Muchas gracias por tener estos foros y le agradeceria si me pueden ayudar? No entiendo que pasa con el inicio una vez empiezo a trabajar se empieza todo a desintegrar y pasarse de un lado a otro, Ayudenme por favor.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:44 AM, on 5/27/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIA LA.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [EPSON Stylus CX5800F Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIA LA.EXE /FU "C:\Windows\TEMP\E_SE35C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.blossoms.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://alessiaboxtoy.spaces.live.com/PhotoUpload/VistaMsnPUplden-us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C31172C-92B7-4D2B-AE71-F510EF2DC520}: NameServer = 216.230.147.90,216.230.128.32
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11190 bytes

Hola sweetmisslatin,

Tu log de HijackThis esta libre de Malwares por lo que sugiero realizar lo siguiente:

Descarga y modifica la pagina de inicio con nuestra herramienta IniRem.exe

Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).



Hacele un escaneo completo con:

• Malwarebytes' Anti-Malware
• Dr.Web CureIt!

Reinicia y nos dejas los reportes.

Salu2

Anteriormente tuve l virus desktop.ini y con su foro logre quitarlo y esta ves que baje algo del torrent pues fue demasiado tarde. AVG empezo por avisarme de un archivo en system 32 tdssadw.dll y otro en wbem. Pero ahora se me apaga la computadora y se pone una pantalla azul y solo en safe mode puedo navegar sin que se me cierre windows vista. Podrian ayudarme para poder sacar desktop.ini definitivamnete de mi maquina? Ya di windows restore, pero al abrir todos mis folders en atributos, vuelve a bloquear mis archivos.
Ayudenme por favor. A continuacion coloco el Hijack this para ver si algo alli me uede ayudar tambien, gracias.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:59 PM, on 8/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIA LA.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [EPSON Stylus CX5800F Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIA LA.EXE /FU "C:\Windows\TEMP\E_SE35C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://alessiaboxtoy.spaces.live.com/PhotoUpload/VistaMsnPUplden-us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C31172C-92B7-4D2B-AE71-F510EF2DC520}: NameServer = 216.230.147.90,216.230.128.32
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11393 bytes

Mi maquina se contagio con este Zlob.gen y me dejo metido el desktop.ini use el comofix y se arreglo algo, pero sigue apareciendo el desktop.ini, que puedo hacer? Abajo encontraran el como fix: AYUDA POR FAVOR!!!

