Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

he pasado varias veces el supera anti spyware, el malwarebytes, el avg y el antivir pero no puedo eliminar ese virus o lo que sea que hace las carpetas en ejecutables, sin mencionar que mi conexion esta muy lenta, y me aparecen muchas conexciones tcp y udp, son en exceso, cerca de 30 por cada una.

dejo mi log de hijackthis

espero su ayuda, ya no se que hacer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:09:32 a.m., on 08/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACF7EF\74BE16.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll
O3 - Toolbar: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [74BE16] C:\WINDOWS\system32\ACF7EF\74BE16.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: 74BE16.lnk = C:\WINDOWS\system32\ACF7EF\74BE16.EXE
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Anexar destino de vínculo a PDF existente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir destino de vínculo a Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253763389234
O17 - HKLM\System\CCS\Services\Tcpip\..\{35DE2354-648E-44C5-94BD-F306DF4F147A}: NameServer = 148.208.144.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servicio de actualización de Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Hola benlihito


Descarga lo siguiente:

º CCLEANER. Lo instalas según Su Manual

º MALWAREBYTE´S. Lo instalas y actualizas según su manual, PERO NO LO EJECUTES AUN
(si ya lo tienes, solo lo actualizas)

º ComboFix.exe y guárdalo en el escritorio.


Cierra todos los programas, ejecutas HijackThis , tildas las casillas de estas entradas y presionas "FIX Cheked"


O4 - HKLM\..\Run: [74BE16] C:\WINDOWS\system32\ACF7EF\74BE16.EXE

O4 - Startup: 74BE16.lnk = C:\WINDOWS\system32\ACF7EF\74BE16.EXE



Ejecuta ComboFix.exe

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

En tu próxima respuesta, debes poner lo siguiente:

º El reporte de malwarebyte´s, que se encuentra en su pestaña REGISTROS
º El reporte de ComboFix
º Un nuevo log de Hijackthis
º Como funciona tu pc ahora


Saludos

hola coloco los resultados de lo que se me dijo, aun estan las carpetas ejecutables que mencione, no se que sea, no se que virus o malware, los elimino pero reaparecen, los quito con lo programas y siguen.

Mi pc trabaja aparentemente normal, solo es esa parte de las carpetas ejecutables.

coloco nuevo log de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:12:06 p.m., on 08/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll
O3 - Toolbar: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Anexar destino de vínculo a PDF existente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir destino de vínculo a Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253763389234
O17 - HKLM\System\CCS\Services\Tcpip\..\{35DE2354-648E-44C5-94BD-F306DF4F147A}: NameServer = 148.208.144.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servicio de actualización de Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 11335 bytes



coloco log de Malwarebytes


Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 2926
Windows 5.1.2600 Service Pack 3

08/10/2009 05:23:50 p.m.
mbam-log-2009-10-08 (17-23-50).txt

Tipo de examen : Examen Completo (C:\|D:\|E:\|F:\|)
Objetos examinados: 479051
Tiempo transcurrido: 2 hour(s), 30 minute(s), 18 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 4
Ficheros Infectados: 10

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
C:\WINDOWS\system32\0F6226 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5A8DCC (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\76682F (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ACF7EF (Worm.AutoRun) -> Quarantined and deleted successfully.

Ficheros Infectados:
D:\Aplicaciones\Programas_PASS_Visual.SaC\AnyDVD HD v6.5.2.8\Keygen-Patch\AnyDVD.v6.5.x.x.Patcher.v1.0.R2.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\Aplicaciones\Programas_PASS_Visual.SaC\Hide The IP v2.1.1\Hide The IP Setup.exe (Adware.EShoper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5A8DCC\cnvpe.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5A8DCC\dp1.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5A8DCC\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5A8DCC\HtmlView.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5A8DCC\internet.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5A8DCC\krnln.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5A8DCC\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\76682F\670df5.txt (Worm.AutoRun) -> Quarantined and deleted successfully.



