It all started with the YOU HAVE A SECURITY PROBLEM! alert. It then changed my desktop background and it was not possible to change it. I ran Spybot Search & Destroy and AVG antivirus and it fixed that problem, but now about every 5 min there is a fake Windows Security poping up. (Sure its fake because my OS is in Spanish and the window pops up in English). Anyways any help getting rid of this problem would be greatly appreciated.

Oars

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

1. Double Click mbam-setup.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download SmitFraudFix from this link:

SmitfraudFix

Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky and other antivirus programs) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Thank you for your quick reply jabuck. Here are the logs you asked for except for SmitfraudFix, I downloaded it and tried running smitfraudfix.cmd and a cmd prompt would pop up for less than a second and then dissapear. About a week ago (before the virus/trojan infected my computer) I installed Jcreator and I think it might have changed some of the paths because if I open a cmd prompt and type ipconfig it won't recognize the command and return an error.

Malwarebytes' Anti-Malware 1.25
Database version: 1103
Windows 5.1.2600 Service Pack 3

11:49:32 a.m. 01/09/2008
mbam-log-09-01-2008 (11-49-32).txt

Scan type: Quick Scan
Objects scanned: 44974
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dwrujsnu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:32 a.m., on 01/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\ARCHIV~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\All Users\Datos de programa\tcxchirc\fmtqbovm.exe
C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\HP\QuickPlay\QPService.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\swinacs.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nozwxyxe.exe
C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe
C:\Archivos de programa\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqimzone.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\nozwxyxe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2058
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Archivos de programa\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Archivos de programa\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Archivos de programa\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Wdrvfig7] C:\WINDOWS\swinacs.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [shsmart] C:\WINDOWS\system32\lspmnijy.exe
O4 - HKCU\..\Run: [HlpCmd] C:\WINDOWS\system32\odubalqf.exe
O4 - HKCU\..\Run: [chkprocset] C:\WINDOWS\system32\nozwxyxe.exe
O4 - HKLM\..\Policies\Explorer\Run: [UQeuKThnqd] C:\Documents and Settings\All Users\Datos de programa\tcxchirc\fmtqbovm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
O4 - Global Startup: Inicio rápido de HP Photosmart Premier.lnk = C:\Archivos de programa\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/M...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/res...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10089 bytes

Update: fixed the path and got the log for smitfraudfix.cmd

LOG:

SmitFraudFix v2.344

Scan done at 12:28:24.54, 01/09/2008
Run from C:\Documents and Settings\LapTop\Escritorio
OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\ARCHIV~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\All Users\Datos de programa\tcxchirc\fmtqbovm.exe
C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\HP\QuickPlay\QPService.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\swinacs.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\odubalqf.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqimzone.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LapTop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LapTop\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LapTop\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Archivos de programa

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 64.59.135.143
DNS Server Search Order: 64.59.135.145

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4042D032-675C-4281-9C3A-445D70C1D63A}: DhcpNameServer=192.168.2.1 64.59.135.143 64.59.135.145
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4042D032-675C-4281-9C3A-445D70C1D63A}: DhcpNameServer=192.168.2.1 64.59.135.143 64.59.135.145
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4042D032-675C-4281-9C3A-445D70C1D63A}: DhcpNameServer=192.168.2.1 64.59.135.143 64.59.135.145
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 64.59.135.143 64.59.135.145
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 64.59.135.143 64.59.135.145
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 64.59.135.143 64.59.135.145

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline, turn off your AVG antivirus and any antispyware programs you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again.
4. Post the Combofix log.

Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.

Here's the ComboFix log

ComboFix 08-08-31.01 - LapTop 2008-09-01 13:38:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.3082.18.563 [GMT -6:00]
Se ejecuta desde: C:\Documents and Settings\LapTop\Escritorio\ComboFix.exe

[color=red][b]ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION! [/b][/color]
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LapTop\Datos de programa\macromedia\Flash Player\#SharedObjects\T7PHR4DH\bin.clearspring.com
C:\Documents and Settings\LapTop\Datos de programa\macromedia\Flash Player\#SharedObjects\T7PHR4DH\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\LapTop\Datos de programa\macromedia\Flash Player\#SharedObjects\T7PHR4DH\interclick.com
C:\Documents and Settings\LapTop\Datos de programa\macromedia\Flash Player\#SharedObjects\T7PHR4DH\interclick.com\ud.sol
C:\Documents and Settings\LapTop\Datos de programa\macromedia\Flash Player\#SharedObjects\T7PHR4DH\static.youku.com
C:\Documents and Settings\LapTop\Datos de programa\macromedia\Flash Player\#SharedObjects\T7PHR4DH\static.youku.com\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\LapTop\Datos de programa\macromedia\Flash Player\#SharedObjects\T7PHR4DH\static.youku.com\v1.0.0312\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\LapTop\Datos de programa\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\LapTop\Datos de programa\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\LapTop\Datos de programa\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\LapTop\Datos de programa\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\LapTop\Datos de programa\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\LapTop\Datos de programa\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\WINDOWS\Downloaded Program Files\setup.inf
D:\Autorun.inf

.
(((((((((((((((((( Archivos creados desde 2008-08-01 - 2008-09-01 )))))))))))))))))))))))))))))))))
.