ComboFix 08-08-10.05 - maryluz 2008-08-11 18:01:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1017 [GMT -6:00]
Running from: C:\Users\maryluz\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-11 17:58 . 2008-08-11 17:59 <DIR> d-------- C:\327882R2FWJFW
2008-08-11 14:28 . 2008-08-11 14:28 3,631 --a------ C:\DD65.tmp
2008-08-11 14:27 . 2008-08-11 14:27 3,631 --a------ C:\A2B6.tmp
2008-08-11 14:26 . 2008-08-11 14:26 3,631 --a------ C:\B4A0.tmp
2008-08-11 14:26 . 2008-08-11 14:50 39 --a------ C:\MUI00
2008-08-09 07:29 . 2008-08-09 07:29 <DIR> d-------- C:\Program Files\Sony
2008-08-08 10:43 . 2008-08-08 10:43 <DIR> d--h----- C:\Users\All Users\CanonBJ
2008-08-08 10:43 . 2008-08-08 10:43 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-08-08 10:42 . 2006-09-12 20:00 197,632 --a------ C:\Windows\System32\CNMLM86.DLL
2008-08-03 22:42 . 2008-08-03 22:42 <DIR> d-------- C:\Windows\System32\Adobe
2008-08-03 20:22 . 2008-08-03 20:22 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-08-03 20:22 . 2008-08-03 20:22 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-08-03 19:20 . 2008-08-03 21:16 <DIR> d-------- C:\Temp
2008-08-02 00:24 . 2008-08-11 12:25 <DIR> d-------- C:\IPPVR
2008-07-28 08:19 . 2008-05-26 23:21 1,582,592 --a------ C:\Windows\System32\tquery.dll
2008-07-28 08:19 . 2008-05-26 23:21 1,418,240 --a------ C:\Windows\System32\mssrch.dll
2008-07-28 08:19 . 2008-05-26 23:18 670,208 --a------ C:\Windows\System32\mssvp.dll
2008-07-28 08:19 . 2008-05-26 23:18 350,208 --a------ C:\Windows\System32\mssph.dll
2008-07-28 08:19 . 2008-05-26 23:18 203,776 --a------ C:\Windows\System32\mssphtb.dll
2008-07-27 17:15 . 2008-07-27 17:15 2,896 --a------ C:\Windows\System32\requestBody.xml
2008-07-27 17:15 . 2008-07-27 17:15 1,883 --a------ C:\Windows\System32\responseBody.xml
2008-07-27 17:15 . 2008-07-27 17:15 964 --a------ C:\Windows\System32\request.gzip
2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Program Files\iTunes
2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Program Files\iPod
2008-07-22 00:02 . 2008-07-22 00:03 <DIR> d-------- C:\Program Files\QuickTime
2008-07-21 10:56 . 2008-07-21 10:56 <DIR> d-------- C:\Users\maryluz\AppData\Roaming\Move Networks
2008-07-18 12:34 . 2008-07-18 12:34 586,240 --a------ C:\Windows\WLXPGSS.SCR
2008-07-14 20:41 . 2008-07-14 20:41 <DIR> d-------- C:\Program Files\Sun
2008-07-12 21:00 . 2008-07-18 11:02 54,156 --ah----- C:\Windows\QTFont.qfn
2008-07-12 21:00 . 2008-07-12 21:00 1,409 --a------ C:\Windows\QTFont.for
2008-07-12 08:59 . 2008-07-12 08:59 16,732,450 --------- C:\avg7qt.dat
2008-07-12 08:59 . 2008-07-12 08:59 56 --ah----- C:\Windows\System32\ezsidmv.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-12 00:01 --------- d-----w C:\Users\maryluz\AppData\Roaming\Skype
2008-08-11 22:17 --------- d-----w C:\Users\maryluz\AppData\Roaming\AVG7
2008-08-11 22:03 --------- d-----w C:\Users\maryluz\AppData\Roaming\skypePM
2008-08-11 18:38 13,119 ----a-w C:\Users\maryluz\AppData\Roaming\nvModes.dat
2008-08-11 18:25 --------- d-----w C:\ProgramData\avg7
2008-08-11 14:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-09 13:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-04 02:59 --------- d-----w C:\Users\maryluz\AppData\Roaming\Hewlett-Packard
