Here is the log for DDS:
DDS (Ver_09-06-26.01) - NTFSx86
Run by eid at 22:12:36.45 on 27/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.510.211 [GMT -5:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
G:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
G:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
G:\Archivos de programa\Java\jre6\bin\jqs.exe
G:\Archivos de programa\Sandboxie\SbieSvc.exe
G:\ARCHIV~1\AVG\AVG8\avgemc.exe
G:\ARCHIV~1\AVG\AVG8\avgrsx.exe
G:\ARCHIV~1\AVG\AVG8\avgnsx.exe
G:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
G:\WINDOWS\Explorer.EXE
G:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
G:\ARCHIV~1\AVG\AVG8\avgtray.exe
G:\Archivos de programa\Java\jre6\bin\jusched.exe
G:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
G:\Archivos de programa\Sandboxie\SbieCtrl.exe
G:\WINDOWS\System32\svchost.exe
G:\Archivos de programa\Mozilla Firefox\firefox.exe
G:\Archivos de programa\ProcessExplorerNT\procexp.exe
G:\Documents and Settings\eid\Escritorio\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Settings,ProxyServer = localhost:80
uInternet Settings,ProxyOverride = *.local
BHO: Aplicaci? auxiliar de v?culos de Adobe PDF Reader\0\0\0: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - g:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [CTFMON.EXE] g:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] g:\archivos de programa\spybot - search & destroy\TeaTimer.exe
uRun: [AlcoholAutomount] "g:\archivos de programa\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [SandboxieControl] "g:\archivos de programa\sandboxie\SbieCtrl.exe"
mRun: [IMJPMIG8.1] "g:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] g:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] g:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AVG8_TRAY] g:\archiv~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "g:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "g:\archivos de programa\java\jre6\bin\jusched.exe"
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\archiv~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - g:\archivos de programa\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;g:\windows\system32\drivers\Lbd.sys [2009-7-26 64160]
R0 pavboot;pavboot;g:\windows\system32\drivers\pavboot.sys [2009-7-26 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [2008-7-2 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;g:\windows\system32\drivers\avgmfx86.sys [2008-7-2 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;g:\windows\system32\drivers\avgtdix.sys [2009-3-6 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;g:\archiv~1\avg\avg8\avgemc.exe [2009-6-21 907032]
R2 avg8wd;AVG Free8 WatchDog;g:\archiv~1\avg\avg8\avgwdsvc.exe [2008-7-2 298776]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;g:\windows\system32\drivers\psxpad.sys [2007-9-16 12160]
R3 PsxPortEnumerator;Psx Port Enumerator;g:\windows\system32\drivers\psxenum.sys [2007-9-16 16896]
R3 SbieDrv;SbieDrv;g:\archivos de programa\sandboxie\SbieDrv.sys [2009-5-28 108032]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;g:\archivos de programa\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S2 spupdsvc;Windows Service Pack Installer update service;g:\windows\system32\spupdsvc.exe [2007-9-6 26488]
=============== Created Last 30 ================
2009-07-27 22:08 2,104 a------- g:\windows\system32\tmp.reg
2009-07-27 22:05 15,688 a------- g:\windows\system32\lsdelete.exe
2009-07-27 21:46 282,112 a------- g:\windows\system32\TBDE4.tmp
2009-07-27 21:38 597,504 -c------ g:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-27 21:38 89,088 -c------ g:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-27 21:38 117,760 -------- g:\windows\system32\prntvpt.dll
2009-07-27 21:38 575,488 -c------ g:\windows\system32\dllcache\xpsshhdr.dll
2009-07-27 21:38 575,488 -------- g:\windows\system32\xpsshhdr.dll
2009-07-27 21:38 1,676,288 -c------ g:\windows\system32\dllcache\xpssvcs.dll
2009-07-27 21:38 1,676,288 -------- g:\windows\system32\xpssvcs.dll
2009-07-27 21:38 <DIR> --d----- G:\f75fd1227178d618c8e7908195ea786b
2009-07-27 20:28 <DIR> --d----- g:\archivos de programa\MSXML 6.0
2009-07-27 19:51 102,664 a------- g:\windows\system32\drivers\tmcomm.sys
2009-07-27 19:48 <DIR> --d----- g:\documents and settings\eid\.housecall6.6
2009-07-27 18:59 <DIR> --d----- G:\SDFix
2009-07-26 23:43 28,544 a------- g:\windows\system32\drivers\pavboot.sys
2009-07-26 23:09 <DIR> --d----- g:\archivos de programa\Trend Micro
2009-07-26 22:54 <DIR> --d----- g:\archivos de programa\Panda Security
2009-07-26 16:16 64,160 a------- g:\windows\system32\drivers\Lbd.sys
2009-07-26 16:14 <DIR> -cd-h--- g:\docume~1\alluse~1\datosd~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-26 16:14 <DIR> --d----- g:\archivos de programa\Lavasoft
