Saludos a todos.
Ya tenia un tema sobre algo simlar en el foro de HijackThis, pero ya he logrado solucionar el problema. Bueno, todo excepto esta ultima cosa. Los escaneos que hago me muestran un .dll corrupto, nombrandolo como adware. Sin embargo, tambien dice que este esta en la memoria, y que no se lo puede borrar mientras la computadora este encendida.
Aqui surge otro problema tambien. Le doy Yes al avast para empezar el boot-time scan, pero cuando llega a la pantalla para hacerlo, no escanea nada (muestra 0 files, 0 folders, todo) y sigue el boot.
No se si hay forma de arreglar el avast para que si escane todo al principio, o aun mejor si alguien tiene algun metodo para borar este dll mientras esta en la memoria.
Muchisimas gracias por cualquier ayuda.

Bueno, Malwarebytes me lo muestra como un Trojan.Vundo. Cuando ejecuto el VundoFix.exe (siguiendo la guia de estos foro sobre como deshacerme de ellas), no me encuentra nada. El Dr.Web me deci tambien que es Trojan.Virtumod.368. Sin embargo, cuando trato de eliminarlo, renombrarlo o cambiarlo, me sale el famoso blue screen of death. Asumo que es ya que el programa esta ejecutando desde la memoria, por la cual me dania todo.
No importa cuantas veces los borre, me sigue sacando registros en el CLSID y en el Microsoft/Windows/Current Version/Explorer/Browser Helper Object.

Aqui va el log de Malwarebytes:


Malwarebytes' Anti-Malware 1.11
Database version: 672

Scan type: Quick Scan
Objects scanned: 39882
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\xxYqPfGA.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c4fcafb3-f161-42a9-8a64-bb58c1c1bd0f} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c4fcafb3-f161-42a9-8a64-bb58c1c1bd0f} (Trojan.Vundo) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\xxYqPfGA.dll (Trojan.Vundo) -> No action taken.

Si le digo que lo arregle, simplemente me reenciende la computadora y el Trojano sigue ahi. Estoy navegando por ahi viendo que otra soluciones han encontrado la otra gente.

Trate de manualmente borrarlo con el cmd, usando regsvr32/u xxYqPfGA.dll y me dice que si se cargo el modulo de memoria, pero me dice que el punto de entrada no es encontrado.

Los otros archivos mostrados com infectados ya han sido borrados, ahora solo me queda (y persiste incesantemente) es este Trojan.Vitrumod. Avast todavia no me escanea nada en el boot time scan, y no tengo ni la mas minima idea de por que.

Muchas gracias, ahora lo trato.

Hola, Si ya creaste un tema y aún no has recibido respuesta, evita responderte a ti mismo, ya que si no tu mensaje NO aparecerá con cero respuestas, lo que nos hará pensar que ya está siendo atendido por otro Moderador, con lo cual ese mensaje pasará desapercibido y puede que nunca recibas respuesta. Si quieres añadir algo a ese mensaje usa el botón "Editar" en lugar del botón "Responder"

==================================================

Realiza estos pasos por favor...

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Salu2
Recuerda volver y contarnos los resltados

Baje el ComboFix, y aqui va el resultado del escaneo

ComboFix 08-04-24.1 - Chris 2008-04-26 15:15:13.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1509 [GMT -3:00]
Running from: C:\Users\Chris\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\crypts.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\sqdlvhmy.dll
C:\Windows\system32\xxYqPfGA.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.