2008-08-04 02:58 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-02 03:08 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-30 15:46 --------- d-----w C:\Users\maryluz\AppData\Roaming\Yahoo!
2008-07-22 06:04 --------- d-----w C:\ProgramData\Apple Computer
2008-07-15 02:41 --------- d-----w C:\Program Files\Java
2008-07-11 17:15 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-09 15:16 --------- d-----w C:\Program Files\Windows Mail
2008-07-05 19:05 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-16 06:02 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2008-06-14 18:17 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-14 18:17 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-14 18:17 --------- d-----w C:\Program Files\Windows Journal
2008-06-14 18:17 --------- d-----w C:\Program Files\Windows Defender
2008-06-14 18:17 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-14 18:17 --------- d-----w C:\Program Files\Windows Calendar
2008-06-14 18:02 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-14 18:02 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-11 20:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-05-27 05:18 71,680 ----a-w C:\Windows\System32\propdefs.dll
2008-05-27 05:18 56,320 ----a-w C:\Windows\System32\xmlfilter.dll
2008-05-27 05:18 44,032 ----a-w C:\Windows\System32\msstrc.dll
2008-05-27 05:18 439,808 ----a-w C:\Windows\System32\SearchIndexer.exe
2008-05-27 05:18 40,448 ----a-w C:\Windows\System32\mimefilt.dll
2008-05-27 05:18 38,400 ----a-w C:\Windows\System32\rtffilt.dll
2008-05-27 05:18 29,184 ----a-w C:\Windows\System32\wsepno.dll
2008-05-27 05:18 231,936 ----a-w C:\Windows\System32\msshsq.dll
2008-05-27 05:18 184,832 ----a-w C:\Windows\System32\SearchProtocolHost.exe
2008-05-27 05:18 136,704 ----a-w C:\Windows\System32\nlhtml.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.b in
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-04-28 17:48 201,728 ----a-w C:\Program Files\A-Patch140rc2b17_WLM.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 01:33 1233920]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 16:23 1773568]
"EPSON Stylus CX5800F Series"="C:\Windows\system32\spool\DRIVERS\W32X86\ 3\E_FATIALA.EXE" [2006-12-20 05:00 177664]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 14:54 21718312]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-04-28 11:45 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2008-05-17 08:32 171448]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 01:33 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 01:05 1045800]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 18:45 176128]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 09:41 579584]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 13:42 70912]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27 144784]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-28 12:26 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-28 12:26 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-02-28 12:26 81920]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 15:15 480560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-13 08:25 219136]

