Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola Muchachos aca les copio mi log the hijack porque estoy hasta las bolas... de que me digan que envio mensajes offline de algunos links que no tengo ni idea de que son.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:48, on 09/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\PresentationSettings.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IELowutil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Agregar al componente Anti-Banners - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Estadísticas de protección del tráfico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B314C5C-7A68-4499-98F2-29F05DB9B544}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPE R~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASP ER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardware ResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10838 bytes

GRACIAS
Espero novedades

Hola, Vamos a comenzar por estos pasos:

• Paso 1- Descarga, instala y actualiza las siguientes herramientas:
  • CCleaner // Manual de uso.
  • Malwarebytes' Anti-Malware // Manual de uso.
• Paso 2- Ejecuta CCleaner para hacerle una limpieza de cookies, archivos temporales e innecesarios para mejorar el rendimiento de tu equipo y generar reportes mas limpios.(NO necesitamos este reporte)
  
• Paso 3- Ejecuta Malwarebytes' Anti-Malware (MBAM) y selecciona todo lo que este encuentre para luego presionar el botón de "Quitar lo Seleccionado" y así mandarlo a cuarentena.
  
• Paso 4- Reinicia tu PC, y vuelve a generar un nuevo reporte de HijackThis 2.0.2 para pegarlo junto con el reporte de MBAM en este mismo mensaje contándonos si hubiera habido alguna mejora en el problema o rendimiento del equipo.

Por ultimo te recomiendo suscribirte al feed de nuestro Blog de InfoSpyware para estar al tanto de las nuevas amenazas que circulan por la red y así en un futuro puedas prevenirlas.


No te olvides de volver a dejarnos los reportes para continuar con el tema....

Saludos

Buenas!, te comento que el MBAM ha detectado 1 troyano pero que para nada ha mejorado el tema, ya que aunque siempre cancelo que el msn arranque junto al equipo siempre que reinicio vuelve a arrancar junto al arranque, por otro lado si me conecto sale como no disponible a pesar de que este en DISPONIBLE.
Aca te dejo el log del Hijack y el del MBAM haber si hay suerte y me podes dar una mano
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:57, on 11/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\stacsv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\PresentationSettings.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.ex e

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Agregar al componente Anti-Banners - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Estadísticas de protección del tráfico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B314C5C-7A68-4499-98F2-29F05DB9B544}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPE R~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASP ER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardware ResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12441 bytes

LOG DEL MBAM

Malwarebytes' Anti-Malware 1.36
Versión de la Base de Datos: 2108
Windows 6.0.6001 Service Pack 1

11/05/2009 16:53:27
mbam-log-2009-05-11 (16-53-27).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 200177
Tiempo transcurrido: 1 hour(s), 33 minute(s), 28 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 1

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer (Rogue.WebMediaPlayer) -> Delete on reboot.

GRACIAS

Sigue estos pasos:

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
• Cuando termine, generará un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Saludos

Ahi va el LOG , y todavia el problema sigue...