2008-04-26 14:54 . 2008-04-26 14:54 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-26 14:54 . 2008-04-26 14:54 1,409 --a------ C:\Windows\QTFont.for
2008-04-26 13:14 . 2008-04-26 13:14 <DIR> d-------- C:\Users\Chris\AppData\Roaming\Simply Super Software
2008-04-26 13:14 . 2008-04-26 13:14 <DIR> d-------- C:\Users\All Users\Simply Super Software
2008-04-26 13:14 . 2008-04-26 13:14 <DIR> d-------- C:\ProgramData\Simply Super Software
2008-04-26 13:14 . 2008-04-26 14:47 <DIR> d-------- C:\Program Files\Trojan Remover
2008-04-26 13:14 . 2006-05-25 15:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-04-26 13:14 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2008-04-26 13:14 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-04-26 13:14 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-04-26 13:14 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-04-26 12:47 . 2008-04-26 14:47 237,411,349 --a------ C:\Windows\MEMORY.DMP
2008-04-26 12:41 . 2008-04-26 13:51 <DIR> d-------- C:\Users\Chris\DoctorWeb
2008-04-26 11:49 . 2008-04-26 11:49 <DIR> d-------- C:\Windows\System32\ZoneLabs
2008-04-26 11:49 . 2008-04-26 11:49 <DIR> d-------- C:\Windows\Internet Logs
2008-04-26 11:49 . 2008-04-26 11:49 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-26 11:49 . 2008-04-26 11:49 31,552 --ah----- C:\Windows\System32\vsconfig.xml
2008-04-26 10:19 . 2008-04-26 10:19 <DIR> d-------- C:\VundoFix Backups
2008-04-26 10:13 . 2008-04-26 10:13 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-26 10:02 . 2008-04-26 14:52 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-25 10:14 . 2008-04-25 10:14 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-24 00:31 . 2008-04-24 18:23 1,509,279 ---hs---- C:\Windows\System32\lmuqctup.ini
2008-04-23 17:06 . 2008-04-23 17:06 <DIR> d-------- C:\Program Files\GetData
2008-04-22 17:32 . 2008-04-22 17:32 <DIR> d-------- C:\Users\Chris\AppData\Roaming\Malwarebytes
2008-04-22 17:32 . 2008-04-22 17:32 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-22 17:32 . 2008-04-22 17:32 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-22 17:32 . 2008-04-22 17:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 17:23 . 2008-04-22 17:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 17:10 . 2008-04-22 17:12 <DIR> d-------- C:\Program Files\Key_generator
2008-04-22 16:47 . 2008-04-26 14:53 <DIR> d-------- C:\Users\Chris\AppData\Roaming\Uniblue
2008-04-22 16:46 . 2008-04-26 14:58 <DIR> d-------- C:\Program Files\Uniblue
2008-04-19 19:57 . 2008-04-19 20:19 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-19 19:57 . 2008-04-19 20:19 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-19 19:57 . 2008-04-19 19:58 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-16 19:31 . 2008-04-16 19:33 <DIR> d-------- C:\Program Files\Project64 1.6
2008-04-09 22:45 . 2008-02-14 20:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 22:45 . 2008-02-19 02:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 22:45 . 2008-02-29 03:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 22:45 . 2008-02-29 03:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 22:45 . 2008-02-29 03:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 22:45 . 2008-02-29 03:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 22:45 . 2008-02-29 03:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 22:45 . 2008-02-29 03:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 22:45 . 2008-02-29 03:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-05 21:05 . 2008-04-05 21:05 <DIR> d-------- C:\Windows\System32\Hauppauge
2008-04-05 21:05 . 2008-04-05 21:07 <DIR> d-------- C:\Program Files\WinTV
2008-03-29 20:40 . 2008-03-29 20:40 <DIR> d-------- C:\Program Files\GameSpy
2008-03-29 20:31 . 2008-03-29 20:31 <DIR> d-------- C:\Program Files\Electronic Arts
2008-03-26 19:09 . 2008-03-26 19:09 <DIR> d-------- C:\Program Files\Loquendo
2008-03-26 19:06 . 2008-03-26 19:06 <DIR> d-------- C:\Program Files\Sodels

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-26 13:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-23 20:31 --------- d---a-w C:\ProgramData\TEMP
2008-04-22 22:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-19 22:43 --------- d-----w C:\Program Files\Stardock
2008-04-19 22:42 --------- d-----w C:\Program Files\CACE Technologies
2008-04-11 01:49 --------- d-----w C:\Program Files\Windows Mail
2008-04-06 00:06 --------- d-----w C:\ProgramData\CyberLink
2008-04-01 11:38 --------- d-----w C:\Users\Chris\AppData\Roaming\U3
2008-03-29 23:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 13:13 --------- d-----w C:\Program Files\Coupons
2008-03-13 19:56 --------- d-----w C:\Program Files\Plasma Pong
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 01:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 01:54 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 01:54 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 01:54 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 01:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-10-19 21:01 818,218 ----a-w C:\Users\Chris\WoW-2.2.3.7359-to-0.3.0.7382-enUS-downloader.exe
2007-09-19 01:17 27,335 ----a-w C:\Users\Chris\AppData\Roaming\nvModes.dat
2007-08-30 01:16 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489aa7ad-6164-4dba-a4f6-c2467026ac77}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5c0e06f2-d4f4-461d-becb-31dfe27081ed}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 09:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Uniblue SpeedUpMyPC"="" []
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-08 23:09 1006264]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 17:43 729088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 04:14 833072]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 14:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 11:37 174872]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 15:38 159744]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 17:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 20:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-05-12 11:29 77824]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ ASTSVCC.dll" [2003-12-22 15:12 17920]
"LWBMOUSE"="C:\Program Files\Gigaware\Gigaware Optical Mouse Driver\4.06\MOUSE32A.EXE" [2001-11-09 03:47 356352]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-15 03:38 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-05-15 03:38 81920]
"GhostSurf Reminder"="C:\Program Files\GhostSurf Platinum\Privacy Control Center.exe" [2005-08-15 02:32 82037]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-04-24 18:40 877136]
"BM0418746f"="C:\Windows\system32\eidfxkop.dll " [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\Chris\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
Scheduler.lnk - C:\Program Files\GhostSurf Platinum\Scheduler daemon.exe [2007-10-21 18:23:07 86133]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
GhostSurf proxy.lnk - C:\Program Files\GhostSurf Platinum\Proxy.exe [2007-10-21 18:23:07 86133]
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F 81614F45A.exe [2007-05-12 11:06:32 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=secuload.dll,apshook.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Users^Chris^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Users\Chris\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\Windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2007-03-15 21:16 454784 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 15:18 267048 C:\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoServic e

