Not sure what I have picked up as both the updaters are blocked and I have the annoying Vimax ads everywhere. From looking at other posts I'm sure it is a virus but not sure of the type.

I'm running XP pro on what is rather an old machine.

Here is the Hijack This log.

Thanks for any help in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:35:01, on 15/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Archivos de programa\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.wanadoo.es/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Archivos de programa\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1013018
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Archivos de programa\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E0E7D5D-8A2D-4FF0-85DF-412281DDF6E4}: NameServer = 85.255.113.142 85.255.112.67
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5605 bytes

Probably should add with Avira I get the "Internet Connection Failed" message. Have tried for the last month or so to update without luck so doubt it is the Avira servers, which I have seen given as a reason.

Hello

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Hi, thanks for the advice.
I have run ComboFix and got the message that Windows Recovery Console is not installed, but when I clicked yes to continue I got a failed to install message so I aborted.

What should I do next.

Thanks

Can you run ComboFix and leave the Recovery Console step

Done - here is the log file

ComboFix 08-12-17.01 - Dylan 2008-12-18 20:33:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.223.87 [GMT 1:00]
Running from: c:\documents and settings\All Users.WINDOWS\Documentos\RD Translations\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 )))))))))))))))))))))))))))))))
.

2008-12-15 22:34 . 2008-12-15 22:34 <DIR> d-------- c:\archivos de programa\Trend Micro
2008-11-29 23:53 . 2008-11-29 23:53 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Datos de programa\Avira
2008-11-29 23:53 . 2008-11-29 23:53 <DIR> d-------- c:\archivos de programa\Avira
2008-11-29 23:42 . 2008-11-29 23:42 <DIR> d-------- c:\archivos de programa\Safer Networking

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-18 19:39 3,827,744 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-18 18:45 1,563,136 ----a-w c:\windows\Internet Logs\xDB7.tmp
2008-12-18 10:29 44,732 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-16 16:41 3,768,320 ----a-w c:\windows\Internet Logs\xDB6.tmp
2008-12-15 21:02 --------- d-----w c:\archivos de programa\Final Draft 5
2008-12-13 11:54 --------- d-----w c:\archivos de programa\Malwarebytes' Anti-Malware
2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-01 10:12 3,536,896 ----a-w c:\windows\Internet Logs\xDB5.tmp
2008-11-15 14:20 1,501,184 ----a-w c:\windows\Internet Logs\xDB4.tmp
2008-11-11 20:59 1,472,000 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-11-11 15:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Datos de programa\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-11 15:39 --------- d-----w c:\archivos de programa\iTunes
2008-11-11 15:38 --------- d-----w c:\archivos de programa\iPod
2008-11-11 15:38 --------- d-----w c:\archivos de programa\Archivos comunes\Apple
2008-11-11 15:33 --------- d-----w c:\archivos de programa\QuickTime
2008-11-10 12:12 6,531,584 ----a-w c:\windows\Internet Logs\xDB3.tmp
2008-10-26 11:28 6,574,592 ----a-w c:\windows\Internet Logs\xDB1.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"LogitechSoftwareUpdate"="c:\archivos de programa\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2008-11-15 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"ZoneAlarm Client"="c:\archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avgnt"="c:\archivos de programa\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=

S1 SASKUTIL;SASKUTIL;\??\c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.sys []

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://webmail.wanadoo.es/
IE: E&xport to Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dylan.RD-4DA98D68A538\Datos de programa\Mozilla\Firefox\Profiles\4enrggyf.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?id=2&vv=410&lc=2057&bk=66297048

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 20:38:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-18 20:42:06
ComboFix-quarantined-files.txt 2008-12-18 19:41:40

Pre-Run: 13,692,424,192 bytes libres
Post-Run: 13,713,440,768 bytes libres

95 --- E O F --- 2008-09-20 18:04:48

Hello

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Hi,
Here is the Malwarebytes log from yesterday. The Kapersky gave me a connection failure message and wouldn't work. Any suggestions?

Malwarebytes' Anti-Malware 1.31
Database version: 1496
Windows 5.1.2600 Service Pack 2

18/12/2008 22:11:28
mbam-log-2008-12-18 (22-11-28).txt

Scan type: Quick Scan
Objects scanned: 64800
Time elapsed: 11 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e0e7d5d-8a2d-4ff0-85df-412281ddf6e4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.142 85.255.112.67 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e0e7d5d-8a2d-4ff0-85df-412281ddf6e4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.142 85.255.112.67 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Try this

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit ok at the prompt for scanning in Safe Mode.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left unneutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

Also post a new HJT log

Keep getting page load error messages when I try to get the Kapersky download.

Post a new HJT log

Are you still getting redirected ?

Here is the latest HJT log.

Still can´t update Avira and the Windows Update page link takes me to MSN.com


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:40, on 20/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Archivos de programa\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
c:\archivos de programa\avira\antivir personaledition classic\avcenter.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.wanadoo.es/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Archivos de programa\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1013018
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Archivos de programa\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E0E7D5D-8A2D-4FF0-85DF-412281DDF6E4}: NameServer = 85.255.113.142 85.255.112.67
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5274 bytes

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E0E7D5D-8A2D-4FF0-85DF-412281DDF6E4}: NameServer = 85.255.113.142 85.255.112.67


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Reboot and post a new HJT log

Here is the new HJT log. As you can see, the thing I fixed seems to have reappeared.

By the way,if I haven´t said already, thanks for all your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:19, on 21/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Archivos de programa\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.wanadoo.es/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Archivos de programa\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1013018
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Archivos de programa\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E0E7D5D-8A2D-4FF0-85DF-412281DDF6E4}: NameServer = 85.255.113.142 85.255.112.67
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5242 bytes

Hello

It sounds like a case of Zlob/DNSchanger that change the router's DNS settings. Please download Malwarebytes' Anti-Malware from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.

• Launch Malwarebytes' Anti-Malware, then click Finish.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
===============================================

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

===============================================

Please post the Malwarebytes log and let me know how things are running now



Reboot and post a new HJT log