C:\Users\maryluz\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2008-03-13 08:25 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-02-20 08:33 963072 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"EarthLink2"= TCP:Profile=Private|Profile=Public|C:\Program Files\earthlink totalaccess\taskpanl.exe:taskpanl
"EarthLink1"= UDP:Profile=Private|Profile=Public|C:\Program Files\earthlink totalaccess\taskpanl.exe:taskpanl
"TCP Query User{A99EBAA7-22FA-429F-B8A3-8D22A84CD85D}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{BB86CC73-7F82-4EDD-8266-BECC51106AAC}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"TCP Query User{36029472-CD4E-427C-9FF4-0382AFA5DAFE}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{12EA6198-E69E-4091-8BB7-BBC5AB687E02}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{2CCE272F-0D71-4579-BFB0-EB1F8EB2E115}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8EB97B50-99A2-4CE8-83BC-03974BD1D1A3}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{7513D8A4-F9D5-4C37-85A9-1946EAE7EB53}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{1E564005-FB17-4F84-9D03-7199690626A0}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{5880329F-EB52-46D5-B5B4-D1749717C465}C:\\program files\\myspace\\im\\myspaceim.exe"= UDP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{C3F41459-BD02-4B4B-A3E8-050AA823AD48}C:\\program files\\myspace\\im\\myspaceim.exe"= TCP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"TCP Query User{22F65797-F506-4C6E-A263-0D9A166073E6}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{15A9BD4F-ECE4-477C-91F3-29A7203F7582}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{4F07E334-A6A7-4FB2-B666-19B956ADC828}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A5DA0216-9D58-4559-9C15-006A54D58130}C:\\program files\\myspace\\im\\myspaceim.exe"= UDP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{413CD007-0279-4F33-A691-5FD14F0F4D49}C:\\program files\\myspace\\im\\myspaceim.exe"= TCP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"{6EF59342-BFCF-4B0C-A4C8-065E24971F08}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{770822E0-F3CD-419C-8A7C-A8DEF7F5828B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A78C0BD6-47A0-42E2-BD24-EB55A18B3287}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{006BAC89-4A8C-4B36-93F6-CA4B0C875775}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0F4A233C-4232-478C-B922-8508CFA6B455}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F0FA3A52-4321-4B15-837E-6D724F2F822C}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E328D928-3A1E-4AF7-BB8B-10757B20827E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A4D444E7-04BE-4F71-940D-C09B755073A1}C:\\users\\maryluz\\music\\emule\\emu le.exe"= UDP:C:\users\maryluz\music\emule\emule.exe:emule.e xe
"UDP Query User{C16BDE07-5405-4365-B60E-0BA1ABAFB666}C:\\users\\maryluz\\music\\emule\\emu le.exe"= TCP:C:\users\maryluz\music\emule\emule.exe:emule.e xe
"TCP Query User{28016DAA-129C-4C9F-90AD-A95CCA5DC9DE}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{1B6FA53C-7897-4A22-99DB-8E4891337911}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{61D78354-429E-4FF9-B7A5-457DD148CB0E}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{AA2BCC20-C9BE-437D-8157-4F3183B620A4}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{AB324F9B-EE04-4B80-BDE5-416DF667F366}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{A88D639E-22F6-477C-A1F2-4FC9D82E4CDB}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{5D237D09-23E3-4AAF-B902-08AD78B2E2F9}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B6076B21-A273-425B-AA5E-EB850A2DC824}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{64E594EF-9682-4014-BD92-FA34D0B7EAE8}"= UDP:C:\Program Files\Online Services\Aolca\InstallAol.exe:AOL
"{0898E914-0CBA-4D44-AB04-D73541BC60AD}"= TCP:C:\Program Files\Online Services\Aolca\InstallAol.exe:AOL
"{314E3A00-9A23-4DD9-A6F2-5593D96C356C}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{47523335-A1FA-4936-9A08-0B002FC225FF}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{934F8C0A-5F79-416A-A4D0-DA8606FB58D5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{23BAB454-40EE-4094-974F-A75AEF86B2F4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3125E8F2-DB8F-468B-9DC9-7715B82F1D55}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{17D83EC5-51CA-4FFA-994E-249FA86846BB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E52DD35D-0D49-405C-9C2A-B2225A20965F}"= UDP:C:\Windows\SMINST\CD Creator.exe:Recovery Disc Creation
"{AE1AF81A-3204-4704-8E4B-3DF9245F04A7}"= TCP:C:\Windows\SMINST\CD Creator.exe:Recovery Disc Creation
"TCP Query User{EC31F36F-44A7-4E0B-8A59-DA6CCC0FFE84}E:\\ippvr.exe"= UDP:E:\ippvr.exe:IPPVR
"UDP Query User{1888CB5F-F570-4F59-A37E-ADAAFCB88EA4}E:\\ippvr.exe"= TCP:E:\ippvr.exe:IPPVR
"TCP Query User{3B1FB490-AED5-4137-A600-B73187C765D3}C:\\ippvr\\ippvr.exe"= UDP:C:\ippvr\ippvr.exe:IPPVR
"UDP Query User{B5062483-8D29-4E94-B9C8-43102C7339D6}C:\\ippvr\\ippvr.exe"= TCP:C:\ippvr\ippvr.exe:IPPVR

