patricia\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-23 135664]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-21 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-21 150552]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 611672]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-08-25 1050000]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-24 2446648]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-03-29 184320]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-26 1324384]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-06 611672]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-08-25 134032]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-12-8 2717024]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 gupdate;Servicio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 135664]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2007-08-09 23424]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\DRIVERS\tidnet.sys [2007-08-16 19200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-08-25 116104]
S2 tgsrvc_telefonica;SupportSoft Repair Service (telefonica);c:\program files\Telefonica\bin\tgsrvc.exe [2010-03-29 185640]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 12920]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-06 685424]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 09:27]

2010-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 09:27]

2010-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400816499-3506029819-3345165704-1000Core.job
- c:\users\patricia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 15:47]

2010-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400816499-3506029819-3345165704-1000UA.job
- c:\users\patricia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 15:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nixat.com/
mStart Page = hxxp://www.nixat.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: E&xportar a Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\users\patricia\AppData\Roaming\Mozilla\Firefox\Profiles\vniibxtr.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\patricia\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\ThpSrv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxext.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Apoint2K\HidFind.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\sppsvc.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
.
**************************************************************************
.
Completion time: 2010-10-26 20:54:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-26 18:54

Pre-Run: 99.831.209.984 bytes libres
Post-Run: 99.611.918.336 bytes libres

- - End Of File - - EF575A83324AFB8688F96E574CCD8DC1

Hi sorry for the delay!

Please open Notepad and copy/paste this quote into the notepad:

File::
c:\users\patricia\AppData\Roaming\39086.bat
c:\users\patricia\AppData\Roaming\36508.bat
c:\users\patricia\AppData\Roaming\39243.bat

Driver::
aswFsBlk

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt and change the 'Save as type' to 'All Files' and place it on your desktop. Make sure your AV is disabled while we do this.


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

Followed your instructions, but now can't run Internet Explorer or firefox or chrome. Will try and post log from different pc later. I get a message saying something like attempt of ilegal operation on Registry ley marked for elimination. Combifix won't open now either. Or my antivirus.

rebooted again and now everything seems ok. here´s log:

ComboFix 10-10-27.04 - patricia 28/10/2010 10:03:12.2.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.34.3082.18.1014.292 [GMT 2:00]
Running from: c:\users\patricia\Desktop\ComboFix.exe
Command switches used :: c:\users\patricia\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

FILE ::
"c:\users\patricia\AppData\Roaming\36508.bat"
"c:\users\patricia\AppData\Roaming\39086.bat"
"c:\users\patricia\AppData\Roaming\39243.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\patricia\AppData\Roaming\36508.bat
c:\users\patricia\AppData\Roaming\39086.bat
c:\users\patricia\AppData\Roaming\39243.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASWFSBLK
-------\Service_aswFsBlk


((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-28 )))))))))))))))))))))))))))))))
.