2008-09-01 12:28 . 2008-09-01 12:28 5,284 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-01 12:05 . 2008-09-01 12:05 203,776 --a------ C:\WINDOWS\system32\jutaxsna.exe
2008-09-01 12:05 . 2008-09-01 12:05 86,016 --a------ C:\WINDOWS\system32\dqjofafu.exe
2008-09-01 11:52 . 2008-09-01 11:52 203,776 --a------ C:\WINDOWS\system32\jodipgbu.exe
2008-09-01 11:52 . 2008-09-01 11:52 94,208 --a------ C:\WINDOWS\system32\nozwxyxe.exe
2008-09-01 11:42 . 2008-09-01 11:42 <DIR> d-------- C:\Documents and Settings\LapTop\Datos de programa\Malwarebytes
2008-09-01 11:42 . 2008-09-01 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-09-01 11:42 . 2008-09-01 11:49 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-09-01 11:42 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 11:42 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-01 11:03 . 2008-09-01 11:03 <DIR> d-------- C:\WINDOWS\system32\es
2008-09-01 11:03 . 2008-09-01 11:03 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-01 11:03 . 2008-09-01 11:03 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-01 11:00 . 2008-09-01 11:00 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-01 10:55 . 2008-09-01 10:55 <DIR> d-------- C:\WINDOWS\EHome
2008-09-01 10:23 . 2008-09-01 10:24 <DIR> d-------- C:\Archivos de programa\RogueRemover FREE
2008-09-01 09:25 . 2008-09-01 09:25 94,208 --a------ C:\WINDOWS\system32\odubalqf.exe
2008-08-31 18:57 . 2008-08-31 18:57 <DIR> d-------- C:\Archivos de programa\Xinox Software
2008-08-31 18:35 . 2008-08-31 18:35 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-08-31 15:58 . 2008-09-01 10:40 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-31 15:56 . 2008-09-01 10:09 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-31 15:56 . 2008-08-31 17:26 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-31 15:56 . 2008-08-31 15:56 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-31 15:56 . 2008-08-31 15:56 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-31 15:55 . 2008-08-31 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\avg8
2008-08-31 15:55 . 2008-08-31 15:55 <DIR> d-------- C:\Archivos de programa\AVG
2008-08-31 15:20 . 2008-08-31 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\tcxchirc
2008-08-31 15:19 . 2008-08-31 15:19 86,016 --a------ C:\WINDOWS\system32\lspmnijy.exe
2008-08-31 15:13 . 2008-08-31 15:13 <DIR> d-------- C:\Archivos de programa\Sun
2008-08-29 20:24 . 2004-02-04 10:27 49,536 --a------ C:\WINDOWS\system32\drivers\tiehdusb.sys
2008-08-29 20:23 . 2008-08-29 20:24 <DIR> d-------- C:\Archivos de programa\TI Education
2008-08-29 20:23 . 2008-08-29 20:23 <DIR> d-------- C:\Archivos de programa\Archivos comunes\TI Shared
2008-08-29 20:22 . 2008-08-29 20:22 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-08-29 13:55 . 2008-08-29 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\id Software
2008-08-25 20:36 . 2004-08-19 15:20 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-18 12:47 . 2008-08-18 12:47 <DIR> d-------- C:\Documents and Settings\LapTop\Datos de programa\id Software
2008-08-18 12:44 . 2008-08-29 13:55 22,328 --a------ C:\Documents and Settings\LapTop\Datos de programa\PnkBstrK.sys
2008-08-17 19:12 . 2008-08-17 19:12 <DIR> d-------- C:\Archivos de programa\LibUSB-Win32-0.1.10.1
2008-08-17 19:12 . 2005-03-09 20:50 46,592 --a------ C:\WINDOWS\system32\libusb0.dll
2008-08-17 19:12 . 2005-03-09 20:50 33,792 --a------ C:\WINDOWS\system32\drivers\libusb0.sys
2008-08-17 19:12 . 2005-03-09 20:50 19,456 --a------ C:\WINDOWS\system32\libusbd-9x.exe
2008-08-17 19:12 . 2005-03-09 20:50 18,944 --a------ C:\WINDOWS\system32\libusbd-nt.exe
2008-08-14 00:35 . 2008-08-14 00:35 61,668 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-08-13 23:52 . 2008-04-11 13:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 23:52 . 2008-05-01 08:36 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 20:39 . 2008-08-11 20:39 <DIR> d-------- C:\Archivos de programa\iTunes
2008-08-11 20:39 . 2008-08-11 20:39 <DIR> d-------- C:\Archivos de programa\iPod
2008-08-11 13:21 . 2008-08-11 13:21 <DIR> d-------- C:\bin

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 00:18 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-08-31 21:52 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-08-31 21:30 --------- d-----w C:\Archivos de programa\Spybot - Search & Destroy
2008-08-31 21:13 --------- d-----w C:\Archivos de programa\Java
2008-08-30 03:02 --------- d-----w C:\Documents and Settings\LapTop\Datos de programa\uTorrent
2008-08-18 19:25 --------- d-----w C:\Archivos de programa\Microsoft Silverlight
2008-08-15 05:51 --------- d-----w C:\Archivos de programa\DivX
2008-08-14 22:43 --------- d-----w C:\Archivos de programa\Apple Software Update
2008-08-14 06:34 --------- d-----w C:\Documents and Settings\LapTop\Datos de programa\Apple Computer
2008-08-11 19:20 --------- d-----w C:\Archivos de programa\Archivos comunes\Sonic Shared
2008-08-11 19:19 --------- d-----w C:\Archivos de programa\Archivos comunes\HP
2008-08-11 19:08 --------- d-----w C:\Archivos de programa\CONEXANT
2008-08-11 19:05 --------- d-----w C:\Documents and Settings\LapTop\Datos de programa\Yahoo!
2008-08-11 19:05 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Yahoo!
2008-08-11 19:05 --------- d-----w C:\Archivos de programa\Yahoo!
2008-07-19 04:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 04:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 04:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 04:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 04:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 04:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 04:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 04:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 04:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 04:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 04:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 04:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 04:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 04:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 04:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 04:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 04:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:27 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:44 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:47 248,320 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:47 248,320 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:33 272,512 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2007-01-25 17:13 53,752 ----a-w C:\Documents and Settings\LapTop\Datos de programa\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:18 15360]
"MsnMsgr"="C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"shsmart"="C:\WINDOWS\system32\lspmnijy.exe" [2008-08-31 15:19 86016]
"HlpCmd"="C:\WINDOWS\system32\odubalqf.exe" [2008-09-01 09:25 94208]
"chkprocset"="C:\WINDOWS\system32\nozwxyxe.exe" [2008-09-01 11:52 94208]
"MsgSh"="C:\WINDOWS\system32\dqjofafu.exe" [2008-09-01 12:05 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"hpWirelessAssistant"="C:\Archivos de programa\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 10:49 454656]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 06:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 06:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 06:17 118784]
"SynTPEnh"="C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 23:01 761946]
"QPService"="C:\Archivos de programa\HP\QuickPlay\QPService.exe" [2006-04-11 20:54 102400]
"HP Software Update"="C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"QlbCtrl"="C:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 10:38 131072]
"Cpqset"="C:\Archivos de programa\HPQ\Default Settings\cpqset.exe" [2006-01-26 15:18 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840]
"HP Component Manager"="C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"Wdrvfig7"="C:\WINDOWS\swinacs.exe" [2003-05-12 19:01 528384]
"ISUSPM Startup"="C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"QuickTime Task"="C:\Archivos de programa\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"AVG8_TRAY"="C:\ARCHIV~1\AVG\AVG8\avgtray.exe" [2008-08-31 17:26 1235736]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 14:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 20:18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"UQeuKThnqd"="C:\Documents and Settings\All Users\Datos de programa\tcxchirc\fmtqbovm.exe" [2008-08-31 15:20 77824]