ComboFix 09-05-11.01 - JUAN FRANCISCO 11/05/2009 22:09.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.34.3082.18.2046.1297 [GMT 2:00]
Running from: c:\users\JUAN FRANCISCO\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Privacy Policy.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Terms and Conditions.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url
c:\users\JUAN FRANCISCO\AppData\Local\swkgm.dat
c:\users\JUAN FRANCISCO\AppData\Local\swkgm_nav.dat
c:\users\JUAN FRANCISCO\AppData\Local\swkgm_navps.dat
c:\users\JUAN FRANCISCO\AppData\Local\uwgeoem.dat
c:\users\JUAN FRANCISCO\AppData\Local\uwgeoem_nav.dat
c:\users\JUAN FRANCISCO\AppData\Local\uwgeoem_navps.dat
c:\windows\system32\OGACheckControl.dll
c:\windows\system32\WgaLogon.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-10 15:03 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-10 15:03 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 15:03 . 2009-05-10 15:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-09 21:54 . 2009-05-09 21:54 -------- d-----w C:\_DPSG
2009-05-09 21:53 . 2009-05-09 21:54 -------- d-----w c:\program files\DelPSGuard
2009-05-09 21:47 . 2008-11-06 00:03 -------- d-----w C:\SDFix
2009-05-09 21:44 . 2009-05-09 21:44 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Roaming\Malwarebytes
2009-05-09 21:44 . 2009-05-09 21:44 -------- d-----w c:\programdata\Malwarebytes
2009-05-08 17:16 . 2009-05-08 17:16 -------- d-----w c:\program files\Trend Micro
2009-05-08 09:37 . 2009-05-08 09:37 691712 ----a-w c:\windows\is-8HRJI.exe
2009-05-08 09:37 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-08 09:37 . 2009-04-03 09:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-08 09:37 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-08 09:37 . 2008-12-10 09:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-07 14:59 . 2009-03-31 09:23 39200 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-05-07 14:59 . 2009-03-31 09:23 33056 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-05-07 14:59 . 2009-03-31 09:23 12576 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-05-07 14:59 . 2009-03-31 09:23 51488 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-05-07 14:56 . 2009-05-08 10:06 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-07 14:56 . 2008-06-02 14:19 29576 ----a-w c:\windows\system32\drivers\kcom.sys
2009-05-07 14:56 . 2008-08-25 10:36 40840 ----a-w c:\windows\system32\drivers\ikfilesec.sys
2009-05-07 14:56 . 2008-08-25 10:36 81288 ----a-w c:\windows\system32\drivers\iksyssec.sys
2009-05-07 14:56 . 2008-08-25 10:36 66952 ----a-w c:\windows\system32\drivers\iksysflt.sys
2009-05-07 14:56 . 2009-05-11 20:06 -------- d-----w c:\program files\Spyware Doctor
2009-05-07 14:56 . 2009-05-07 14:56 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Roaming\PC Tools
2009-05-07 14:35 . 2009-05-07 14:47 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-07 14:35 . 2009-05-07 14:47 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-07 14:33 . 2009-05-11 14:59 4039200 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-07 14:33 . 2009-05-11 14:59 491552 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-07 14:33 . 2009-05-07 14:33 -------- d-----w c:\program files\Kaspersky Lab
2009-05-01 11:22 . 2009-03-08 11:33 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-05-01 11:22 . 2009-03-08 11:34 914944 ----a-w c:\windows\system32\wininet.dll
2009-04-27 19:55 . 2009-04-27 19:55 -------- d-----w c:\programdata\PC Tools
2009-04-27 19:29 . 2009-05-11 20:07 -------- d---a-w c:\programdata\TEMP
2009-04-26 11:34 . 2009-04-26 11:34 -------- d-----w c:\programdata\wmp
2009-04-26 11:34 . 2009-04-30 08:24 99 ----a-w c:\users\JUAN FRANCISCO\AppData\Local\uwgeoem.bat
2009-04-24 08:49 . 2009-04-24 08:49 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-24 08:47 . 2009-04-24 08:47 -------- d--h--r C:\MSOCache
2009-04-22 16:55 . 2008-12-11 12:31 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-19 18:45 . 2009-04-19 18:45 -------- d-----w c:\program files\TVAnts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-11 14:59 . 2009-05-07 14:33 2760 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-11 14:59 . 2009-05-07 14:33 32636 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-10 20:35 . 2007-05-31 14:22 -------- d-----w c:\program files\GDS
2009-05-07 14:47 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-07 14:36 . 2006-11-02 15:46 714674 ----a-w c:\windows\system32\perfh00A.dat
2009-05-07 14:36 . 2006-11-02 15:46 147302 ----a-w c:\windows\system32\perfc00A.dat
2009-05-07 14:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-07 14:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-07 14:34 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-02 14:45 . 2008-12-07 13:38 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-02 14:20 . 2008-12-01 16:22 82878 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\nvModes.dat
2009-05-01 13:49 . 2008-12-01 16:22 103176 ----a-w c:\users\JUAN FRANCISCO\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 11:29 . 2007-05-31 14:10 -------- d-----w c:\program files\Microsoft Works
2009-04-27 17:39 . 2008-12-14 22:28 -------- d-----w c:\program files\Lavasoft
2009-04-25 09:00 . 2007-05-31 09:27 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-25 08:59 . 2009-03-19 21:21 -------- d-----w c:\program files\Common Files\Microsoft Games
2009-04-24 08:58 . 2009-03-09 18:19 -------- d-----w c:\program files\MSECache
2009-04-24 08:54 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-04-24 08:52 . 2007-05-31 14:24 -------- d-----w c:\program files\Microsoft.NET
2009-04-16 08:08 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-07 18:08 . 2008-12-01 19:15 -------- d-----w c:\program files\CCleaner
2009-04-07 08:41 . 2009-04-07 08:41 -------- d-----w c:\program files\iTunes
2009-04-07 08:41 . 2009-04-07 08:41 -------- d-----w c:\program files\iPod
2009-04-07 08:41 . 2008-12-01 19:44 -------- d-----w c:\program files\Common Files\Apple
2009-04-06 22:55 . 2009-04-06 22:55 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-04-06 22:53 . 2007-05-31 14:08 -------- d-----w c:\program files\Java
2009-04-01 10:14 . 2009-04-01 10:14 -------- d-----w c:\program files\Common Files\SWF Studio
2009-03-19 14:32 . 2009-04-07 08:41 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 13:53 . 2008-12-01 16:22 2032 ----a-w c:\users\JUAN FRANCISCO\AppData\Local\d3d9caps.dat
2009-03-17 13:09 . 2009-03-15 20:58 97 ----a-w c:\users\JUAN FRANCISCO\AppData\Local\swkgm.bat
2009-03-17 03:38 . 2009-04-16 07:39 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 07:39 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 03:19 . 2008-12-14 20:44 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-05-01 11:23 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-01 11:23 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-01 11:23 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-01 11:23 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-01 11:23 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-01 11:23 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-01 11:23 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-01 11:23 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-01 11:23 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-01 11:23 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-01 11:23 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-01 11:23 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-01 11:23 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-01 11:23 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-01 11:23 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-01 11:23 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-16 07:39 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 07:39 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 07:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 07:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 07:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 07:39 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 07:39 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 07:39 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 07:39 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 07:39 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-26 23:05 . 2009-02-26 23:05 23600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2009-02-19 19:03 . 2009-02-19 19:03 685816 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-13 08:49 . 2009-04-16 07:39 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-16 07:39 1255936 ----a-w c:\windows\system32\lsasrv.dll
2008-12-03 14:46 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-08 8429568]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" [2007-04-12 415864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-09 835584]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-07 206088]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-03-28 1822720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 18:33 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-03-09 07:55 98304 ----a-w c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkb d.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Google Update"="c:\users\JUAN FRANCISCO\AppData\Local\Google\Update\GoogleUpdate .exe" /c
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe"
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"="0x00000000"
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{CA01F986-575B-4C4B-8F91-94CE86F7AA82}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{16BCED7C-3690-4375-B58E-E1F6DABDAEAE}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{D5B61929-E66F-434F-8F52-49C3D7E1AFF1}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"UDP Query User{93CC5861-A8CE-40DE-A5D3-4D43FA4A25F1}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"{D5A865C0-EB58-400A-9220-033ECB5055F3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{450EF186-8A03-48FF-8EBC-49B88776EA21}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{7F7D2445-63AE-4F5E-AAD1-30F358545753}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"TCP Query User{5CF51122-4852-43AE-808E-DA781D645CBA}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8937480E-595A-4BB9-B606-12E19CD8FCD7}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A61DF2AD-408E-4552-B84D-30522A12EB6C}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{EEEB10C7-EA14-4311-AAB3-F28E458A0ABB}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"{A836A394-1D83-4CF6-92BA-A98D5CC019A5}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{41563774-C8FF-47E8-BCDA-EC97498135D0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{16BCC03A-6805-47A9-BCDD-3F4EC0F5E9C6}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{43FFAA99-DE56-40A9-BC58-36E91526C30B}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{96FE3C0A-7E63-465C-A5BA-80F6DA5E5798}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{8C6BAFE6-FDD7-41B8-830A-1EA3E0AED14D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{58A3EC25-5B73-4164-917B-5A273C2AF65D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{F4DD0F3E-8138-4046-84E8-990734C42AF3}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{12EA944B-A045-4C7F-9547-CBE50E8E1D10}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{52A14815-8E6E-48F3-B7BD-0C6AC1970D51}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{4FE9C301-E30C-4AE0-9494-A4EBE10C9DD7}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"{43832E86-36B3-4522-91EF-AA718A4D7ED4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{A3F83979-E679-4862-8B19-35D9D34F0892}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{04284117-7C50-472E-97AF-7B0A5E779CC0}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 18:29 33808]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [08/05/2009 11:37 130936]
R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMo n.sys [07/05/2009 16:59 51488]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSy sMon.sys [07/05/2009 16:59 39200]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 18:28 20496]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctg ntdi.sys [08/05/2009 11:37 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28/05/2008 11:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/05/2008 11:33 55024]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [31/01/2009 17:08 13560]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 21:09 11032]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [13/12/2008 13:36 603904]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/2008 19:02 26640]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [31/05/2007 20:27 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [31/05/2007 20:27 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [31/05/2007 20:27 31104]
R3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNe tMon.sys [07/05/2009 16:59 33056]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21 sony.sys [23/04/2007 14:29 812544]
S3 AVerM115S;AVerM115S service;c:\windows\System32\drivers\AVerM115S.sys [31/05/2007 11:35 785280]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctpls g.sys [08/05/2009 11:37 64392]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/05/2008 11:33 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [07/05/2009 16:56 348752]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{af0ca023-04b1-11de-8f2c-0013a9e323b7}]
\shell\AutoRun\command - G:\AUTORUN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2938888382-1530183844-4289170302-1003.job
- c:\users\JUAN FRANCISCO\AppData\Local\Google\Update\GoogleUpdate .exe [2008-12-01 19:39]