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{85BABCC4-D4EC-4E08-AD9C-17A23F526E3E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1322ACCC-D270-49CE-A618-A1177DF5B94F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C5262C04-670E-407D-A7E8-F81B5E3ABE94}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{63CDDBBA-EAEC-475F-BC35-608C7ED5E6CB}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{454464FF-A4B1-4479-A732-227306BAE003}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{99A41779-6DE4-4A4C-A5A6-7386CCF9C71E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4C08C3D4-4C2A-47B9-A337-EB42F6123705}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{03896419-8B25-4710-9CEF-5234C43D08E6}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5C165A40-2C81-4544-8A77-01A9F766954D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2F4B3E9A-3E1C-4B98-B3E7-E3FAEFE06AC8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B6A9A4C2-831E-4CFE-85B7-E10BC2FA6290}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A3B2BB82-9289-4CA0-ABB8-7472C0C54297}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D41ABB63-DEFE-401D-A20B-402DE32C7898}"= UDP:C:\Users\Chris\WoW-2.2.3.7359-to-0.3.0.7382-enUS-downloader.exe:WoW-2.2.3.7359-to-0.3.0.7382-enUS-downloader
"{4BC94090-8035-4FE2-9FB9-14069A78A32D}"= TCP:C:\Users\Chris\WoW-2.2.3.7359-to-0.3.0.7382-enUS-downloader.exe:WoW-2.2.3.7359-to-0.3.0.7382-enUS-downloader
"{E2D13F11-8955-41B8-BC34-C65544ECBC42}"= UDP:C:\World of Warcraft\Launcher.exe:World of Warcraft
"{19448B02-E8AB-406F-888E-B60F9A2262C6}"= TCP:C:\World of Warcraft\Launcher.exe:World of Warcraft
"{6E834354-89B5-47DF-8E64-326C5B85DDD6}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:firefox
"{2DC05671-D2B5-4053-81AE-30FA2F724C69}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:firefox
"TCP Query User{99E0EFF6-D838-4C92-A809-607A9E900AEA}C:\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{8E5FA6D7-DE64-43BE-8CD8-DBA20255510A}C:\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{A5325F2D-1858-4D04-9DB5-9EC88759E34F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B75EE043-9D52-40D3-8248-41F59E1EBA6B}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{7C205DCE-604F-4BF9-A5F7-39FC9FE015EA}C:\\users\\chris\\desktop\\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe"= UDP:C:\users\chris\desktop\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe:wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe
"UDP Query User{805CA133-B63E-417B-8AA2-2776333255F0}C:\\users\\chris\\desktop\\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe"= TCP:C:\users\chris\desktop\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe:wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe
"TCP Query User{C838AE17-F57F-4B24-956B-5E73ADE414D9}C:\\users\\chris\\desktop\\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader(2).exe"= UDP:C:\users\chris\desktop\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader(2).exe:wow-2.2.3.7359-to-0.3.0.7441-enus-downloader(2).exe
"UDP Query User{C9CD1CF4-EF66-4AC2-A07C-2FAB0E1E644C}C:\\users\\chris\\desktop\\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader(2).exe"= TCP:C:\users\chris\desktop\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader(2).exe:wow-2.2.3.7359-to-0.3.0.7441-enus-downloader(2).exe
"{753F4315-2E14-4FB8-89F8-4A08A8EBED58}"= UDP:C:\World of Warcraft\WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader.exe:WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader
"{6A07DA03-9D78-4FBD-8065-5D8BCF5F016F}"= TCP:C:\World of Warcraft\WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader.exe:WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader
"{EA01FF21-A9CE-4F28-B6F5-3B0D3DC93D93}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5011AB6B-5C20-4580-A079-F2518E39959C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D1F42898-2191-432C-BA86-C20F8AF8D2C1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{147AA431-09CD-4BA7-972B-EDD05B1522FE}"= UDP:C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:Stronghold Legends
"{D75B9D30-E2C5-4D6F-8B00-8E68D1A09A54}"= TCP:C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:Stronghold Legends
"{82B68D02-C911-4F51-8ED4-54D02F0D2998}"= UDP:C:\Users\Chris\Desktop\WOW_VERNE.avi-downloader.exe:Blizzard Downloader
"{C293933D-C437-4561-9856-9E0800219E25}"= TCP:C:\Users\Chris\Desktop\WOW_VERNE.avi-downloader.exe:Blizzard Downloader
"{97BEDE06-199E-4144-B633-58C0854E7737}"= UDP:3724:Blizzard Downloader: 3724
"{E4A1D8E9-E11E-44DB-BA40-9BEAF83BED25}"= UDP:C:\Users\Chris\Desktop\ZulAman-Final_US_F.avi-downloader.exe:Blizzard Downloader
"{7EA0D932-5F9A-4EFE-8C6C-BE8AD8D752CB}"= TCP:C:\Users\Chris\Desktop\ZulAman-Final_US_F.avi-downloader.exe:Blizzard Downloader
"{FECB9320-D9CF-47E4-8DAE-E4B67B3AB000}"= UDP:6881:Blizzard Downloader: 6881
"{B39B3C36-5F97-4D12-99C9-D3B32B48BD65}"= UDP:C:\World of Warcraft\WoWTest\Wow.exe:Wow
"{3A8BF8AF-AEBE-46B7-AE56-8B38E91E7408}"= TCP:C:\World of Warcraft\WoWTest\Wow.exe:Wow
"{CF98A009-1E61-4C7D-8CA8-30AECC9807E2}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F30377C5-CB3E-4214-9476-EAA208958D42}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{940EAE8B-825C-4F2F-B7B3-A4A28912BF10}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E40CF927-36DF-4258-B738-64CCEFEA805D}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E384E44E-3C88-4619-97F9-29919E5EE4D2}"= UDP:C:\iTunes\iTunes.exe:iTunes
"{5E6A2FE0-72D4-4EAA-8B81-86EF530571C1}"= TCP:C:\iTunes\iTunes.exe:iTunes
"{6709AC29-F213-456F-84EB-2BFF264AF2EA}"= UDP:C:\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{C322F8BF-EE40-4EEF-97BA-BEA7F3B076D2}"= TCP:C:\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{8922832D-1662-460B-B97B-89A5D5BCA277}"= UDP:3724:Blizzard Downloader: 3724
"{A4843047-58E3-4E60-AEA7-EC6FD399B9A8}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{A39E638A-1797-4018-924C-95F4A8991A70}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{4021082C-F81D-4115-B6F1-622F237EDAD4}"= UDP:C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe:Blizzard Downloader
"{CC607E38-657B-4406-9B54-79F20C515B56}"= TCP:C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

