Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

ayudenme q ya no soporto estas ventanas... me salen ventanas emergentes de publicidad y derepente las paginas q estoy utilizando se cambian solas a publicidad y es desesperante, les agradesco la ayuda.., tengo el nod 32 pero creo no me esta ayudando en nada cual me recomiendan?.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:03:55 a.m., on 27/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/webhp?hl=es
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [holdmore] "C:\ProgramData\Itch book book.etpmn"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DeskSpace] C:\Users\alexis\AppData\Roaming\DeskSpace\deskspac e.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

--
End of file - 9816 bytes

Hola omar0001, te doy la bienvenida al Foro de InfoSpyware.

Tu log de HijackThis esta libre de Malwares por lo que sugiero realizar lo siguiente:

Descarga, actualiza y ejecuta el programa:

• SUPERAntiSpyware

Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo combofix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
• Pega el reporte de ComboFix.txt en este mismo mensaje.

Reinicia y nos dejas los reportes.

Salu2

AHI ESTA , pero aun siguen las redireccionando a las paginas cid


ComboFix 07-12-28.1 - alexis 2007-12-28 1:50:31.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1012 [GMT -5:00]
Running from: C:\Users\alexis\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-28 00:12 . 2007-12-28 00:20 <DIR> d-------- C:\Users\alexis\copia de registro
2007-12-27 23:54 . 2007-12-27 23:54 <DIR> d-------- C:\Program Files\CCleaner
2007-12-27 23:51 . 2007-12-27 23:51 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2007-12-27 23:51 . 2007-12-27 23:51 <DIR> d-------- C:\Users\alexis\AppData\Roaming\SUPERAntiSpyware.c om
2007-12-27 23:51 . 2007-12-27 23:51 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2007-12-27 23:51 . 2007-12-27 23:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-27 01:51 . 2007-12-27 01:51 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 04:04 . 2007-12-24 04:04 <DIR> d-------- C:\Users\alexis\AppData\Roaming\Talkback
2007-12-24 04:04 . 2007-12-24 04:04 0 --a------ C:\Windows\nsreg.dat
2007-12-23 23:08 . 2007-12-23 23:08 <DIR> d-------- C:\Users\alexis\AppData\Roaming\J River
2007-12-23 23:00 . 2007-12-23 23:00 <DIR> d-------- C:\Program Files\J River
2007-12-23 23:00 . 2007-12-23 23:00 38 --a------ C:\Windows\System32\aaisolv.dll
2007-12-23 22:52 . 2007-12-23 22:52 <DIR> d-------- C:\Users\alexis\AppData\Roaming\Move Networks
2007-12-22 10:35 . 2007-12-22 10:35 <DIR> d-------- C:\Users\alexis\AppData\Roaming\OtakuSoftware
2007-12-22 10:35 . 2007-12-22 10:40 <DIR> d-------- C:\Users\alexis\AppData\Roaming\DeskSpace
2007-12-22 10:23 . 2007-12-22 10:51 <DIR> d-------- C:\Program Files\Hide The IP
2007-12-22 05:53 . 2007-12-25 20:59 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-12-22 05:15 . 2007-12-22 05:15 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-22 05:14 . 2007-12-22 05:15 <DIR> d-------- C:\Program Files\Common Files\Real
2007-12-22 05:13 . 2007-12-22 05:13 <DIR> d-------- C:\Users\All Users\Google
2007-12-22 04:29 . 2007-12-22 04:29 <DIR> d-------- C:\Users\alexis\Google Earth Pro v4.1.7087
2007-12-22 04:26 . 2007-12-25 21:56 <DIR> d-------- C:\Program Files\Google
2007-12-20 12:35 . 2007-12-20 12:35 <DIR> d-------- C:\Program Files\Ashampoo
2007-12-20 12:27 . 2007-12-20 12:27 <DIR> d-------- C:\Users\alexis\AppData\Roaming\Ashampoo
2007-12-20 12:05 . 2007-12-20 12:05 <DIR> d-------- C:\Users\All Users\ashampoo
2007-12-20 12:05 . 2007-12-20 12:05 <DIR> d-------- C:\ProgramData\ashampoo
2007-12-19 20:29 . 2007-12-20 02:35 <DIR> d-------- C:\Users\alexis\Shared
2007-12-19 19:23 . 2007-12-19 19:24 <DIR> d-------- C:\Users\alexis\AppData\Roaming\Roxio
2007-12-19 14:27 . 2007-12-19 14:27 <DIR> d-------- C:\Users\All Users\Adobe Systems
2007-12-19 14:27 . 2007-12-19 14:27 <DIR> d-------- C:\ProgramData\Adobe Systems
2007-12-19 14:21 . 2007-12-19 14:21 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-12-19 13:07 . 2007-05-16 09:41 29,704 --a------ C:\Windows\System32\uxtuneup.dll
2007-12-19 13:05 . 2007-12-27 23:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-19 12:48 . 2007-04-26 15:57 16,904 --a------ C:\Windows\System32\authuitu.dll
2007-12-19 12:45 . 2007-12-19 12:45 <DIR> d-------- C:\Users\alexis\AppData\Roaming\TuneUp Software
2007-12-19 12:45 . 2007-12-19 13:07 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2007-12-19 12:44 . 2007-12-19 13:07 <DIR> d-------- C:\Users\All Users\TuneUp Software
2007-12-19 12:44 . 2007-12-19 13:07 <DIR> d-------- C:\ProgramData\TuneUp Software
2007-12-17 16:06 . 2007-12-18 20:52 <DIR> d-------- C:\Users\All Users\Messenger Plus!
2007-12-17 16:06 . 2007-12-18 20:52 <DIR> d-------- C:\ProgramData\Messenger Plus!
2007-12-17 16:05 . 2007-12-25 21:56 <DIR> d-------- C:\Users\All Users\Time Dead Warn Default
2007-12-17 16:05 . 2007-12-25 21:56 <DIR> d-------- C:\ProgramData\Time Dead Warn Default
2007-12-17 16:04 . 2007-12-17 16:05 <DIR> d-------- C:\Users\All Users\RectSoftBurn
2007-12-17 16:04 . 2007-12-17 16:05 <DIR> d-------- C:\ProgramData\RectSoftBurn
2007-12-17 16:04 . 2007-12-17 16:04 <DIR> d-------- C:\Program Files\Circle Developement
2007-12-17 16:03 . 2007-12-17 16:04 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-12-17 11:20 . 2007-12-21 19:58 <DIR> d-------- C:\Users\alexis\Incomplete
2007-12-17 11:17 . 2007-12-26 14:29 <DIR> d-------- C:\Users\alexis\AppData\Roaming\LimeWire
2007-12-17 11:17 . 2007-12-17 11:17 <DIR> d-------- C:\Program Files\LimeWire
2007-12-17 10:13 . 2007-12-17 10:13 <DIR> d-------- C:\Program Files\DivX
2007-12-17 09:24 . 2007-12-27 11:38 16 --a------ C:\Windows\System32\coh.cache
2007-12-17 03:19 . 2007-12-17 03:19 205,824 --a------ C:\Windows\System32\msoeacct.dll