2009-05-11 c:\windows\Tasks\Mantenimiento con 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 14:00]

2009-05-11 c:\windows\Tasks\User_Feed_Synchronization-{991009DE-73F2-472B-8F4B-10D6DF833633}.job
- c:\windows\system32\msfeedssync.exe [2009-05-01 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.forospyware.com/
uInternet Settings,ProxyOverride = local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
TCP: {6B314C5C-7A68-4499-98F2-29F05DB9B544} = 80.58.61.250,80.58.61.254
FF - ProfilePath - c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin. dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin6 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin7 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin8 .dll
FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.d ll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\JUAN FRANCISCO\AppData\Local\Google\Update\1.2.145.5\np GoogleOneClick8.dll
FF - plugin: c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\npTVUAx.dll
FF - plugin: c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\plugins\npgoogle talk.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 22:13
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{ 95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000a0
.
Completion time: 2009-05-11 22:15
ComboFix-quarantined-files.txt 2009-05-11 20:15

Pre-Run: 61.824.540.672 bytes libres
Post-Run: 61.682.712.576 bytes libres

334 --- E O F --- 2009-05-08 10:02


Saludos... y espero que podamos resolver esto,

ComboFix detectó y eliminó ya algunos Malwares, pero todavía quedaron algunas cosas para sacar, sigue estos pasos:

1.-Abrir el Notepad

• Clic en INICIO > EJECUTAR >
• Y ahí pones notepad.exe y ACEPTAR

2.- Ahora copia y pega este código dentro del Notepad

3.- Graba este archivo en el Escritorio con el nombre CFScript.txt

4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.



Reinicia y nos cuentas los resultados. junto con un nuevo reporte de ComboFix y uno de Hijackthis.