C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
Adobe Reader Speed Launch.lnk - C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 3:38:16 29696]
HP Digital Imaging Monitor.lnk - C:\Archivos de programa\Hp\Digital Imaging\bin\hpqtra08.exe [19/02/2006 4:21:22 288472]
HP Pavilion Webcam Tray Icon.lnk - C:\Archivos de programa\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe [08/09/2006 3:20:28 98304]
Inicio r pido de HP Photosmart Premier.lnk - C:\Archivos de programa\Hp\Digital Imaging\bin\hpqthb08.exe [10/02/2006 7:56:20 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"C:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Archivos de programa\\iTunes\\iTunes.exe"=
"C:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
"C:\\Archivos de programa\\AVG\\AVG8\\avgemc.exe"=
"C:\\Archivos de programa\\AVG\\AVG8\\avgupd.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 17:26]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\ARCHIV~1\AVG\AVG8\avgemc.exe [2008-08-31 17:26]
R2 avg8wd;AVG Free8 WatchDog;C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 17:26]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-31 15:56]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
S3 XDva064;XDva064;C:\WINDOWS\system32\XDva064.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenido de carpeta 'Tareas Programadas'
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - C:\Archivos de programa\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
HKCU-Run-ares - C:\Archivos de programa\Ares\Ares.exe
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\LapTop\Datos de programa\Mozilla\Firefox\Profiles\rfb4fw0v.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig?hl=en&source=iglk
FF -: plugin - C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Archivos de programa\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Archivos de programa\Mozilla Firefox\plugins\NPSFDMGR.dll
FF -: plugin - C:\Archivos de programa\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Documents and Settings\All Users\Datos de programa\id Software\QuakeLive\npquakezero.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 13:42:38
Windows 5.1.2600 Service Pack 3 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Archivos de programa\HPQ\Default Settings\cpqset.exe???@???????????????@?.????Z????????@???????@

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
Tiempo completado: 2008-09-01 13:49:50
ComboFix-quarantined-files.txt 2008-09-01 19:49:20

Pre-Run: 12,908,097,536 bytes libres
Post-Run: 14,067,318,784 bytes libres

250 --- E O F --- 2008-09-01 17:08:32

Open Notepad and copy/paste everything between the X"s into it and make sure the first word (such as KILLALL, Or File, etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
C:\WINDOWS\swinacs.exe
C:\WINDOWS\system32\jutaxsna.exe
C:\WINDOWS\system32\dqjofafu.exe
C:\WINDOWS\system32\jodipgbu.exe
C:\WINDOWS\system32\nozwxyxe.exe
C:\WINDOWS\system32\odubalqf.exe
C:\WINDOWS\system32\lspmnijy.exe
C:\Documents and Settings\All Users\Datos de programa\tcxchirc\fmtqbovm.exe

Driver::
UQeuKThnqd

Folder::
C:\Documents and Settings\All Users\Datos de programa\tcxchirc

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"shsmart"=-
"HlpCmd"=-
"chkprocset"=-
"MsgSh"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=-
"Wdrvfig7"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"UQeuKThnqd"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Post a new Combofix log.

New log:

ComboFix 08-08-31.01 - LapTop 2008-09-01 17:01:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.3082.18.645 [GMT -6:00]
Se ejecuta desde: C:\Documents and Settings\LapTop\Escritorio\ComboFix.exe
Command switches used :: C:\Documents and Settings\LapTop\Escritorio\CFScript.txt

[color=red][b]ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION! [/b][/color]

FILE ::
C:\Documents and Settings\All Users\Datos de programa\tcxchirc\fmtqbovm.exe
C:\WINDOWS\swinacs.exe
C:\WINDOWS\system32\dqjofafu.exe
C:\WINDOWS\system32\jodipgbu.exe
C:\WINDOWS\system32\jutaxsna.exe
C:\WINDOWS\system32\lspmnijy.exe
C:\WINDOWS\system32\nozwxyxe.exe
C:\WINDOWS\system32\odubalqf.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Datos de programa\tcxchirc
C:\Documents and Settings\All Users\Datos de programa\tcxchirc\fmtqbovm.exe
C:\WINDOWS\swinacs.exe
C:\WINDOWS\system32\dqjofafu.exe
C:\WINDOWS\system32\jodipgbu.exe
C:\WINDOWS\system32\jutaxsna.exe
C:\WINDOWS\system32\lspmnijy.exe
C:\WINDOWS\system32\nozwxyxe.exe
C:\WINDOWS\system32\odubalqf.exe

.
(((((((((((((((((( Archivos creados desde 2008-08-01 - 2008-09-01 )))))))))))))))))))))))))))))))))
.

