Exception Processing Message 0x0000013 Parameters\n0x000007FEFE037240

Hello,

I think my computer has caught a virus. Firstly a little aware window apered with the message of the title of this post and then a window from de "windows disk" program popups recomending defragmentation and scanning the computer finding some errors such as "RAM memory usage5 is critically high" "hard drive not found, missing hard drive" etc...so at first I tried to fix it performing the defragmentation, bur it didn't work and I'm prety sure it's because it is a virus....

I follow the instructions and scan with the OTL and these are de logs I got:

OTL.txt
OTL logfile created on: 08/02/2011 1:20:01 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = D:\Descargas
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 6,39 Gb Free Space | 6,55% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 591,00 Gb Free Space | 70,88% Space Free | Partition Type: NTFS

Computer Name: AMD | User Name: Shere | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/08 01:18:32 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\Descargas\OTL.com
PRC - [2011/02/06 23:20:19 | 000,377,344 | ---- | M] (WISC) -- C:\ProgramData\tC9V8DzayqP1v.exe
PRC - [2011/02/06 23:20:10 | 000,456,704 | ---- | M] (imgs) -- C:\ProgramData\aKJtNYcljCT.exe
PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/14 08:51:38 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/14 08:51:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 10:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/07/28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2008/09/05 13:55:58 | 000,894,192 | ---- | M] (AT&T Inc.) -- C:\Program Files (x86)\Interwise\Participant\pull.exe


========== Modules (SafeList) ==========

MOD - [2011/02/08 01:18:32 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\Descargas\OTL.com
MOD - [2011/01/21 10:16:59 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Archivos de programa\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/13 09:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/27 06:13:38 | 000,059,136 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 C2 22 14 AA 97 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/14 08:51:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/08 01:11:16 | 000,000,000 | ---D | M]

[2009/12/21 22:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shere\AppData\Roaming\mozilla\Extensions
[2010/09/12 10:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shere\AppData\Roaming\mozilla\Firefox\Profiles\hrybkxki.default\extensions
[2011/02/08 01:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010/04/11 19:25:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/02/08 01:11:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/08 01:11:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/16 16:57:36 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
[2010/07/16 16:57:36 | 000,000,751 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
[2010/07/16 16:57:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
[2010/07/16 16:57:36 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [aKJtNYcljCT.exe] C:\ProgramData\aKJtNYcljCT.exe (imgs)
O4 - HKCU..\Run: [tC9V8DzayqP1v] C:\ProgramData\tC9V8DzayqP1v.exe (WISC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/02/08 01:13:31 | 000,000,000 | ---D | C] -- C:\javara
[2011/02/08 01:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/02/08 01:11:16 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/02/08 01:11:16 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/02/08 01:11:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/02/08 01:11:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/02/08 01:11:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/02/06 23:43:47 | 000,000,000 | ---D | C] -- C:\Users\Shere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Disk
[2011/02/06 23:20:19 | 000,377,344 | ---- | C] (WISC) -- C:\ProgramData\tC9V8DzayqP1v.exe
[2011/02/06 23:20:17 | 000,422,400 | ---- | C] (imgs) -- C:\ProgramData\GAOGyDMbrSM.dll
[2011/02/06 23:20:16 | 000,456,704 | ---- | C] (imgs) -- C:\ProgramData\aKJtNYcljCT.exe
[2011/01/20 21:32:06 | 000,237,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/01/12 22:45:33 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/12 22:45:33 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/12 16:59:50 | 000,000,000 | ---D | C] -- D:\Escritorio\docus asamblea asbiomad 14 enero agrupados y corregidos