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 08:25]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 04:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{180906bf-9c58-11dc-b3b8-806e6f6e6963}]
\shell\AutoRun\command - E:\disk1.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{73e8ae91-c45a-11dc-84a8-001b2485b8a6}]
\shell\AutoRun\command - E:\d.com
\shell\explore\Command - E:\d.com
\shell\open\Command - E:\d.com

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-04-26 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2008-07-28 C:\Windows\Tasks\HPCeeScheduleFormaryluz.job
- C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-23 15:23]

2008-08-11 C:\Windows\Tasks\User_Feed_Synchronization-{44CB0ACF-B851-41B8-B013-B249CF05A0EB}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 01:33]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\maryluz\AppData\Roaming\Mozilla\Firefox\P rofiles\15b1k73q.default\


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 18:05:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\maryluz\AppData\Local\Temp\~DFCBC4.tmp 770048 bytes
C:\Users\maryluz\AppData\Local\Temp\~DFCD15.tmp 512 bytes

scan completed successfully
hidden files: 2

************************************************** ************************
.
Completion time: 2008-08-11 18:07:37
ComboFix-quarantined-files.txt 2008-08-12 00:07:31
ComboFix2.txt 2008-03-22 00:31:43

Pre-Run: 82,644,692,992 bytes free
Post-Run: 82,643,222,528 bytes free

230 --- E O F --- 2008-08-08 14:48:22

Hola PIEDRA graias por tu respuesta, aunque no se que decirte pues si hice lo del INREM, despues CC Cleaner y de ultimo Combo Fix, pues como nadie parecia fijarse en mi mensaje y estaba desesperada porque el background del desktop se volvio negro, ya no habian wallpapers y estaba llena de algo que se hace llamar deskto.ini que cada ves que usaba las hidden files se me llenaba de eso todos los folder y files. Asi que aqui te mando el combo fix que me habia arreglado ese problema y me devolvio tambien los wallpapers. Ademas queria decirte, que ese desktop.ini me quito el password de administrador y existen folders y files en mi maquina a los que no puedo ingresar. Tal ves me podrias ayudar a decirme si eso lo arreglo Combo Fix y como lo hizo, pues algo hizo que me libero la computadora parcialmente, por si me vuelve a pasar. Esto me sucedio despues que una pantallita azul con cmd se metio por medio de un Torrent que baje. Te agradezco que me hayas puesto atencion. Maria (hojala me contestes, sigo desesperada) Tambien pase el Dr. Web y dice que tengo el troyano Zwizzor.based en un scaneo completo que hice despues del combo Fix. que te mande.
ue bueno que lei tu respuesta, pense que nadie me habia contestado y lo que haia era hacer lo que se le recomienda a otros, cuanto te agradezco por lo del Dr. Web, buenisimo. El malawerbytes lo hice y no detecto nada como lo hizo Dr. WEB.


Combo Fix detalles:

ComboFix 08-08-15.04 - maryluz 2008-08-16 14:36:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1035 [GMT -6:00]
Running from: C:\Users\maryluz\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.