2008-09-01 12:28 . 2008-09-01 12:28 5,284 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-01 11:42 . 2008-09-01 11:42 <DIR> d-------- C:\Documents and Settings\LapTop\Datos de programa\Malwarebytes
2008-09-01 11:42 . 2008-09-01 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-09-01 11:42 . 2008-09-01 11:49 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-09-01 11:42 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 11:42 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-01 11:03 . 2008-09-01 11:03 <DIR> d-------- C:\WINDOWS\system32\es
2008-09-01 11:03 . 2008-09-01 11:03 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-01 11:03 . 2008-09-01 11:03 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-01 11:00 . 2008-09-01 11:00 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-01 10:55 . 2008-09-01 10:55 <DIR> d-------- C:\WINDOWS\EHome
2008-09-01 10:23 . 2008-09-01 10:24 <DIR> d-------- C:\Archivos de programa\RogueRemover FREE
2008-08-31 18:57 . 2008-08-31 18:57 <DIR> d-------- C:\Archivos de programa\Xinox Software
2008-08-31 18:35 . 2008-08-31 18:35 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-08-31 15:58 . 2008-09-01 10:40 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-31 15:56 . 2008-09-01 10:09 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-31 15:56 . 2008-08-31 17:26 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-31 15:56 . 2008-08-31 15:56 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-31 15:56 . 2008-08-31 15:56 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-31 15:55 . 2008-08-31 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\avg8
2008-08-31 15:55 . 2008-08-31 15:55 <DIR> d-------- C:\Archivos de programa\AVG
2008-08-31 15:13 . 2008-08-31 15:13 <DIR> d-------- C:\Archivos de programa\Sun
2008-08-29 20:24 . 2004-02-04 10:27 49,536 --a------ C:\WINDOWS\system32\drivers\tiehdusb.sys
2008-08-29 20:23 . 2008-08-29 20:24 <DIR> d-------- C:\Archivos de programa\TI Education
2008-08-29 20:23 . 2008-08-29 20:23 <DIR> d-------- C:\Archivos de programa\Archivos comunes\TI Shared
2008-08-29 20:22 . 2008-08-29 20:22 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-08-29 13:55 . 2008-08-29 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\id Software
2008-08-25 20:36 . 2004-08-19 15:20 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-18 12:47 . 2008-08-18 12:47 <DIR> d-------- C:\Documents and Settings\LapTop\Datos de programa\id Software
2008-08-18 12:44 . 2008-08-29 13:55 22,328 --a------ C:\Documents and Settings\LapTop\Datos de programa\PnkBstrK.sys
2008-08-17 19:12 . 2008-08-17 19:12 <DIR> d-------- C:\Archivos de programa\LibUSB-Win32-0.1.10.1
2008-08-17 19:12 . 2005-03-09 20:50 46,592 --a------ C:\WINDOWS\system32\libusb0.dll
2008-08-17 19:12 . 2005-03-09 20:50 33,792 --a------ C:\WINDOWS\system32\drivers\libusb0.sys
2008-08-17 19:12 . 2005-03-09 20:50 19,456 --a------ C:\WINDOWS\system32\libusbd-9x.exe
2008-08-17 19:12 . 2005-03-09 20:50 18,944 --a------ C:\WINDOWS\system32\libusbd-nt.exe
2008-08-14 00:35 . 2008-08-14 00:35 61,668 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-08-13 23:52 . 2008-04-11 13:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 23:52 . 2008-05-01 08:36 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 20:39 . 2008-08-11 20:39 <DIR> d-------- C:\Archivos de programa\iTunes
2008-08-11 20:39 . 2008-08-11 20:39 <DIR> d-------- C:\Archivos de programa\iPod
2008-08-11 13:21 . 2008-08-11 13:21 <DIR> d-------- C:\bin

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 00:18 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-08-31 21:52 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-08-31 21:30 --------- d-----w C:\Archivos de programa\Spybot - Search & Destroy
2008-08-31 21:13 --------- d-----w C:\Archivos de programa\Java
2008-08-30 03:02 --------- d-----w C:\Documents and Settings\LapTop\Datos de programa\uTorrent
2008-08-18 19:25 --------- d-----w C:\Archivos de programa\Microsoft Silverlight
2008-08-15 05:51 --------- d-----w C:\Archivos de programa\DivX
2008-08-14 22:43 --------- d-----w C:\Archivos de programa\Apple Software Update
2008-08-14 06:34 --------- d-----w C:\Documents and Settings\LapTop\Datos de programa\Apple Computer
2008-08-11 19:20 --------- d-----w C:\Archivos de programa\Archivos comunes\Sonic Shared
2008-08-11 19:19 --------- d-----w C:\Archivos de programa\Archivos comunes\HP
2008-08-11 19:08 --------- d-----w C:\Archivos de programa\CONEXANT
2008-08-11 19:05 --------- d-----w C:\Documents and Settings\LapTop\Datos de programa\Yahoo!
2008-08-11 19:05 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Yahoo!
2008-08-11 19:05 --------- d-----w C:\Archivos de programa\Yahoo!
2007-01-25 17:13 53,752 ----a-w C:\Documents and Settings\LapTop\Datos de programa\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-09-01_13.49.03.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-01 19:38:01 2,323,162 ----a-w C:\WINDOWS\rwi21.dat
+ 2008-09-01 23:00:43 2,325,627 ----a-w C:\WINDOWS\rwi21.dat
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:18 15360]
"MsnMsgr"="C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"hpWirelessAssistant"="C:\Archivos de programa\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 10:49 454656]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 06:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 06:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 06:17 118784]
"SynTPEnh"="C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 23:01 761946]
"QPService"="C:\Archivos de programa\HP\QuickPlay\QPService.exe" [2006-04-11 20:54 102400]
"HP Software Update"="C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"QlbCtrl"="C:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 10:38 131072]
"Cpqset"="C:\Archivos de programa\HPQ\Default Settings\cpqset.exe" [2006-01-26 15:18 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840]
"HP Component Manager"="C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"ISUSPM Startup"="C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"QuickTime Task"="C:\Archivos de programa\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"AVG8_TRAY"="C:\ARCHIV~1\AVG\AVG8\avgtray.exe" [2008-08-31 17:26 1235736]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 14:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 20:18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"C:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Archivos de programa\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Archivos de programa\\iTunes\\iTunes.exe"=
"C:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
"C:\\Archivos de programa\\AVG\\AVG8\\avgemc.exe"=
"C:\\Archivos de programa\\AVG\\AVG8\\avgupd.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 17:26]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\ARCHIV~1\AVG\AVG8\avgemc.exe [2008-08-31 17:26]
R2 avg8wd;AVG Free8 WatchDog;C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 17:26]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-31 15:56]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
S3 XDva064;XDva064;C:\WINDOWS\system32\XDva064.sys []
.
Contenido de carpeta 'Tareas Programadas'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 17:05:53
Windows 5.1.2600 Service Pack 3 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Archivos de programa\HPQ\Default Settings\cpqset.exe???@???????????????@?.????W????????@???????@