Saludos

ahi el del combo fix

ComboFix 09-05-24.03 - JUAN FRANCISCO 24/05/2009 23:09.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.34.3082.18.2046.1052 [GMT 2:00]
Running from: c:\users\JUAN FRANCISCO\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-24 21:12 . 2009-05-24 21:12 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Local\temp
2009-05-19 17:19 . 2008-08-19 17:32 812376 ------w c:\programdata\HP\Installer\Temp\hpzscr01.EXE
2009-05-19 17:19 . 2008-08-19 17:26 488792 ------w c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2009-05-19 17:17 . 2009-04-27 12:21 28928 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-19 17:17 . 2009-04-27 12:21 17152 ----a-w c:\windows\system32\authuitu.dll
2009-05-19 17:17 . 2009-05-19 17:17 361216 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-19 15:31 . 2009-05-19 17:08 -------- d-----w c:\temp\HP_WebRelease
2009-05-19 14:25 . 2009-05-19 14:45 -------- d-----w c:\program files\Laryon
2009-05-19 14:09 . 2009-05-19 14:09 -------- d-----w c:\programdata\Xerox
2009-05-19 13:58 . 2009-05-19 13:58 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Local\HP
2009-05-19 13:55 . 2009-05-19 13:58 19510 ----a-w c:\windows\hpqins13.dat
2009-05-19 13:55 . 2009-05-19 17:21 -------- d-----w c:\programdata\HP
2009-05-19 13:22 . 2009-05-19 13:58 -------- d-----w c:\program files\HP
2009-05-15 21:20 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-15 21:20 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-15 20:46 . 2009-05-15 21:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-15 18:50 . 2009-05-15 18:50 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Roaming\Maxprog
2009-05-15 18:50 . 2009-05-15 18:50 -------- d-----w c:\program files\MaxBulk Mailer
2009-05-15 10:15 . 2009-05-15 10:15 -------- d-----w c:\programdata\PC SOFT
2009-05-14 19:41 . 2009-05-15 19:23 -------- d-----w c:\program files\Email Marketer Business Edition
2009-05-13 11:56 . 2009-05-13 11:56 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-05-09 21:53 . 2009-05-09 21:54 -------- d-----w c:\program files\DelPSGuard
2009-05-09 21:47 . 2008-11-06 00:03 -------- d-----w C:\SDFix
2009-05-09 21:44 . 2009-05-09 21:44 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Roaming\Malwarebytes
2009-05-09 21:44 . 2009-05-09 21:44 -------- d-----w c:\programdata\Malwarebytes
2009-05-08 17:16 . 2009-05-08 17:16 -------- d-----w c:\program files\Trend Micro
2009-05-08 09:37 . 2009-05-08 09:37 691712 ----a-w c:\windows\is-8HRJI.exe
2009-05-08 09:37 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-08 09:37 . 2009-04-03 09:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-08 09:37 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-08 09:37 . 2008-12-10 09:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-07 14:59 . 2009-03-31 09:23 39200 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-05-07 14:59 . 2009-03-31 09:23 33056 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-05-07 14:59 . 2009-03-31 09:23 12576 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-05-07 14:59 . 2009-03-31 09:23 51488 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-05-07 14:56 . 2009-05-08 10:06 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-07 14:56 . 2008-08-25 10:36 81288 ----a-w c:\windows\system32\drivers\iksyssec.sys
2009-05-07 14:56 . 2008-08-25 10:36 40840 ----a-w c:\windows\system32\drivers\ikfilesec.sys
2009-05-07 14:56 . 2008-06-02 14:19 29576 ----a-w c:\windows\system32\drivers\kcom.sys
2009-05-07 14:56 . 2008-08-25 10:36 66952 ----a-w c:\windows\system32\drivers\iksysflt.sys
2009-05-07 14:56 . 2009-05-24 20:54 -------- d-----w c:\program files\Spyware Doctor
2009-05-07 14:56 . 2009-05-07 14:56 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Roaming\PC Tools
2009-05-07 14:47 . 2009-05-07 14:47 44808 ----a-w c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.4 54\fssync.dll
2009-05-07 14:47 . 2009-05-07 14:47 33808 ----a-w c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.4 54\klbg.sys
2009-05-07 14:47 . 2009-05-07 14:47 224272 ----a-w c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.4 54\Vista\klif.sys
2009-05-07 14:47 . 2009-05-07 14:47 206088 ----a-w c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.4 54\avp.exe
2009-05-07 14:35 . 2009-05-20 12:46 94643 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-07 14:35 . 2009-05-20 12:46 105395 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-07 14:33 . 2009-05-23 21:40 655392 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-07 14:33 . 2009-05-23 21:40 4057120 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-07 14:33 . 2009-05-07 14:33 -------- d-----w c:\program files\Kaspersky Lab
2009-05-06 06:27 . 2009-04-14 00:39 4656976 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{93B591AF-F770-4E76-B454-0CCED32F8F34}\mpengine.dll
2009-05-04 17:20 . 2009-05-04 13:07 2298680 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\npTVUAx.dll
2009-05-04 17:20 . 2008-03-04 16:52 286720 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\libcurl.dll
2009-05-04 17:20 . 2007-10-31 07:39 59904 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\zlib1.dll
2009-05-04 17:20 . 2007-05-17 11:58 143360 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\libexpatw.dll
2009-05-04 17:20 . 2006-10-18 15:32 499712 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\msvcp71.dll
2009-05-04 17:20 . 2006-10-18 15:32 348160 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\msvcr71.dll
2009-05-04 17:20 . 2006-10-16 16:44 196608 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\ssleay32.dll
2009-05-04 17:20 . 2006-10-16 16:44 1028096 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\libeay32.dll
2009-05-01 11:22 . 2009-03-08 11:33 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-05-01 11:22 . 2009-03-08 11:34 914944 ----a-w c:\windows\system32\wininet.dll
2009-04-27 19:55 . 2009-04-27 19:55 -------- d-----w c:\programdata\PC Tools
2009-04-26 11:34 . 2009-04-26 11:34 -------- d-----w c:\programdata\wmp
2009-04-26 11:34 . 2009-04-30 08:24 99 ----a-w c:\users\JUAN FRANCISCO\AppData\Local\uwgeoem.bat
2009-04-26 10:10 . 2008-05-21 18:25 435536 ----a-w c:\programdata\Lavasoft\License\lavalicense.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-24 20:48 . 2009-03-17 19:47 117760 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\SUPERAntiSpyware.com\SUP ERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-24 20:27 . 2008-12-01 16:49 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Roaming\Skype
2009-05-24 19:37 . 2008-12-01 20:51 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Roaming\skypePM
2009-05-24 10:07 . 2008-12-13 08:44 -------- d-----w c:\programdata\Kaspersky Lab
2009-05-23 21:40 . 2009-05-07 14:33 3320 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-23 21:40 . 2009-05-07 14:33 32776 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-20 20:16 . 2009-05-20 20:16 1610524 ----a-w c:\windows\system32\PerfStringBackup.TMP
2009-05-20 20:16 . 2006-11-02 15:46 714674 ----a-w c:\windows\system32\perfh00A.dat
2009-05-20 20:16 . 2006-11-02 15:46 147302 ----a-w c:\windows\system32\perfc00A.dat
2009-05-19 17:17 . 2008-12-13 11:36 604416 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-19 17:16 . 2008-12-13 11:36 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-18 17:59 . 2008-12-01 16:22 82878 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\nvModes.dat
2009-05-13 11:56 . 2007-05-31 14:28 -------- d-----w c:\programdata\Microsoft Help
2009-05-13 11:54 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-10 20:35 . 2007-05-31 14:22 -------- d-----w c:\program files\GDS
2009-05-07 14:47 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-02 14:45 . 2008-12-07 13:38 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-01 13:49 . 2008-12-01 16:22 103176 ----a-w c:\users\JUAN FRANCISCO\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 11:29 . 2007-05-31 14:10 -------- d-----w c:\program files\Microsoft Works
2009-04-27 17:39 . 2008-12-14 22:28 -------- d-----w c:\program files\Lavasoft
2009-04-27 17:39 . 2008-12-14 22:28 -------- d-----w c:\programdata\Lavasoft
2009-04-26 10:07 . 2009-01-31 13:51 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Roaming\Lavasoft
2009-04-25 09:00 . 2007-05-31 09:27 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-25 08:59 . 2009-03-19 21:21 -------- d-----w c:\program files\Common Files\Microsoft Games
2009-04-24 08:58 . 2009-03-09 18:19 -------- d-----w c:\program files\MSECache
2009-04-24 08:54 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-04-24 08:52 . 2007-05-31 14:24 -------- d-----w c:\program files\Microsoft.NET
2009-04-24 08:49 . 2009-04-24 08:49 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-19 18:45 . 2009-04-19 18:45 -------- d-----w c:\program files\TVAnts
2009-04-07 18:08 . 2008-12-01 19:15 -------- d-----w c:\program files\CCleaner
2009-04-07 08:41 . 2009-04-07 08:41 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 08:41 . 2009-04-07 08:41 -------- d-----w c:\program files\iTunes
2009-04-07 08:41 . 2009-04-07 08:41 -------- d-----w c:\program files\iPod
2009-04-07 08:41 . 2008-12-01 19:44 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 08:36 . 2009-04-07 08:36 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-06 22:55 . 2009-04-06 22:55 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-04-06 22:53 . 2007-05-31 14:08 -------- d-----w c:\program files\Java
2009-04-01 10:14 . 2009-04-01 10:14 -------- d-----w c:\program files\Common Files\SWF Studio
2009-03-24 16:33 . 2009-03-24 16:33 237264 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\plugins\npgoogle talk.dll
2009-03-19 14:32 . 2009-04-07 08:41 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 13:53 . 2008-12-01 16:22 2032 ----a-w c:\users\JUAN FRANCISCO\AppData\Local\d3d9caps.dat
2009-03-17 13:09 . 2009-03-15 20:58 97 ----a-w c:\users\JUAN FRANCISCO\AppData\Local\swkgm.bat
2009-03-17 03:38 . 2009-04-16 07:39 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 07:39 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 03:19 . 2008-12-14 20:44 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-05-01 11:23 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-01 11:23 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-01 11:23 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-01 11:23 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-01 11:23 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-01 11:23 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-01 11:23 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-01 11:23 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-01 11:23 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-01 11:23 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-01 11:23 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-01 11:23 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-01 11:23 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-01 11:23 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-01 11:23 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-01 11:23 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-16 07:39 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 07:39 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 07:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 07:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 07:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 07:39 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 07:39 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 07:39 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 07:39 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 07:39 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-26 23:05 . 2009-02-26 23:05 23600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-08 8429568]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" [2007-04-12 415864]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-07 206088]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-03-28 1822720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 18:33 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-03-09 07:55 98304 ----a-w c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkb d.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Google Update"="c:\users\JUAN FRANCISCO\AppData\Local\Google\Update\GoogleUpdate .exe" /c
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe"
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"="0x00000000"
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{CA01F986-575B-4C4B-8F91-94CE86F7AA82}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{16BCED7C-3690-4375-B58E-E1F6DABDAEAE}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{D5B61929-E66F-434F-8F52-49C3D7E1AFF1}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"UDP Query User{93CC5861-A8CE-40DE-A5D3-4D43FA4A25F1}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"{D5A865C0-EB58-400A-9220-033ECB5055F3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{450EF186-8A03-48FF-8EBC-49B88776EA21}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{7F7D2445-63AE-4F5E-AAD1-30F358545753}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"TCP Query User{5CF51122-4852-43AE-808E-DA781D645CBA}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8937480E-595A-4BB9-B606-12E19CD8FCD7}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A61DF2AD-408E-4552-B84D-30522A12EB6C}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{EEEB10C7-EA14-4311-AAB3-F28E458A0ABB}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"{A836A394-1D83-4CF6-92BA-A98D5CC019A5}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{41563774-C8FF-47E8-BCDA-EC97498135D0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{16BCC03A-6805-47A9-BCDD-3F4EC0F5E9C6}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{43FFAA99-DE56-40A9-BC58-36E91526C30B}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{96FE3C0A-7E63-465C-A5BA-80F6DA5E5798}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{8C6BAFE6-FDD7-41B8-830A-1EA3E0AED14D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{58A3EC25-5B73-4164-917B-5A273C2AF65D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{F4DD0F3E-8138-4046-84E8-990734C42AF3}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{12EA944B-A045-4C7F-9547-CBE50E8E1D10}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{52A14815-8E6E-48F3-B7BD-0C6AC1970D51}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{4FE9C301-E30C-4AE0-9494-A4EBE10C9DD7}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"{43832E86-36B3-4522-91EF-AA718A4D7ED4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{A3F83979-E679-4862-8B19-35D9D34F0892}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{04284117-7C50-472E-97AF-7B0A5E779CC0}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4EAFB4A7-2EBC-4C30-AD72-74CD7CAC2AE7}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{FB7AC0B0-8CC9-4E61-B18B-B2894AFB0F34}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{321F0531-1881-422C-A903-F5576316E362}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{621B3CE5-4467-4D9C-83E4-480006598BBE}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"TCP Query User{0957F9EE-162E-4DF8-9B6B-57DB50700FD2}c:\\program files\\laryon\\scanrn\\scanrn.exe"= UDP:c:\program files\laryon\scanrn\scanrn.exe:ScanRn
"UDP Query User{D63676BF-1738-40ED-956A-63B38E8F8707}c:\\program files\\laryon\\scanrn\\scanrn.exe"= TCP:c:\program files\laryon\scanrn\scanrn.exe:ScanRn