S2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 06:45]
S2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 06:45]
S2 rpcnetp;rpcnetp;C:\Windows\System32\rpcnetp.exe [2008-04-26 14:47]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 06:45]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 04:30]
S3 hcw85bda;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2006-12-01 17:41]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-06-28 21:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ddefff9a-802d-11dc-9aba-001b246bbdfa}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-22 22:56:11 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-10 02:33:09 C:\Windows\Tasks\HPCeeScheduleForChris.job"
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
"2008-04-04 20:17:15 C:\Windows\Tasks\Mantenimiento con 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-22 23:28:16 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-22 19:46:47 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 15:24:56
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\rundll32.exe
.
************************************************** ************************
.
Completion time: 2008-04-26 15:32:02 - machine was rebooted [Chris]
ComboFix-quarantined-files.txt 2008-04-26 18:31:50

Pre-Run: 135,284,908,032 bytes free
Post-Run: 133,054,783,488 bytes free

283 --- E O F --- 2008-04-17 18:45:44

Pude iniciar en modo normal, y parece que todo va mucho mejor

Ah, casi me olvido, estos con los archivo que metio en curentena:

2008-04-22 21:13 30208 --a------ C:\Qoobox\Quarantine\C\Windows\System32\crypts.dll .vir
2008-04-24 17:17 143 --a------ C:\Qoobox\Quarantine\C\Windows\System32\mcrh.tmp.v ir
2008-04-25 08:58 87104 --a------ C:\Qoobox\Quarantine\C\Windows\System32\sqdlvhmy.d ll.vir
2008-04-26 15:17 200 --a------ C:\Qoobox\Quarantine\catchme.log
2008-04-26 15:17 263495 --a------ C:\Qoobox\Quarantine\catchme2008-04-26_151736.95.zip
2008-04-26 15:17 272384 --a------ C:\Qoobox\Quarantine\C\Windows\System32\xxYqPfGA.d ll.vir

Hola LorenzoK

Realiza estos pasos

• Usa el Ccleaner para limpiar el sistema.
  • Primero utilizá la opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
  • Luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

• Clic en INICIO > EJECUTAR >
• Y ahí pones notepad.exe y ACEPTAR
• Ahora copia y pega estos archivos dentro del Notepad

• Guarda este archivo con el nombre CFScript.txt
• Arrastra y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra el screenshot de de abajo.
• 
• ComboFix comenzará otra vez a ejecutarse, Cuando termine este generara un reporte que tendrías que pegar en este mismo mensaje

Salu2
Recuerda volver y contarnos los resultados

Esta bien, aqui van los resultados del segundo escaneo usando el .txt dado

ComboFix 08-04-24.1 - Chris 2008-04-26 16:21:00.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1483 [GMT -3:00]
Running from: C:\Users\Chris\Desktop\ComboFix.exe
Command switches used :: C:\Users\Chris\Desktop\CFScript.txt

FILE ::
C:\Windows\System32\unacev2.dll
C:\Windows\System32\UNRAR3.dll
C:\Windows\System32\ztvcabinet.dll
C:\Windows\System32\ztvunace26.dll
C:\Windows\System32\ztvunrar36.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\unacev2.dll
C:\Windows\System32\UNRAR3.dll
C:\Windows\System32\ztvcabinet.dll
C:\Windows\System32\ztvunace26.dll
C:\Windows\System32\ztvunrar36.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.