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
r Running Proce
.
C:\WINDOWS\system32\libusbd-nt.exe
C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Archivos de programa\Hp\Digital Imaging\bin\hpqtra08.exe
C:\ARCHIV~1\HPQ\Shared\HPQTOA~1.EXE
C:\Archivos de programa\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Hp\Digital Imaging\bin\hpqimzone.exe
C:\Archivos de programa\Hp\Digital Imaging\bin\hpqste08.exe
C:\Archivos de programa\AVG\AVG8\avgrsx.exe
C:\Archivos de programa\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Tiempo completado: 2008-09-01 17:19:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-01 23:19:47
ComboFix2.txt 2008-09-01 19:49:51

Pre-Run: 14,071,656,448 bytes libres
Post-Run: 14,077,644,800 bytes libres

207 --- E O F --- 2008-09-01 17:08:32

Looks a lot better, now a little clean up and a double check with an online virus scanner.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Hey sorry this took so long, had some Internet problems, nothing to do with this computer just my ISP provider. Made a little mistake with the report and it saved as HTML so I'll copy the info that's there.

Monday, September 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 02, 2008 00:43:26
Records in database: 1176244

C:\Documents and Settings\All Users\Datos de programa\Symantec\Norton AntiVirus\Quarantine\387927F7.dll

Infected: not-a-virus:AdWare.Win32.Agent.ajg

C:\Documents and Settings\All Users\Datos de programa\Symantec\Norton AntiVirus\Quarantine\7CC70F50.exe

Infected: Trojan-Downloader.Win32.Zlob.dka

C:\Documents and Settings\LapTop\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\rfb4fw0v.default\Cache\633285D9d01

Infected: not-a-virus:RiskTool.Win32.Reboot.f

C:\Documents and Settings\LapTop\Datos de programa\Sun\Java\Deployment\cache\6.0\31\5facab1f-192d1ceb

Infected: Trojan-Downloader.Java.OpenConnection.ap

C:\Documents and Settings\LapTop\Escritorio\SmitfraudFix\SmitfraudFix\Reboot.exe

Infected: not-a-virus:RiskTool.Win32.Reboot.f

C:\QooBox\Quarantine\C\WINDOWS\system32\jodipgbu.exe.vir

Infected: Backdoor.Win32.Frauder.bu

C:\QooBox\Quarantine\C\WINDOWS\system32\jutaxsna.exe.vir

Infected: Backdoor.Win32.Frauder.bu

Navigate to C:\Documents and Settings\All Users\Datos de programa\Symantec\Norton AntiVirus\Quarantine and delete the contents of that folder, do not delete the folder itself.

Navigate to C:\Documents and Settings\LapTop\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\rfb4fw0v.default\Cache and delete the contents of that folder, again do not delete the folder itself.

Go to start> control panel>java> general> settings> delete files> ok

Go to start> run> type in combofix /u (note the space after combofix) and press enter. This will uninstall combofix.

How is the computer operating.

Never been better. I can't thank you enough for all your help. I've been reading a tutorial about hijack this on http://www.bleepingcomputer.com/tut... Where else can I look for information that can teach me how to fix computer problems like you guys do? Tomorrow I'll begin my education on Computer Science and those skills might come in hand down the road. Again thank you very much.

Glad we could help.

You should begin in a bootcamp on a high end Anti-malware forum we there a many post daily and not enough helpers to go around. They are better prepared to teach.

A few come to mind:
Spywareinfo
Tech Support Guy
Spyware Warrior
Bleeping Computer
Wilderssecurity
Subratam
Daniawab

There are many others

Will try that thank you very much. You brought back faith in humanity :D

Help having the same problem I also GOT the fake win security alert . This my combo fix log please help.

Also how do you change or get rid of start up apps in Vista.

ComboFix 08-09-14.01 - Owner 2008-09-14 23:50:20.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1243 [GMT -5:00]
Running from: C:\Users\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@clicktorrent[2].txt
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@isohunt[2].txt
C:\Windows\system32\actskn43.ocx
C:\Windows\system32\lsprst7.dll
C:\Windows\system32\ssprs.dll
L:\Autorun.inf
N:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_windownetpker

((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 )))))))))))))))))))))))))))))))
.