2007-12-17 03:19 . 2007-12-17 03:19 87,040 --a------ C:\Windows\System32\msoert2.dll
2007-12-17 03:19 . 2007-12-17 03:19 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2007-12-17 03:17 . 2007-12-17 03:17 376,320 --a------ C:\Windows\System32\winsrv.dll
2007-12-17 03:17 . 2007-12-17 03:17 49,664 --a------ C:\Windows\System32\csrsrv.dll
2007-12-17 03:14 . 2007-12-17 03:14 414,208 --a------ C:\Windows\System32\msscp.dll
2007-12-17 03:14 . 2007-12-17 03:14 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-12-17 03:13 . 2007-12-17 03:13 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-12-17 03:13 . 2007-12-17 03:13 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2007-12-17 03:13 . 2007-12-17 03:13 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-12-17 03:13 . 2007-12-17 03:13 4,096 --a------ C:\Windows\System32\msdxm.ocx
2007-12-17 03:13 . 2007-12-17 03:13 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-12-17 03:12 . 2007-12-17 03:12 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-17 03:12 . 2007-12-17 03:12 396,800 --a------ C:\Windows\System32\MPSSVC.dll
2007-12-17 03:12 . 2007-12-17 03:12 392,192 --a------ C:\Windows\System32\FirewallAPI.dll
2007-12-17 03:12 . 2007-12-17 03:12 178,688 --a------ C:\Windows\System32\iphlpsvc.dll
2007-12-17 03:12 . 2007-12-17 03:12 86,016 --a------ C:\Windows\System32\icfupgd.dll
2007-12-17 03:12 . 2007-12-17 03:12 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys
2007-12-17 03:12 . 2007-12-17 03:12 61,952 --a------ C:\Windows\System32\cmifw.dll
2007-12-17 03:12 . 2007-12-17 03:12 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
2007-12-17 03:12 . 2007-12-17 03:12 16,896 --a------ C:\Windows\System32\wfapigp.dll
2007-12-17 03:12 . 2007-12-17 03:12 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
2007-12-17 03:11 . 2007-12-17 03:11 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2007-12-17 03:11 . 2007-12-17 03:11 1,686,528 --a------ C:\Windows\System32\gameux.dll
2007-12-17 03:11 . 2007-12-17 03:11 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2007-12-17 03:11 . 2007-12-17 03:11 2,048 --a------ C:\Windows\System32\msxml3r.dll
2007-12-17 03:10 . 2007-12-17 03:10 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-17 03:09 . 2007-12-17 03:09 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-17 03:09 . 2007-12-17 03:09 82,432 --a------ C:\Windows\System32\drivers\sdbus.sys
2007-12-17 03:09 . 2007-12-17 03:09 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-17 03:09 . 2007-12-17 03:09 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-17 03:08 . 2007-12-17 03:08 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2007-12-17 03:08 . 2007-12-17 03:08 566,784 --a------ C:\Windows\System32\SLCommDlg.dll
2007-12-17 03:08 . 2007-12-17 03:08 351,232 --a------ C:\Windows\System32\SLUI.exe
2007-12-17 03:08 . 2007-12-17 03:08 268,288 --a------ C:\Windows\System32\mcbuilder.exe
2007-12-17 03:08 . 2007-12-17 03:08 223,232 --a------ C:\Windows\System32\SLC.dll
2007-12-17 03:08 . 2007-12-17 03:08 186,368 --a------ C:\Windows\System32\SLLUA.exe
2007-12-17 03:08 . 2007-12-17 03:08 57,856 --a------ C:\Windows\System32\SLUINotify.dll
2007-12-17 03:08 . 2007-12-17 03:08 39,936 --a------ C:\Windows\System32\slcinst.dll
2007-12-17 03:08 . 2007-12-17 03:08 33,280 --a------ C:\Windows\System32\slwmi.dll
2007-12-17 03:07 . 2007-12-17 03:07 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2007-12-17 03:07 . 2007-12-17 03:07 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2007-12-17 03:07 . 2007-12-17 03:07 2,048 --a------ C:\Windows\System32\msxml6r.dll
2007-12-17 03:03 . 2007-12-17 03:03 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-17 03:03 . 2007-12-17 03:03 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-17 03:03 . 2007-12-17 03:03 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-17 03:03 . 2007-12-17 03:03 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-17 03:02 . 2007-12-17 03:02 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2007-12-17 03:02 . 2007-12-17 03:02 152,576 --a------ C:\Windows\System32\imagehlp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-26 03:09 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-12-26 03:08 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-26 03:08 --------- d-----w C:\Program Files\Windows Mail
2007-12-26 03:08 --------- d-----w C:\Program Files\Windows Defender
2007-12-26 03:08 --------- d-----w C:\Program Files\Windows Calendar
2007-12-26 03:08 --------- d-----w C:\Program Files\Microsoft Works
2007-12-26 02:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-26 01:58 --------- d-----w C:\ProgramData\Symantec
2007-12-22 10:14 --------- d-----w C:\Program Files\Real
2007-12-20 00:23 --------- d-----w C:\ProgramData\Sonic
2007-12-19 19:22 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-17 15:34 --------- d-----w C:\Program Files\Norton Internet Security
2007-12-17 08:32 174 --sha-w C:\Program Files\desktop.ini
2007-12-17 08:20 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-17 08:20 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-17 08:20 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-17 08:20 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-17 08:20 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-17 08:20 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-17 08:20 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-17 08:20 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-17 08:20 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-17 08:20 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-17 08:20 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-17 08:20 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-17 08:20 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-17 08:20 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-17 08:20 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-17 