========== Files - Modified Within 30 Days ==========

[2011/02/08 01:13:32 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/08 01:13:32 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/08 01:11:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/02/08 01:11:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/02/08 01:11:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/02/08 01:11:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/02/08 01:05:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3371449768-3312462355-1415685752-1000UA.job
[2011/02/08 00:15:34 | 000,000,264 | ---- | M] () -- C:\ProgramData\~tC9V8DzayqP1v
[2011/02/08 00:15:34 | 000,000,144 | ---- | M] () -- C:\ProgramData\~tC9V8DzayqP1vr
[2011/02/08 00:15:21 | 000,422,400 | ---- | M] (imgs) -- C:\ProgramData\GAOGyDMbrSM.dll
[2011/02/08 00:13:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/08 00:13:18 | 1408,098,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/07 01:01:33 | 000,000,424 | ---- | M] () -- C:\ProgramData\tC9V8DzayqP1v
[2011/02/06 23:43:47 | 000,000,570 | ---- | M] () -- D:\Escritorio\Windows Disk.lnk
[2011/02/06 23:27:38 | 001,530,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/06 23:27:38 | 000,694,148 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2011/02/06 23:27:38 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/06 23:27:38 | 000,134,242 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2011/02/06 23:27:38 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/06 23:20:19 | 000,377,344 | ---- | M] (WISC) -- C:\ProgramData\tC9V8DzayqP1v.exe
[2011/02/06 23:20:10 | 000,456,704 | ---- | M] (imgs) -- C:\ProgramData\aKJtNYcljCT.exe
[2011/02/03 02:13:33 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3371449768-3312462355-1415685752-1000Core.job
[2011/01/28 01:01:00 | 000,290,293 | ---- | M] () -- D:\Escritorio\PROYECTOS_SUSCEPTIBLES_AYUDAS_FPI_2011.pdf
[2011/01/20 23:12:56 | 000,356,309 | ---- | M] () -- D:\Escritorio\PISOS.pdf
[2011/01/20 23:12:49 | 000,019,914 | ---- | M] () -- D:\Escritorio\PISOS.docx
[2011/01/20 21:32:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/01/17 23:18:15 | 020,227,552 | ---- | M] () -- D:\Escritorio\Resultados Enero 2011.pptx
[2011/01/15 01:08:05 | 000,617,340 | ---- | M] () -- D:\Escritorio\quiniela.jpg
[2011/01/13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/13 09:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/01/13 09:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/01/13 09:41:44 | 000,273,488 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/01/13 09:40:20 | 000,051,792 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/01/13 09:37:34 | 000,029,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/01/13 09:37:23 | 000,062,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/01/13 09:37:12 | 000,020,560 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/01/10 17:11:28 | 000,013,769 | ---- | M] () -- D:\Escritorio\Ensayos clínicos MSCs and immunology.docx
[2011/01/10 01:17:29 | 000,011,845 | ---- | M] () -- D:\Escritorio\CUMPLE CASAS RURALES.docx
[2011/01/10 00:23:27 | 000,099,732 | ---- | M] () -- D:\Escritorio\CUMPLE CASAS RURALES.pdf

========== Files Created - No Company Name ==========

[2011/02/06 23:43:49 | 000,000,264 | ---- | C] () -- C:\ProgramData\~tC9V8DzayqP1v
[2011/02/06 23:43:49 | 000,000,144 | ---- | C] () -- C:\ProgramData\~tC9V8DzayqP1vr
[2011/02/06 23:43:47 | 000,000,570 | ---- | C] () -- D:\Escritorio\Windows Disk.lnk
[2011/02/06 23:43:43 | 000,000,424 | ---- | C] () -- C:\ProgramData\tC9V8DzayqP1v
[2011/01/28 01:01:00 | 000,290,293 | ---- | C] () -- D:\Escritorio\PROYECTOS_SUSCEPTIBLES_AYUDAS_FPI_2011.pdf
[2011/01/16 16:38:08 | 020,227,552 | ---- | C] () -- D:\Escritorio\Resultados Enero 2011.pptx
[2011/01/15 03:28:39 | 000,356,309 | ---- | C] () -- D:\Escritorio\PISOS.pdf
[2011/01/15 02:27:21 | 000,019,914 | ---- | C] () -- D:\Escritorio\PISOS.docx
[2011/01/15 01:07:58 | 000,617,340 | ---- | C] () -- D:\Escritorio\quiniela.jpg
[2011/01/10 16:45:57 | 000,013,769 | ---- | C] () -- D:\Escritorio\Ensayos clínicos MSCs and immunology.docx
[2011/01/10 00:23:26 | 000,099,732 | ---- | C] () -- D:\Escritorio\CUMPLE CASAS RURALES.pdf
[2011/01/09 23:31:10 | 000,011,845 | ---- | C] () -- D:\Escritorio\CUMPLE CASAS RURALES.docx
[2010/04/11 19:29:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/30 17:16:08 | 000,000,096 | RHS- | C] () -- C:\Users\Shere\AppData\Roaming\setup.ini
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/01/13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/21 17:39:31 | 000,000,221 | -HS- | M] () -- C:\Users\Shere\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/12/14 08:51:37 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2010/12/14 08:51:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2010/12/14 08:51:38 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2010/12/14 08:51:38 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/14 09:13:52 | 000,000,402 | -HS- | M] () -- C:\Users\Shere\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/02/06 23:20:10 | 000,456,704 | ---- | M] (imgs) -- C:\ProgramData\aKJtNYcljCT.exe
[2011/02/08 00:15:21 | 000,422,400 | ---- | M] (imgs) -- C:\ProgramData\GAOGyDMbrSM.dll
[2011/02/07 01:01:33 | 000,000,424 | ---- | M] () -- C:\ProgramData\tC9V8DzayqP1v
[2011/02/06 23:20:19 | 000,377,344 | ---- | M] (WISC) -- C:\ProgramData\tC9V8DzayqP1v.exe
[2011/02/08 00:15:34 | 000,000,264 | ---- | M] () -- C:\ProgramData\~tC9V8DzayqP1v
[2011/02/08 00:15:34 | 000,000,144 | ---- | M] () -- C:\ProgramData\~tC9V8DzayqP1vr