2010-10-28 08:22 . 2010-10-28 08:22 -------- d-----w- C:\Device
2010-10-28 08:21 . 2010-10-28 08:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-28 07:54 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80932EE1-5932-4015-86FF-A3C1C693978D}\mpengine.dll
2010-10-26 18:45 . 2010-10-28 08:25 -------- d-----w- c:\users\patricia\AppData\Local\temp
2010-10-24 08:49 . 2010-10-24 08:49 -------- d-----w- c:\users\patricia\AppData\Local\Mozilla
2010-10-24 08:43 . 2010-10-24 08:43 -------- d-----w- c:\program files\Java
2010-10-24 08:33 . 2010-10-24 08:33 -------- d-----w- c:\program files\Common Files\Java
2010-10-24 08:33 . 2010-10-24 08:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-23 22:53 . 2010-10-23 22:53 -------- d-----w- c:\program files\CCleaner
2010-10-21 14:11 . 2010-10-21 14:11 -------- d-----w- c:\users\patricia\AppData\Roaming\SUPERAntiSpyware.com
2010-10-21 14:11 . 2010-10-21 14:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-21 14:10 . 2010-10-21 14:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-20 20:05 . 2010-10-20 20:05 -------- d-----w- c:\users\patricia\AppData\Roaming\Malwarebytes
2010-10-20 20:02 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 20:02 . 2010-10-20 20:02 -------- d-----w- c:\programdata\Malwarebytes
2010-10-20 20:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 20:02 . 2010-10-20 20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 19:31 . 2010-10-20 19:31 -------- d-----w- c:\program files\Loaris
2010-10-19 09:15 . 2010-10-19 09:15 171880 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10134.bin
2010-10-13 08:24 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 08:24 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 08:24 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 08:24 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 08:24 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 08:24 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-13 08:24 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 08:24 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 08:24 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 08:24 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 08:11 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-10-13 08:11 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-12 11:24 . 2010-10-13 08:10 -------- d-----w- c:\users\patricia\AppData\Local\Spotify
2010-10-12 11:24 . 2010-10-12 11:29 -------- d-----w- c:\users\patricia\AppData\Roaming\Spotify
2010-10-12 11:24 . 2010-10-12 11:24 -------- d-----w- c:\program files\Spotify
2010-10-12 10:45 . 2010-10-12 10:45 -------- d-----w- c:\program files\iPod
2010-10-12 10:45 . 2010-10-12 10:46 -------- d-----w- c:\program files\iTunes
2010-10-12 10:40 . 2010-10-12 10:40 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin7.dll
2010-10-12 10:40 . 2010-10-12 10:40 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin6.dll
2010-10-12 10:40 . 2010-10-12 10:40 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin5.dll
2010-10-12 10:40 . 2010-10-12 10:40 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin4.dll
2010-10-12 10:40 . 2010-10-12 10:40 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin3.dll
2010-10-12 10:40 . 2010-10-12 10:40 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin2.dll
2010-10-12 10:40 . 2010-10-12 10:40 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin.dll
2010-10-12 10:40 . 2010-10-12 10:40 -------- d-----w- c:\program files\QuickTime
2010-10-12 10:37 . 2010-10-12 10:37 -------- d-----w- c:\program files\Bonjour
2010-10-07 21:37 . 2010-10-07 21:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-29 11:22 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 11:22 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-01-23 16:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-07-03 09:14 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-01-23 16:10 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-01-23 16:10 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-01-23 16:10 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-01-23 16:10 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-01-23 16:10 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-01-23 16:10 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-21 05:32 . 2010-09-15 08:21 316928 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-07 39408]
"Google Update"="c:\users\patricia\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-23 135664]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-21 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-21 150552]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 611672]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-08-25 1050000]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-24 2446648]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-03-29 184320]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-26 1324384]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-06 611672]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-08-25 134032]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-12-8 2717024]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 gupdate;Servicio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 135664]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2007-08-09 23424]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\DRIVERS\tidnet.sys [2007-08-16 19200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-08-25 116104]
S2 tgsrvc_telefonica;SupportSoft Repair Service (telefonica);c:\program files\Telefonica\bin\tgsrvc.exe [2010-03-29 185640]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 12920]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-06 685424]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 09:27]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 09:27]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400816499-3506029819-3345165704-1000Core.job
- c:\users\patricia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 15:47]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400816499-3506029819-3345165704-1000UA.job
- c:\users\patricia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 15:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nixat.com/
mStart Page = hxxp://www.nixat.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: E&xportar a Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\users\patricia\AppData\Roaming\Mozilla\Firefox\Profiles\vniibxtr.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\patricia\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\ThpSrv.exe
c:\windows\system32\igfxext.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Apoint2K\HidFind.exe
c:\windows\system32\conhost.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\system32\sppsvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
.
**************************************************************************
.
Completion time: 2010-10-28 10:30:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-28 08:30
ComboFix2.txt 2010-10-26 18:54

Pre-Run: 99.382.509.568 bytes libres
Post-Run: 99.094.437.888 bytes libres

- - End Of File - - 47E63E0D40218B2230A1F1B6DF3C3157

Hi,

We are almost done here.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

• Tick the box next to Yes, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan
  Wait for the scan to finish
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

this is all that was in the log
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
scan found 4 infected files and fixed them or quarantined them, there´s some files in quarantine,.
thanks Avatar.

Hi,

Please now open OTL and click "Quick Scan" and post the log here.

Also let me know how your PC is running.

Hi Avatar,
here´s log you asked for:
OTL logfile created on: 30/10/2010 20:08:30 - Run 3
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\patricia\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1.014,00 Mb Total Physical Memory | 202,00 Mb Available Physical Memory | 20,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 34,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 92,15 Gb Free Space | 79,14% Space Free | Partition Type: NTFS
Drive D: | 116,05 Gb Total Space | 110,56 Gb Free Space | 95,27% Space Free | Partition Type: NTFS

Computer Name: PATRICIA-TOSH | User Name: patricia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\patricia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Archivos de programa\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Archivos de programa\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Archivos de programa\Telefonica\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Archivos de programa\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Archivos de programa\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Archivos de programa\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Archivos de programa\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Archivos de programa\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\TOSHIBA\TECO\TEco.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
PRC - C:\Archivos de programa\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
PRC - C:\Archivos de programa\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Archivos de programa\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Archivos de programa\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
PRC - C:\Archivos de programa\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Archivos de programa\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Archivos de programa\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Archivos de programa\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Archivos de programa\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)