08:20 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-17 08:20 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-17 08:20 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-17 08:20 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-17 08:18 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-17 08:18 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-17 08:18 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-17 08:18 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-17 08:18 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-17 08:18 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-17 08:18 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-17 08:18 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-12-17 08:18 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-17 08:18 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-17 08:18 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-12-17 08:18 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-17 08:18 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-17 08:18 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-12-17 08:18 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-12-17 08:11 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-12-17 08:11 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-12-17 08:11 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-12-17 08:11 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-17 08:05 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-17 08:05 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-12-17 08:05 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-17 08:05 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-17 08:05 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-12-17 08:05 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-17 08:05 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-17 08:05 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-17 08:05 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-17 08:05 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-17 08:05 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-17 08:05 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-17 08:05 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-17 08:05 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-17 08:05 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-17 08:05 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-17 08:05 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-17 08:04 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-17 08:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-17 08:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-16 03:08 --------- d-----w C:\ProgramData\HP
2007-12-15 16:33 --------- d-----w C:\ProgramData\WildTangent
2007-12-15 15:24 --------- d-----w C:\Program Files\Rhapsody
2007-12-14 23:19 --------- d-sh--w C:\ProgramData\Templates
2007-12-14 23:19 --------- d-sh--w C:\ProgramData\Start Menu
2007-12-14 23:19 --------- d-sh--w C:\ProgramData\Favorites
2007-12-14 23:19 --------- d-sh--w C:\ProgramData\Documents
2007-12-14 23:19 --------- d-sh--w C:\ProgramData\Desktop
2007-12-14 23:19 --------- d-sh--w C:\ProgramData\Application Data
2007-11-22 07:21 --------- d-----w C:\ProgramData\CyberLink
2007-11-06 18:36 29,952 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2007-10-19 13:10 21,760 ----a-w C:\Windows\Help\OEM\scripts\HCNetworkTest.exe
2007-10-18 16:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-28_ 0.30.18.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-28 04:36:22 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-12-28 06:25:33 67,584 --s-a-w C:\Windows\bootstat.dat
- 2007-12-28 04:51:33 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\UsrClass.dat
+ 2007-12-28 06:40:49 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\UsrClass.dat
- 2007-12-28 04:36:49 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-12-28 06:28:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2007-12-28 05:09:07 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\UsrClass.dat
+ 2007-12-28 06:50:36 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\UsrClass.dat
- 2007-12-28 04:39:18 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2007-12-28 06:28:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
- 2007-12-28 05:24:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2007-12-28 06:31:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2007-12-28 05:24:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-28 06:31:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-28 05:24:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-28 06:31:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-28 04:40:10 5,604 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2255071903-1631359169-802634581-1000_UserData.bin
+ 2007-12-28 06:27:43 5,604 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2255071903-1631359169-802634581-1000_UserData.bin
- 2007-12-28 04:40:09 66,610 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2007-12-28 06:27:43 67,074 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-12-19 14:06]
"holdmore"="C:\ProgramData\Itch book book.etpmn" [2007-12-19 13:12]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2007-12-22 05:13]
"DeskSpace"="C:\Users\alexis\AppData\Roaming\DeskS pace\deskspace.exe" [2007-10-17 13:07]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-17 03:15]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 22:36]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 12:50 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 09:37]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 15:18]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 18:12]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-16 23:10]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-22 05:14]