2008-04-26 14:54 . 2008-04-26 14:54 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-26 14:54 . 2008-04-26 14:54 1,409 --a------ C:\Windows\QTFont.for
2008-04-26 13:14 . 2008-04-26 13:14 <DIR> d-------- C:\Users\Chris\AppData\Roaming\Simply Super Software
2008-04-26 13:14 . 2008-04-26 13:14 <DIR> d-------- C:\Users\All Users\Simply Super Software
2008-04-26 13:14 . 2008-04-26 13:14 <DIR> d-------- C:\ProgramData\Simply Super Software
2008-04-26 13:14 . 2008-04-26 14:47 <DIR> d-------- C:\Program Files\Trojan Remover
2008-04-26 12:41 . 2008-04-26 13:51 <DIR> d-------- C:\Users\Chris\DoctorWeb
2008-04-26 11:49 . 2008-04-26 11:49 <DIR> d-------- C:\Windows\System32\ZoneLabs
2008-04-26 11:49 . 2008-04-26 11:49 <DIR> d-------- C:\Windows\Internet Logs
2008-04-26 11:49 . 2008-04-26 11:49 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-26 11:49 . 2008-04-26 11:49 31,552 --ah----- C:\Windows\System32\vsconfig.xml
2008-04-26 10:19 . 2008-04-26 10:19 <DIR> d-------- C:\VundoFix Backups
2008-04-26 10:13 . 2008-04-26 10:13 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-26 10:02 . 2008-04-26 16:12 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-25 10:14 . 2008-04-25 10:14 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-24 00:31 . 2008-04-24 18:23 1,509,279 ---hs---- C:\Windows\System32\lmuqctup.ini
2008-04-23 17:06 . 2008-04-23 17:06 <DIR> d-------- C:\Program Files\GetData
2008-04-22 17:32 . 2008-04-22 17:32 <DIR> d-------- C:\Users\Chris\AppData\Roaming\Malwarebytes
2008-04-22 17:32 . 2008-04-22 17:32 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-22 17:32 . 2008-04-22 17:32 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-22 17:32 . 2008-04-22 17:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 17:23 . 2008-04-22 17:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 17:10 . 2008-04-22 17:12 <DIR> d-------- C:\Program Files\Key_generator
2008-04-22 16:47 . 2008-04-26 14:53 <DIR> d-------- C:\Users\Chris\AppData\Roaming\Uniblue
2008-04-22 16:46 . 2008-04-26 14:58 <DIR> d-------- C:\Program Files\Uniblue
2008-04-19 19:57 . 2008-04-19 20:19 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-19 19:57 . 2008-04-19 20:19 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-19 19:57 . 2008-04-19 19:58 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-16 19:31 . 2008-04-16 19:33 <DIR> d-------- C:\Program Files\Project64 1.6
2008-04-09 22:45 . 2008-02-14 20:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 22:45 . 2008-02-19 02:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 22:45 . 2008-02-29 03:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 22:45 . 2008-02-29 03:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 22:45 . 2008-02-29 03:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 22:45 . 2008-02-29 03:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 22:45 . 2008-02-29 03:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 22:45 . 2008-02-29 03:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 22:45 . 2008-02-29 03:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-05 21:05 . 2008-04-05 21:05 <DIR> d-------- C:\Windows\System32\Hauppauge
2008-04-05 21:05 . 2008-04-05 21:07 <DIR> d-------- C:\Program Files\WinTV
2008-03-29 20:40 . 2008-03-29 20:40 <DIR> d-------- C:\Program Files\GameSpy
2008-03-29 20:31 . 2008-03-29 20:31 <DIR> d-------- C:\Program Files\Electronic Arts
2008-03-26 19:09 . 2008-03-26 19:09 <DIR> d-------- C:\Program Files\Loquendo
2008-03-26 19:06 . 2008-03-26 19:06 <DIR> d-------- C:\Program Files\Sodels