========== Modules (SafeList) ==========

MOD - C:\Users\patricia\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Archivos de programa\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_telefonica) SupportSoft Repair Service (telefonica) -- C:\Program Files\Telefonica\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Archivos de programa\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TMachInfo) -- C:\Archivos de programa\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) Instalador de ActiveX (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Thpsrv) -- C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- C:\Windows\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- C:\Windows\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (catchme) -- C:\Users\patricia\AppData\Local\Temp\catchme.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (SASKUTIL) -- C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (SASDIFSV) -- C:\Archivos de programa\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Controlador de interfaz de puerto serie Brother MFC (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (Thpevm) -- C:\Windows\system32\DRIVERS\Thpevm.SYS (TOSHIBA Corporation)
DRV - (Thpdrv) -- C:\Windows\system32\DRIVERS\thpdrv.sys (TOSHIBA Corporation)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (tidnet) -- C:\Windows\System32\drivers\tidnet.sys (Telefónica I+D)
DRV - (Huawei) -- C:\Windows\System32\drivers\ewdcsc.sys (Huawei Tech. Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nixat.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nixat.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/24 10:49:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/24 10:49:00 | 000,000,000 | ---D | M]

[2010/10/24 10:49:20 | 000,000,000 | ---D | M] -- C:\Users\patricia\AppData\Roaming\mozilla\Extensions
[2010/10/24 10:49:20 | 000,000,000 | ---D | M] -- C:\Users\patricia\AppData\Roaming\mozilla\Firefox\Profiles\vniibxtr.default\extensions
[2010/10/24 10:49:01 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2010/10/12 22:12:35 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2010/10/12 22:12:35 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/10/12 22:12:35 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010/10/12 22:12:35 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2010/10/28 10:24:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Archivos de programa\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Archivos de programa\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Archivos de programa\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Registration] C:\Archivos de programa\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Archivos de programa\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Archivos de programa\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Archivos de programa\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Archivos de programa\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Archivos de programa\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Archivos de programa\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Archivos de programa\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://web.atar.rima-tde.net/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Archivos de programa\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/30 20:07:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\patricia\Desktop\OTL.exe
[2010/10/29 12:05:51 | 000,000,000 | ---D | C] -- C:\Archivos de programa\ESET
[2010/10/28 10:29:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/28 10:22:07 | 000,000,000 | ---D | C] -- C:\Device
[2010/10/28 09:58:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/26 20:45:23 | 000,000,000 | ---D | C] -- C:\Users\patricia\AppData\Local\temp
[2010/10/26 20:26:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/26 20:26:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/26 20:26:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/26 20:26:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/26 20:26:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/24 10:49:09 | 000,000,000 | ---D | C] -- C:\Users\patricia\AppData\Roaming\Mozilla
[2010/10/24 10:49:09 | 000,000,000 | ---D | C] -- C:\Users\patricia\AppData\Local\Mozilla
[2010/10/24 10:48:58 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Mozilla Firefox
[2010/10/24 10:43:43 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Java
[2010/10/24 10:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/24 10:33:44 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Common Files\Java
[2010/10/24 00:53:35 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CCleaner
[2010/10/21 16:11:03 | 000,000,000 | ---D | C] -- C:\Users\patricia\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/21 16:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/21 16:10:52 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SUPERAntiSpyware
[2010/10/20 22:05:11 | 000,000,000 | ---D | C] -- C:\Users\patricia\AppData\Roaming\Malwarebytes
[2010/10/20 22:02:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/20 22:02:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/20 22:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/20 22:02:07 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010/10/20 21:31:10 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Loaris
[2010/10/20 19:28:44 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/10/12 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\patricia\AppData\Roaming\Spotify
[2010/10/12 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\patricia\AppData\Local\Spotify
[2010/10/12 13:24:13 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Spotify
[2010/10/12 12:45:39 | 000,000,000 | ---D | C] -- C:\Archivos de programa\iPod
[2010/10/12 12:45:36 | 000,000,000 | ---D | C] -- C:\Archivos de programa\iTunes
[2010/10/12 12:40:01 | 000,000,000 | ---D | C] -- C:\Archivos de programa\QuickTime
[2010/10/12 12:37:07 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Bonjour
[2010/10/07 23:37:27 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Common Files\Adobe
[2010/10/07 23:37:27 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Adobe