2008-08-16 13:34 . 2008-08-16 13:34 <DIR> d-------- C:\!KillBox
2008-08-15 19:06 . 2008-08-15 19:06 <DIR> d-------- C:\Users\maryluz\AppData\Roaming\WildTangent
2008-08-12 20:05 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-11 22:04 . 2008-08-11 22:04 <DIR> d-------- C:\Archivos de programa
2008-08-11 21:15 . 2008-08-11 21:17 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-11 21:15 . 2008-08-11 21:17 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-11 21:13 . 2008-08-11 21:13 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-11 21:11 . 2008-08-11 21:12 <DIR> d-------- C:\Program Files\iTunes
2008-08-11 21:11 . 2008-08-11 21:11 <DIR> d-------- C:\Program Files\iPod
2008-08-09 07:29 . 2008-08-09 07:29 <DIR> d-------- C:\Program Files\Sony
2008-08-08 10:43 . 2008-08-08 10:43 <DIR> d--h----- C:\Users\All Users\CanonBJ
2008-08-08 10:43 . 2008-08-08 10:43 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-08-08 10:42 . 2006-09-12 20:00 197,632 --a------ C:\Windows\System32\CNMLM86.DLL
2008-08-03 22:42 . 2008-08-03 22:42 <DIR> d-------- C:\Windows\System32\Adobe
2008-08-03 20:22 . 2008-08-03 20:22 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-08-03 20:22 . 2008-08-03 20:22 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-08-03 19:20 . 2008-08-03 21:16 <DIR> d-------- C:\Temp
2008-08-02 00:24 . 2008-08-11 19:24 <DIR> d-------- C:\IPPVR
2008-07-28 08:19 . 2008-05-26 23:21 1,582,592 --a------ C:\Windows\System32\tquery.dll
2008-07-28 08:19 . 2008-05-26 23:21 1,418,240 --a------ C:\Windows\System32\mssrch.dll
2008-07-28 08:19 . 2008-05-26 23:18 670,208 --a------ C:\Windows\System32\mssvp.dll
2008-07-28 08:19 . 2008-05-26 23:18 350,208 --a------ C:\Windows\System32\mssph.dll
2008-07-28 08:19 . 2008-05-26 23:18 203,776 --a------ C:\Windows\System32\mssphtb.dll
2008-07-27 17:15 . 2008-07-27 17:15 2,896 --a------ C:\Windows\System32\requestBody.xml
2008-07-27 17:15 . 2008-07-27 17:15 1,883 --a------ C:\Windows\System32\responseBody.xml
2008-07-27 17:15 . 2008-07-27 17:15 964 --a------ C:\Windows\System32\request.gzip
2008-07-22 00:02 . 2008-07-22 00:03 <DIR> d-------- C:\Program Files\QuickTime
2008-07-21 10:56 . 2008-07-21 10:56 <DIR> d-------- C:\Users\maryluz\AppData\Roaming\Move Networks
2008-07-18 12:34 . 2008-07-18 12:34 586,240 --a------ C:\Windows\WLXPGSS.SCR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-16 20:39 --------- d-----w C:\Users\maryluz\AppData\Roaming\Skype
2008-08-16 20:27 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-16 19:40 --------- d-----w C:\Users\maryluz\AppData\Roaming\skypePM
2008-08-16 16:39 --------- d-----w C:\Users\maryluz\AppData\Roaming\AVG7
2008-08-16 16:35 --------- d-----w C:\ProgramData\WildTangent
2008-08-16 16:35 --------- d-----w C:\ProgramData\avg7
2008-08-16 01:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-16 01:17 --------- d-----w C:\Program Files\HPQ
2008-08-16 00:03 --------- d-----w C:\Users\maryluz\AppData\Roaming\Apple Computer
2008-08-14 18:30 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-13 15:53 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 03:11 --------- d-----w C:\ProgramData\Apple Computer
2008-08-11 18:38 13,119 ----a-w C:\Users\maryluz\AppData\Roaming\nvModes.dat
2008-08-11 14:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-04 02:59 --------- d-----w C:\Users\maryluz\AppData\Roaming\Hewlett-Packard
2008-08-04 02:58 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-31 02:07 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-30 15:46 --------- d-----w C:\Users\maryluz\AppData\Roaming\Yahoo!
2008-07-15 02:41 --------- d-----w C:\Program Files\Sun
2008-07-15 02:41 --------- d-----w C:\Program Files\Java
2008-07-12 14:59 16,732,450 ------w C:\avg7qt.dat
2008-07-09 15:16 --------- d-----w C:\Program Files\Windows Mail
2008-07-05 19:05 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-16 06:02 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2008-06-14 18:02 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-14 18:02 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-11 20:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-05-27 05:18 71,680 ----a-w C:\Windows\System32\propdefs.dll
2008-05-27 05:18 56,320 ----a-w C:\Windows\System32\xmlfilter.dll
2008-05-27 05:18 44,032 ----a-w C:\Windows\System32\msstrc.dll
2008-05-27 05:18 439,808 ----a-w C:\Windows\System32\SearchIndexer.exe
2008-05-27 05:18 40,448 ----a-w C:\Windows\System32\mimefilt.dll
2008-05-27 05:18 38,400 ----a-w C:\Windows\System32\rtffilt.dll
2008-05-27 05:18 29,184 ----a-w C:\Windows\System32\wsepno.dll
2008-05-27 05:18 231,936 ----a-w C:\Windows\System32\msshsq.dll
2008-05-27 05:18 184,832 ----a-w C:\Windows\System32\SearchProtocolHost.exe
2008-05-27 05:18 136,704 ----a-w C:\Windows\System32\nlhtml.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.b in
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-04-28 17:48 201,728 ----a-w C:\Program Files\A-Patch140rc2b17_WLM.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 01:33 1233920]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 16:23 1773568]
"EPSON Stylus CX5800F Series"="C:\Windows\system32\spool\DRIVERS\W32X86\ 3\E_FATIALA.EXE" [2006-12-20 05:00 177664]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 14:54 21718312]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-04-28 11:45 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2008-05-17 08:32 171448]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 01:33 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 01:05 1045800]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 18:45 176128]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 09:41 579584]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 13:42 70912]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27 144784]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 15:15 480560]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-13 08:25 219136]