ahora coloco log de combo fix

ComboFix 09-10-07.05 - Jacob 08/10/2009 18:58.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1934 [GMT -5:00]
Running from: c:\documents and settings\Jacob\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Jacob\LOCALS~1\Temp\E_N4
c:\docume~1\Jacob\LOCALS~1\Temp\E_N4\cnvpe.fne
c:\docume~1\Jacob\LOCALS~1\Temp\E_N4\dp1.fne
c:\docume~1\Jacob\LOCALS~1\Temp\E_N4\eAPI.fne
c:\docume~1\Jacob\LOCALS~1\Temp\E_N4\HtmlView.fne
c:\docume~1\Jacob\LOCALS~1\Temp\E_N4\internet.fne
c:\docume~1\Jacob\LOCALS~1\Temp\E_N4\krnln.fnr
c:\docume~1\Jacob\LOCALS~1\Temp\E_N4\spec.fne

.
((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 )))))))))))))))))))))))))))))))
.

2009-10-08 06:28 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-08 06:22 . 2009-10-08 06:22 -------- d-----w- c:\program files\Panda Security
2009-10-08 06:09 . 2009-10-08 06:09 -------- d-----w- c:\program files\Trend Micro
2009-10-07 19:35 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-10-07 19:35 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-07 19:35 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-10-07 19:35 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-10-07 19:35 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-10-07 19:35 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-10-07 18:58 . 2009-10-07 18:58 -------- d-----w- c:\program files\Free Video Converter
2009-10-07 04:58 . 2009-10-07 04:59 -------- d-----w- c:\documents and settings\Jacob\Application Data\Spore
2009-10-06 04:39 . 2009-10-07 03:45 -------- d-----w- c:\documents and settings\Jacob\Application Data\gtk-2.0
2009-10-06 04:39 . 2009-10-06 04:39 -------- d-----w- c:\documents and settings\Jacob\.thumbnails
2009-10-05 21:46 . 2009-10-05 21:46 -------- d-----w- c:\program files\FileASSASSIN
2009-10-05 00:09 . 2009-10-05 00:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-05 00:07 . 2009-10-05 00:07 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-04 23:44 . 2009-10-04 23:44 -------- d-----w- c:\windows\Sun
2009-10-04 22:38 . 2009-10-04 22:39 -------- d-----w- c:\program files\XP Codec Pack
2009-10-04 22:33 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-04 22:33 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-04 22:33 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-04 22:33 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-04 22:33 . 2009-10-04 22:33 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-02 02:17 . 2009-10-02 02:17 -------- d-----w- c:\documents and settings\Jacob\Application Data\Malwarebytes
2009-10-02 02:17 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-02 02:17 . 2009-10-02 02:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 02:17 . 2009-10-02 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-02 02:17 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-01 03:08 . 2009-10-01 03:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-01 00:34 . 2009-10-01 00:34 -------- d-----w- c:\documents and settings\Jacob\Application Data\Thinstall
2009-10-01 00:01 . 2009-10-01 00:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-09-30 03:46 . 2009-09-30 03:48 -------- d-----w- c:\documents and settings\Jacob\Local Settings\Application Data\Temp
2009-09-30 03:46 . 2009-09-30 03:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-09-30 03:46 . 2009-09-30 03:51 -------- d-----w- c:\documents and settings\Jacob\Local Settings\Application Data\Google
2009-09-30 03:46 . 2009-09-30 03:49 -------- d-----w- c:\program files\Google
2009-09-29 22:01 . 2009-09-29 22:01 -------- d-----w- c:\documents and settings\Jacob\Local Settings\Application Data\MiKTeX
2009-09-29 22:01 . 2009-09-29 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\MiKTeX
2009-09-29 21:53 . 2009-09-30 02:58 -------- d-----w- c:\program files\MiKTeX 2.7
2009-09-29 16:15 . 2009-02-27 17:55 111992 ----a-w- c:\windows\system32\acaptuser32.dll
2009-09-29 04:48 . 2009-09-29 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-09-29 04:48 . 2009-09-29 04:48 -------- d-----w- c:\documents and settings\Jacob\Application Data\NCH Software
2009-09-28 20:55 . 2009-10-08 02:30 -------- d-----w- c:\documents and settings\Jacob\Application Data\WinEdt
2009-09-28 20:55 . 2009-09-28 20:55 -------- d-----w- c:\program files\WinEdt Team
2009-09-28 20:43 . 2009-09-28 20:48 -------- d-----w- C:\texmf
2009-09-28 05:13 . 2009-09-28 05:13 -------- d-----w- c:\documents and settings\Jacob\dwhelper
2009-09-28 03:29 . 2009-09-28 03:29 -------- d-----w- c:\documents and settings\Jacob\.jmf
