Pls help me with my virus...

here you go:

Malwarebytes' Anti-Malware 1.42
Database version: 3323
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

12/10/2009 8:14:31 PM
mbam-log-2009-12-10 (20-14-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 138390
Time elapsed: 1 hour(s), 5 minute(s), 9 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 5
Registry Keys Infected: 19
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 9
Files Infected: 24

Memory Processes Infected:
C:\Documents and Settings\Administrador\Configuración local\Temp\nxgn.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\MsgUpdate.dll (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\Aud32\msgasst84.dll (Adware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\eithdfwq.dll (Adware.BHO) -> Delete on reboot.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\IgfxSys.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\Aud32\msgutil84.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{e3a14032-f6fc-426d-a024-bead613d5db3} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbcc290a-5e32-4e54-80db-f0f3f3892444} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0e21f89-b0db-442b-8b05-da29ded72897} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e0e21f89-b0db-442b-8b05-da29ded72897} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0e21f89-b0db-442b-8b05-da29ded72897} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdat.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdate (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{d8c0508c-e235-4d9e-a27e-c8bb5f527dc9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vkuekvxkfoagombw (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adproclient.adhlpr (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adproclient.adhlpr.1 (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MessengerUpdateProject.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fc3af7b-4101-4405-cf47-7fce9c869df7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5fc3af7b-4101-4405-cf47-7fce9c869df7} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxsys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lksmbnfwphsottui (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\Aud32 (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Archivos de programa\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Archivos de programa\Smart-Ads-Solutions\SmartAds\1.0.27.0 (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Archivos de programa\Smart-Ads-Solutions\SmartAds\1.1.2.0 (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\MsgUpdate.dll (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\Aud32\msgasst84.dll (Adware.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrador\Configuración local\Temp\nxgn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eithdfwq.dll (Adware.BHO) -> Delete on reboot.
C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet\Content.IE5\V1HDJ1H3\go28[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet\Content.IE5\XJEFPX95\smartasf27[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet\Content.IE5\XJEFPX95\go282[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configuración local\Temp\RarSFX0\MsgUpdate.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configuración local\Temp\RarSFX1\MsgUpdate.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Sys\mu.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkuekvxkfoagombw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\conf.sys (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\IgfxSys.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\phuninst.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\pub.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\serial.sys (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\Aud32\go28.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\Aud32\go282.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\Aud32\msgutil84.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\Aud32\smartasf27.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\Messenger\Drivers\Aud32\zbc22.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Smart-Ads-Solutions\SmartAds\1.0.27.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Archivos de programa\Smart-Ads-Solutions\SmartAds\1.1.2.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kjtmqhwwehtdlqr.dll (Trojan.BHO) -> Delete on reboot.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Here is the Cobo fix log:

ComboFix 09-12-10.01 - Administrador 12/10/2009 22:03:56.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.54.3082.18.1015.752 [GMT -3:00]
Running from: c:\documents and settings\Administrador\Escritorio\Combo-Fix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrador\Datos de programa\Messenger

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DAC970NT
-------\Service_dac970nt


((((((((((((((((((((((((( Files Created from 2009-11-11 to 2009-12-11 )))))))))))))))))))))))))))))))
.

2009-12-11 01:12 . 2009-12-11 01:12 -------- d-----w- c:\windows\system32\wbem\snmp
2009-12-11 01:12 . 2009-12-11 01:12 -------- d-----w- c:\windows\system32\xircom
2009-12-11 01:12 . 2009-12-11 01:12 -------- d-----w- c:\archivos de programa\microsoft frontpage
2009-12-09 05:59 . 2009-12-09 05:59 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\ezLife
2009-12-09 05:59 . 2009-12-09 05:59 -------- d-----w- c:\archivos de programa\ezLife
2009-12-08 06:51 . 2009-12-08 06:51 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2009-12-08 06:51 . 2009-12-03 19:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-08 06:51 . 2009-12-08 06:51 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2009-12-08 06:51 . 2009-12-08 06:51 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-12-08 06:51 . 2009-12-03 19:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-06 06:48 . 2009-12-06 06:48 -------- d-----w- c:\archivos de programa\Ares
2009-12-06 06:04 . 2009-12-06 06:04 -------- d-----w- c:\archivos de programa\Trend Micro
2009-12-03 06:45 . 2009-12-09 05:51 -------- d-----w- C:\BrowserPlusPlugins
2009-11-24 05:05 . 2009-11-24 05:05 -------- d-----w- c:\windows\ServicePackFiles
2009-11-24 03:53 . 2009-11-24 04:22 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-11-24 03:25 . 2008-01-15 19:01 100352 ------w- c:\windows\system32\dllcache\6to4svc.dll
2009-11-24 03:24 . 2008-06-14 17:59 272512 ------w- c:\windows\system32\drivers\bthport.sys
2009-11-24 03:24 . 2008-06-14 17:59 272512 ------w- c:\windows\system32\dllcache\bthport.sys
2009-11-24 03:22 . 2005-07-26 04:29 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-11-24 03:21 . 2009-03-06 14:01 286720 ------w- c:\windows\system32\dllcache\pdh.dll
2009-11-24 03:21 . 2009-02-09 10:03 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-11-24 03:21 . 2009-02-06 09:41 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-11-24 03:21 . 2009-02-09 10:03 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-11-24 03:21 . 2009-02-06 09:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-11-24 03:21 . 2009-02-09 10:03 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-11-24 03:21 . 2009-02-09 10:03 685568 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-11-24 03:21 . 2009-02-09 09:53 111104 ------w- c:\windows\system32\dllcache\services.exe
2009-11-24 03:21 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-11-24 03:19 . 2008-05-08 12:14 203008 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-11-24 03:19 . 2008-10-24 11:25 455936 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-24 03:19 . 2008-12-11 10:24 333184 ------w- c:\windows\system32\dllcache\srv.sys
2009-11-24 03:19 . 2008-05-01 14:31 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-11-24 03:19 . 2009-07-10 13:37 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-11-24 03:18 . 2008-04-11 18:40 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-11-24 03:18 . 2009-08-04 17:16 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-24 03:18 . 2009-08-04 17:16 2188416 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-11-24 03:18 . 2009-08-04 17:16 2065408 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-24 03:18 . 2009-08-04 17:16 2023424 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-11-24 03:17 . 2009-06-05 07:55 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-11-24 03:13 . 2008-10-15 16:55 339456 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-11-24 03:13 . 2008-09-04 16:34 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-11-24 03:12 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-11-23 18:18 . 2009-11-23 18:18 -------- d-----w- c:\windows\Sun
2009-11-19 21:01 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-19 21:01 . 2009-08-06 22:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-19 03:30 . 2009-11-19 03:30 0 ----a-w- c:\windows\nsreg.dat
2009-11-19 03:26 . 2009-12-11 01:13 -------- d-----w- c:\documents and settings\Administrador\Tracing
2009-11-19 03:20 . 2009-11-19 03:20 -------- d-----w- c:\archivos de programa\Microsoft
2009-11-19 03:19 . 2009-11-19 03:19 -------- d-----w- c:\archivos de programa\Windows Live SkyDrive
2009-11-19 03:16 . 2009-11-19 03:16 -------- d-----w- c:\archivos de programa\Archivos comunes\Windows Live
2009-11-16 08:42 . 2009-11-16 08:42 286720 ----a-w- c:\windows\system32\rkfeauni.dll
2009-11-16 08:42 . 2009-11-16 08:42 290304 ----a-w- c:\windows\system32\chzljtyv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 05:44 . 2001-08-24 10:00 81758 ----a-w- c:\windows\system32\perfc00A.dat
2009-12-09 05:44 . 2001-08-24 10:00 463286 ----a-w- c:\windows\system32\perfh00A.dat
2009-11-19 03:21 . 2009-07-14 21:37 -------- d-----w- c:\archivos de programa\Windows Live
.