C:\Users\alexis\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-12-03 16:35:53]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F 81614F45A.exe [2007-05-14 07:11:22]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"warn default inter for"="C:\ProgramData\Pop sixth list.wfan9"
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"holdmore"="C:\ProgramData\Itch book book.ec1elgn"
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
"Persistence"=C:\Windows\system32\igfxpers.exe
"IgfxTray"=C:\Windows\system32\igfxtray.exe
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe"
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys [2006-11-02 04:51]
R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys [2006-11-02 04:49]
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys [2006-11-02 07:34]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sy s [2006-11-02 04:49]
R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys [2007-05-14 07:18]
R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys [2006-11-02 04:49]
R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys [2007-05-14 07:18]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys [2006-11-02 04:51]
R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys [2006-11-02 03:31]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsd efs\20071220.001\IDSvix86.sys [2007-12-04 17:51]
R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys [2006-11-02 03:57]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys [2006-11-02 04:02]
R1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\system32\DRIVERS\smb.sys [2006-11-02 03:57]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\system32\DRIVERS\tdx.sys [2006-11-02 03:57]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys [2007-12-17 03:20]
R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 09:38]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys [2006-11-02 03:56]
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.s ys [2006-11-02 03:33]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.s ys [2006-11-02 04:04]
R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe [2007-12-17 03:08]
R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg .sys [2006-11-02 03:57]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.s ys [2006-11-02 03:31]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys [2007-12-17 03:20]
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-30 06:57]
R3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\DRIVERS\msiscsi.sys [2006-11-02 04:51]
R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe [2006-11-02 04:45]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys [2006-11-02 03:54]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\system32\drivers\mpsdrv.sys [2007-12-17 03:12]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb1 0.sys [2006-11-02 03:31]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb2 0.sys [2007-12-17 03:03]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys [2006-11-02 07:34]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-01 07:49]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 16:28]
R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys [2007-12-17 03:03]
R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.s ys [2007-12-17 03:03]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMN DISV.SYS [2007-01-09 23:32]
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys [2007-12-17 03:12]
R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys [2006-11-02 03:55]
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 02:30]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 03:24]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 03:24]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys [2006-11-02 03:24]
S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe [2006-11-02 07:36]
S3 dot3svc;Wired AutoConfig;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 02:30]
S3 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 Filetrace;FileTrace;C:\Windows\system32\drivers\fi letrace.sys [2006-11-02 03:32]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys [2006-11-02 04:51]
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 02:30]
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys [2006-11-02 03:51]
S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.ex e [2006-11-02 04:45]
S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys [2006-11-02 04:02]
S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe [2006-11-02 04:45]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys [2006-11-02 04:50]
S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys [2006-11-02 03:53]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94x x.sys [2006-11-02 04:51]
S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahc i.sys [2006-11-02 04:51]
S4 amdide;amdide;C:\Windows\system32\drivers\amdide.s ys [2006-11-02 04:49]
S4 arc;arc;C:\Windows\system32\drivers\arc.sys [2006-11-02 04:50]
S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.s ys [2006-11-02 04:50]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys [2006-11-02 03:25]
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 03:24]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 03:24]
S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys [2006-11-02 03:55]
S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys [2006-11-02 03:30]
S4 elxstor;elxstor;C:\Windows\system32\drivers\elxsto r.sys [2006-11-02 04:51]
S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpciss s.sys [2006-11-02 04:50]
S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys [2006-11-02 04:51]
S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys [2006-11-02 04:50]
S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidr v.sys [2006-11-02 03:42]
S4 iteraid;ITERAID_Service_Install;C:\Windows\system3 2\drivers\iteraid.sys [2006-11-02 04:50]
S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.s ys [2006-11-02 04:50]
S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sa s.sys [2006-11-02 04:50]
S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_ scsi.sys [2006-11-02 04:50]
S4 Mcx2Svc;Windows Media Center Extender Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S4 megasas;megasas;C:\Windows\system32\drivers\megasa s.sys [2006-11-02 04:49]
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys [2006-11-02 04:50]
S4 msahci;msahci;C:\Windows\system32\drivers\msahci.s ys [2006-11-02 04:49]
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys [2006-11-02 04:50]
S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd96 0.sys [2006-11-02 04:50]
S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 02:36]
S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.s ys [2006-11-02 04:50]
S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys [2006-11-02 04:51]
S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 04:50]
S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisr aid2.sys [2006-11-02 04:50]
S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisr aid4.sys [2006-11-02 04:50]
S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahc i.sys [2006-11-02 04:51]
S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata 2.sys [2006-11-02 04:50]
S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys [2006-11-02 03:55]
S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys [2006-11-02 03:30]
S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmrai d.sys [2006-11-02 04:50]
S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys [2006-11-02 03:52]
S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys [2006-11-02 04:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
NetworkService REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv
WerSvcGroup REG_MULTI_SZ wersvc
swprv REG_MULTI_SZ swprv
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg
regsvc REG_MULTI_SZ RemoteRegistry
wcssvc REG_MULTI_SZ WcsPlugInService
DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch
wdisvc REG_MULTI_SZ WdiServiceHost
sdrsvc REG_MULTI_SZ sdrsvc
secsvcs REG_MULTI_SZ WinDefend