C:\Users\maryluz\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2008-03-13 08:25 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-02-20 08:33 963072 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"EarthLink2"= TCP:Profile=Private|Profile=Public|C:\Program Files\earthlink totalaccess\taskpanl.exe:taskpanl
"EarthLink1"= UDP:Profile=Private|Profile=Public|C:\Program Files\earthlink totalaccess\taskpanl.exe:taskpanl
"TCP Query User{A99EBAA7-22FA-429F-B8A3-8D22A84CD85D}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{BB86CC73-7F82-4EDD-8266-BECC51106AAC}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"TCP Query User{36029472-CD4E-427C-9FF4-0382AFA5DAFE}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{12EA6198-E69E-4091-8BB7-BBC5AB687E02}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{2CCE272F-0D71-4579-BFB0-EB1F8EB2E115}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8EB97B50-99A2-4CE8-83BC-03974BD1D1A3}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{7513D8A4-F9D5-4C37-85A9-1946EAE7EB53}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{1E564005-FB17-4F84-9D03-7199690626A0}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{5880329F-EB52-46D5-B5B4-D1749717C465}C:\\program files\\myspace\\im\\myspaceim.exe"= UDP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{C3F41459-BD02-4B4B-A3E8-050AA823AD48}C:\\program files\\myspace\\im\\myspaceim.exe"= TCP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"TCP Query User{22F65797-F506-4C6E-A263-0D9A166073E6}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{15A9BD4F-ECE4-477C-91F3-29A7203F7582}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{4F07E334-A6A7-4FB2-B666-19B956ADC828}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A5DA0216-9D58-4559-9C15-006A54D58130}C:\\program files\\myspace\\im\\myspaceim.exe"= UDP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{413CD007-0279-4F33-A691-5FD14F0F4D49}C:\\program files\\myspace\\im\\myspaceim.exe"= TCP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"{6EF59342-BFCF-4B0C-A4C8-065E24971F08}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{770822E0-F3CD-419C-8A7C-A8DEF7F5828B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A78C0BD6-47A0-42E2-BD24-EB55A18B3287}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{006BAC89-4A8C-4B36-93F6-CA4B0C875775}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0F4A233C-4232-478C-B922-8508CFA6B455}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F0FA3A52-4321-4B15-837E-6D724F2F822C}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E328D928-3A1E-4AF7-BB8B-10757B20827E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A4D444E7-04BE-4F71-940D-C09B755073A1}C:\\users\\maryluz\\music\\emule\\emu le.exe"= UDP:C:\users\maryluz\music\emule\emule.exe:emule.e xe
"UDP Query User{C16BDE07-5405-4365-B60E-0BA1ABAFB666}C:\\users\\maryluz\\music\\emule\\emu le.exe"= TCP:C:\users\maryluz\music\emule\emule.exe:emule.e xe
"TCP Query User{28016DAA-129C-4C9F-90AD-A95CCA5DC9DE}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{1B6FA53C-7897-4A22-99DB-8E4891337911}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{61D78354-429E-4FF9-B7A5-457DD148CB0E}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{AA2BCC20-C9BE-437D-8157-4F3183B620A4}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{AB324F9B-EE04-4B80-BDE5-416DF667F366}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{A88D639E-22F6-477C-A1F2-4FC9D82E4CDB}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{5D237D09-23E3-4AAF-B902-08AD78B2E2F9}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B6076B21-A273-425B-AA5E-EB850A2DC824}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{64E594EF-9682-4014-BD92-FA34D0B7EAE8}"= UDP:C:\Program Files\Online Services\Aolca\InstallAol.exe:AOL
"{0898E914-0CBA-4D44-AB04-D73541BC60AD}"= TCP:C:\Program Files\Online Services\Aolca\InstallAol.exe:AOL
"{314E3A00-9A23-4DD9-A6F2-5593D96C356C}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{47523335-A1FA-4936-9A08-0B002FC225FF}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{934F8C0A-5F79-416A-A4D0-DA8606FB58D5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{23BAB454-40EE-4094-974F-A75AEF86B2F4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E52DD35D-0D49-405C-9C2A-B2225A20965F}"= UDP:C:\Windows\SMINST\CD Creator.exe:Recovery Disc Creation
"{AE1AF81A-3204-4704-8E4B-3DF9245F04A7}"= TCP:C:\Windows\SMINST\CD Creator.exe:Recovery Disc Creation
"TCP Query User{EC31F36F-44A7-4E0B-8A59-DA6CCC0FFE84}E:\\ippvr.exe"= UDP:E:\ippvr.exe:IPPVR
"UDP Query User{1888CB5F-F570-4F59-A37E-ADAAFCB88EA4}E:\\ippvr.exe"= TCP:E:\ippvr.exe:IPPVR
"TCP Query User{3B1FB490-AED5-4137-A600-B73187C765D3}C:\\ippvr\\ippvr.exe"= UDP:C:\ippvr\ippvr.exe:IPPVR
"UDP Query User{B5062483-8D29-4E94-B9C8-43102C7339D6}C:\\ippvr\\ippvr.exe"= TCP:C:\ippvr\ippvr.exe:IPPVR
"{5EAB13D6-5A06-4509-90A0-DE8983192452}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{69208EC6-3ECC-4562-B786-B230B4F19C2A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{4D269514-63B0-4F3D-BAD5-BCB83E6EE4A9}C:\\ippvr\\ippvr.exe"= UDP:C:\ippvr\ippvr.exe:IPPVR
"UDP Query User{A6259C83-7BD7-40B4-8278-D6B56E18E447}C:\\ippvr\\ippvr.exe"= TCP:C:\ippvr\ippvr.exe:IPPVR