------- Sigcheck -------

[-] 2009-08-06 . A0812BE2A177C1CCC8B30ED05F4BCFB1 . 127200 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2008-04-14 . 846908F3A9F03F85E78103ED9D87B441 . 112128 . . [5.4.3790.5512] . . c:\windows\SoftwareDistribution\Download\4fcdf3a74fe834ce16dc12a720df5cc7\wuauclt.exe

[-] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\4fcdf3a74fe834ce16dc12a720df5cc7\explorer.exe
[-] 2008-01-15 . 6DA46BE8EDC7CA0ACD12C50FCD8BB19A . 978432 . . [6.00.2900.3156] . . c:\windows\explorer.exe

[-] 2008-04-14 . B2718EC9DC738E915D4177498E92BC4D . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\4fcdf3a74fe834ce16dc12a720df5cc7\wscntfy.exe

c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DC94DC9-92B0-497B-B61A-6FC45F5EDDBB}]
2009-11-16 08:42 286720 ----a-w- c:\windows\system32\rkfeauni.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3961680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\archivos de programa\Eset\nod32kui.exe" [2009-07-14 949376]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 172032]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 155648]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 192512]
"Fidtserv"="c:\\FIDTSERV\Fidtserv.exe" [2002-08-30 139264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-08-29 124928]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\ARCHIV~1\\MICROS~1\\OFFICE11\\POWERPNT.EXE"=
"c:\\FIDTSERV\\Fidtserv.exe"=
"c:\\Archivos de programa\\Winamp\\winamp.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Top Gear\\zsnesw.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Archivos de programa\\Mozilla Firefox\\crashreporter.exe"=
"c:\\WINDOWS\\TEMP\\winctespi.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/14/2009 6:02 PM 715248]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [7/14/2009 6:31 PM 15424]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DAC970NT
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://yah66.c60/
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\r730vtap.default\

---- FIREFOX POLICIES ----
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 22:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x863DA1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7619fc3
\Driver\ACPI -> ACPI.sys @ 0xf7475cb8
\Driver\atapi -> 0x863da1f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a009d
ParseProcedure -> ntoskrnl.exe @ 0x8056d56b
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a009d
ParseProcedure -> ntoskrnl.exe @ 0x8056d56b
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf72f5ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7302b21
SendHandler -> NDIS.sys @ 0xf72e087b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\imon.dll
c:\archivos de programa\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3924)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\TEMP\winctespi.exe
.
**************************************************************************
.
Completion time: 2009-12-10 22:18:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-11 01:18

Pre-Run: 15,429,165,056 bytes libres
Post-Run: 15,616,671,744 bytes libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - CB2877CC7041248DBA51801B7322050D

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   FCopy::
   c:\windows\SoftwareDistribution\Download\4fcdf3a74fe834ce16dc12a720df5cc7\wscntfy.exe | c:\windows\system32\wscntfy.exe
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

==

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

ComboFix 09-12-10.01 - Administrador 12/10/2009 23:39:40.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.54.3082.18.1015.753 [GMT -3:00]
Running from: c:\documents and settings\Administrador\Escritorio\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrador\Escritorio\CFScript.txt
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DAC970NT
-------\Service_dac970nt


((((((((((((((((((((((((( Files Created from 2009-11-11 to 2009-12-11 )))))))))))))))))))))))))))))))
.