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2011/02/08 00:13:18 | 1408,098,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/08 00:13:20 | 1877,467,136 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/05/08 13:56:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/02/08 01:11:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/03/23 00:06:11 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/12/17 17:31:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/01/21 15:42:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Interwise
[2011/02/08 01:11:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/01/25 19:57:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JDownloader
[2009/12/22 17:21:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee Security Scan
[2009/12/21 17:55:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2009/12/21 17:55:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2009/12/21 17:51:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009/12/21 17:55:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2009/12/21 17:55:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/12/14 08:51:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/12/21 17:55:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/01/01 17:53:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2009/07/14 06:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/04/11 19:25:42 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2009/12/24 13:43:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SMPlayer
[2009/12/22 22:15:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spotify
[2009/07/14 05:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/07/14 10:30:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/12/17 17:31:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/10/15 08:20:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 06:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/14 10:30:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 06:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/14 10:30:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/01/06 17:53:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR

< %appdata%\*.* >
[2009/12/30 17:16:08 | 000,000,096 | RHS- | M] () -- C:\Users\Shere\AppData\Roaming\setup.ini


< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/14 02:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/14 02:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 02:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/14 01:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysNative\drivers\USBSTOR.SYS
[2009/07/14 01:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysNative\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/14 01:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Extras.txt

OTL Extras logfile created on: 08/02/2011 1:20:01 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = D:\Descargas
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 6,39 Gb Free Space | 6,55% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 591,00 Gb Free Space | 70,88% Space Free | Partition Type: NTFS

Computer Name: AMD | User Name: Shere | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{30120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007 (Beta)
"{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00B2-0C0A-0000-0000000FF1CE}" = Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{AC76BA86-7AD7-1034-7B44-A93000000001}" = Adobe Reader 9.3.4 - Español
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ares" = Ares 2.1.2
"ARES 3.1" = ARES 3.1
"AT&T Connect Participant" = AT&T Connect Participant
"avast5" = avast! Free Antivirus
"eMule" = eMule
"EMULE 0.49c" = EMULE 0.49c
"ENTERPRISE" = Microsoft Office Enterprise 2007
"JDownloader" = JDownloader
"McAfee Security Scan" = McAfee Security Scan
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"SMPlayer" = SMPlayer 0.6.8
"Spotify" = Spotify
"WinRAR archiver" = Compresor WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/01/2011 20:48:21 | Computer Name = AMD | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente:
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de tiempo en el archivo firmado. .

Error - 22/01/2011 20:48:21 | Computer Name = AMD | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente:
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de tiempo en el archivo firmado. .

Error - 23/01/2011 8:25:20 | Computer Name = AMD | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente:
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de tiempo en el archivo firmado. .

Error - 23/01/2011 8:25:20 | Computer Name = AMD | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente:
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de tiempo en el archivo firmado. .

Error - 23/01/2011 8:25:21 | Computer Name = AMD | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente:
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de tiempo en el archivo firmado. .

Error - 23/01/2011 8:25:21 | Computer Name = AMD | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente:
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de tiempo en el archivo firmado. .

Error - 02/02/2011 13:51:41 | Computer Name = AMD | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente:
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de tiempo en el archivo firmado. .

Error - 02/02/2011 13:51:41 | Computer Name = AMD | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente:
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de tiempo en el archivo firmado. .

Error - 02/02/2011 14:47:10 | Computer Name = AMD | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente:
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de tiempo en el archivo firmado. .

Error - 02/02/2011 14:47:10 | Computer Name = AMD | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Error en la extracción de la lista raíz de terceros del archivo .CAB
actualizado automáticamente:
con el error: Un certificado requerido no se encuentra dentro del periodo de validez
cuando se ha realizado la comprobación con el reloj de sistema actual o con la
marca de tiempo en el archivo firmado. .

[ System Events ]
Error - 17/07/2010 19:56:24 | Computer Name = AMD | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 18/07/2010 4:01:45 | Computer Name = AMD | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 18/07/2010 8:06:03 | Computer Name = AMD | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 18/07/2010 9:57:33 | Computer Name = AMD | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 19/07/2010 16:53:44 | Computer Name = AMD | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 19/07/2010 16:53:44 | Computer Name = AMD | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 20/07/2010 3:03:46 | Computer Name = AMD | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 20/07/2010 3:03:46 | Computer Name = AMD | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 20/07/2010 19:13:05 | Computer Name = AMD | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 20/07/2010 19:13:05 | Computer Name = AMD | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Thank you for the fast answer!!!!!

I couldn't do the part of "Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel" because It just ran without letting me click or paste anything.....I don't know what I did wrong....but doing so, I got this log:


ComboFix 11-02-08.02 - Shere 09/02/2011 0:14.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.34.3082.18.1790.798 [GMT 1:00]
Running from: d:\descargas\commy.exe.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Shere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Disk
c:\users\Shere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Disk\Uninstall Windows Disk.lnk
c:\users\Shere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Disk\Windows Disk.lnk
c:\windows\7Loader.TAG
d:\escritorio\Windows Disk.lnk

.
((((((((((((((((((((((((( Files Created from 2011-01-08 to 2011-02-08 )))))))))))))))))))))))))))))))
.