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-26 19:08 17,408 ----a-w C:\Windows\System32\rpcnetp.exe
2008-04-26 13:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-23 20:31 --------- d---a-w C:\ProgramData\TEMP
2008-04-22 23:28 41,584 ----a-w C:\Windows\System32\rpcnet.dll
2008-04-22 22:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-21 13:55 178,688 ----a-w C:\Windows\System32\rpcnetp.dll
2008-04-19 22:43 --------- d-----w C:\Program Files\Stardock
2008-04-19 22:42 --------- d-----w C:\Program Files\CACE Technologies
2008-04-11 01:49 --------- d-----w C:\Program Files\Windows Mail
2008-04-06 00:06 --------- d-----w C:\ProgramData\CyberLink
2008-04-01 11:38 --------- d-----w C:\Users\Chris\AppData\Roaming\U3
2008-03-29 23:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 13:13 --------- d-----w C:\Program Files\Coupons
2008-03-13 19:56 --------- d-----w C:\Program Files\Plasma Pong
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 02:01 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 01:56 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 01:56 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 01:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 01:54 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 01:54 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 01:54 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 01:54 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 01:54 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 01:54 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 01:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 01:54 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 01:54 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-10-19 21:01 818,218 ----a-w C:\Users\Chris\WoW-2.2.3.7359-to-0.3.0.7382-enUS-downloader.exe
2007-09-19 01:17 27,335 ----a-w C:\Users\Chris\AppData\Roaming\nvModes.dat
2007-08-30 01:16 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-04-26_15.31.29.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-26 18:23:16 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-26 19:09:05 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-26 18:24:32 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\UsrClass.dat
+ 2008-04-26 1921 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\UsrClass.dat
- 2008-04-26 18:24:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-04-26 19:11:50 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-04-26 18:24:32 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-26 19:20:55 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\UsrClass.dat
- 2008-04-26 18:24:53 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.d at
+ 2008-04-26 19:11:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.d at
- 2008-04-26 17:54:37 107,974 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-26 19:15:54 108,558 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-26 17:54:37 628,894 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-26 19:15:54 629,880 ----a-w C:\Windows\System32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 09:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Uniblue SpeedUpMyPC"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-08 23:09 1006264]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 17:43 729088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 04:14 833072]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 14:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 11:37 174872]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 15:38 159744]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 17:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 20:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-05-12 11:29 77824]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ ASTSVCC.dll" [2003-12-22 15:12 17920]
"LWBMOUSE"="C:\Program Files\Gigaware\Gigaware Optical Mouse Driver\4.06\MOUSE32A.EXE" [2001-11-09 03:47 356352]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-15 03:38 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-05-15 03:38 81920]
"GhostSurf Reminder"="C:\Program Files\GhostSurf Platinum\Privacy Control Center.exe" [2005-08-15 02:32 82037]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-04-24 18:40 877136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\Chris\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
Scheduler.lnk - C:\Program Files\GhostSurf Platinum\Scheduler daemon.exe [2007-10-21 18:23:07 86133]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
GhostSurf proxy.lnk - C:\Program Files\GhostSurf Platinum\Proxy.exe [2007-10-21 18:23:07 86133]
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F 81614F45A.exe [2007-05-12 11:06:32 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=secuload.dll,apshook.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Users^Chris^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Users\Chris\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\Windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2007-03-15 21:16 454784 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 15:18 267048 C:\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoServic e