========== Files - Modified Within 30 Days ==========

[2010/10/30 20:08:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\patricia\Desktop\OTL.exe
[2010/10/30 20:06:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/30 19:59:52 | 000,694,386 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2010/10/30 19:59:52 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/30 19:59:52 | 000,134,448 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2010/10/30 19:59:52 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/30 19:57:32 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/30 19:56:56 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400816499-3506029819-3345165704-1000Core.job
[2010/10/30 19:49:13 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400816499-3506029819-3345165704-1000UA.job
[2010/10/30 19:48:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/29 07:25:15 | 000,029,696 | ---- | M] () -- C:\Users\patricia\Documents\factura 122.xls
[2010/10/28 11:00:42 | 000,084,992 | ---- | M] () -- C:\Windows\MBR.exe
[2010/10/28 10:54:14 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/28 10:54:14 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/28 10:45:54 | 797,777,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/28 10:24:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/28 09:57:54 | 003,892,841 | R--- | M] () -- C:\Users\patricia\Desktop\ComboFix.exe
[2010/10/26 21:15:57 | 000,027,136 | ---- | M] () -- C:\Users\patricia\Documents\factura 132.xls
[2010/10/24 10:49:05 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/24 01:08:58 | 000,000,262 | ---- | M] () -- C:\Users\patricia\Documents\cc_20101024_010840.reg
[2010/10/24 01:03:02 | 000,000,644 | ---- | M] () -- C:\Users\patricia\Documents\cc_20101024_010245.reg
[2010/10/24 00:55:42 | 000,198,008 | ---- | M] () -- C:\Users\patricia\Documents\cc_20101024_005512.reg
[2010/10/24 00:53:37 | 000,000,976 | ---- | M] () -- C:\Users\patricia\Desktop\CCleaner.lnk
[2010/10/21 22:02:57 | 000,000,000 | ---- | M] () -- C:\Users\patricia\defogger_reenable
[2010/10/21 16:10:57 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/21 07:21:29 | 000,002,385 | ---- | M] () -- C:\Users\patricia\Desktop\Google Chrome.lnk
[2010/10/20 22:02:13 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 19:50:48 | 000,000,006 | ---- | M] () -- C:\Users\patricia\AppData\Roaming\completescan
[2010/10/20 19:46:14 | 000,000,006 | ---- | M] () -- C:\Users\patricia\AppData\Roaming\start
[2010/10/20 19:32:08 | 000,000,010 | ---- | M] () -- C:\Users\patricia\AppData\Roaming\install
[2010/10/20 12:39:53 | 000,027,136 | ---- | M] () -- C:\Users\patricia\Documents\factura 131.xls
[2010/10/20 12:31:00 | 000,021,504 | ---- | M] () -- C:\Users\patricia\Documents\factura 130.xls
[2010/10/14 16:40:20 | 000,029,184 | ---- | M] () -- C:\Users\patricia\Documents\factura 125.xls
[2010/10/14 16:39:38 | 000,029,184 | ---- | M] () -- C:\Users\patricia\Documents\factura 129.xls
[2010/10/14 09:28:20 | 000,417,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/12 16:24:22 | 000,021,504 | ---- | M] () -- C:\Users\patricia\Documents\invoice 120.xls
[2010/10/12 13:24:17 | 000,000,960 | ---- | M] () -- C:\Users\patricia\Desktop\Spotify.lnk
[2010/10/12 12:46:47 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/12 12:40:26 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/07 23:41:35 | 000,021,504 | ---- | M] () -- C:\Users\patricia\Documents\factura 119.xls
[2010/10/07 23:37:51 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 16:44:58 | 000,029,696 | ---- | M] () -- C:\Users\patricia\Documents\factura 121.xls
[2010/10/04 22:38:37 | 000,029,696 | ---- | M] () -- C:\Users\patricia\Documents\factura 7410.xls