2008-09-14 23:17 . 2008-09-14 23:17 <DIR> d-------- C:\Users\Owner\AppData\Roaming\Malwarebytes
2008-09-14 23:17 . 2008-09-14 23:17 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-14 23:17 . 2008-09-14 23:17 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-14 23:17 . 2008-09-14 23:17 <DIR> d-------- C:\Malwarebytes' Anti-Malware
2008-09-14 23:17 . 2008-09-10 00:08 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-14 23:17 . 2008-09-10 00:08 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-14 22:36 . 2008-09-14 22:38 <DIR> d-------- C:\Spybot - Search & Destroy
2008-09-14 20:10 . 2008-09-14 20:10 <DIR> d-------- C:\AutoHotkey
2008-09-10 20:46 . 2008-09-10 20:46 <DIR> d-------- C:\Turbo Tube
2008-09-09 23:54 . 2008-09-09 23:54 <DIR> d-------- C:\Users\All Users\ATI
2008-09-09 23:54 . 2008-09-09 23:54 <DIR> d-------- C:\ProgramData\ATI
2008-09-09 19:51 . 2008-07-30 20:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 19:51 . 2008-08-01 20:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 19:51 . 2008-06-25 22:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 19:51 . 2008-06-25 22:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 19:51 . 2008-05-08 14:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 19:51 . 2008-05-19 21:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 19:51 . 2008-06-25 22:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 19:51 . 2008-08-01 22:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-09 19:51 . 2008-07-30 22:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-07 17:56 . 2008-09-07 17:56 <DIR> d-------- C:\Program Files\GameSpy
2008-09-07 17:54 . 2008-09-07 17:54 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-09-07 17:44 . 2008-09-07 17:44 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-09-07 17:44 . 2008-09-07 17:44 22,328 --a------ C:\Users\Owner\AppData\Roaming\PnkBstrK.sys
2008-09-07 17:43 . 2008-09-07 17:43 669,184 --a------ C:\Windows\System32\pbsvc.exe
2008-09-07 17:43 . 2008-09-07 17:44 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-09-07 17:43 . 2008-09-07 17:43 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-09-06 04:02 . 2008-09-06 04:02 <DIR> d-------- C:\Windows\458200709BE54785B770A50F5240250B.TMP
2008-09-06 04:01 . 2008-09-06 04:01 <DIR> d-------- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2008-09-06 03:43 . 2008-09-06 03:43 <DIR> d-------- C:\Turningpointgame
2008-09-05 21:07 . 2008-09-06 13:34 <DIR> d-------- C:\ContestWeb
2008-08-28 23:42 . 2008-09-07 17:41 <DIR> d-------- C:\Users\All Users\Media Center Programs
2008-08-28 23:42 . 2008-09-07 17:41 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-08-28 23:39 . 2008-08-28 23:39 <DIR> d-------- C:\Program Files\Electronic Arts
2008-08-26 19:25 . 2008-07-19 00:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 19:25 . 2008-07-18 22:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 19:25 . 2008-07-19 00:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 19:25 . 2008-07-18 22:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 19:25 . 2008-07-19 00:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 19:25 . 2008-07-19 00:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 19:25 . 2008-07-19 00:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 19:24 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 19:24 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-23 05:20 . 2008-08-23 05:20 <DIR> d-------- C:\Program Files\Panasonic
2008-08-23 05:20 . 2008-08-23 05:20 <DIR> d-------- C:\Program Files\Common Files\Panasonic
2008-08-23 05:20 . 2008-08-23 05:20 <DIR> d-------- C:\Program Files\Common Files\CNC
2008-08-23 05:20 . 2004-06-17 21:29 253,952 --a------ C:\Windows\System32\PCodec.dll
2008-08-23 05:20 . 2001-01-22 11:37 77,824 --a------ C:\Windows\System32\PAvFilt.dll
2008-08-23 05:20 . 2005-01-17 17:58 65,536 --a------ C:\Windows\System32\PDvAvi3.dll
2008-08-23 05:20 . 2003-05-14 10:45 65,536 --a------ C:\Windows\System32\PDvAvi2.dll
2008-08-23 05:20 . 2000-10-26 10:51 36,864 --a------ C:\Windows\System32\DvWrite.dll
2008-08-23 05:20 . 2000-10-26 10:53 36,864 --a------ C:\Windows\System32\DvRead.dll
2008-08-19 12:33 . 2008-08-19 12:33 <DIR> d-------- C:\Users\Owner\AppData\Roaming\Free&Easy Font Viewer
2008-08-19 12:33 . 2008-08-19 12:33 <DIR> d-------- C:\Program FilesFontViewer
2008-08-18 02:08 . 2008-08-18 02:12 398 --a------ C:\Windows\AudioConverter.INI
2008-08-18 02:07 . 2008-08-18 02:07 <DIR> d-------- C:\AudioConverter
2008-08-18 02:06 . 2008-08-18 02:06 <DIR> d-------- C:\easetech
2008-08-16 15:51 . 2008-08-16 15:52 <DIR> d-------- C:\Users\Owner\AppData\Roaming\SecondLife
2008-08-16 15:50 . 2008-08-16 15:52 <DIR> d-------- C:\SecondLife
2008-08-16 15:22 . 2008-08-16 15:22 32 --a------ C:\Windows\go

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 04:46 --------- d-----w C:\Users\Owner\AppData\Roaming\Azureus
2008-09-15 04:10 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-10 17:43 --------- d-----w C:\Program Files\ATI
2008-09-10 08:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 04:41 --------- d-----w C:\Program Files\ATI Technologies
2008-09-06 09:02 --------- d-----w C:\Program Files\AGEIA Technologies
2008-09-06 09:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-06 08:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-30 03:47 --------- d-----w C:\Users\Owner\AppData\Roaming\mIRC
2008-08-25 09:54 --------- d-----w C:\Program Files\Common Files\Steam
2008-08-19 04:40 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-15 01:21 --------- d-----w C:\Users\Owner\AppData\Roaming\XnView
2008-08-14 20:13 --------- d-----w C:\ProgramData\HotSync
2008-08-14 20:11 53,248 ----a-w C:\Windows\PalmDevC.dll
2008-08-14 20:11 16,694 ----a-w C:\Windows\system32\drivers\PalmUSBD.sys
2008-08-14 20:11 --------- d-----w C:\Users\Owner\AppData\Roaming\HotSync
2008-08-14 08:02 --------- d-----w C:\Program Files\Windows Mail
2008-08-09 02:42 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-08-04 16:00 --------- d-----w C:\Program Files\Xvid
2008-08-04 09:45 --------- d-----w C:\Users\Owner\AppData\Roaming\combustion4
2008-08-04 09:35 --------- d-----w C:\Users\Owner\AppData\Roaming\Toon Boom Animation
2008-08-03 22:51 --------- d-----w C:\ProgramData\Trend Micro
2008-08-01 06:40 3,894,272 ----a-w C:\Windows\system32\drivers\atikmdag.sys
2008-08-01 03:51 53,248 ----a-w C:\Windows\system32\drivers\ati2erec.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-26 20:49 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-07-26 20:49 --------- d-----w C:\Program Files\chatsupport.palm.com
2008-07-26 20:33 --------- d-----w C:\Program Files\Ten Thumbs Typing Tutor
2008-07-26 20:26 --------- d-----w C:\ProgramData\Broderbund
2008-07-26 01:43 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-07-25 02:52 --------- d-----w C:\Program Files\backburner 2
2008-07-23 09:53 --------- d-----w C:\Users\Owner\AppData\Roaming\combustion2008
2008-07-23 09:27 --------- d-----w C:\Program Files\VistaCodecPack
2008-07-23 09:21 --------- d-----w C:\ProgramData\VistaCodecs
2008-07-22 20:19 --------- d-----w C:\Program Files\AMD
2008-07-20 21:31 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-07-19 00:08 36,368 ----a-w C:\Windows\system32\drivers\tmpreflt.sys
2008-07-19 00:08 205,328 ----a-w C:\Windows\system32\drivers\tmxpflt.sys
2008-07-18 23:51 1,195,448 ----a-w C:\Windows\system32\drivers\vsapint.sys
2008-07-09 08:31 319,984 ----a-w C:\Windows\DIFxAPI.dll
2008-07-09 08:20 315,392 ----a-w C:\Windows\HideWin.exe
2008-03-21 05:39 174 --sha-w C:\Program Files\desktop.ini
2008-03-11 14:03 17,667 ----a-w C:\Program Files\uninstal.log
2007-07-23 06:19 1,234 ----a-w C:\Users\Owner\AppData\Roaming\SAS7_000.DAT
2003-11-03 22:07 499,712 ----a-w C:\Program Files\msvcp71.dll
2003-11-03 22:07 348,160 ----a-w C:\Program Files\msvcr71.dll
2003-05-30 14:22 344,064 ----a-r C:\Program Files\msvcr70.dll
2002-01-05 08:40 487,424 ----a-w C:\Program Files\msvcp70.dll
2008-03-24 00:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-24 00:40 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-24 00:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-03 23:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
2008-06-10 08:29 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008060220080609\index.dat
2008-06-10 08:29 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008060820080609\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"Yahoo!MessengerForVista"="C:\Users\Owner\AppData\Local\Yahoo!\Messenger for Vista\Yahoo.Messenger.YmApp.exe" [2008-06-30 204800]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
"SpybotSD TeaTimer"="C:\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
"PWRISOVM.EXE"="C:\Program Files2\PowerISO\PWRISOVM.EXE" [2008-06-16 167936]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 8720384]