2009-12-11 02:31 . 2009-12-11 02:31 -------- d-----w- C:\Combo-Fix25338C
2009-12-11 02:26 . 2009-12-11 02:29 -------- d-----w- C:\Combo-Fix
2009-12-11 01:12 . 2009-12-11 01:12 -------- d-----w- c:\windows\system32\wbem\snmp
2009-12-11 01:12 . 2009-12-11 01:12 -------- d-----w- c:\windows\system32\xircom
2009-12-11 01:12 . 2009-12-11 01:12 -------- d-----w- c:\archivos de programa\microsoft frontpage
2009-12-09 05:59 . 2009-12-09 05:59 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\ezLife
2009-12-09 05:59 . 2009-12-09 05:59 -------- d-----w- c:\archivos de programa\ezLife
2009-12-08 06:51 . 2009-12-08 06:51 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2009-12-08 06:51 . 2009-12-03 19:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-08 06:51 . 2009-12-08 06:51 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2009-12-08 06:51 . 2009-12-08 06:51 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-12-08 06:51 . 2009-12-03 19:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-06 06:48 . 2009-12-06 06:48 -------- d-----w- c:\archivos de programa\Ares
2009-12-06 06:04 . 2009-12-06 06:04 -------- d-----w- c:\archivos de programa\Trend Micro
2009-12-03 06:45 . 2009-12-09 05:51 -------- d-----w- C:\BrowserPlusPlugins
2009-11-24 05:05 . 2009-11-24 05:05 -------- d-----w- c:\windows\ServicePackFiles
2009-11-24 03:53 . 2009-11-24 04:22 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-11-24 03:25 . 2008-01-15 19:01 100352 ------w- c:\windows\system32\dllcache\6to4svc.dll
2009-11-24 03:24 . 2008-06-14 17:59 272512 ------w- c:\windows\system32\drivers\bthport.sys
2009-11-24 03:24 . 2008-06-14 17:59 272512 ------w- c:\windows\system32\dllcache\bthport.sys
2009-11-24 03:22 . 2005-07-26 04:29 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-11-24 03:21 . 2009-03-06 14:01 286720 ------w- c:\windows\system32\dllcache\pdh.dll
2009-11-24 03:21 . 2009-02-09 10:03 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-11-24 03:21 . 2009-02-06 09:41 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-11-24 03:21 . 2009-02-09 10:03 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-11-24 03:21 . 2009-02-06 09:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-11-24 03:21 . 2009-02-09 10:03 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-11-24 03:21 . 2009-02-09 10:03 685568 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-11-24 03:21 . 2009-02-09 09:53 111104 ------w- c:\windows\system32\dllcache\services.exe
2009-11-24 03:21 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-11-24 03:19 . 2008-05-08 12:14 203008 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-11-24 03:19 . 2008-10-24 11:25 455936 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-24 03:19 . 2008-12-11 10:24 333184 ------w- c:\windows\system32\dllcache\srv.sys
2009-11-24 03:19 . 2008-05-01 14:31 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-11-24 03:19 . 2009-07-10 13:37 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-11-24 03:18 . 2008-04-11 18:40 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-11-24 03:18 . 2009-08-04 17:16 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-24 03:18 . 2009-08-04 17:16 2188416 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-11-24 03:18 . 2009-08-04 17:16 2065408 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-24 03:18 . 2009-08-04 17:16 2023424 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-11-24 03:17 . 2009-06-05 07:55 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-11-24 03:13 . 2008-10-15 16:55 339456 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-11-24 03:13 . 2008-09-04 16:34 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-11-24 03:12 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-11-23 18:18 . 2009-11-23 18:18 -------- d-----w- c:\windows\Sun
2009-11-19 21:01 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-19 21:01 . 2009-08-06 22:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-19 03:30 . 2009-11-19 03:30 0 ----a-w- c:\windows\nsreg.dat
2009-11-19 03:26 . 2009-12-11 02:46 -------- d-----w- c:\documents and settings\Administrador\Tracing
2009-11-19 03:20 . 2009-11-19 03:20 -------- d-----w- c:\archivos de programa\Microsoft
2009-11-19 03:19 . 2009-11-19 03:19 -------- d-----w- c:\archivos de programa\Windows Live SkyDrive
2009-11-19 03:16 . 2009-11-19 03:16 -------- d-----w- c:\archivos de programa\Archivos comunes\Windows Live
2009-11-16 08:42 . 2009-11-16 08:42 286720 ----a-w- c:\windows\system32\rkfeauni.dll
2009-11-16 08:42 . 2009-11-16 08:42 290304 ----a-w- c:\windows\system32\chzljtyv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 05:44 . 2001-08-24 10:00 81758 ----a-w- c:\windows\system32\perfc00A.dat
2009-12-09 05:44 . 2001-08-24 10:00 463286 ----a-w- c:\windows\system32\perfh00A.dat
2009-11-19 03:21 . 2009-07-14 21:37 -------- d-----w- c:\archivos de programa\Windows Live
.

------- Sigcheck -------

[-] 2009-08-06 . A0812BE2A177C1CCC8B30ED05F4BCFB1 . 127200 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2008-04-14 . 846908F3A9F03F85E78103ED9D87B441 . 112128 . . [5.4.3790.5512] . . c:\windows\SoftwareDistribution\Download\4fcdf3a74fe834ce16dc12a720df5cc7\wuauclt.exe

[-] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\4fcdf3a74fe834ce16dc12a720df5cc7\explorer.exe
[-] 2008-01-15 . 6DA46BE8EDC7CA0ACD12C50FCD8BB19A . 978432 . . [6.00.2900.3156] . . c:\windows\explorer.exe

[-] 2008-04-14 . B2718EC9DC738E915D4177498E92BC4D . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\4fcdf3a74fe834ce16dc12a720df5cc7\wscntfy.exe

c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DC94DC9-92B0-497B-B61A-6FC45F5EDDBB}]
2009-11-16 08:42 286720 ----a-w- c:\windows\system32\rkfeauni.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3961680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\archivos de programa\Eset\nod32kui.exe" [2009-07-14 949376]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 172032]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 155648]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 192512]
"Fidtserv"="c:\\FIDTSERV\Fidtserv.exe" [2002-08-30 139264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-08-29 124928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\ARCHIV~1\\MICROS~1\\OFFICE11\\POWERPNT.EXE"=
"c:\\FIDTSERV\\Fidtserv.exe"=
"c:\\Archivos de programa\\Winamp\\winamp.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Top Gear\\zsnesw.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Archivos de programa\\Mozilla Firefox\\crashreporter.exe"=
"c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winmqxg.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [7/14/2009 6:31 PM 15424]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/14/2009 6:02 PM 715248]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DAC970NT
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://yah66.c60/
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\r730vtap.default\

---- FIREFOX POLICIES ----
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 23:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\imon.dll
c:\archivos de programa\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(816)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\NOTEPAD.EXE
c:\docume~1\ADMINI~1\CONFIG~1\Temp\winmqxg.exe
.
**************************************************************************
.
Completion time: 2009-12-10 23:52:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-11 02:52
ComboFix2.txt 2009-12-11 01:18

Pre-Run: 15,479,234,560 bytes libres
Post-Run: 15,423,426,560 bytes libres

- - End Of File - - E1F586067D2B8EFE2DBFA3B6A4FB1861

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   FCopy::
   c:\windows\SoftwareDistribution\Download\4fcdf3a74fe834ce16dc12a720df5cc7\wscntfy.exe | c:\windows\system32\wscntfy.exe
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

Please download SpiderKill by DragonMaster Jay and save it to your Desktop.

• Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  
• Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  
• Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

here it is:

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Versi¢n 5.1.2600]

********************Drivers list********************


El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: 1C00-F16B

Directorio de C:\Windows\System32\Drivers

12/11/2009 11:31 AM .
12/11/2009 11:31 AM ..
08/19/2004 02:18 PM 189,056 acpi.sys
08/24/2001 07:00 AM 12,032 acpiec.sys
02/14/2006 06:22 PM 142,464 aec.sys
08/14/2008 06:48 AM 138,368 afd.sys
10/26/2007 07:20 AM 4,124,352 ALCXWDM.SYS
01/15/2008 04:14 PM 41,216 amdk6.sys
01/15/2008 04:14 PM 41,600 amdk7.sys
07/14/2009 06:31 PM 512,096 amon.sys
01/15/2008 04:14 PM 60,800 arp1394.sys
08/03/2004 10:05 PM 14,336 asyncmac.sys
08/03/2004 06:59 PM 95,360 atapi.sys
08/03/2004 09:58 PM 59,904 atmarpc.sys
08/24/2001 07:00 AM 31,360 atmepvc.sys
08/03/2004 09:58 PM 55,936 atmlane.sys
08/24/2001 07:00 AM 352,256 atmuni.sys
08/17/2001 05:59 PM 3,072 audstub.sys
08/17/2001 05:57 PM 14,080 battc.sys
08/24/2001 07:00 AM 4,224 beep.sys
08/03/2004 09:59 PM 71,552 bridge.sys
06/14/2008 02:59 PM 272,512 bthport.sys
08/24/2001 07:00 AM 13,952 cbidf2k.sys
08/03/2004 11:10 PM 17,024 CCDECODE.sys
01/15/2008 04:12 PM 18,688 cdaudio.sys
08/03/2004 10:14 PM 63,744 cdfs.sys
08/03/2004 09:59 PM 49,536 cdrom.sys
01/15/2008 04:12 PM 262,528 cinemst2.sys
08/03/2004 10:14 PM 49,664 classpnp.sys
08/03/2004 07:07 PM 14,080 CmBatt.sys
08/17/2001 05:58 PM 9,344 compbatt.sys
01/15/2008 04:12 PM 11,776 cpqdap01.sys
01/15/2008 04:14 PM 40,704 crusoe.sys
07/14/2009 02:32 PM disdn
08/03/2004 09:59 PM 36,352 disk.sys
08/03/2004 09:59 PM 14,208 diskdump.sys
08/19/2004 02:28 PM 800,256 dmboot.sys
08/19/2004 02:28 PM 154,240 dmio.sys
08/24/2001 07:00 AM 5,888 dmload.sys
08/03/2004 07:07 PM 52,864 DMusic.sys
08/03/2004 07:08 PM 60,288 drmk.sys
08/03/2004 07:07 PM 2,944 drmkaud.sys
08/24/2001 07:00 AM 10,496 dxapi.sys
08/03/2004 10:00 PM 71,040 dxg.sys
08/24/2001 07:00 AM 3,328 dxgthk.sys
12/10/2009 11:46 PM etc
08/03/2004 10:14 PM 143,360 fastfat.sys
08/03/2004 09:59 PM 27,392 fdc.sys
08/24/2001 07:00 AM 35,072 fips.sys
08/03/2004 09:59 PM 20,480 flpydisk.sys
01/15/2008 04:01 PM 128,768 fltMgr.sys
01/15/2008 04:12 PM 12,416 fsvga.sys
08/24/2001 07:00 AM 7,936 fs_rec.sys
08/24/2001 07:00 AM 125,952 ftdisk.sys
08/24/2001 07:00 AM 3,440,660 gm.dls
08/24/2001 07:00 AM 646 gmreadme.txt
02/26/2006 11:47 AM 138,752 hdaudbus.sys
02/26/2006 11:47 AM 145,920 hdaudio.sys
08/03/2004 10:08 PM 36,224 hidclass.sys
08/03/2004 10:08 PM 24,960 hidparse.sys
08/17/2001 10:02 PM 9,600 hidusb.sys
01/15/2008 04:00 PM 262,656 http.sys
08/19/2004 02:23 PM 53,760 i8042prt.sys
02/07/2006 09:04 AM 1,399,615 ialmnt5.sys
08/03/2004 10:00 PM 41,856 imapi.sys
08/19/2004 11:26 AM 5,632 intelide.sys
08/19/2004 02:26 PM 40,320 intelppm.sys
08/03/2004 10:00 PM 29,056 ip6fw.sys
08/24/2001 07:00 AM 32,896 ipfltdrv.sys
08/03/2004 10:04 PM 20,992 ipinip.sys
01/15/2008 04:06 PM 136,320 ipnat.sys
08/03/2004 10:14 PM 74,752 ipsec.sys
08/03/2004 07:00 PM 87,424 irda.sys
08/03/2004 10:00 PM 11,264 irenum.sys
08/22/2001 05:28 PM 36,352 isapnp.sys
08/19/2004 02:28 PM 25,088 kbdclass.sys
06/14/2006 02:50 AM 172,416 kmixer.sys
08/03/2004 07:15 PM 140,928 ks.sys
06/22/2009 08:35 AM 92,544 ksecdd.sys
12/03/2009 04:13 PM 19,160 mbam.sys
12/03/2009 04:14 PM 38,224 mbamswissarmy.sys
08/24/2001 07:00 AM 7,680 mcd.sys
01/15/2008 04:14 PM 63,744 mf.sys
08/24/2001 07:00 AM 4,224 mnmdd.sys
01/15/2008 04:14 PM 30,336 modem.sys
01/15/2008 04:14 PM 23,552 mouclass.sys
08/03/2004 09:58 PM 42,240 mountmgr.sys
06/22/2009 08:30 AM 91,776 mqac.sys
08/03/2004 10:00 PM 181,248 mrxdav.sys
10/24/2008 08:25 AM 455,936 mrxsmb.sys
08/03/2004 10:00 PM 19,072 msfs.sys
08/03/2004 10:04 PM 35,072 msgpc.sys
08/03/2004 06:58 PM 7,552 MSKSSRV.sys
08/03/2004 06:58 PM 5,376 MSPCLOCK.sys
08/03/2004 06:58 PM 4,992 MSPQM.sys
01/15/2008 04:14 PM 15,488 mssmbios.sys
08/03/2004 10:58 PM 5,504 MSTEE.sys
02/06/2003 11:22 AM 210,128 mtlmnt5.sys
02/06/2003 11:25 AM 1,290,760 mtlstrm.sys
08/03/2004 10:15 PM 107,904 mup.sys
08/03/2004 11:10 PM 85,376 NABTSFEC.sys
08/03/2004 10:14 PM 182,912 ndis.sys
08/03/2004 11:10 PM 10,880 NdisIP.sys
08/24/2001 07:00 AM 9,600 ndistapi.sys