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 18:29 33808]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [08/05/2009 11:37 130936]
R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMo n.sys [07/05/2009 16:59 51488]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSy sMon.sys [07/05/2009 16:59 39200]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 18:28 20496]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctg ntdi.sys [08/05/2009 11:37 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28/05/2008 11:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/05/2008 11:33 55024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [15/05/2009 23:20 179856]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 21:09 11032]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [13/12/2008 13:36 604416]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/2008 19:02 26640]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\dr ivers\mbam.sys [15/05/2009 23:20 15504]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [31/05/2007 20:27 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [31/05/2007 20:27 43904]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/05/2008 11:33 7408]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [31/05/2007 20:27 31104]
R3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNe tMon.sys [07/05/2009 16:59 33056]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21 sony.sys [23/04/2007 14:29 812544]
S3 AVerM115S;AVerM115S service;c:\windows\System32\drivers\AVerM115S.sys [31/05/2007 11:35 785280]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctpls g.sys [08/05/2009 11:37 64392]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [07/05/2009 16:56 348752]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2938888382-1530183844-4289170302-1003.job
- c:\users\JUAN FRANCISCO\AppData\Local\Google\Update\GoogleUpdate .exe [2008-12-01 19:39]

2009-05-24 c:\windows\Tasks\Mantenimiento con 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:46]

2009-05-24 c:\windows\Tasks\User_Feed_Synchronization-{991009DE-73F2-472B-8F4B-10D6DF833633}.job
- c:\windows\system32\msfeedssync.exe [2009-05-01 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.forospyware.com/
uInternet Settings,ProxyOverride = local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
TCP: {6B314C5C-7A68-4499-98F2-29F05DB9B544} = 80.58.61.250,80.58.61.254
FF - ProfilePath - c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin. dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin6 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin7 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin8 .dll
FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.d ll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\JUAN FRANCISCO\AppData\Local\Google\Update\1.2.145.5\np GoogleOneClick8.dll
FF - plugin: c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\npTVUAx.dll
FF - plugin: c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\plugins\npgoogle talk.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 23:12
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{ 95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000a0
.
Completion time: 2009-05-24 23:15
ComboFix-quarantined-files.txt 2009-05-24 21:14
ComboFix2.txt 2009-05-24 21:07

Pre-Run: 64.754.663.424 bytes libres
Post-Run: 64.510.906.368 bytes libres

361 --- E O F --- 2009-05-13 11:56



ACA EL DEL HIJACK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:42, on 25/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\PresentationSettings.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.ex e

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O8 - Extra context menu item: Agregar al componente Anti-Banners - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Estadísticas de protección del tráfico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B314C5C-7A68-4499-98F2-29F05DB9B544}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardware ResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10375 bytes

MUY BIEN ESO ES TODO.. HABER QUE PASA GPASTOR

Por lo que veo no haz seguido los pasos al pie de la letra, lee bien las indicaciones y arrastra el archivo a crear CFScipt hacia el ComboFix, luego pegas su reporte.

