Page 3 - Another case of "not a valid win32 app"(Resolved)

ComboFix 08-03-21.1 - MBC 2008-03-25 8:02:19.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.3082.18.1496 [GMT 1:00]
Se ejecuta desde: C:\Documents and Settings\MBC\Escritorio\MyCombo.exe
Command switches used :: C:\Documents and Settings\MBC\Escritorio\CFScript.txt
* Creado un nuevo punto de restauración

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!

FILE ::
C:\Documents and Settings\MBC\Escritorio\SDFix.exe
C:\WINDOWS\imglib.dll
C:\WINDOWS\kimg.dll
C:\WINDOWS\sysk32.dll
C:\WINDOWS\system32\cmbwgbhm.dll
C:\WINDOWS\system32\khfebbb.dll
C:\WINDOWS\system32\spwobkor.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\MBC\Escritorio\SDFix.exe
C:\Utilities\Advanced System Optimizer\removed
C:\Utilities\Advanced System Optimizer\removed\2008_3_7_21_19\base64.dll.spyware
C:\Utilities\Advanced System Optimizer\removed\2008_3_7_21_19\libimg.dll.spyware
C:\Utilities\Advanced System Optimizer\removed\2008_3_7_21_19\reginfo.txt
C:\Utilities\Advanced System Optimizer\removed\2008_3_7_21_20\reginfo.txt
C:\Utilities\Advanced System Optimizer\removed\2008_3_8_12_33\reginfo.txt
C:\Utilities\Advanced System Optimizer\removed\2008_3_8_12_43\reginfo.txt
C:\Utilities\Advanced System Optimizer\removed\2008_3_8_8_23\reginfo.txt
C:\Utilities\Advanced System Optimizer\removed\2008_3_8_8_25\reginfo.txt
C:\WINDOWS\imglib.dll
C:\WINDOWS\kimg.dll
C:\WINDOWS\sysk32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