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 08:25]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 04:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{180906bf-9c58-11dc-b3b8-806e6f6e6963}]
\shell\AutoRun\command - E:\disk1.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{73e8ae91-c45a-11dc-84a8-001b2485b8a6}]
\shell\AutoRun\command - E:\d.com
\shell\explore\Command - E:\d.com
\shell\open\Command - E:\d.com

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-04-26 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2008-07-28 C:\Windows\Tasks\HPCeeScheduleFormaryluz.job
- C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-23 15:23]

2008-08-16 C:\Windows\Tasks\User_Feed_Synchronization-{44CB0ACF-B851-41B8-B013-B249CF05A0EB}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 01:33]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\maryluz\AppData\Roaming\Mozilla\Firefox\P rofiles\15b1k73q.default\


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 14:39:55
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Windows\TEMP\TMP0000007816B8A51BC1E9D69B

scan completed successfully
hidden files: 1

************************************************** ************************
.
Completion time: 2008-08-16 14:41:36
ComboFix-quarantined-files.txt 2008-08-16 20:41:31

Pre-Run: 100,943,716,352 bytes free
Post-Run: 100,930,551,808 bytes free

224 --- E O F --- 2008-08-08 14:48:22

Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Una vez que este termine de limpiar todo, actualiza "Java", hace una Desfragmentación del disco con la opción de Windows y pasa por www.windowsupdate.com para descargar todos los parches disponibles (si tu sistema lo permite)

• Descarga y ejecuta la utilidad Advanced WindowsCare, para reparar y optimizar a fondo tu PC.

Reinicia y nos contas los resultados.

Salu2

Articulo de interés: "Eliminar lentitud en Windows"