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
palmOne Registration.lnk - C:\ProgramTreo\Handspring\register.exe [2005-09-19 2367488]
Registration Heroes of Might & Magic 5 - Tribes of the East.LNK - C:\Ubisoft\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe [2008-07-07 868352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\ProgramTreo\Handspring\Hotsync.exe [2004-06-09 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"msacm.divxa32"= divxa32.acm
"VIDC.DVSD"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BF654280-1BE3-49D1-B230-F8CDE88A99E3}"= UDP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{C772EB3D-EC85-4E99-B304-C12FD0748EED}"= TCP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{23017F9C-6811-4076-9E5D-D5D049EF9750}"= UDP:C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{257ACA4F-1D62-470F-8225-1425534A243A}"= TCP:C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{45715943-D1C1-410E-ABD0-EFBC98A4252A}"= UDP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{2BB0E876-8FF7-44EF-98FF-AB5819EC6E7C}"= TCP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{523E7F56-7C79-4442-8582-528EF814CD73}"= UDP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{56472398-421A-4B18-8E0B-DB7F3A092E65}"= TCP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{9824A5D5-3EC6-4717-8884-24486BC4F195}"= UDP:C:\Program Files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{E5250977-7275-4634-BA53-0E3BAA060ADA}"= TCP:C:\Program Files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{ABF7B5BF-00CC-4A62-B791-95A581063F45}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"{4ED3078E-4D01-404C-9806-FDA9CE898992}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"TCP Query User{AE7EBEEC-805D-4A21-AC15-8D78C59064BE}C:\\program files2\\azureus\\azureus.exe"= UDP:C:\program files2\azureus\azureus.exe:Azureus
"UDP Query User{CF73791B-DF04-4828-9181-B1F4F56A046C}C:\\program files2\\azureus\\azureus.exe"= TCP:C:\program files2\azureus\azureus.exe:Azureus
"{3959CBA1-3F8E-4E0E-B13D-DC5CAE9573E1}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4487A46A-30EA-45D7-95EA-279E1A8B19C8}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E3D057E7-31DD-436E-9653-7DA939554CB8}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A8EEE4B6-AD1F-4321-8700-F192D13B6C7F}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DCF9F17A-8DE5-461C-A396-424AE72C0780}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{63A3AF3E-E678-4AF6-BA2D-C1186B1B6F0E}C:\\users\\owner\\appdata\\local\\temp\\rar$ex01.646\\shadowrun\\shadowrun.exe"= UDP:C:\users\owner\appdata\local\temp\rar$ex01.646\shadowrun\shadowrun.exe:shadowrun.exe
"UDP Query User{9B1808DA-71DB-4F5C-BAD5-BE1F3C5BC995}C:\\users\\owner\\appdata\\local\\temp\\rar$ex01.646\\shadowrun\\shadowrun.exe"= TCP:C:\users\owner\appdata\local\temp\rar$ex01.646\shadowrun\shadowrun.exe:shadowrun.exe
"TCP Query User{42C26C34-61DB-4C99-9CEE-4E57EB904503}C:\\users\\owner\\appdata\\local\\temp\\rar$ex35.353\\shadowrun\\shadowrun.exe"= UDP:C:\users\owner\appdata\local\temp\rar$ex35.353\shadowrun\shadowrun.exe:shadowrun.exe
"UDP Query User{D272EE28-3116-45A1-9368-48CE67AD9AC9}C:\\users\\owner\\appdata\\local\\temp\\rar$ex35.353\\shadowrun\\shadowrun.exe"= TCP:C:\users\owner\appdata\local\temp\rar$ex35.353\shadowrun\shadowrun.exe:shadowrun.exe
"TCP Query User{A40780A2-31E0-488B-BBE9-9A4DF227EE94}C:\\program files2\\mirc\\mirc.exe"= UDP:C:\program files2\mirc\mirc.exe:mIRC
"UDP Query User{3CE5D7EB-FE4A-4A92-9D66-36F18A829AB8}C:\\program files2\\mirc\\mirc.exe"= TCP:C:\program files2\mirc\mirc.exe:mIRC
"TCP Query User{C4D2BAE0-E9FE-431C-A534-A758A1121B2B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{081B3122-6C44-4BE1-B4D3-00C79F6841CC}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{55F3A24D-C333-4530-B843-10D1177EC9B2}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{D3532B57-E2A4-4BFF-B907-229512014752}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{C0484A7B-9764-4124-BDC6-6CD0B7A195DD}"= UDP:24000:64.147.166.2:fury
"{F6D2AB9A-A2D9-4A01-A058-9DDFA0B89169}"= UDP:21002:64.127.125.250:fury2
"{D1C95131-8236-4151-8EE4-52EB85B2FC09}"= TCP:24001:69.80.215.250:fury3
"{81D07CE5-ED05-4FD5-BC9F-9B8316A1BBC6}"= TCP:21999:fury4
"{AED19FF7-CD7D-49EE-8F07-6A7BEEC76D38}"= UDP:C:\Windows\System32\lxczcoms.exe:Lexmark Communications System
"{24D3E715-32A4-4A4A-AE1D-931D1E3F7E9D}"= TCP:C:\Windows\System32\lxczcoms.exe:Lexmark Communications System
"{B125FDCE-290A-4F3A-B1F3-F712C7650171}"= UDP:3703:Adobe Version Cue CS3 Server
"{28F21AEB-8D32-4850-BEFB-28A790CC4881}"= UDP:3704:Adobe Version Cue CS3 Server
"{96F2D1BE-70A1-49B4-A163-758A2B9A81E8}"= UDP:50900:Adobe Version Cue CS3 Server
"{881F5D8F-816F-42CB-96A1-17E57E8F271D}"= UDP:50901:Adobe Version Cue CS3 Server