UPS.... TIENES RAZON.. SE ME PASO, AHORA LO HICE TAL COMO ME HAS INDICADO
HABER QUE TAL

ComboFix 09-05-26.03 - JUAN FRANCISCO 27/05/2009 14:13.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.34.3082.18.2046.1145 [GMT 2:00]
Running from: c:\users\JUAN FRANCISCO\Desktop\ComboFix.exe
Command switches used :: c:\users\JUAN FRANCISCO\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\JUAN FRANCISCO\AppData\Local\swkgm.bat"
"c:\users\JUAN FRANCISCO\AppData\Local\uwgeoem.bat"
"c:\windows\is-8HRJI.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\JUAN FRANCISCO\AppData\Local\swkgm.bat
c:\users\JUAN FRANCISCO\AppData\Local\uwgeoem.bat
c:\windows\is-8HRJI.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))
.

2009-05-27 12:16 . 2009-05-27 12:19 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Local\temp
2009-05-25 17:13 . 2007-03-23 03:05 29272 ----a-r c:\windows\system32\AdobePDF.dll
2009-05-25 15:50 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BF2A2BF-0ED9-4641-AAC1-9F7612B6ED5F}\mpengine.dll
2009-05-19 17:19 . 2008-08-19 17:32 812376 ------w c:\programdata\HP\Installer\Temp\hpzscr01.EXE
2009-05-19 17:19 . 2008-08-19 17:26 488792 ------w c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2009-05-19 17:17 . 2009-04-27 12:21 28928 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-19 17:17 . 2009-04-27 12:21 17152 ----a-w c:\windows\system32\authuitu.dll
2009-05-19 17:17 . 2009-05-19 17:17 361216 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-19 15:31 . 2009-05-19 17:08 -------- d-----w c:\temp\HP_WebRelease
2009-05-19 14:25 . 2009-05-19 14:45 -------- d-----w c:\program files\Laryon
2009-05-19 14:09 . 2009-05-19 14:09 -------- d-----w c:\programdata\Xerox
2009-05-19 13:58 . 2009-05-19 13:58 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Local\HP
2009-05-19 13:55 . 2009-05-19 13:58 19510 ----a-w c:\windows\hpqins13.dat
2009-05-19 13:55 . 2009-05-19 17:21 -------- d-----w c:\programdata\HP
2009-05-19 13:22 . 2009-05-19 13:58 -------- d-----w c:\program files\HP
2009-05-15 21:20 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-15 21:20 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-15 20:46 . 2009-05-15 21:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-15 18:50 . 2009-05-15 18:50 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Roaming\Maxprog
2009-05-15 18:50 . 2009-05-15 18:50 -------- d-----w c:\program files\MaxBulk Mailer
2009-05-15 10:15 . 2009-05-15 10:15 -------- d-----w c:\programdata\PC SOFT
2009-05-14 19:41 . 2009-05-15 19:23 -------- d-----w c:\program files\Email Marketer Business Edition
2009-05-13 11:56 . 2009-05-13 11:56 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-05-09 21:53 . 2009-05-09 21:54 -------- d-----w c:\program files\DelPSGuard
2009-05-09 21:47 . 2008-11-06 00:03 -------- d-----w C:\SDFix
2009-05-09 21:44 . 2009-05-09 21:44 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Roaming\Malwarebytes
2009-05-09 21:44 . 2009-05-09 21:44 -------- d-----w c:\programdata\Malwarebytes
2009-05-08 17:16 . 2009-05-08 17:16 -------- d-----w c:\program files\Trend Micro
2009-05-08 09:37 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-08 09:37 . 2009-04-03 09:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-08 09:37 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-08 09:37 . 2008-12-10 09:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-07 14:59 . 2009-03-31 09:23 39200 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-05-07 14:59 . 2009-03-31 09:23 33056 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-05-07 14:59 . 2009-03-31 09:23 12576 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-05-07 14:59 . 2009-03-31 09:23 51488 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-05-07 14:56 . 2009-05-08 10:06 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-07 14:56 . 2008-08-25 10:36 81288 ----a-w c:\windows\system32\drivers\iksyssec.sys
2009-05-07 14:56 . 2008-08-25 10:36 40840 ----a-w c:\windows\system32\drivers\ikfilesec.sys
2009-05-07 14:56 . 2008-06-02 14:19 29576 ----a-w c:\windows\system32\drivers\kcom.sys
2009-05-07 14:56 . 2008-08-25 10:36 66952 ----a-w c:\windows\system32\drivers\iksysflt.sys
2009-05-07 14:56 . 2009-05-25 19:37 -------- d-----w c:\program files\Spyware Doctor
2009-05-07 14:56 . 2009-05-07 14:56 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Roaming\PC Tools
2009-05-07 14:47 . 2009-05-07 14:47 44808 ----a-w c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.4 54\fssync.dll
2009-05-07 14:47 . 2009-05-07 14:47 33808 ----a-w c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.4 54\klbg.sys
2009-05-07 14:47 . 2009-05-07 14:47 224272 ----a-w c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.4 54\Vista\klif.sys
2009-05-07 14:47 . 2009-05-07 14:47 206088 ----a-w c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.4 54\avp.exe
2009-05-07 14:35 . 2009-05-20 12:46 94643 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-07 14:35 . 2009-05-20 12:46 105395 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-07 14:33 . 2009-05-27 12:17 663584 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-07 14:33 . 2009-05-27 12:17 4057120 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-07 14:33 . 2009-05-07 14:33 -------- d-----w c:\program files\Kaspersky Lab
2009-05-04 17:20 . 2009-05-04 13:07 2298680 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\npTVUAx.dll
2009-05-04 17:20 . 2008-03-04 16:52 286720 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\libcurl.dll
2009-05-04 17:20 . 2007-10-31 07:39 59904 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\zlib1.dll
2009-05-04 17:20 . 2007-05-17 11:58 143360 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\libexpatw.dll
2009-05-04 17:20 . 2006-10-18 15:32 499712 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\msvcp71.dll
2009-05-04 17:20 . 2006-10-18 15:32 348160 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\msvcr71.dll
2009-05-04 17:20 . 2006-10-16 16:44 196608 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\ssleay32.dll
2009-05-04 17:20 . 2006-10-16 16:44 1028096 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\libeay32.dll
2009-05-01 11:22 . 2009-03-08 11:33 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-05-01 11:22 . 2009-03-08 11:34 914944 ----a-w c:\windows\system32\wininet.dll
2009-04-27 19:55 . 2009-04-27 19:55 -------- d-----w c:\programdata\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-27 12:19 . 2008-12-13 08:44 -------- d-----w c:\programdata\Kaspersky Lab
2009-05-27 12:17 . 2009-05-07 14:33 3348 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-27 12:17 . 2009-05-07 14:33 32776 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-27 12:00 . 2008-12-01 16:49 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Roaming\Skype
2009-05-27 07:00 . 2008-12-01 20:51 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Roaming\skypePM
2009-05-24 20:48 . 2009-03-17 19:47 117760 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\SUPERAntiSpyware.com\SUP ERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-20 20:16 . 2009-05-20 20:16 1610524 ----a-w c:\windows\system32\PerfStringBackup.TMP
2009-05-20 20:16 . 2006-11-02 15:46 714674 ----a-w c:\windows\system32\perfh00A.dat
2009-05-20 20:16 . 2006-11-02 15:46 147302 ----a-w c:\windows\system32\perfc00A.dat
2009-05-19 17:17 . 2008-12-13 11:36 604416 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-19 17:16 . 2008-12-13 11:36 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-18 17:59 . 2008-12-01 16:22 82878 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\nvModes.dat
2009-05-13 11:56 . 2007-05-31 14:28 -------- d-----w c:\programdata\Microsoft Help
2009-05-13 11:54 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-10 20:35 . 2007-05-31 14:22 -------- d-----w c:\program files\GDS
2009-05-07 14:47 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-02 14:45 . 2008-12-07 13:38 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-01 13:49 . 2008-12-01 16:22 103176 ----a-w c:\users\JUAN FRANCISCO\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 11:29 . 2007-05-31 14:10 -------- d-----w c:\program files\Microsoft Works
2009-04-27 17:39 . 2008-12-14 22:28 -------- d-----w c:\program files\Lavasoft
2009-04-27 17:39 . 2008-12-14 22:28 -------- d-----w c:\programdata\Lavasoft
2009-04-26 11:34 . 2009-04-26 11:34 -------- d-----w c:\programdata\wmp
2009-04-26 10:07 . 2009-01-31 13:51 -------- d-----w c:\users\JUAN FRANCISCO\AppData\Roaming\Lavasoft
2009-04-25 09:00 . 2007-05-31 09:27 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-25 08:59 . 2009-03-19 21:21 -------- d-----w c:\program files\Common Files\Microsoft Games
2009-04-24 08:58 . 2009-03-09 18:19 -------- d-----w c:\program files\MSECache
2009-04-24 08:54 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-04-24 08:52 . 2007-05-31 14:24 -------- d-----w c:\program files\Microsoft.NET
2009-04-24 08:49 . 2009-04-24 08:49 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-19 18:45 . 2009-04-19 18:45 -------- d-----w c:\program files\TVAnts
2009-04-07 18:08 . 2008-12-01 19:15 -------- d-----w c:\program files\CCleaner
2009-04-07 08:41 . 2009-04-07 08:41 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 08:41 . 2009-04-07 08:41 -------- d-----w c:\program files\iTunes
2009-04-07 08:41 . 2009-04-07 08:41 -------- d-----w c:\program files\iPod
2009-04-07 08:41 . 2008-12-01 19:44 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 08:36 . 2009-04-07 08:36 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-06 22:55 . 2009-04-06 22:55 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-04-06 22:53 . 2007-05-31 14:08 -------- d-----w c:\program files\Java
2009-04-01 10:14 . 2009-04-01 10:14 -------- d-----w c:\program files\Common Files\SWF Studio
2009-03-24 16:33 . 2009-03-24 16:33 237264 ----a-w c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\plugins\npgoogle talk.dll
2009-03-19 14:32 . 2009-04-07 08:41 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 13:53 . 2008-12-01 16:22 2032 ----a-w c:\users\JUAN FRANCISCO\AppData\Local\d3d9caps.dat
2009-03-17 03:38 . 2009-04-16 07:39 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 07:39 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 03:19 . 2008-12-14 20:44 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-05-01 11:23 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-01 11:23 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-01 11:23 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-01 11:23 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-01 11:23 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-01 11:23 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-01 11:23 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-01 11:23 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-01 11:23 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-01 11:23 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-01 11:23 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-01 11:23 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-01 11:23 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-01 11:23 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-01 11:23 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-01 11:23 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-16 07:39 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 07:39 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 07:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 07:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 07:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 07:39 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 07:39 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 07:39 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 07:39 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 07:39 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-26 23:05 . 2009-02-26 23:05 23600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
.