2008-03-25 08:04 . 2008-03-25 08:04 244 --ah----- C:\sqmnoopt07.sqm
2008-03-25 08:04 . 2008-03-25 08:04 232 --ah----- C:\sqmdata07.sqm
2008-03-25 08:01 . 2008-03-25 08:01 3,631 --a------ C:\521.tmp
2008-03-24 22:37 . 2008-03-24 22:37 <DIR> d-------- C:\Documents and Settings\MBC\Datos de programa\SUPERAntiSpyware.com
2008-03-24 22:37 . 2008-03-24 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2008-03-24 22:37 . 2008-03-24 23:54 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-03-24 15:59 . 2008-03-24 15:59 3,631 --a------ C:\7.tmp
2008-03-24 15:32 . 2008-03-24 15:32 3,631 --a------ C:\28.tmp
2008-03-23 23:34 . 2008-03-24 01:03 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-23 23:26 . 2008-03-23 23:26 244 --ah----- C:\sqmnoopt10.sqm
2008-03-23 23:26 . 2008-03-23 23:26 232 --ah----- C:\sqmdata10.sqm
2008-03-23 23:20 . 2008-03-23 23:20 <DIR> d-------- C:\Documents and Settings\MBC\Datos de programa\Malwarebytes
2008-03-23 23:19 . 2008-03-23 23:19 <DIR> d-------- C:\Malwarebytes
2008-03-23 23:19 . 2008-03-23 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-03-23 21:14 . 2008-03-23 21:14 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-23 21:09 . 2008-03-23 21:09 244 --ah----- C:\sqmnoopt09.sqm
2008-03-23 21:09 . 2008-03-23 21:09 232 --ah----- C:\sqmdata09.sqm
2008-03-23 19:56 . 2008-03-24 19:57 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuración local
2008-03-23 19:56 . 2008-03-24 19:57 <DIR> d-------- C:\Documents and Settings\Vicente\Configuración local
2008-03-23 19:56 . 2008-03-24 19:57 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuración local
2008-03-23 19:56 . 2008-03-24 19:57 <DIR> d-------- C:\Documents and Settings\MBC\Configuración local
2008-03-23 19:56 . 2008-03-24 19:57 <DIR> d-------- C:\Documents and Settings\LocalService\Configuración local
2008-03-23 19:56 . 2008-03-24 19:57 <DIR> d-------- C:\Documents and Settings\Invitado\Configuración local
2008-03-23 17:35 . 2008-03-23 17:35 3,631 --a------ C:\2E.tmp
2008-03-22 20:19 . 2008-03-22 20:19 <DIR> d-------- C:\Documents and Settings\MBC\Datos de programa\Canon
2008-03-09 12:11 . 2008-03-09 12:11 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-03-09 11:32 . 2008-03-09 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files
2008-03-08 14:08 . 2008-03-08 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-03-08 14:08 . 2008-03-08 17:06 <DIR> d-------- C:\Archivos de programa\Spybot - Search & Destroy
2008-03-07 08:45 . 2008-03-07 08:45 <DIR> d-------- C:\Utilities
2008-03-07 08:45 . 2008-03-07 08:45 <DIR> d-------- C:\Documents and Settings\MBC\Datos de programa\Systweak
2008-03-06 23:32 . 2008-03-25 00:07 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-06 23:32 . 2008-03-24 23:21 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-06 23:32 . 2008-03-24 23:21 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-06 23:32 . 2008-03-24 23:21 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-06 23:18 . 2008-03-06 23:18 <DIR> d-------- C:\Archivos de programa\Alwil Software
2008-03-02 11:15 . 2008-03-24 23:55 <DIR> d-------- C:\Archivos de programa\Windows Live Toolbar
2008-03-02 11:15 . 2008-03-24 23:55 <DIR> d-------- C:\Archivos de programa\Windows Live Favorites
2008-03-02 11:15 . 2008-03-02 11:15 <DIR> d-------- C:\Archivos de programa\Microsoft SQL Server Compact Edition
2008-03-02 11:11 . 2008-03-02 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-03-02 11:11 . 2008-03-03 03:01 <DIR> d-------- C:\Archivos de programa\Windows Live
2008-03-02 11:11 . 2008-03-02 11:13 <DIR> d--hsc--- C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-02-29 23:24 . 2008-02-29 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\AgentSS
2008-02-29 23:24 . 2008-02-29 23:24 102 --a------ C:\Documents and Settings\All Users\Datos de programa\saopts.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 22:54 --------- d-----w C:\Archivos de programa\Windows Desktop Search
2008-03-24 22:52 --------- d-----w C:\Archivos de programa\Google
2008-03-24 21:37 --------- d-----w C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-03-24 14:45 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-03-23 22:41 --------- d-----w C:\Archivos de programa\eTrust Antivirus
2008-03-08 20:06 --------- d-----w C:\Archivos de programa\eMule
2008-03-02 21:33 --------- d-----w C:\Archivos de programa\Archivos comunes\Adobe
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-27 11:05 --------- d-----w C:\Archivos de programa\Canon
2008-01-27 11:04 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-01-27 11:04 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\ZoomBrowser
2008-01-27 11:01 --------- d-----w C:\Archivos de programa\Archivos comunes\Canon
2008-01-12 14:55 56 ---ha-w C:\Documents and Settings\All Users\Datos de programa\emopts.dat
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
C:\Archivos de programa\Windows Live\Protección infantil\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 13:00 15360]
"SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"MimBoot"="C:\UTILID~1\MUSICM~1\mimboot.exe" [2005-05-10 15:04 11776]
"HP Software Update"="C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"GrooveMonitor"="C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"Creative WebCam Tray"="C:\Archivos de programa\Creative\Shared Files\CAMTRAY.EXE" [2004-04-29 09:59 245760]
"ATIPTA"="C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 20:05 344064]
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Adobe Photo Downloader"="C:\Archivos de programa\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 00:18 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-20 13:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
C:\Archivos de programa\SS\SA\sysdiag.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Archivos de programa\\eTrust Antivirus\\Realmon.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Archivos de programa\\eMule\\emule.exe"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Archivos de programa\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Archivos de programa\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=