01/15/2008 04:14 PM 14,592 ndisuio.sys
08/03/2004 10:14 PM 91,776 ndiswan.sys
08/24/2001 07:00 AM 38,016 ndproxy.sys
08/03/2004 10:03 PM 34,560 netbios.sys
08/03/2004 10:14 PM 162,816 netbt.sys
01/15/2008 04:14 PM 61,824 nic1394.sys
01/15/2008 04:12 PM 12,032 nikedrv.sys
08/03/2004 09:59 PM 40,320 nmnt.sys
07/14/2009 06:31 PM 15,424 nod32drv.sys
08/03/2004 10:00 PM 30,848 npfs.sys
08/03/2004 07:00 PM 28,672 nscirda.sys
02/09/2007 08:23 AM 574,976 ntfs.sys
02/05/2003 05:25 PM 162,136 ntmtlfax.sys
08/24/2001 07:00 AM 2,944 null.sys
08/24/2001 07:00 AM 12,416 nwlnkflt.sys
08/24/2001 07:00 AM 32,512 nwlnkfwd.sys
08/03/2004 10:03 PM 88,448 nwlnkipx.sys
08/24/2001 07:00 AM 63,232 nwlnknb.sys
08/24/2001 07:00 AM 55,936 nwlnkspx.sys
01/15/2008 04:02 PM 163,456 nwrdr.sys
08/24/2001 07:00 AM 3,456 oprghdlr.sys
01/15/2008 04:14 PM 46,720 p3.sys
01/15/2008 04:14 PM 80,256 parport.sys
08/24/2001 07:00 AM 18,688 partmgr.sys
08/24/2001 07:00 AM 7,040 parvdm.sys
08/19/2004 11:18 AM 68,992 pci.sys
08/24/2001 07:00 AM 3,456 pciide.sys
08/03/2004 06:59 PM 25,088 pciidex.sys
08/19/2004 11:18 AM 120,192 pcmcia.sys
08/03/2004 07:15 PM 145,792 portcls.sys
01/15/2008 04:14 PM 39,552 processr.sys
08/03/2004 10:04 PM 69,120 psched.sys
08/24/2001 07:00 AM 17,792 ptilink.sys
08/24/2001 07:00 AM 8,832 rasacd.sys
08/17/2001 05:51 PM 19,584 rasirda.sys
08/03/2004 10:14 PM 51,328 rasl2tp.sys
08/03/2004 10:05 PM 41,472 raspppoe.sys
08/03/2004 10:14 PM 48,384 raspptp.sys
08/24/2001 07:00 AM 16,512 raspti.sys
08/24/2001 07:00 AM 34,432 rawwan.sys
01/15/2008 04:00 PM 174,592 rdbss.sys
08/24/2001 07:00 AM 4,224 rdpcdd.sys
08/03/2004 11:01 PM 196,864 rdpdr.sys
01/15/2008 03:58 PM 139,528 rdpwd.sys
08/19/2004 11:21 AM 58,624 redbook.sys
01/15/2008 04:12 PM 12,032 rio8drv.sys
01/15/2008 04:12 PM 12,032 riodrv.sys
05/08/2008 09:14 AM 203,008 rmcast.sys
08/03/2004 10:04 PM 30,080 rndismp.sys
08/24/2001 07:00 AM 5,888 rootmdm.sys
07/12/2007 12:49 PM 96,384 Rtnicxp.sys
08/03/2004 09:59 PM 96,256 scsiport.sys
08/03/2004 10:07 PM 67,584 sdbus.sys
01/15/2008 03:55 PM 20,480 secdrv.sys
08/03/2004 09:59 PM 15,488 serenum.sys
08/19/2004 02:23 PM 66,176 serial.sys
01/15/2008 04:12 PM 18,176 sermouse.sys
08/03/2004 09:59 PM 11,136 sffdisk.sys
08/03/2004 09:59 PM 10,240 sffp_sd.sys
08/03/2004 09:59 PM 11,392 sfloppy.sys
08/03/2004 11:10 PM 11,136 SLIP.sys
02/05/2003 05:42 PM 506,912 slntamr.sys
02/17/2003 07:09 PM 85,552 slnthal.sys
01/17/2003 01:19 AM 39,348 slwdmsup.sys
08/24/2001 07:00 AM 14,592 smclib.sys
01/15/2008 04:14 PM 25,472 sonydcam.sys
06/14/2006 02:50 AM 6,272 splitter.sys
07/14/2009 06:02 PM 715,248 sptd.sys
08/19/2004 02:33 PM 73,600 sr.sys
12/11/2008 07:24 AM 333,184 srv.sys
08/03/2004 07:08 PM 48,640 stream.sys
08/03/2004 11:10 PM 15,360 StreamIP.sys
01/15/2008 04:14 PM 4,352 swenum.sys
08/17/2001 06:00 PM 54,272 swmidi.sys
08/03/2004 07:15 PM 60,800 sysaudio.sys
08/03/2004 10:00 PM 14,976 tape.sys
06/20/2008 07:44 AM 360,960 tcpip.sys
06/20/2008 06:32 AM 225,920 tcpip6.sys
08/03/2004 10:07 PM 18,560 tdi.sys
08/19/2004 02:43 PM 12,040 tdpipe.sys
08/19/2004 02:43 PM 21,896 tdtcp.sys
08/19/2004 03:43 PM 40,840 termdd.sys
01/15/2008 04:12 PM 51,712 tosdvd.sys
01/15/2008 04:12 PM 21,376 tsbvcap.sys
01/15/2008 04:14 PM 12,416 tunmp.sys
08/03/2004 10:00 PM 66,176 udfs.sys
07/14/2009 02:34 PM UMDF
01/15/2008 04:04 PM 364,160 update.sys
08/03/2004 10:04 PM 12,672 usb8023.sys
01/15/2008 04:12 PM 23,808 usbcamd.sys
01/15/2008 04:12 PM 23,936 usbcamd2.sys
08/24/2001 07:00 AM 4,736 usbd.sys
01/15/2008 04:06 PM 30,208 usbehci.sys
10/23/2006 05:14 AM 59,264 usbhub.sys
01/15/2008 04:14 PM 16,000 usbintel.sys
10/23/2006 05:14 AM 143,488 usbport.sys
08/03/2004 10:58 PM 15,104 usbscan.sys
08/03/2004 10:08 PM 26,496 usbstor.sys
10/23/2006 05:14 AM 20,608 usbuhci.sys
03/13/2003 04:39 PM 93,305 usbVM31b.sys
01/15/2008 04:12 PM 58,112 vdmindvd.sys
08/03/2004 10:07 PM 20,992 vga.sys
08/03/2004 10:07 PM 79,744 videoprt.sys
08/19/2004 02:28 PM 53,248 volsnap.sys
08/02/2006 10:09 AM 674,560 w70n51.sys
08/03/2004 10:04 PM 34,560 wanarp.sys
06/14/2006 03:17 AM 82,944 wdmaud.sys
08/24/2001 07:00 AM 4,352 wmilib.sys
01/09/2008 07:02 PM 38,528 wpdusb.sys
08/24/2001 07:00 AM 12,032 ws2ifsl.sys
08/03/2004 11:10 PM 19,328 WSTCODEC.SYS
01/09/2008 07:02 PM 77,568 wudfpf.sys
01/09/2008 07:02 PM 82,944 wudfrd.sys
212 archivos 26,628,382 bytes