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-12-17 03:40:29 C:\Windows\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-21 22:16:49 C:\Windows\Tasks\Mantenimiento con 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-18 01:02:49 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - alexis.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 01:53:28
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Users\alexis\AppData\Roaming\DeskSpace\deskspac e151.dll
.
Completion time: 2007-12-28 1:54:41
.
2007-12-18 22:19:48 --- E O F ---

Hola, con HijackThis dale a estas entradas:

O4 - HKCU\..\Run: [holdmore] "C:\ProgramData\Itch book book.etpmn"

O4 - HKCU\..\Run: [DeskSpace] C:\Users\alexis\AppData\Roaming\DeskSpace\deskspac e.exe

Reinicia y nos cuentas los resultados.

Salu2

muchas gracias creo q ya ha quedado...
solo q el deskspace era para q los efectos fueran como los del linux beril, esas cosas de q la pantalla se viera en un cubo y poder moverla en 3d pero nimodos xd...gracias men y chida pagina hay tanto q no se por donde viajar jajaja

Hola,

Podes ejecutar HijackThis e ir al Backup de este y restaurar esta entrada:

O4 - HKCU\..\Run: [DeskSpace] C:\Users\alexis\AppData\Roaming\DeskSpace\deskspac e.exe


Reinicia y nos contas...

Salu2

no t preocupes pensaba quitarselo muchas gracias....