2011-02-08 23:18 . 2011-02-08 23:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-08 00:13 . 2011-02-08 00:13 -------- d-----w- C:\javara
2011-02-08 00:11 . 2011-02-08 00:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-02-08 00:11 . 2011-02-08 00:11 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-08 00:11 . 2011-02-08 00:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-08 00:11 . 2011-02-08 00:11 -------- d-----w- c:\program files (x86)\Java
2011-02-06 22:20 . 2011-02-08 07:02 422400 ----a-w- c:\programdata\GAOGyDMbrSM.dll
2011-01-20 20:32 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-12 21:45 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 21:45 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 21:45 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 21:45 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 21:45 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 21:45 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 21:45 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 21:45 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 21:45 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 21:45 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-08-13 18:52 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-02-02 11:04 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-01-13 08:41 . 2010-02-02 11:05 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-02-02 11:05 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-02-02 11:05 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-02-02 11:05 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-02-02 11:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-16 11:01 . 2010-12-06 09:17 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86850D0A-DA98-4365-B1E4-CB158320C153}\mpengine.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"Google Update"="c:\users\Shere\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-31 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-23 113664]
McAfee Security Scan.lnk - c:\program files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
Push Client.LNK - c:\program files (x86)\Interwise\Participant\pull.exe [2010-1-21 894192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [2008-05-27 59136]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1255736]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
S3 RTL8167;Controlador NT de Realtek 8167;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.
Contents of the 'Scheduled Tasks' folder

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3371449768-3312462355-1415685752-1000Core.job
- c:\users\Shere\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-31 01:00]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3371449768-3312462355-1415685752-1000UA.job
- c:\users\Shere\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-31 01:00]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Shere\AppData\Roaming\Mozilla\Firefox\Profiles\hrybkxki.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-aKJtNYcljCT.exe - c:\programdata\aKJtNYcljCT.exe
Wow6432Node-HKCU-Run-tC9V8DzayqP1v - c:\programdata\tC9V8DzayqP1v.exe
AddRemove-Ares - c:\program files (x86)\Ares\uninstall.exe
AddRemove-ARES 3.1 - c:\program files (x86)\tododownloads.com\ARES\Uninstall.exe
AddRemove-eMule - c:\program files (x86)\eMule\Uninstall.exe
AddRemove-EMULE 0.49c - c:\program files (x86)\tododownloads.com\EMULE\Uninstall.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2011-02-09 00:25:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-08 23:25

Pre-Run: 6.615.662.592 bytes libres
Post-Run: 6.610.186.240 bytes libres

- - End Of File - - D59B42F0F4D2D0682F1B6A87C420F347

Hi,

How is the machine running now?

Hi!

It is working aparently properly, I'm not suffering from popups with extrange messages anymore But I've not been using it much, If I have any problen in the next days, I tell you.

THANK YOU SO SO SO SO MUCH!

Hi,

Let's run this as one last check:

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log

I had a troyan, but it's already removed

THANKS A LOT!

This is the log MBAM produced:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versión de la Base de Datos: 5742

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/02/2011 19:52:58
mbam-log-2011-02-11 (19-52-58).txt

Tipos de Análisis: Análisis Rápido
Objetos examinados: 160224
Tiempo transcurrido: 2 minuto(s), 28 segundo(s)

Procesos en Memoria Infectados: 0
Módulos de Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Archivos Infectados: 1

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos de Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Archivos Infectados:
c:\programdata\gaogydmbrsm.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Awesome. How is it running now?

It is running perfectly!!!!

Great to hear!!

Congratulations!! Your PC is all clean!
To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

There are many things you can do to keep this from happening again. You can think of a computer like a car. It requires basic maintenance to keep in tip top shape and ready to go. Would you drive your car 100,000 miles without changing the oil? The same principle applies here.

Cleaning

Now that your PC is free of malware, it is important to clean up your PC. There are several good free cleaners available. You should make sure to clean up your temp files regularly, at least once a week.

ATF Cleaner
CCleaner

Defragmenting Your Hard Disk

Over time your PC can become fragmented, Windows comes with a defragmenting utility, however, it is very slow, and there are other options available.

To use the defragmenter included with Windows either go to Start/Run and type dfrg.msc, hit enter; or
right-click My Computer, choose Manage, Storage, Disk Defragmenter.

In the Defragmenter utility, select your main partition/HD, generally C:\ and select analyze . The analysis report will tell you whether or not your disk needs to be defragmented, if it does, click defragment. Be patient, this can take a long time.

Repeat for multiple partitions/hard disks.

System Restore Cleanup Instructions

If you are using Windows ME or XP then it is good to disable and re-enable system restore to make sure there are no infected files left in a restore point. (All restore points will be deleted that way)
You can find instructions on how to disable and re-enable system restore here:

Windows ME System Restore Guide

Windows XP System Restore Guide

Reading Tip:
Computer Health
Keep Your System Updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately, if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update

Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

1. Go to Start > Control Panel > Automatic Updates
2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
2. Never open emails from unknown senders.
3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These are called hoaxes. The email addresses used in the hoaxes can be easily spoofed. Check the antivirus vendor websites to be sure.
4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Surf safely

Many security exploits on websites are directed to users of Internet Explorer and Firefox.