Directorio de C:\Windows\System32\Drivers\disdn

07/14/2009 02:32 PM .
07/14/2009 02:32 PM ..
0 archivos 0 bytes

Directorio de C:\Windows\System32\Drivers\etc

12/10/2009 11:46 PM .
12/10/2009 11:46 PM ..
12/10/2009 11:46 PM 27 hosts
08/24/2001 07:00 AM 3,429 lmhosts.sam
08/24/2001 07:00 AM 418 networks
08/24/2001 07:00 AM 908 protocol
08/24/2001 07:00 AM 7,666 services
5 archivos 12,448 bytes

Directorio de C:\Windows\System32\Drivers\UMDF

07/14/2009 02:34 PM .
07/14/2009 02:34 PM ..
01/09/2008 07:02 PM 671,232 wpdmtpdr.dll
1 archivos 671,232 bytes

Total de archivos en la lista:
218 archivos 27,312,062 bytes
11 dirs 14,545,715,200 bytes libres


***********************Hidden Drivers********************
El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: 1C00-F16B

Directorio de C:\Windows\System32\Drivers



*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 596 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 644 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 668 High C:\WINDOWS\system32\winlogon.exe
services.exe 712 Normal C:\WINDOWS\system32\services.exe
lsass.exe 724 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 884 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 960 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1064 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1120 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1568 Normal C:\WINDOWS\system32\spoolsv.exe
Explorer.EXE 1728 Normal C:\WINDOWS\Explorer.EXE
igfxtray.exe 1860 Normal C:\WINDOWS\system32\igfxtray.exe
hkcmd.exe 1868 Normal C:\WINDOWS\system32\hkcmd.exe
igfxpers.exe 1876 Normal C:\WINDOWS\system32\igfxpers.exe
msnmsgr.exe 1892 Normal C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
svchost.exe 728 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 2380 Normal C:\WINDOWS\system32\svchost.exe
firefox.exe 3100 Normal C:\Archivos de programa\Mozilla Firefox\firefox.exe
wuauclt.exe 3436 Normal C:\WINDOWS\system32\wuauclt.exe
wintnoidm.exe 1216 Normal C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\wintnoidm.exe
cmd.exe 1348 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 3124 Normal C:\Documents and Settings\Administrador\Escritorio\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(1728)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 987136 C:\WINDOWS\Explorer.EXE 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311) Explorador de Windows
ntdll.dll 7c910000 753664 C:\WINDOWS\system32\ntdll.dll 5.1.2600.3520 (xpsp_sp2_qfe.090206-1239) DLL de la capa de Windows NT
kernel32.dll 7c800000 1056768 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3541 (xpsp_sp2_qfe.090321-1324) DLL de cliente API BASE de Windows NT
ADVAPI32.dll 77da0000 704512 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.3520 (xpsp_sp2_qfe.090206-1239) API base de Windows 32 avanzado
RPCRT4.dll 77e50000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3555 (xpsp_sp2_qfe.090415-1244) Remote Procedure Call Runtime
BROWSEUI.dll 75f30000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.3231 (xpsp_sp2_qfe.071010-1316) Biblioteca de IU Shell Browser
GDI32.dll 77ef0000 294912 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3466 (xpsp_sp2_qfe.081022-1300) GDI Client DLL
USER32.dll 7e390000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217) DLL de cliente USER API de Windows XP
msvcrt.dll 77be0000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
ole32.dll 774b0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp.050725-1531) Microsoft OLE para Windows
SHLWAPI.dll 77f40000 507904 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3231 (xpsp_sp2_qfe.071010-1316) Biblioteca de utilidades de Shell
OLEAUT32.dll 770f0000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3139 5.1.2600.3139
SHDOCVW.dll 2c0000 1794048 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.3231 (xpsp_sp2_qfe.071010-1316) Biblioteca del control y el objeto documento de Shell
CRYPT32.dll 77a50000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77af0000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.3624 (xpsp_sp2_gdr.090904-1413) ASN.1 Runtime APIs
CRYPTUI.dll 76890000 540672 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Proveedor de IU de confianza de Microsoft
WINTRUST.dll 76bf0000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) APIs de verificación de confianza de Microsoft
IMAGEHLP.dll 76c50000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
NETAPI32.dll 597f0000 352256 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.3462 (xpsp_sp2_qfe.081015-1657) Net Win32 API DLL
WININET.dll 3fa00000 856064 C:\WINDOWS\system32\WININET.dll 7.00.6000.16915 (vista_gdr.090826-0339) Internet Extensions for Win32
Normaliz.dll 490000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
iertutil.dll 400a0000 282624 C:\WINDOWS\system32\iertutil.dll 7.00.6000.16915 (vista_gdr.090826-0339) Run time utility for Internet Explorer
WLDAP32.dll 76f20000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DLL de API de LDAP Win32
VERSION.dll 77bd0000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
SHELL32.dll 7e6a0000 8519680 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3402 (xpsp_sp2_gdr.080702-1233) DLL común del shell de Windows
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2845 (xpsp.060210-1526) Microsoft UxTheme Library
ShimEng.dll 5cf60000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6fdb0000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
WINMM.dll 76b00000 188416 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