((((((((((((((((((((((((((((( SnapShot@2009-05-24_21.05.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-31 08:59 . 2009-05-27 12:20 63068 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-27 12:20 90160 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2008-12-01 16:46 . 2009-05-27 12:20 12734 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2938888382-1530183844-4289170302-1003_UserData.bin
+ 2009-05-25 17:13 . 2007-05-10 22:13 24456 c:\windows\System32\spool\drivers\w32x86\AdReGP.dl l
- 2008-12-23 10:42 . 2007-05-10 22:13 24456 c:\windows\System32\spool\drivers\w32x86\AdReGP.dl l
- 2008-12-01 15:16 . 2009-05-24 10:06 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-01 15:16 . 2009-05-26 21:06 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-01 15:16 . 2009-05-24 10:06 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-01 15:16 . 2009-05-26 21:06 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-01 15:16 . 2009-05-26 21:06 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-12-01 15:16 . 2009-05-24 10:06 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-12-01 23:08 . 2009-05-25 17:13 25214 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Distiller.exe
- 2008-12-01 23:08 . 2009-04-06 22:51 25214 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Distiller.exe
+ 2008-12-01 21:49 . 2009-05-26 21:04 2908 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-12-01 21:49 . 2009-05-19 14:11 2908 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-12-01 23:08 . 2009-05-25 17:13 7278 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_ELEMENTS_DT.exe
- 2008-12-01 23:08 . 2009-04-06 22:51 7278 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_ELEMENTS_DT.exe
+ 2009-05-27 07:02 . 2009-05-09 13:09 102912 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22873_none_8419 9871600b10ee\iecompat.dll
+ 2009-05-27 07:02 . 2009-05-09 03:37 102912 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18783_none_8385 2bba46f58d15\iecompat.dll
+ 2009-05-25 17:13 . 2007-05-10 22:13 190072 c:\windows\System32\spool\drivers\w32x86\ADUIGP.dl l
- 2008-12-23 10:41 . 2007-05-10 22:13 190072 c:\windows\System32\spool\drivers\w32x86\ADUIGP.dl l
- 2009-05-01 14:05 . 2009-05-24 10:06 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-05-01 14:05 . 2009-05-25 19:13 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
- 2008-12-01 23:08 . 2009-04-06 22:51 295606 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat_Standard.exe
+ 2008-12-01 23:08 . 2009-05-25 17:13 295606 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat_Standard.exe
+ 2008-12-01 23:08 . 2009-05-25 17:13 295606 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat_3D.exe
- 2008-12-01 23:08 . 2009-04-06 22:51 295606 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat_3D.exe
+ 2008-12-01 23:08 . 2009-05-25 17:13 295606 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe
- 2008-12-01 23:08 . 2009-04-06 22:51 295606 c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe
+ 2006-11-02 10:22 . 2009-05-27 12:17 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-05-19 17:28 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-05-27 12:12 . 2009-05-27 12:12 6299648 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2008-12-02 21:43 . 2009-05-27 07:01 89212354 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001 c50b5_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-08 8429568]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" [2007-04-12 415864]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-07 206088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-03-28 1822720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 18:33 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-03-09 07:55 98304 ----a-w c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkb d.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Google Update"="c:\users\JUAN FRANCISCO\AppData\Local\Google\Update\GoogleUpdate .exe" /c
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe"
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"="0x00000000"
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{CA01F986-575B-4C4B-8F91-94CE86F7AA82}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{16BCED7C-3690-4375-B58E-E1F6DABDAEAE}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{D5B61929-E66F-434F-8F52-49C3D7E1AFF1}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"UDP Query User{93CC5861-A8CE-40DE-A5D3-4D43FA4A25F1}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"{D5A865C0-EB58-400A-9220-033ECB5055F3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{450EF186-8A03-48FF-8EBC-49B88776EA21}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{7F7D2445-63AE-4F5E-AAD1-30F358545753}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"TCP Query User{5CF51122-4852-43AE-808E-DA781D645CBA}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8937480E-595A-4BB9-B606-12E19CD8FCD7}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A61DF2AD-408E-4552-B84D-30522A12EB6C}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{EEEB10C7-EA14-4311-AAB3-F28E458A0ABB}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"{A836A394-1D83-4CF6-92BA-A98D5CC019A5}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{41563774-C8FF-47E8-BCDA-EC97498135D0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{16BCC03A-6805-47A9-BCDD-3F4EC0F5E9C6}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{43FFAA99-DE56-40A9-BC58-36E91526C30B}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{96FE3C0A-7E63-465C-A5BA-80F6DA5E5798}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{8C6BAFE6-FDD7-41B8-830A-1EA3E0AED14D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{58A3EC25-5B73-4164-917B-5A273C2AF65D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{F4DD0F3E-8138-4046-84E8-990734C42AF3}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{12EA944B-A045-4C7F-9547-CBE50E8E1D10}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{52A14815-8E6E-48F3-B7BD-0C6AC1970D51}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{4FE9C301-E30C-4AE0-9494-A4EBE10C9DD7}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"{43832E86-36B3-4522-91EF-AA718A4D7ED4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{A3F83979-E679-4862-8B19-35D9D34F0892}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{04284117-7C50-472E-97AF-7B0A5E779CC0}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4EAFB4A7-2EBC-4C30-AD72-74CD7CAC2AE7}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{FB7AC0B0-8CC9-4E61-B18B-B2894AFB0F34}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{321F0531-1881-422C-A903-F5576316E362}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{621B3CE5-4467-4D9C-83E4-480006598BBE}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"TCP Query User{0957F9EE-162E-4DF8-9B6B-57DB50700FD2}c:\\program files\\laryon\\scanrn\\scanrn.exe"= UDP:c:\program files\laryon\scanrn\scanrn.exe:ScanRn
"UDP Query User{D63676BF-1738-40ED-956A-63B38E8F8707}c:\\program files\\laryon\\scanrn\\scanrn.exe"= TCP:c:\program files\laryon\scanrn\scanrn.exe:ScanRn