If you use Firefox, try the No-script Add On - which, by default, disables all scripts on all websites. If you trust the website, you can manually allow scripts to work.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft Article to learn how to backup. Follow This Article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. Examples of these can be found at
Bleeping Computer

Avoid P2P

I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Prevent A Re-infection

1. Winpatrol

Winpatrol is a heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features Here

You can get a Free Copy of Winpatrol or use the Plus Version for more features.

You can read Win Patrol FAQ if you run into problems.

2. Hosts File

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:
MVPS Hosts File
Blue Tack’s Hosts File
Blue Tack’s Hosts Manager

3. Spybot Search and Destroy

Spybot Search & Destroy is another program for scanning spyware and adware. You are strongly encouraged to run a scan at least once per week.

Spybot Search & Destroy can be downloaded from here.

If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

4. SiteHound Toolbar

SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spyware or other questionable content. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

====

Stand Up and Be Counted ---> Malware Complaints<--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
============================================================
See this page for more info about malware and prevention.
Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site.
Before the thread is archived, do you have any more questions?

Happy surfing and stay clean!

I can't uninstall combofix, when I open it, it just runs and begin to scan..... no window is opened with the option "run", so I cannot type the "uninstall" thing.... :S

I have created a document and copy paste all the advices you gave me, so that I can do it properly from now on

Run is accessed via Start>Search and typing ComboFix /uninstall in Vista.

Sorry I've been out this weekend...

I have Windows 7, not Vista :S

Anyway, I tried to find it in Start>search> ComboFix/ uninstall...or...ComboFix....or...Uninstall...and I didn't get any "positive" result

Do you think I can just eliminate it??? Is it so important? Is it going to interere with the usual computer working???

Sorry for being so boring, I'm not even able to uninstall a program....

Hi,

Yes. It's imperative we remove it. Are you going in to Start>Search and typing it? like so:

ComboFix /uninstall (note the space)

Yes, with the space and capital leters and everything and I get nothing...

I guess I did something wrong at any moment of the process...

"Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel"

This is the only thing I couldn't do when I install it....It maybe has something to do....

Can you double click it and just run it normally?

Yes....infact, It is what happened the first time I installed and ran it....

Did it generate a logfile?

Yes, It did, and when I ran it again it generated the following log and eliminated some of the programs of my desktop....I think I shouldn't have done it...

ComboFix 11-02-17.02 - Shere 18/02/2011 20:06:25.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.34.3082.18.1790.1042 [GMT 1:00]
Running from: d:\descargas\ComboFix.exe.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Desktop

.
((((((((((((((((((((((((( Files Created from 2011-01-18 to 2011-02-18 )))))))))))))))))))))))))))))))
.

2011-02-18 19:08 . 2011-02-18 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-11 18:49 . 2011-02-11 18:49 -------- d-----w- c:\users\Shere\AppData\Roaming\Malwarebytes
2011-02-11 18:48 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-11 18:48 . 2011-02-11 18:48 -------- d-----w- c:\programdata\Malwarebytes
2011-02-11 18:48 . 2011-02-11 18:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-11 18:48 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-08 00:13 . 2011-02-08 00:13 -------- d-----w- C:\javara
2011-02-08 00:11 . 2011-02-08 00:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-02-08 00:11 . 2011-02-08 00:11 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-08 00:11 . 2011-02-08 00:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-08 00:11 . 2011-02-08 00:11 -------- d-----w- c:\program files (x86)\Java
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-20 20:32 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-08-13 18:52 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-02-02 11:04 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-01-13 08:41 . 2010-02-02 11:05 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-02-02 11:05 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-02-02 11:05 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-02-02 11:05 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-02-02 11:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.