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{85BABCC4-D4EC-4E08-AD9C-17A23F526E3E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1322ACCC-D270-49CE-A618-A1177DF5B94F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C5262C04-670E-407D-A7E8-F81B5E3ABE94}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{63CDDBBA-EAEC-475F-BC35-608C7ED5E6CB}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{454464FF-A4B1-4479-A732-227306BAE003}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{99A41779-6DE4-4A4C-A5A6-7386CCF9C71E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4C08C3D4-4C2A-47B9-A337-EB42F6123705}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{03896419-8B25-4710-9CEF-5234C43D08E6}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5C165A40-2C81-4544-8A77-01A9F766954D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2F4B3E9A-3E1C-4B98-B3E7-E3FAEFE06AC8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B6A9A4C2-831E-4CFE-85B7-E10BC2FA6290}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A3B2BB82-9289-4CA0-ABB8-7472C0C54297}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D41ABB63-DEFE-401D-A20B-402DE32C7898}"= UDP:C:\Users\Chris\WoW-2.2.3.7359-to-0.3.0.7382-enUS-downloader.exe:WoW-2.2.3.7359-to-0.3.0.7382-enUS-downloader
"{4BC94090-8035-4FE2-9FB9-14069A78A32D}"= TCP:C:\Users\Chris\WoW-2.2.3.7359-to-0.3.0.7382-enUS-downloader.exe:WoW-2.2.3.7359-to-0.3.0.7382-enUS-downloader
"{E2D13F11-8955-41B8-BC34-C65544ECBC42}"= UDP:C:\World of Warcraft\Launcher.exe:World of Warcraft
"{19448B02-E8AB-406F-888E-B60F9A2262C6}"= TCP:C:\World of Warcraft\Launcher.exe:World of Warcraft
"{6E834354-89B5-47DF-8E64-326C5B85DDD6}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:firefox
"{2DC05671-D2B5-4053-81AE-30FA2F724C69}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:firefox
"TCP Query User{99E0EFF6-D838-4C92-A809-607A9E900AEA}C:\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{8E5FA6D7-DE64-43BE-8CD8-DBA20255510A}C:\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{A5325F2D-1858-4D04-9DB5-9EC88759E34F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B75EE043-9D52-40D3-8248-41F59E1EBA6B}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{7C205DCE-604F-4BF9-A5F7-39FC9FE015EA}C:\\users\\chris\\desktop\\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe"= UDP:C:\users\chris\desktop\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe:wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe
"UDP Query User{805CA133-B63E-417B-8AA2-2776333255F0}C:\\users\\chris\\desktop\\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe"= TCP:C:\users\chris\desktop\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe:wow-2.2.3.7359-to-0.3.0.7441-enus-downloader.exe
"TCP Query User{C838AE17-F57F-4B24-956B-5E73ADE414D9}C:\\users\\chris\\desktop\\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader(2).exe"= UDP:C:\users\chris\desktop\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader(2).exe:wow-2.2.3.7359-to-0.3.0.7441-enus-downloader(2).exe
"UDP Query User{C9CD1CF4-EF66-4AC2-A07C-2FAB0E1E644C}C:\\users\\chris\\desktop\\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader(2).exe"= TCP:C:\users\chris\desktop\wow-2.2.3.7359-to-0.3.0.7441-enus-downloader(2).exe:wow-2.2.3.7359-to-0.3.0.7441-enus-downloader(2).exe
"{753F4315-2E14-4FB8-89F8-4A08A8EBED58}"= UDP:C:\World of Warcraft\WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader.exe:WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader
"{6A07DA03-9D78-4FBD-8065-5D8BCF5F016F}"= TCP:C:\World of Warcraft\WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader.exe:WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader
"{EA01FF21-A9CE-4F28-B6F5-3B0D3DC93D93}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5011AB6B-5C20-4580-A079-F2518E39959C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D1F42898-2191-432C-BA86-C20F8AF8D2C1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{147AA431-09CD-4BA7-972B-EDD05B1522FE}"= UDP:C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:Stronghold Legends
"{D75B9D30-E2C5-4D6F-8B00-8E68D1A09A54}"= TCP:C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:Stronghold Legends
"{82B68D02-C911-4F51-8ED4-54D02F0D2998}"= UDP:C:\Users\Chris\Desktop\WOW_VERNE.avi-downloader.exe:Blizzard Downloader
"{C293933D-C437-4561-9856-9E0800219E25}"= TCP:C:\Users\Chris\Desktop\WOW_VERNE.avi-downloader.exe:Blizzard Downloader
"{97BEDE06-199E-4144-B633-58C0854E7737}"= UDP:3724:Blizzard Downloader: 3724
"{E4A1D8E9-E11E-44DB-BA40-9BEAF83BED25}"= UDP:C:\Users\Chris\Desktop\ZulAman-Final_US_F.avi-downloader.exe:Blizzard Downloader
"{7EA0D932-5F9A-4EFE-8C6C-BE8AD8D752CB}"= TCP:C:\Users\Chris\Desktop\ZulAman-Final_US_F.avi-downloader.exe:Blizzard Downloader
"{FECB9320-D9CF-47E4-8DAE-E4B67B3AB000}"= UDP:6881:Blizzard Downloader: 6881
"{B39B3C36-5F97-4D12-99C9-D3B32B48BD65}"= UDP:C:\World of Warcraft\WoWTest\Wow.exe:Wow
"{3A8BF8AF-AEBE-46B7-AE56-8B38E91E7408}"= TCP:C:\World of Warcraft\WoWTest\Wow.exe:Wow
"{CF98A009-1E61-4C7D-8CA8-30AECC9807E2}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F30377C5-CB3E-4214-9476-EAA208958D42}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{940EAE8B-825C-4F2F-B7B3-A4A28912BF10}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E40CF927-36DF-4258-B738-64CCEFEA805D}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E384E44E-3C88-4619-97F9-29919E5EE4D2}"= UDP:C:\iTunes\iTunes.exe:iTunes
"{5E6A2FE0-72D4-4EAA-8B81-86EF530571C1}"= TCP:C:\iTunes\iTunes.exe:iTunes
"{6709AC29-F213-456F-84EB-2BFF264AF2EA}"= UDP:C:\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{C322F8BF-EE40-4EEF-97BA-BEA7F3B076D2}"= TCP:C:\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{8922832D-1662-460B-B97B-89A5D5BCA277}"= UDP:3724:Blizzard Downloader: 3724
"{A4843047-58E3-4E60-AEA7-EC6FD399B9A8}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{A39E638A-1797-4018-924C-95F4A8991A70}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{4021082C-F81D-4115-B6F1-622F237EDAD4}"= UDP:C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe:Blizzard Downloader
"{CC607E38-657B-4406-9B54-79F20C515B56}"= TCP:C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