MSACM32.dll 77bb0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Filtro de sonido ACM de Microsoft
USERENV.dll 76630000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
IMM32.DLL 76340000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
comctl32.dll 773a0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
comctl32.dll 58c30000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
msctfime.ime 75160000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.3531 (xpsp_sp2_gdr.090226-1229) Microsoft Text Frame Work Service IME
appHelp.dll 77b10000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
CLBCATQ.DLL 76f90000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308 2001.12.4414.308
COMRes.dll 77010000 851968 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258 2001.12.4414.258
cscui.dll 779f0000 348160 C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) IU de la caché en el lado cliente
CSCDLL.dll 765b0000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Agente de red sin conexión
themeui.dll 5ba10000 471040 C:\WINDOWS\system32\themeui.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Temas de Windows API
Secur32.dll 77fc0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.3592 (xpsp_sp2_qfe.090622-1503) Security Support Provider Interface
MSIMG32.dll 76330000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDIEXT Client DLL
xpsp2res.dll 20000000 3362816 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Mensajes de Service Pack 2
actxprxy.dll 71ce0000 114688 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ActiveX Interface Marshaling Library
msutb.dll 60040000 208896 C:\WINDOWS\system32\msutb.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DLL de MSUTB Server
MSCTF.dll 746b0000 307200 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DLL del servidor MSCTF
SAMLIB.dll 71b90000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
SETUPAPI.dll 778f0000 1011712 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) API de instalación de Windows
ieframe.dll 40290000 6082560 C:\WINDOWS\system32\ieframe.dll 7.00.6000.16915 (vista_gdr.090826-0339) Internet Explorer
PSAPI.DLL 76bb0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Process Status Helper
urlmon.dll 44430000 1212416 C:\WINDOWS\system32\urlmon.dll 7.00.6000.16915 (vista_gdr.090826-0339) OLE32 Extensions for Win32
msi.dll 7d1f0000 2875392 C:\WINDOWS\system32\msi.dll 3.1.4000.4039 Windows Installer
mshtml.dll 3faf0000 3624960 C:\WINDOWS\system32\mshtml.dll 7.00.6000.16915 (vista_gdr.090826-0339) Microsoft (R) HTML Viewer
msls31.dll 1610000 167936 C:\WINDOWS\system32\msls31.dll 3.10.349.0 Microsoft Line Services library file
LINKINFO.dll 76940000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.2751 (xpsp.050831-1531) Windows Volume Tracking
ntshrui.dll 76950000 241664 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Extensiones de interfaz para uso compartido
ATL.DLL 76ae0000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
mlang.dll 75dd0000 593920 C:\WINDOWS\system32\mlang.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
ws2_32.dll 71a30000 94208 C:\WINDOWS\system32\ws2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71a20000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Ayuda de Windows Socket 2.0 para Windows NT
RASAPI32.dll 76ea0000 245760 C:\WINDOWS\system32\RASAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) API de acceso remoto
rasman.dll 76e50000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll 76e70000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DLL cliente de la API de telefonía de Microsoft Windows(TM)
rtutils.dll 76e40000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
sensapi.dll 72250000 20480 C:\WINDOWS\system32\sensapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SENS Connectivity API DLL
msv1_0.dll 77c40000 151552 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.3625 (xpsp_sp2_qfe.090909-1246) Microsoft Authentication Package v1.0
cryptdll.dll 76750000 49152 C:\WINDOWS\system32\cryptdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Cryptography Manager
iphlpapi.dll 76d20000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2912 (xpsp.060519-0015) API auxiliar para IP
WINSTA.dll 76310000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
wpdshserviceobj.dll 164a0000 143360 C:\WINDOWS\system32\wpdshserviceobj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d550000 360448 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.3494 (xpsp_sp2_gdr.081216-1254) Windows HTTP Services
portabledevicetypes.dll 109c0000 180224 C:\WINDOWS\system32\portabledevicetypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
webcheck.dll 43560000 245760 C:\WINDOWS\system32\webcheck.dll 7.00.6000.16915 (vista_gdr.090826-0339) Web Site Monitor
stobject.dll 765d0000 159744 C:\WINDOWS\system32\stobject.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Objeto de servicio de núcleo Systray
BatMeter.dll 74a80000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) DLL del ayudante del medidor de la batería
POWRPROF.dll 74a60000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Power Profile Helper DLL
WTSAPI32.dll 76f10000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
portabledeviceapi.dll 10930000 299008 C:\WINDOWS\system32\portabledeviceapi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
msimtf.dll 74680000 172032 C:\WINDOWS\system32\msimtf.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Active IMM Server DLL
wdmaud.drv 72ca0000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper
msacm32.drv 72c90000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Asignador de sonido de Microsoft
midimap.dll 77ba0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Mapeador Microsoft MIDI
NETSHELL.dll 2eb0000 2150400 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.2658 (xpsp.050419-1524) Núcleo de conexiones de red
credui.dll 30c0000 217088 C:\WINDOWS\system32\credui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Interfaz de usuario del administrador de credenciales
MPR.dll 71aa0000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DLL del enrutador de provisión múltiple
drprov.dll 75f10000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Terminal Server Network Provider
ntlanman.dll 71bb0000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Lan Manager
NETUI0.dll 71c70000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Código común de NT LM UI - Clases de GUI
NETUI1.dll 71c30000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - Networking classes
NETRAP.dll 71c20000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Remote Admin Protocol DLL
davclnt.dll 75f20000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Web DAV Client DLL
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
rarext.dll c50000 188416 C:\Archivos de programa\WinRAR\rarext.dll
UnlockerCOM.dll 10000000 24576 C:\Archivos de programa\Unlocker\UnlockerCOM.dll
mbamext.dll 1360000 98304 C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamext.dll 1, 3, 0, 0 Malwarebytes' Anti-Malware
nodshex.dll 23f0000 65536 C:\Archivos de programa\Eset\nodshex.dll
CMExt.dll 2430000 135168 C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll 1.2.1.2 CMenuExtender
browselc.dll 24d0000 77824 C:\WINDOWS\system32\browselc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Biblioteca de IU Shell Browser
AcroIEHelper.dll 2d20000 65536 C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 8.0.0.2006102200 Adobe PDF Helper for Internet Explorer
MSVCR80.dll 78130000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 8.00.50727.762 Microsoft C Runtime Library
SDHelper.dll 3760000 1155072 C:\ARCHIV~1\SPYBOT~1\SDHelper.dll 1, 5, 0, 8 SBSD IE Protection
faultrep.dll 69930000 90112 C:\WINDOWS\system32\faultrep.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Informe de errores de Windows
olepro32.dll 5f1f0000 94208 C:\WINDOWS\system32\olepro32.dll 5.1.2600.2180 5.1.2600.2180
ssv.dll 6d7c0000 495616 C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll 6.0.30.5 Java(TM) Platform SE binary
MSVCR71.dll 7c340000 352256 C:\Archivos de programa\Java\jre1.6.0_03\bin\MSVCR71.dll 7.10.3052.4 Microsoft C Runtime Library
SXS.DLL 3b20000 724992 C:\WINDOWS\system32\SXS.DLL 5.1.2600.3019 (xpsp.061019-0442) Fusion 2.5
DUSER.dll 6c6a0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows DirectUser Engine
msohev.dll 325c0000 73728 C:\ARCHIV~1\MICROS~1\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
NeroDigitalExt.dll 1100000 1802240 C:\Archivos de programa\Archivos comunes\Nero\Lib\NeroDigitalExt.dll 3, 1, 0, 8 Nero Digital Shell Extension
MFC80.DLL 781d0000 1110016 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL 8.00.50727.762 MFCDLL Shared Library - Retail Version
MSVCP80.dll 7c420000 552960 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll 8.00.50727.762 Microsoft C++ Runtime Library
MFC80ESP.DLL 5d360000 61440 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ESP.DLL 8.00.50727.762 MFC Language Specific Resources
PDFShell.dll eb0000 372736 C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\PDFShell.dll 8.1.0.0 PDF Shell Extension
MSISIP.DLL 60980000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4000.1823 MSI Signature SIP Provider
wshext.dll 74e30000 65536 C:\WINDOWS\system32\wshext.dll 5.6.0.8820 Microsoft (r) Shell Extension for Windows script Host
MFC42.DLL 73d50000 1040384 C:\WINDOWS\system32\MFC42.DLL 6.02.4131.0 MFCDLL Shared Library - Retail Version
comdlg32.dll 76360000 303104 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) DLL de diálogos comunes
MFC42LOC.DLL 61df0000 57344 C:\WINDOWS\system32\MFC42LOC.DLL 6.00.8665.0 MFC Language Specific Resources
MCPS.DLL 36d30000 110592 C:\ARCHIV~1\MICROS~1\OFFICE11\MCPS.DLL 11.0.8164 Media Catalog Proxy/Stub



******************************************
EOF

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

this is a full scan,, with updates ran prior to scan!

Malwarebytes' Anti-Malware 1.42
Database version: 3363
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

12/15/2009 3:16:10 AM
mbam-log-2009-12-15 (03-16-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 126231
Time elapsed: 1 hour(s), 1 minute(s), 35 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\Documents and Settings\Administrador\Configuración local\temp\winnedwi.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrador\Configuración local\temp\winnedwi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Mis documentos\Mis vídeos\norton antivirus 2009 with key.exe (P2P.Dropper.A) -> Quarantined and deleted successfully.

Please download Norman Malware Cleaner and save to your desktop.
alternate download link

• Be sure to print out the instructions provided on the same page.
  
• Restart your computer in Safe Mode.
  
• Double-click on Norman_Malware_Cleaner.exe to start the program.
  
• Read the End User License Agreement and click the Accept button to open the scanning window.
  
• Click Start Scan to begin.
  
• In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  
• After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  

Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.