2009-09-28 03:12 . 2009-09-28 23:59 -------- d-----w- c:\documents and settings\Jacob\Mercury
2009-09-28 03:12 . 2009-09-28 03:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-28 03:11 . 2009-09-28 03:11 -------- d-----w- c:\program files\Java
2009-09-26 10:05 . 2009-10-08 12:30 -------- d-----w- C:\$AVG8.VAULT$
2009-09-26 03:58 . 2009-09-26 03:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-25 06:52 . 2009-09-25 06:52 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-25 06:52 . 2009-09-25 06:52 -------- d-----w- c:\program files\Reference Assemblies
2009-09-25 06:52 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-25 06:52 . 2009-09-25 06:52 -------- d-----w- C:\ee3bf89d1f2e155c9eb660e548d704
2009-09-25 06:52 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2009-09-25 06:52 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-25 06:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-25 06:52 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-25 06:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-25 06:52 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2009-09-25 06:46 . 2009-09-25 06:46 -------- d-----w- c:\windows\ie8updates
2009-09-25 04:29 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-25 04:29 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-25 04:29 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-25 04:29 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-25 04:29 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-25 00:51 . 2009-09-30 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-09-25 00:30 . 2009-09-25 00:48 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-24 23:02 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-24 22:16 . 2009-09-24 22:16 0 ----a-w- c:\windows\nsreg.dat
2009-09-24 22:16 . 2009-09-24 22:16 -------- d-----w- c:\documents and settings\Jacob\Local Settings\Application Data\Mozilla
2009-09-24 21:57 . 2009-09-24 22:15 -------- d-----w- C:\localtexmf
2009-09-24 21:51 . 2009-09-24 21:51 -------- d-----w- c:\program files\Ghostgum
2009-09-24 21:51 . 2009-09-24 21:51 -------- d-----w- C:\gs
2009-09-24 21:48 . 2009-09-24 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-24 21:40 . 2009-09-24 21:40 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-24 21:40 . 2009-09-24 21:48 -------- d-----w- c:\documents and settings\Jacob\Local Settings\Application Data\Adobe
2009-09-24 21:40 . 2008-04-07 10:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-09-24 21:40 . 2008-04-07 10:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-09-24 21:33 . 2009-09-24 21:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-24 20:22 . 2009-09-24 20:22 -------- d-----w- c:\documents and settings\Jacob\Local Settings\Application Data\National Instruments
2009-09-24 17:01 . 2009-09-24 17:01 -------- d-sh--w- c:\documents and settings\Jacob\IECompatCache
2009-09-24 17:01 . 2009-09-24 17:01 -------- d-sh--w- c:\documents and settings\Jacob\PrivacIE
2009-09-24 16:54 . 2004-08-10 19:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2009-09-24 16:54 . 2004-08-10 19:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2009-09-24 16:54 . 2004-08-10 19:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2009-09-24 16:54 . 2004-08-10 19:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2009-09-24 16:54 . 2004-08-10 19:00 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll
2009-09-24 16:54 . 2004-08-10 19:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2009-09-24 16:48 . 2009-09-24 16:48 -------- d-sh--w- c:\documents and settings\Jacob\IETldCache
2009-09-24 16:44 . 2009-09-24 16:44 -------- dc-h--w- c:\windows\ie8
2009-09-24 16:44 . 2009-09-24 16:45 -------- d--h--w- c:\windows\msdownld.tmp
2009-09-24 12:05 . 2009-09-24 12:05 -------- d-----w- c:\program files\MSXML 4.0
2009-09-24 07:02 . 2009-10-07 01:09 -------- d-----w- c:\documents and settings\Jacob\amsn
2009-09-24 07:01 . 2009-09-24 07:01 -------- d-----w- c:\program files\aMSN
2009-09-24 05:49 . 2009-09-24 21:00 -------- d--h--w- c:\documents and settings\Jacob\Local Settings\Application Data\Logitech Local
2009-09-24 05:22 . 2009-09-24 05:22 -------- d-----w- c:\documents and settings\Jacob\Application Data\MathWorks
2009-09-24 05:08 . 2009-09-24 05:08 -------- d-----w- c:\program files\GPLGS
2009-09-24 05:05 . 2007-07-13 03:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2009-09-24 05:05 . 2009-09-24 05:05 -------- d-----w- c:\program files\Acro Software
2009-09-24 04:53 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-24 04:50 . 2009-09-24 04:50 -------- d-----w- c:\program files\MATLAB