"{4209B68C-0AC1-4014-96BE-72421411349E}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{F1482F78-DA54-4BFE-B681-CFEE59442F56}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{9AF44463-591C-4187-AEA1-39031EBA2232}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{C5923CAC-FAEE-4C1C-914D-159530707F54}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{DB14AFD5-0848-4A82-A8AA-A3FC7401521F}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{9CC96039-64C3-462B-9FCE-3C3DCAAB58B3}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{D1326BC5-C4B6-464B-A7AF-39696A8C2A5B}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{A0F20D81-A552-4CE7-AD53-AB5E8713A54A}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{CADA2A5B-77DD-43D9-9977-6EB5AED236D9}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{28412D0A-3149-48D1-92ED-F3692A2BC887}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CC7A14B5-40EC-4011-A4B0-0CEB343DA502}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5FD96742-E704-4781-97D0-0C1AF9263609}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"67fb565c-92db-4ca4-b0e5-e214d7a03071"= %SystemDrive%\Monte Cristo\Silverfall\Silverfall.exe:silverfall
"{CE9E0644-C65E-4F46-9733-214D3F6EAEE0}"= UDP:51487:azerus
"{BFB97B49-FA3C-4351-91D3-40491C318825}"= UDP:C:\Program Files\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{773B3C3D-595F-4E5E-9D10-B85EF5EB57D1}"= TCP:C:\Program Files\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{9A75C79C-5A23-45F1-807C-D6DB5CE9093C}"= UDP:C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{8B5B38C2-FABA-49D5-87EC-09AB29F70A99}"= TCP:C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{63A50AA6-7D2C-445C-95CD-D63F281EA623}"= UDP:C:\Program Files\backburner 2\monitor.exe:backburner 2.3 monitor
"{6949B8D4-7319-4684-92AF-886DE7C3B6BA}"= TCP:C:\Program Files\backburner 2\monitor.exe:backburner 2.3 monitor
"{B73ECC02-1985-41B0-BBEE-10246DD5438C}"= UDP:C:\Program Files\backburner 2\manager.exe:backburner 2.3 manager
"{B4E56898-9307-4D94-AA2A-596C8E54AFE2}"= TCP:C:\Program Files\backburner 2\manager.exe:backburner 2.3 manager
"{F9F33BC3-A9D0-4BFB-B925-214EA727FB48}"= UDP:C:\Program Files\backburner 2\server.exe:backburner 2.3 server
"{3B658AFB-9B97-4FAF-B61A-3DD7E687CFD5}"= TCP:C:\Program Files\backburner 2\server.exe:backburner 2.3 server
"{DF4ECCBC-2002-487B-B231-5327B2FB45DE}"= UDP:C:\games2\Steam\Steam.exe:Steam
"{10FC8069-2CF3-4B99-8A6F-34D2E580FC13}"= TCP:C:\games2\Steam\Steam.exe:Steam
"{50D6AAA7-E969-40C0-902C-DEC7DE2B10E1}"= UDP:C:\Turningpointgame\Codemasters\Turning Point - Fall of Liberty\Binaries\LTCG-TPGame.exe:Turning Point - Fall of Liberty
"{E47D0058-3296-4F41-AFAB-AF60EA6B87B6}"= TCP:C:\Turningpointgame\Codemasters\Turning Point - Fall of Liberty\Binaries\LTCG-TPGame.exe:Turning Point - Fall of Liberty
"{C6548988-EEBD-4110-AA5D-775B15CF1527}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{7886C966-E4C3-40AD-8C7B-5E7503783AD4}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{D892CE0C-459A-468C-9F0B-8AA347F149E8}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{5749A4BD-76B5-4AE2-BA5E-15716135FF70}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{FC83CF1A-5F60-452A-ACCE-CC5E1ADA698F}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{52883733-CD65-4A41-8132-BBCDF68CE6E7}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{3BE514D9-08A7-4D25-A4AD-5B8C17DF095F}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5C3E6459-D93B-4055-8202-B4291D0F14F2}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2008-02-15 141840]
R2 lxcz_device;lxcz_device;C:\Windows\system32\lxczcoms.exe [2007-04-19 537520]
R2 SBSDWSCService;SBSD Security Center Service;C:\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 tgsrvc_chatsupport.palm.com;SupportSoft Repair Service (chatsupport.palm.com);C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe [2008-05-21 148768]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2008-02-15 234512]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-01 3894272]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 MAC607;MAC607 Filter;C:\Windows\system32\DRIVERS\MAC607.sys [2007-06-25 23808]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-19 87288]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
\shell\AutoRun\command - N:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89c08cef-c771-11dc-85c6-001921571553}]
\shell\AutoRun\command - L:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90bdcf3c-35a3-11dc-a773-806e6f6e6963}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7130bdb-e291-11dc-981a-001921571553}]
\shell\AutoRun\command - N:\wd_windows_tools\setup.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-GrooveMonitor - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
HKLM-Run-eRecoveryService - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nejmxwo4.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 23:59:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
r Running Proce
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\System32\WUDFHost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2008-09-15 0:10:48 - machine was rebooted
ComboFix-quarantined-files.txt