R2 GLOGODrv;GLOGODrv;C:\WINDOWS\system32\drivers\GLOGODrv.sys [2000-10-12 15:16]
S2 fsssvc;Windows Live OneCare Protección infantil;"C:\Archivos de programa\Windows Live\Protección infantil\fsssvc.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 06:24:00 C:\WINDOWS\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job"
- C:\Archivos de programa\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 08:07:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Archivos de programa\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Archivos de programa\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\UTILID~1\MUSICM~1\MMDiag.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Utilidades\Musicmatch\mim.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2008-03-25 8:08:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-25 07:08:46
ComboFix2.txt 2008-03-24 18:57:47
.
2008-03-24 14:45:50 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:47, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Archivos de programa\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\Archivos de programa\Creative\Shared Files\CAMTRAY.EXE
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Archivos de programa\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\UTILID~1\MUSICM~1\MMDiag.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Utilidades\Musicmatch\mim.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Archivos de programa\Windows Live\Protección infantil\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Utilities\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\UTILID~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Archivos de programa\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Archivos de programa\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ymetray.lnk = C:\Archivos de programa\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178485037218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A09B0C3-4414-4E25-AD9C-DEFDD23564E9}: NameServer = 87.216.1.65,87.216.1.66
O17 - HKLM\System\CS2\Services\Tcpip\..\{5A09B0C3-4414-4E25-AD9C-DEFDD23564E9}: NameServer = 87.216.1.65,87.216.1.66
O17 - HKLM\System\CS3\Services\Tcpip\..\{5A09B0C3-4414-4E25-AD9C-DEFDD23564E9}: NameServer = 87.216.1.65,87.216.1.66
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Archivos de programa\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Archivos de programa\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9636 bytes

Phortos, a question of a different kind? What antivirus would you recomend?

Which is best is a question that will get a dozen different answers.

No program will protect 100%. It is up to the user to do or not to do the things that keep infecting their computers.

In your case P2P and program cracks are the cause of your problems.

The bottom line is you can have only have ONE active antivirus protecting you. More than one conflict and slow down your computer and work against each other.

All that being said I just use AVG free.

Thanks. I had eTrust and changed to avast.

Manuel

PD: And thanks for your help. Lesson learned!

How is your computer running now?

To me it seems like it is running perfectly. Should I try installing an antivirus now?

Yes install it and run a full scan. post back

I installed Bitdefender v10 Free edition. I am running a deep scan. I will post back.

Thanks a lot. I was about to format my HDD.

Manuel

//-----------------------------------------------------------------
//
// Product BitDefender Free Edition v10
// Product 10.2
//
// Created on: 26/03/2008 00:51:01
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
E:\
F:\
Folders : 7756
Files : 379617
Memory processes scanned : 38
Archives : 6063
Runtime packers : 19898
Identified viruses : 0
Infected files : 0
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 0
I/O errors : 58
Scan time : 01:33:18
Scan speed (files/sec) : 67

Spyware Statistics

Registry keys scanned : 346
Registry keys infected : 0
Cookies scanned : 44
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 1023358
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 7
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\DOCUME~1\MBC\CONFIG~1\Temp\1206489061.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies

* Please download OTMoveIt2 by OldTimer: HERE
1. Save it to your desktop.
2. Please double-click OTMoveIt2.exe to run it.
3. Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
4. This step removes the files, folders, and shortcuts created by the tools I had you download and run.


Your logs are clear. If are not having any issues you are good to go.


You can choose to keep SuperAntiSpyware if you want to periodically update and scan with. If things are okay now you just need to clear the System Restore. To do this, right-click My Computer and select Properties. Click the System Restore tab in the window that appears, and check the box that says "Turn off System Restore on all drives" and click Apply.

You will be asked if you are sure, click Yes. This will delete the restore points. Then click OK in the Properties window and reboot your computer.

When your desktop appears, right-click My Computer and select Properties once more. Uncheck the "Turn off System Restore..." box and click Apply. OK.



In order to protect yourself against spyware,Trojans ect.

* Avoid illegal sites,P2P programs,Adult sites and poker type sites because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.
If you are a MySpace user stay clear of programs used to "pimp" your account and allowing any unknown ActiveX content to run on your computer. If you not 100% sure dont allow it.

Also consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your Protective software regularly, and to keep it up-to-date.

If all is well Safe Surfing.