========== Files Created - No Company Name ==========

[2010/10/26 21:15:57 | 000,027,136 | ---- | C] () -- C:\Users\patricia\Documents\factura 132.xls
[2010/10/26 20:26:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/26 20:26:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/26 20:26:41 | 000,084,992 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/26 20:26:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/26 20:26:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/26 20:23:20 | 003,892,841 | R--- | C] () -- C:\Users\patricia\Desktop\ComboFix.exe
[2010/10/24 10:49:05 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/24 01:08:44 | 000,000,262 | ---- | C] () -- C:\Users\patricia\Documents\cc_20101024_010840.reg
[2010/10/24 01:02:49 | 000,000,644 | ---- | C] () -- C:\Users\patricia\Documents\cc_20101024_010245.reg
[2010/10/24 00:55:25 | 000,198,008 | ---- | C] () -- C:\Users\patricia\Documents\cc_20101024_005512.reg
[2010/10/24 00:53:37 | 000,000,976 | ---- | C] () -- C:\Users\patricia\Desktop\CCleaner.lnk
[2010/10/21 22:02:57 | 000,000,000 | ---- | C] () -- C:\Users\patricia\defogger_reenable
[2010/10/21 16:10:57 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/20 22:02:13 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 19:41:19 | 000,000,006 | ---- | C] () -- C:\Users\patricia\AppData\Roaming\start
[2010/10/20 19:40:05 | 000,000,006 | ---- | C] () -- C:\Users\patricia\AppData\Roaming\completescan
[2010/10/20 19:32:08 | 000,000,010 | ---- | C] () -- C:\Users\patricia\AppData\Roaming\install
[2010/10/20 12:37:40 | 000,027,136 | ---- | C] () -- C:\Users\patricia\Documents\factura 131.xls
[2010/10/20 12:30:59 | 000,021,504 | ---- | C] () -- C:\Users\patricia\Documents\factura 130.xls
[2010/10/14 16:40:19 | 000,029,184 | ---- | C] () -- C:\Users\patricia\Documents\factura 125.xls
[2010/10/14 16:39:37 | 000,029,184 | ---- | C] () -- C:\Users\patricia\Documents\factura 129.xls
[2010/10/12 13:24:17 | 000,000,960 | ---- | C] () -- C:\Users\patricia\Desktop\Spotify.lnk
[2010/10/12 12:46:47 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/12 12:40:26 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/07 23:37:51 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 16:49:40 | 000,029,696 | ---- | C] () -- C:\Users\patricia\Documents\factura 122.xls
[2010/10/06 16:44:57 | 000,029,696 | ---- | C] () -- C:\Users\patricia\Documents\factura 121.xls
[2010/10/04 22:38:37 | 000,029,696 | ---- | C] () -- C:\Users\patricia\Documents\factura 7410.xls
[2010/06/01 12:03:04 | 000,004,608 | ---- | C] () -- C:\Users\patricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 03:28:42 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/24 03:28:41 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/01/24 03:28:32 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/24 03:28:32 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/24 03:28:29 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/23 20:06:54 | 000,000,000 | ---- | C] () -- C:\Users\patricia\AppData\Roaming\wklnhst.dat
[2009/10/07 01:36:06 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/09/07 06:28:25 | 000,045,056 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2009/09/07 06:27:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/04/28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SPCtl.dll

========== LOP Check ==========

[2010/01/25 14:55:52 | 000,000,000 | ---D | M] -- C:\Users\patricia\AppData\Roaming\FloodLightGames
[2010/01/23 19:57:51 | 000,000,000 | ---D | M] -- C:\Users\patricia\AppData\Roaming\GetRightToGo
[2010/10/12 13:29:21 | 000,000,000 | ---D | M] -- C:\Users\patricia\AppData\Roaming\Spotify
[2010/01/25 10:35:23 | 000,000,000 | ---D | M] -- C:\Users\patricia\AppData\Roaming\Telefónica Móviles
[2010/01/23 17:48:37 | 000,000,000 | ---D | M] -- C:\Users\patricia\AppData\Roaming\Toshiba
[2010/01/24 22:28:51 | 000,000,000 | ---D | M] -- C:\Users\patricia\AppData\Roaming\WildTangent
[2009/07/14 06:53:46 | 000,022,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
PC seems to be running fine. I hope it´s cured!

Hi please do this:

Run OTL.exe

• Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [clearallrestorepoints]
  

  
  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• After rebooting, please post the OTL you are presented with on startup.

====



Clean up with OTL:

• Double-click OTL.exe to start the program.
  
• Close all other programs apart from OTL as this step will require a reboot
  
• On the OTL main screen, press the CLEANUP button
  
• Say Yes to the prompt and then allow the program to reboot your computer.
  

Let me know how it all goes

Hi Avatar,
this is theOTL run fix log:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: patricia
->Temp folder emptied: 9099074 bytes
->Temporary Internet Files folder emptied: 32749247 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20430298 bytes
->Google Chrome cache emptied: 73014527 bytes
->Flash cache emptied: 3263 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11673 bytes
RecycleBin emptied: 128241420 bytes

Total Files Cleaned = 251,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: patricia
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Error: Unable to interpret <[clearallrestorepoints> in the current context!

OTL by OldTimer - Version 3.2.17.1 log created on 10312010_112328

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

I´ll run cleanup next

Good how did the cleanup go?

Ok I guess, but OTL is now gone from my desktop, was that supposed to happen?