Hey ive deleted those exe´s ,ive ran combofix and here is the logfile of it
ComboFix 09-06-23.01 - Administrador 24/06/2009 23:16.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.3082.18.2046.1280 [GMT 2:00]
Running from: c:\users\Administrador\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1718919709-1020604640-3287342318-500
c:\$recycle.bin\S-1-5-21-217714583-4194319969-1051342774-1000
c:\windows\system32\28463
c:\$recycle.bin\S-1-5-21-1718919709-1020604640-3287342318-500\desktop.ini
c:\$recycle.bin\S-1-5-21-217714583-4194319969-1051342774-1000\$IQFGRW8
c:\$recycle.bin\S-1-5-21-217714583-4194319969-1051342774-1000\desktop.ini
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-24 21:23 . 2009-06-24 21:24 -------- d-----w- c:\users\Administrador\AppData\Local\temp
2009-06-23 09:44 . 2009-06-23 09:44 -------- d-----w- c:\program files\ESET
2009-06-19 16:23 . 2009-06-19 16:24 -------- d-----w- c:\program files\Javaa
2009-06-16 12:14 . 2009-06-16 12:20 -------- d-----w- c:\program files\Error Repair Professional
2009-06-15 00:17 . 2009-06-15 00:17 3371383 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-15 00:17 . 2009-06-15 00:17 -------- d-----w- c:\users\Administrador\AppData\Roaming\Malwarebytes
2009-06-15 00:17 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 00:17 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 00:17 . 2009-06-15 00:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 00:17 . 2009-06-15 00:17 -------- d-----w- c:\programdata\Malwarebytes
2009-06-13 20:12 . 2009-06-13 20:12 -------- d-----w- c:\program files\Trend Micro
2009-06-13 19:09 . 2009-06-13 19:10 -------- d-----w- c:\users\Administrador\AppData\Roaming\vlc
2009-06-12 17:35 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-06-12 17:35 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-06-12 17:35 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-12 17:35 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-06-12 17:34 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-06-12 17:34 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-06-12 17:34 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-06-12 17:34 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-06-12 17:34 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-06-12 13:41 . 2009-06-12 13:41 -------- d-----w- c:\users\Administrador\AppData\Roaming\CyberLink
2009-06-12 13:41 . 2009-06-12 13:41 -------- d-----w- c:\users\Administrador\AppData\Roaming\HP
2009-06-08 00:25 . 2009-06-08 00:25 -------- d-----w- C:\CFLog
2009-06-08 00:24 . 2005-01-01 00:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-06-08 00:24 . 2009-06-08 00:24 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-06-06 13:17 . 2008-11-01 03:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-06-06 13:17 . 2008-11-01 01:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-06-06 13:16 . 2009-06-06 13:25 -------- d-----w- c:\users\Administrador\Tracing
2009-06-06 13:15 . 2009-06-06 13:15 -------- d-----w- c:\program files\Microsoft
2009-06-06 13:14 . 2009-06-06 13:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-06 13:11 . 2009-06-06 13:11 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-06 12:37 . 2009-06-06 12:37 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-06 12:37 . 2009-06-06 12:37 -------- d-----w- c:\windows\system32\AGEIA
2009-06-06 12:34 . 2009-06-06 12:34 -------- d-----w- C:\NVIDIA
2009-06-06 12:27 . 2009-06-06 12:27 -------- d-----w- c:\users\Administrador\SystemRequirementsLab
2009-06-05 21:00 . 2009-06-05 21:00 -------- d-----w- c:\users\Administrador\AppData\Roaming\Ventrilo
2009-06-01 12:21 . 2009-06-24 16:41 -------- d-----w- c:\program files\Garena
2009-06-01 11:11 . 2009-06-01 11:15 -------- d-----w- c:\program files\Perfect Uninstaller
2009-05-30 10:31 . 2009-06-01 11:05 4096 ----a-w- c:\windows\system32\detoured.dll
2009-05-30 08:13 . 2009-05-30 08:13 -------- d-----w- c:\users\Administrador\AppData\Local\Blizzard Entertainment
2009-05-29 22:03 . 2009-05-29 22:03 -------- d-----w- c:\users\Administrador\AppData\Roaming\InstallShield
2009-05-28 23:14 . 2009-05-28 23:21 -------- d-----w- c:\program files\Sony Online Entertainment
2009-05-28 23:11 . 2009-05-28 23:11 -------- d-----w- c:\users\Administrador\AppData\Local\Real
2009-05-28 15:28 . 2009-06-22 13:27 -------- d-----w- c:\users\Administrador\AppData\Roaming\uTorrent