2009-09-24 04:36 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-09-24 04:33 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-24 04:31 . 2009-09-24 04:31 -------- d-----w- c:\windows\system32\scripting
2009-09-24 04:31 . 2009-09-24 04:31 -------- d-----w- c:\windows\l2schemas
2009-09-24 04:31 . 2009-09-24 04:31 -------- d-----w- c:\windows\system32\en
2009-09-24 04:31 . 2009-09-24 04:31 -------- d-----w- c:\windows\system32\bits
2009-09-24 04:25 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-09-24 04:25 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-09-24 04:25 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-09-24 04:24 . 2009-09-24 04:32 -------- d-----w- c:\windows\ServicePackFiles
2009-09-24 04:24 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-09-24 04:17 . 2008-10-03 10:02 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-09-24 04:17 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-09-24 04:17 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-09-24 04:14 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-09-24 04:14 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-09-24 04:07 . 2004-08-04 03:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2009-09-24 04:07 . 2004-08-04 03:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2009-09-24 04:07 . 2004-08-04 03:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2009-09-24 04:07 . 2004-08-04 03:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2009-09-24 04:07 . 2004-08-04 03:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2009-09-24 04:07 . 2004-08-04 03:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-01 01:50 . 2005-01-10 01:26 78920 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-24 00:20 . 2009-09-24 00:20 60 ----a-w- c:\windows\system32\SYSDRV.DAT
2009-09-24 00:18 . 2009-09-24 00:15 -------- d-----w- c:\program files\Canon
2009-09-24 00:16 . 2009-09-24 00:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-09-23 22:54 . 2009-09-23 22:54 -------- d-----w- c:\program files\SigmaTel
2009-09-23 22:23 . 2009-09-23 22:23 -------- d-----w- c:\program files\Common Files\Logitech
2009-09-23 22:23 . 2009-09-23 22:23 -------- d-----w- c:\documents and settings\Jacob\Application Data\FotoWire
2009-09-23 22:23 . 2009-09-23 22:23 -------- d-----w- c:\program files\Common Files\FotoWire
2009-08-05 09:01 . 2009-09-24 00:17 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2009-09-24 00:17 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2009-09-24 00:16 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 21:44 . 2009-07-26 21:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2009-09-24 00:15 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2009-09-24 00:17 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2004-03-15 22:51 . 2004-03-15 22:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 15:32 . 2006-01-23 15:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 15:48 . 2007-02-08 15:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-25 00:03 . 2007-07-25 00:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-05 2023704]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-24 03:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32 .dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jacob^Start Menu^Programs^Startup^74BE16.lnk]
path=c:\documents and settings\Jacob\Start Menu\Programs\Startup\74BE16.lnk
backup=c:\windows\pss\74BE16.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\National Instruments\\LabVIEW 8.2\\LabVIEW.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\aMSN\\bin\\wish.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [10/07/2007 08:08 p.m. 15448]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [08/10/2009 01:28 a.m. 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/09/2009 10:20 p.m. 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/09/2009 10:20 p.m. 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/03/2009 02:07 p.m. 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/03/2009 02:07 p.m. 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/09/2009 10:57 p.m. 108289]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/09/2009 10:20 p.m. 297752]
