PSW.X-virtrojan problems, please help.

[pluttas]

Hi There! Having some problems with some trojans and would really appreciate help.
I have a spanish XP Home, hope it won't be any troubles.
This is the HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 13:11:12, on 09/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Video ActiveX Object\isamonitor.exe
C:\Archivos de programa\Video ActiveX Object\pmsngr.exe
C:\WINDOWS\stsystra.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\Video ActiveX Object\isamini.exe
C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe
C:\Archivos de programa\Video ActiveX Object\pmmon.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\Dell\Media Experience\DMXLauncher.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\Archivos comunes\Mediafour\MACVNTFY.EXE
C:\Archivos de programa\Mediafour\XPlay\XPTRYICN.EXE
C:\Archivos de programa\Mediafour\MacDrive\MDDiskProtect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Dell\QuickSet\NICCONFIGSVC.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\ARCHIV~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andreas\Escritorio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.es/ig/dell?hl=es&client=dell-row&channel=es&ibd=5061024
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.es/ig/dell?hl=es&client=dell-row&channel=es&ibd=5061024
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.es/ig/dell?hl=es&client=dell-row&channel=es&ibd=5061024
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CvgraphObj Object - {12355F3E-90C3-41AA-8705-15969AF7F210} - C:\WINDOWS\vgraph.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Archivos de programa\Video ActiveX Object\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Archivos de programa\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DMXLauncher] C:\Archivos de programa\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Archivos de programa\Archivos comunes\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Archivos de programa\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Archivos de programa\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Archivos de programa\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\ARCHIV~1\Google\GOOGLE~1\GOEC62~1.DLL,
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Archivos de programa\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Archivos de programa\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe

 

[Cheeseball81]

Hi and welcome

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

 

[pluttas]

Hi there!
Appreciate the help a lot and really hope that you can help my out of this situation.
This is the fraudfix logfile:

SmitFraudFix v2.132

Scan done at 13:17:16,67, 10/01/2007
Run from C:\Documents and Settings\Andreas\Escritorio\SmitfraudFix
OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Andreas


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Andreas\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Andreas\FAVORI~1

C:\DOCUME~1\Andreas\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Archivos de programa

C:\Archivos de programa\Video ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mi p gina de inicio actual"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\ARCHIV~1\\Google\\GOOGLE~1\\GOEC62~1.DLL,"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

[Cheeseball81]

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.

 

[pluttas]

Hi there this is the logfile:

SmitFraudFix v2.132

Scan done at 22:43:57,53, 10/01/2007
Run from C:\Documents and Settings\Andreas\Escritorio\SmitfraudFix
OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\gwquvw.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\gwquvw.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\Andreas\FAVORI~1\Online Security Test.url Deleted
C:\Archivos de programa\Video ActiveX Object\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

 

[Cheeseball81]

Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm

Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address and click send.
Select either Home User or Company.
Click the big Scan Now button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report.

 

[pluttas]

Hi there cheezball!
Seems like the Panda active scan doesn`t work, it says scanning processes in memory but nothing happens. I`ve installed directX and changed my browser to IE but it doesn`t work.
Are there any other programs that will do the same job that I can use??

 

[Cheeseball81]

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
   • Select "Automatically generate report after every scan"
   • Un-Select "Only if threats were found"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.

1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
   
   IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
   
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
   Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Post those results along with a new Hijack This log.

 

[pluttas]

Hi again once again I must tell you that the help is very much appreciated.

AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:02:02 13/01/2007

+ Scan result:



C:\Archivos de programa\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Cleaned with backup (quarantined).
HKU\S-1-5-21-1295712771-3451046965-3389198426-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1295712771-3451046965-3389198426-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\vgraph.dll -> Adware.Webdir : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{12355F3E-90C3-41AA-8705-15969AF7F210} -> Adware.Webdir : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12355F3E-90C3-41AA-8705-15969AF7F210} -> Adware.Webdir : Cleaned with backup (quarantined).
HKU\S-1-5-21-1295712771-3451046965-3389198426-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12355F3E-90C3-41AA-8705-15969AF7F210} -> Adware.Webdir : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-1295712771-3451046965-3389198426-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\totalcmd\tc6Uni_crk.exe -> Logger.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\Andreas\Datos de programa\winantiviruspro2006freeinstall_se[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
:mozilla.376:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.377:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.381:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Andreas\Cookies\andreas@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.198:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.347:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.348:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.349:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.350:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.351:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.100:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.99:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.83:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.84:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.86:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.87:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Andreas\Cookies\andreas@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.389:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.355:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.51:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Andreas\Cookies\andreas@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Andreas\Cookies\andreas@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.38:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Andreas\Cookies\andreas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.158:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.403:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.152:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.224:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.64:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Andreas\Cookies\andreas@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.240:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.241:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.193:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.194:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.195:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.196:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.75:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.76:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Andreas\Cookies\andreas@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.338:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.339:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.340:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.341:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.342:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Andreas\Cookies\andreas@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.274:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.275:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.276:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.277:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.307:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.308:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.309:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.310:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.311:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.150:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.155:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.156:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.157:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.102:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.103:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.104:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.73:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.74:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Andreas\Cookies\andreas@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.149:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.153:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.154:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Hakan\Cookies\hakan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.65:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.66:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.67:C:\Documents and Settings\Andreas\Datos de programa\Mozilla\Firefox\Profiles\szc7vtwu.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 16:07:47, on 13/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\Dell\Media Experience\DMXLauncher.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\Archivos comunes\Mediafour\MACVNTFY.EXE
C:\Archivos de programa\Mediafour\XPlay\XPTRYICN.EXE
C:\Archivos de programa\Mediafour\MacDrive\MDDiskProtect.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Archivos de programa\Dell\QuickSet\NICCONFIGSVC.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\ARCHIV~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Andreas\Escritorio\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.es/ig/dell?hl=es&client=dell-row&channel=es&ibd=5061024
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DMXLauncher] C:\Archivos de programa\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Archivos de programa\Archivos comunes\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Archivos de programa\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Archivos de programa\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Archivos de programa\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\ARCHIV~1\Google\GOOGLE~1\GOEC62~1.DLL,
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Archivos de programa\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Archivos de programa\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe

 

[Cheeseball81]

Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing)

Reboot, how are things now?

 

[pluttas]

Seems like everything is working now!!
Thank you so much!!
Don`t have much money to donate right now but I would like to invite you for a vacation.
I`ll give you room and food as a thank and free surfing lessons( the flight ticket is on your cost).

I live at the Canary islands where it is always sunny and big waves. If you would like to have some vacation just send me your reply and I`ll give you all the necessary info.
Thank you very much!

 

[Cheeseball81]

You're welcome! And wow thanks for the invite. I'll have to come there sometime. It sounds gorgeous.

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer.

Turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

You can mark your thread "Solved" from the Thread Tools drop down menu.

 

[pluttas]

Ok I`ve done all you told me now and hopefully everything will work smoothly in the future.
My invitation is dead serious and i hope you can make it.
Will be here ( Canary Island) about 1 year more and then I`m going to Buenos Aires for a while so thats your deadline

Thank you for your help, Andreas Johansson.

 

[Cheeseball81]

My pleasure