((((((((((((((((((((((((((((( SnapShot@2011-02-08_23.22.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-12-16 23:38 . 2010-11-04 05:49 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-02-10 16:35 . 2010-12-18 05:30 67072 c:\windows\SysWOW64\mshtmled.dll
- 2010-12-16 23:38 . 2010-11-04 05:46 12800 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-02-10 16:35 . 2010-12-18 05:26 12800 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-02-10 16:35 . 2010-12-18 05:30 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2010-12-16 23:38 . 2010-11-04 05:49 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2010-12-16 23:38 . 2010-11-04 05:52 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-02-10 16:35 . 2010-12-18 05:32 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-02-10 16:35 . 2010-12-18 05:29 44544 c:\windows\SysWOW64\licmgr10.dll
- 2010-12-16 23:38 . 2010-11-04 05:48 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2011-02-10 16:35 . 2010-12-18 05:29 48128 c:\windows\SysWOW64\jsproxy.dll
- 2010-12-16 23:38 . 2010-11-04 05:48 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2009-07-14 04:54 . 2011-02-18 19:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-02-08 23:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-02-18 19:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-08 23:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-18 19:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-08 23:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-16 23:39 . 2010-10-20 04:54 34304 c:\windows\SysWOW64\atmlib.dll
+ 2011-02-10 16:35 . 2011-01-07 07:27 34304 c:\windows\SysWOW64\atmlib.dll
+ 2009-07-14 00:21 . 2009-07-14 01:41 88064 c:\windows\system32\WpdMtpUS.dll
+ 2009-12-21 17:21 . 2011-02-17 15:55 25628 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-18 18:24 32508 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-21 16:25 . 2011-02-18 18:24 27134 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3371449768-3312462355-1415685752-1000_UserData.bin
+ 2011-02-10 16:35 . 2010-12-18 06:12 97280 c:\windows\system32\mshtmled.dll
- 2010-12-16 23:38 . 2010-11-04 06:32 97280 c:\windows\system32\mshtmled.dll
+ 2011-02-10 16:35 . 2010-12-18 06:08 12288 c:\windows\system32\msfeedssync.exe
- 2010-12-16 23:38 . 2010-11-04 06:28 12288 c:\windows\system32\msfeedssync.exe
- 2010-12-16 23:38 . 2010-11-04 06:32 82944 c:\windows\system32\msfeedsbs.dll
+ 2011-02-10 16:35 . 2010-12-18 06:12 82944 c:\windows\system32\msfeedsbs.dll
+ 2011-02-10 16:35 . 2010-12-18 06:15 95232 c:\windows\system32\migration\WininetPlugin.dll
- 2010-12-16 23:38 . 2010-11-04 06:35 95232 c:\windows\system32\migration\WininetPlugin.dll
- 2010-12-16 23:38 . 2010-11-04 06:31 57856 c:\windows\system32\licmgr10.dll
+ 2011-02-10 16:35 . 2010-12-18 06:11 57856 c:\windows\system32\licmgr10.dll
- 2010-12-16 23:38 . 2010-11-04 06:31 64512 c:\windows\system32\jsproxy.dll
+ 2011-02-10 16:35 . 2010-12-18 06:11 64512 c:\windows\system32\jsproxy.dll
- 2009-07-14 05:30 . 2010-03-13 16:23 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-02-12 09:44 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 00:06 . 2009-07-14 00:06 40448 c:\windows\system32\drivers\winusb.sys
+ 2009-12-21 23:17 . 2011-02-17 17:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-21 23:17 . 2011-01-28 16:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-21 23:17 . 2011-01-28 16:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-21 23:17 . 2011-02-17 17:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-28 16:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-17 17:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-10 16:35 . 2011-01-07 08:06 46080 c:\windows\system32\atmlib.dll
- 2010-12-16 23:39 . 2010-10-20 05:20 46080 c:\windows\system32\atmlib.dll
+ 2009-12-21 16:39 . 2011-02-18 19:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-21 16:39 . 2011-02-08 23:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:46 . 2011-01-15 16:51 76600 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-02-11 19:00 76600 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-12-21 16:39 . 2011-02-08 23:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-21 16:39 . 2011-02-18 19:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-21 16:39 . 2011-02-08 23:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-21 16:39 . 2011-02-18 19:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-21 16:39 . 2011-02-08 23:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-21 16:39 . 2011-02-18 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-21 16:39 . 2011-02-08 23:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-21 16:39 . 2011-02-18 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-23 03:47 . 2010-09-23 03:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B7449A0400000010\9.4.0\reader_sl.exe
+ 2010-09-23 02:03 . 2010-09-23 02:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B7449A0400000010\9.4.0\eula.exe
+ 2010-09-23 01:52 . 2010-09-23 01:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B7449A0400000010\9.4.0\acrotextextractor.exe
+ 2010-09-22 17:12 . 2010-09-22 17:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B7449A0400000010\9.4.0\AcroRd32Info.exe
+ 2011-02-18 19:09 . 2011-02-18 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-08 23:21 . 2011-02-08 23:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-08 23:21 . 2011-02-08 23:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-18 19:09 . 2011-02-18 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-10 16:35 . 2010-12-18 05:32 981504 c:\windows\SysWOW64\wininet.dll
+ 2011-02-10 16:35 . 2011-01-05 05:37 428032 c:\windows\SysWOW64\vbscript.dll
- 2010-12-16 23:39 . 2010-11-04 05:49 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-02-10 16:35 . 2010-12-18 05:30 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-02-10 16:35 . 2010-12-18 05:30 599040 c:\windows\SysWOW64\msfeeds.dll
- 2010-12-16 23:38 . 2010-11-04 05:49 599040 c:\windows\SysWOW64\msfeeds.dll
- 2009-07-13 23:35 . 2009-07-14 01:15 541184 c:\windows\SysWOW64\kerberos.dll
+ 2011-02-10 16:35 . 2010-12-18 05:29 541184 c:\windows\SysWOW64\kerberos.dll
- 2010-02-24 19:44 . 2009-12-02 08:17 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-02-10 16:35 . 2011-01-05 05:34 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-02-10 16:35 . 2010-12-18 05:29 176640 c:\windows\SysWOW64\ieui.dll
- 2010-12-16 23:38 . 2010-11-04 05:48 176640 c:\windows\SysWOW64\ieui.dll
- 2010-12-16 23:38 . 2010-11-04 05:48 185856 c:\windows\SysWOW64\iepeers.dll
+ 2011-02-10 16:35 . 2010-12-18 05:29 185856 c:\windows\SysWOW64\iepeers.dll