S2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 06:45]
S2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 06:45]
S2 rpcnetp;rpcnetp;C:\Windows\System32\rpcnetp.exe [2008-04-26 16:08]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 06:45]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 04:30]
S3 hcw85bda;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2006-12-01 17:41]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-06-28 21:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ddefff9a-802d-11dc-9aba-001b246bbdfa}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-22 22:56:11 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-10 02:33:09 C:\Windows\Tasks\HPCeeScheduleForChris.job"
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
"2008-04-04 20:17:15 C:\Windows\Tasks\Mantenimiento con 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-22 23:28:16 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-22 19:46:47 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 16:23:57
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-04-26 16:26:24
ComboFix-quarantined-files.txt 2008-04-26 19:26:21
ComboFix2.txt 2008-04-26 18:32:03

Pre-Run: 133,348,143,104 bytes free
Post-Run: 133,305,978,880 bytes free

309 --- E O F --- 2008-04-17 18:45:44

Pregunta:

Cuando inicio Vista en modo normal, me sale como si estuviera en modo serguro con CMD (no resolucion, sino solo el hecho de que no esta el GUI, solo una ventana abierta de cmd, al cual tengo que darle explorer.exe para poder hacer click en los botones y ver algo). Tambien algunas cosas, como el Servicio de Audio y el Windows Installer no estan activados por el hecho de que Vista esta en safe mode (lo cual no lo esta). No se si es un problema por alguna otra infecion o por algo que hice.

Bueno, arriba el log.