R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [16/02/2007 11:21 a.m. 12696]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [16/02/2007 11:21 a.m. 12696]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipx irmkl.sys [22/02/2007 12:18 p.m. 11552]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [19/07/2007 11:56 a.m. 11360]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl. sys [12/07/2007 06:18 p.m. 11360]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2 kl.sys [24/07/2007 12:19 p.m. 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimsts kl.sys [13/07/2007 08:00 p.m. 11360]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/09/2009 10:46 p.m. 133104]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lval armk.sys [11/01/2007 10:18 a.m. 20256]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [22/02/2007 12:40 p.m. 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [22/02/2007 12:43 p.m. 11552]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [25/05/2007 01:26 p.m. 22360]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [26/02/2007 12:40 p.m. 16672]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl. sys [15/07/2007 05:44 p.m. 11352]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxf kl.sys [13/07/2007 10:38 p.m. 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsar kl.sys [19/07/2007 03:06 a.m. 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl. sys [24/07/2007 07:37 p.m. 11336]
S3 niemrkw;niemrkw;c:\windows\system32\drivers\niemrk w.sys [23/09/2009 07:50 p.m. 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl. sys [24/07/2007 07:37 p.m. 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl. sys [15/07/2007 06:31 p.m. 11352]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdr kl.sys [18/07/2007 10:47 a.m. 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.d ll [21/06/2007 12:19 a.m. 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrl k.dll [21/06/2007 12:19 a.m. 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl. sys [13/07/2007 08:01 p.m. 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\nins hsdkl.sys [19/07/2007 01:49 p.m. 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\ nipalfwedl.sys [18/07/2007 09:11 p.m. 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\driver s\nipalusbedl.sys [18/07/2007 09:12 p.m. 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [22/02/2007 12:45 p.m. 20768]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl. sys [19/07/2007 02:32 a.m. 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdig kl.sys [17/07/2007 12:27 a.m. 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl. sys [16/07/2007 12:52 p.m. 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl. sys [19/07/2007 02:32 a.m. 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl. sys [24/07/2007 07:37 p.m. 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2 kl.sys [15/07/2007 04:48 p.m. 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcr kl.sys [15/07/2007 05:50 p.m. 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl. sys [17/07/2007 04:18 a.m. 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitior kl.sys [18/07/2007 10:15 p.m. 11360]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [19/07/2007 11:48 a.m. 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [19/07/2007 11:56 a.m. 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl. sys [24/07/2007 07:37 p.m. 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl. sys [24/07/2007 07:38 p.m. 11336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/03/2009 02:07 p.m. 7408]
S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\ usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NIPALK
.
Contents of the 'Scheduled Tasks' folder

2009-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 03:46]

2009-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 03:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost;*.local
IE: Anexar a PDF existente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Anexar destino de vínculo a PDF existente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convertir a Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir destino de vínculo a Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {35DE2354-648E-44C5-94BD-F306DF4F147A} = 148.208.144.3
FF - ProfilePath - c:\documents and settings\Jacob\Application Data\Mozilla\Firefox\Profiles\d4a5n6o6.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dl l
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 19:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-10-09 19:04
ComboFix-quarantined-files.txt 2009-10-09 00:04

Pre-Run: 25,662,484,480 bytes free
Post-Run: 25,683,898,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windo ws XP Media Center Edition" /noexecute=optin /fastdetect

339 --- E O F --- 2009-10-07 17:46



les agradezco su ayuda, y el tiempo que dedican a ayudarnos a personas que no tenemos el conocimiento para solucionar estos problemas.