- 2010-12-16 23:38 . 2010-11-04 05:48 381440 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-02-10 16:35 . 2010-12-18 05:29 381440 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-02-10 16:35 . 2011-01-07 05:33 294400 c:\windows\SysWOW64\atmfd.dll
- 2010-12-16 23:39 . 2010-10-20 02:58 294400 c:\windows\SysWOW64\atmfd.dll
+ 2009-07-14 00:21 . 2009-07-14 01:41 297984 c:\windows\system32\WpdMtp.dll
+ 2009-12-22 15:21 . 2011-02-17 18:27 231186 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2010-04-15 23:34 . 2010-03-08 21:59 612352 c:\windows\system32\vbscript.dll
+ 2011-02-10 16:35 . 2011-01-05 06:20 612352 c:\windows\system32\vbscript.dll
+ 2009-07-14 09:31 . 2011-02-12 09:34 694148 c:\windows\system32\perfh00A.dat
- 2009-07-14 09:31 . 2011-02-06 22:27 694148 c:\windows\system32\perfh00A.dat
+ 2009-07-14 02:36 . 2011-02-12 09:34 606992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-02-06 22:27 606992 c:\windows\system32\perfh009.dat
+ 2009-07-14 09:31 . 2011-02-12 09:34 134242 c:\windows\system32\perfc00A.dat
- 2009-07-14 09:31 . 2011-02-06 22:27 134242 c:\windows\system32\perfc00A.dat
+ 2009-07-14 02:36 . 2011-02-12 09:34 103370 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-02-06 22:27 103370 c:\windows\system32\perfc009.dat
- 2010-12-16 23:38 . 2010-11-04 06:32 703488 c:\windows\system32\msfeeds.dll
+ 2011-02-10 16:35 . 2010-12-18 06:12 703488 c:\windows\system32\msfeeds.dll
+ 2011-02-10 16:35 . 2010-12-18 06:11 714752 c:\windows\system32\kerberos.dll
- 2010-02-24 19:44 . 2009-12-02 09:15 852480 c:\windows\system32\jscript.dll
+ 2011-02-10 16:35 . 2011-01-05 06:16 852480 c:\windows\system32\jscript.dll
- 2010-12-16 23:38 . 2010-11-04 06:31 247808 c:\windows\system32\ieui.dll
+ 2011-02-10 16:35 . 2010-12-18 06:11 247808 c:\windows\system32\ieui.dll
+ 2011-02-10 16:35 . 2010-12-18 06:11 256000 c:\windows\system32\iepeers.dll
- 2010-12-16 23:38 . 2010-11-04 06:31 256000 c:\windows\system32\iepeers.dll
- 2010-12-16 23:38 . 2010-11-04 06:31 445952 c:\windows\system32\iedkcs32.dll
+ 2011-02-10 16:35 . 2010-12-18 06:11 445952 c:\windows\system32\iedkcs32.dll
- 2009-07-14 04:45 . 2010-12-17 16:32 425912 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-02-11 18:33 425912 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2011-02-12 09:44 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2010-03-13 16:23 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2011-02-10 16:35 . 2011-01-07 05:49 366080 c:\windows\system32\atmfd.dll
+ 2010-09-22 17:10 . 2010-09-22 17:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B7449A0400000010\9.4.0\nppdf32.dll
+ 2010-09-10 17:17 . 2010-09-10 17:17 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B7449A0400000010\9.4.0\JP2KLib.dll
+ 2010-09-22 19:41 . 2010-09-22 19:41 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B7449A0400000010\9.4.0\AdobeCollabSync.exe
+ 2010-09-23 03:47 . 2010-09-23 03:47 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B7449A0400000010\9.4.0\AcroRd32.exe
+ 2010-09-22 17:04 . 2010-09-22 17:04 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B7449A0400000010\9.4.0\AcroPDF.dll
+ 2010-09-22 18:39 . 2010-09-22 18:39 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B7449A0400000010\9.4.0\acrobroker.exe
+ 2010-09-22 17:50 . 2010-09-22 17:50 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B7449A0400000010\9.4.0\a3dutility.exe
+ 2011-02-10 16:35 . 2010-12-18 05:32 1228288 c:\windows\SysWOW64\urlmon.dll
+ 2011-02-10 16:35 . 2010-10-27 04:43 3901824 c:\windows\SysWOW64\ntoskrnl.exe
+ 2011-02-10 16:35 . 2010-10-27 04:43 3957120 c:\windows\SysWOW64\ntkrnlpa.exe
+ 2011-02-10 16:35 . 2010-10-27 04:40 1293120 c:\windows\SysWOW64\ntdll.dll
+ 2011-02-10 16:35 . 2010-12-18 05:30 5980672 c:\windows\SysWOW64\mshtml.dll
+ 2011-02-10 16:35 . 2010-12-18 05:29 2063360 c:\windows\SysWOW64\iertutil.dll
- 2010-12-16 23:39 . 2010-11-04 05:48 2063360 c:\windows\SysWOW64\iertutil.dll
+ 2011-02-10 16:35 . 2010-12-18 06:15 1197056 c:\windows\system32\wininet.dll
+ 2011-02-10 16:35 . 2011-01-05 04:00 3127808 c:\windows\system32\win32k.sys
+ 2011-02-10 16:35 . 2010-12-18 06:15 1498112 c:\windows\system32\urlmon.dll
+ 2011-02-10 16:35 . 2010-10-27 05:18 5510528 c:\windows\system32\ntoskrnl.exe
+ 2011-02-10 16:35 . 2010-10-27 05:16 1739176 c:\windows\system32\ntdll.dll
- 2010-12-16 23:39 . 2010-11-04 06:32 1026560 c:\windows\system32\mstime.dll
+ 2011-02-10 16:35 . 2010-12-18 06:12 1026560 c:\windows\system32\mstime.dll
+ 2011-02-10 16:35 . 2010-12-18 06:12 9302528 c:\windows\system32\mshtml.dll
+ 2011-02-10 16:35 . 2010-12-18 06:11 2447872 c:\windows\system32\iertutil.dll
- 2010-12-16 23:39 . 2010-11-04 06:31 2447872 c:\windows\system32\iertutil.dll
+ 2009-07-14 00:22 . 2009-07-14 01:41 1195008 c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
- 2009-07-14 04:45 . 2011-01-15 00:00 3606945 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-02-11 18:33 3606945 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-09-22 17:05 . 2010-09-22 17:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B7449A0400000010\9.4.0\rt3d.dll
+ 2010-09-16 02:08 . 2010-09-16 02:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B7449A0400000010\9.4.0\authplay.dll
+ 2010-06-19 16:51 . 2010-06-19 16:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B7449A0400000010\9.4.0\AGM.dll
- 2010-12-16 23:39 . 2010-11-04 05:48 10989056 c:\windows\SysWOW64\ieframe.dll
+ 2011-02-10 16:35 . 2010-12-18 05:29 10989056 c:\windows\SysWOW64\ieframe.dll
+ 2009-07-14 02:34 . 2011-02-18 18:36 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-05-23 11:38 . 2011-02-11 00:23 39403464 c:\windows\system32\MRT.exe
+ 2011-02-10 16:35 . 2010-12-18 06:11 12369408 c:\windows\system32\ieframe.dll
- 2010-12-16 23:39 . 2010-11-04 06:31 12369408 c:\windows\system32\ieframe.dll
+ 2011-01-31 10:45 . 2011-01-31 10:45 11135488 c:\windows\Installer\14aff.msp
+ 2010-09-23 13:28 . 2010-09-23 13:28 47506432 c:\windows\Installer\14a7f.msi
+ 2010-09-23 02:03 . 2010-09-23 02:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74301B7449A0400000010\9.4.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"Google Update"="c:\users\Shere\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-31 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-23 113664]
McAfee Security Scan.lnk - c:\program files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
Push Client.LNK - c:\program files (x86)\Interwise\Participant\pull.exe [2010-1-21 894192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [2008-05-27 59136]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1255736]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
S3 RTL8167;Controlador NT de Realtek 8167;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.
Contents of the 'Scheduled Tasks' folder