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 18:29 33808]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [08/05/2009 11:37 130936]
R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMo n.sys [07/05/2009 16:59 51488]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSy sMon.sys [07/05/2009 16:59 39200]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 18:28 20496]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctg ntdi.sys [08/05/2009 11:37 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28/05/2008 11:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/05/2008 11:33 55024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [15/05/2009 23:20 179856]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 21:09 11032]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [13/12/2008 13:36 604416]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/2008 19:02 26640]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\dr ivers\mbam.sys [15/05/2009 23:20 15504]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [31/05/2007 20:27 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [31/05/2007 20:27 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [31/05/2007 20:27 31104]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21 sony.sys [23/04/2007 14:29 812544]
S3 AVerM115S;AVerM115S service;c:\windows\System32\drivers\AVerM115S.sys [31/05/2007 11:35 785280]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctpls g.sys [08/05/2009 11:37 64392]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/05/2008 11:33 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [07/05/2009 16:56 348752]
S3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNe tMon.sys [07/05/2009 16:59 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2938888382-1530183844-4289170302-1003.job
- c:\users\JUAN FRANCISCO\AppData\Local\Google\Update\GoogleUpdate .exe [2008-12-01 19:39]

2009-05-27 c:\windows\Tasks\Mantenimiento con 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:46]

2009-05-27 c:\windows\Tasks\User_Feed_Synchronization-{991009DE-73F2-472B-8F4B-10D6DF833633}.job
- c:\windows\system32\msfeedssync.exe [2009-05-01 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.forospyware.com/
uInternet Settings,ProxyOverride = local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
TCP: {6B314C5C-7A68-4499-98F2-29F05DB9B544} = 80.58.61.250,80.58.61.254
FF - ProfilePath - c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin. dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin6 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin7 .dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin8 .dll
FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.d ll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\JUAN FRANCISCO\AppData\Local\Google\Update\1.2.145.5\np GoogleOneClick8.dll
FF - plugin: c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\Firefox\Profiles \hla34hb2.default\extensions\firefox@tvunetworks.c om\plugins\npTVUAx.dll
FF - plugin: c:\users\JUAN FRANCISCO\AppData\Roaming\Mozilla\plugins\npgoogle talk.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 14:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{ 95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000a0
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\stacsv.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\sony\VAIO Event Service\VESMgrSub.exe
c:\windows\System32\conime.exe
c:\windows\System32\PresentationSettings.exe
c:\program files\sony\VAIO Power Management\SPMgr.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
************************************************** ************************
.
Completion time: 2009-05-27 14:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-27 12:24
ComboFix2.txt 2009-05-24 21:15
ComboFix3.txt 2009-05-24 21:07

Pre-Run: 62.237.982.720 bytes libres
Post-Run: 61.450.760.192 bytes libres

437 --- E O F --- 2009-05-27 11:59


Y EL DEL HIJACK...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:27, on 27/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\PresentationSettings.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.ex e
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Estadísticas de protección del tráfico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B314C5C-7A68-4499-98F2-29F05DB9B544}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardware ResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10195 bytes



ESPERO TUS NOTICIAS! SALUDOS

ComboFix ya se encargó de eliminar la infección, coméntanos como está funcionando el sistema ahora.