2009-07-26 16:00 77 a------- G:\PLAYSTATION.CUE
2009-07-26 15:55 740,416,656 a------- G:\PLAYSTATION.BIN
2009-07-26 15:23 <DIR> --d----- G:\Rata Blanca D2
2009-07-26 13:15 <DIR> -cd----- g:\windows\system32\dllcache\cache
2009-07-26 13:02 212,480 a------- g:\windows\SWXCACLS_exe
2009-07-26 13:02 161,792 a------- g:\windows\SWREG_exe
2009-07-26 13:02 136,704 a------- g:\windows\SWSC_exe
2009-07-26 13:02 68,096 a------- g:\windows\zip_exe
2009-07-26 05:12 <DIR> --d----- g:\documents and settings\eid\jkos-eid
2009-07-26 03:42 <DIR> --d----- g:\docume~1\alluse~1\datosd~1\13009534
2009-07-26 03:42 40,960 ---shr-- g:\windows\system32\flashad32.dll
2009-07-24 22:57 237,568 a------- g:\windows\system32\rmc_rtspdl.dll
2009-07-24 22:57 156,672 a------- g:\windows\system32\rmc_fixasf.exe
2009-07-24 22:56 323,584 a------- g:\windows\system32\AUDIOGENIE2.DLL
2009-07-24 22:54 <DIR> --d----- g:\windows\Replay Media Catcher
2009-07-24 22:54 <DIR> --d----- g:\archivos de programa\Replay Media Catcher
2009-07-23 02:25 <DIR> --d----- G:\Sandbox
2009-07-23 02:24 1,464 a------- g:\windows\Sandboxie.ini
2009-07-23 02:24 <DIR> --d----- g:\archivos de programa\Sandboxie
2009-07-15 01:28 <DIR> --d----- g:\windows\system32\NtmsData
2009-07-14 13:53 <DIR> --d----- g:\archivos de programa\FlashFXP
2009-07-13 23:57 634 a------- g:\windows\system32\MAPISVC.INF
2009-07-13 23:56 <DIR> --d----- g:\archivos de programa\Ontrack
==================== Find3M ====================
2009-07-26 05:22 410,984 a------- g:\windows\system32\deploytk.dll
2009-07-26 03:41 182,912 a------- g:\windows\system32\drivers\ndis.sys
2009-07-03 09:38 335,752 a------- g:\windows\system32\drivers\avgldx86.sys
2009-06-26 00:49 44,156 a---h--- g:\windows\system32\mlfcache.dat
2009-06-24 22:05 47,360 a------- g:\docume~1\eid\datosd~1\pcouffin.sys
2009-06-24 22:02 47,360 a------- g:\windows\system32\drivers\pcouffin.sys
2009-06-21 15:00 721,904 a------- g:\windows\system32\drivers\sptd.sys
2009-06-21 14:16 11,006 a------- g:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-06-21 14:15 3,003 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
2009-06-21 14:15 2,901 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
2009-06-21 14:15 2,870 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
2009-06-21 14:15 2,837 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
2009-06-21 14:15 3,000 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
2009-06-21 14:15 2,872 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
2009-06-21 14:14 2,880 a------- g:\windows\system32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
2009-06-21 14:13 14,646 a------- g:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-06-21 00:57 424,834 a------- g:\windows\system32\perfh00A.dat
2009-06-21 00:57 61,124 a------- g:\windows\system32\perfc00A.dat
2009-06-20 19:28 85,504 a------- g:\windows\system32\ff_vfw.dll
2009-06-14 16:21 60,273 a------- g:\windows\system32\pthreadGC2.dll
2009-06-07 16:24 180,224 a------- g:\windows\system32\xvidvfw.dll
2009-06-07 16:16 819,200 a------- g:\windows\system32\xvidcore.dll
2009-06-02 11:17 75,776 a------- g:\windows\system32\WS2Fix.exe
2009-05-02 08:22 11,952 a------- g:\windows\system32\avgrsstx.dll
2008-05-13 00:29 1,214,314 a------- g:\archivos de programa\ProcessExplorerNT.rar
2007-12-12 02:44 92,064 a------- g:\documents and settings\eid\mqdmmdm.sys
2007-12-12 02:44 79,328 a------- g:\documents and settings\eid\mqdmserd.sys
2007-12-12 02:44 66,656 a------- g:\documents and settings\eid\mqdmbus.sys
2007-12-12 02:44 25,600 a------- g:\documents and settings\eid\usbsermptxp.sys
2007-12-12 02:44 22,768 a------- g:\documents and settings\eid\usbsermpt.sys
2007-12-12 02:44 9,232 a------- g:\documents and settings\eid\mqdmmdfl.sys
2007-12-12 02:44 6,208 a------- g:\documents and settings\eid\mqdmcmnt.sys
2007-12-12 02:44 5,936 a------- g:\documents and settings\eid\mqdmwhnt.sys
2007-12-12 02:44 4,048 a------- g:\documents and settings\eid\mqdmcr.sys
============= FINISH: 22:13:29.68 ===============
Any help? I know the culprit here is svchost.exe as its running like 14 instances, but i need to know how to get rid of the faulty ones, all of them are on system32, but the processes are ran in a svchost module that, if killed, will make the computer restart. HOWEVER, i found that killing ANOTHER svchost.exe from the ones that are running nothing, will restart itself AND add an instance of iexplore.exe to the other svchost. I have attached a picture for you curious, the ones in gray are the ones suspended, the other ones are just running normally.
Is there a way to find out whats the processes that call svchost.exe and have them stopped? I already run panda, trend micro and kapersky and they found nothing, this is getting really annoying. =/
Thanks for your time, hopefully someone is able to help me out on this.