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3371449768-3312462355-1415685752-1000Core.job
- c:\users\Shere\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-31 01:00]

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3371449768-3312462355-1415685752-1000UA.job
- c:\users\Shere\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-31 01:00]
.

--------- x86-64 -----------

.
------- Supplementary Scan -------
.
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Shere\AppData\Roaming\Mozilla\Firefox\Profiles\hrybkxki.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2011-02-18 20:13:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-18 19:13
ComboFix2.txt 2011-02-08 23:25

Pre-Run: 62.701.449.216 bytes libres
Post-Run: 62.621.175.808 bytes libres

- - End Of File - - 6526AD3A909914168130785FA833D0D2

Hi,

All that looks good. How are things running?

Everytihng is running properly... some icons have disapear from the desktop, but the programs are in the start button so...I think everything's right.

Good to hear. Any more issues to speak of aside from shortcuts being gone?

I don't think so...
I guess ComboFix is not interfering with anything so I think I will leave it there and, if something happens in the future, we will see...unless you tell me something different.

It was a typo in ComboFix fixed on 18 February with an update that deleted your desktop shortcuts.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

Finally!!! I know what happens! I was typing "RUN" (in English) instead of "EJECUTAR" (in Spanish, which is my language and my PC's language)...so silly of me...

Ok, so I successfully uninstall ComboFix!!

Thank you very much for all your help and the information!
You and your partners are doing a great and precious job!

No problem. Glad to help.