2009-05-28 14:36 . 2009-06-24 14:01 -------- d-----w- c:\users\Administrador\AppData\Roaming\skypePM
2009-05-28 14:36 . 2009-06-24 20:37 -------- d-----w- c:\users\Administrador\AppData\Roaming\Skype
2009-05-28 13:45 . 2009-05-29 16:04 -------- d-----w- c:\users\Administrador\AppData\Local\Deployment
2009-05-28 13:45 . 2009-05-28 13:45 -------- d-----w- c:\users\Administrador\AppData\Local\Apps
2009-05-28 13:36 . 2009-06-23 17:33 -------- d-----w- c:\program files\Youtube Downloader HD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 16:42 . 2009-06-06 12:39 32631 ----a-w- c:\programdata\nvModes.dat
2009-06-19 16:23 . 2008-12-10 02:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-19 16:02 . 2007-10-23 07:56 -------- d-----w- c:\program files\Java
2009-06-06 13:16 . 2008-12-26 13:34 -------- d-----w- c:\program files\MSN Messenger
2009-06-06 13:15 . 2008-08-19 13:12 -------- d-----w- c:\program files\Windows Live
2009-06-06 12:41 . 2008-01-16 00:41 -------- d-----w- c:\programdata\NVIDIA
2009-06-06 12:37 . 2008-08-20 18:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-06 12:33 . 2008-10-25 17:44 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-06 12:13 . 2009-04-22 23:02 28095 ----a-w- c:\users\Administrador\AppData\Roaming\nvModes.dat
2009-06-01 12:21 . 2007-10-23 06:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-29 20:32 . 2009-05-09 09:04 -------- d-----w- c:\users\Administrador\AppData\Roaming\BSplayer
2009-05-29 15:28 . 2009-01-06 15:12 -------- d-----w- c:\program files\SpeedFan
2009-05-28 23:12 . 2009-02-02 14:30 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-19 10:31 . 2009-05-19 10:31 -------- d-----w- c:\users\Administrador\AppData\Roaming\Nero
2009-05-14 17:03 . 2009-05-14 17:03 -------- d-----w- c:\users\Administrador\AppData\Roaming\PlayFirst
2009-05-14 17:02 . 2008-01-16 00:35 -------- d-----w- c:\programdata\WildTangent
2009-05-14 16:36 . 2009-05-14 16:36 -------- d-----w- c:\users\Administrador\AppData\Roaming\WildTangent
2009-05-11 16:20 . 2009-05-11 16:20 -------- d-----w- c:\users\Administrador\AppData\Roaming\DivX
2009-05-09 09:10 . 2009-05-09 09:10 -------- d-----w- c:\users\Administrador\AppData\Roaming\Yahoo!
2009-05-05 09:59 . 2009-05-05 09:57 -------- d-----w- c:\users\Administrador\AppData\Roaming\Winamp
2009-05-05 08:20 . 2009-05-05 08:20 0 ----a-w- c:\windows\nsreg.dat
2009-05-05 08:19 . 2009-05-05 08:19 72328 ----a-w- c:\users\Administrador\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-05 08:14 . 2009-05-05 08:14 -------- d-----w- c:\users\Administrador\AppData\Roaming\Hewlett-Packard
2009-05-04 09:44 . 2009-05-04 09:44 -------- d-----w- c:\program files\Gogago
2009-05-02 18:39 . 2007-10-23 05:59 -------- d-----w- c:\program files\Hewlett-Packard
2009-04-30 22:08 . 2009-04-30 22:08 1505824 ----a-w- c:\windows\system32\nvcpluir.dll
2009-04-30 22:08 . 2009-04-30 22:08 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-04-30 22:08 . 2009-04-30 22:08 1358368 ----a-w- c:\windows\system32\nvsvsr.dll
2009-04-30 22:08 . 2009-04-30 22:08 1292832 ----a-w- c:\windows\system32\nvsvs.dll
2009-04-30 20:02 . 2009-04-30 20:02 9850016 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-04-30 20:02 . 2009-04-30 20:02 795104 ----a-w- c:\windows\system32\dpinst.exe
2009-04-30 20:02 . 2009-04-30 20:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-04-30 20:02 . 2009-04-30 20:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-04-30 20:02 . 2009-04-30 20:02 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-04-30 20:02 . 2009-04-30 20:02 3128320 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-04-30 20:02 . 2009-04-30 20:02 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- c:\windows\system32\nvcod146.dll
2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-04-30 20:02 . 2009-04-30 20:02 10366976 ----a-w- c:\windows\system32\nvoglv32.dll
2009-04-30 20:02 . 2007-06-28 09:51 7593472 ----a-w- c:\windows\system32\nvd3dum.dll
2009-04-30 20:02 . 2007-06-28 09:47 983552 ----a-w- c:\windows\system32\nvapi.dll
2009-04-26 07:32 . 2007-06-28 09:58 457248 ----a-w- c:\windows\system32\nvuninst.exe
2009-04-08 22:32 . 2007-10-23 15:41 127954 ----a-w- c:\windows\system32\perfc00A.dat
2009-04-08 22:32 . 2007-10-23 15:41 0 ----a-w- c:\windows\system32\perfh00A.dat
2009-03-28 18:55 . 2008-10-29 20:40 49870 ----a-w- c:\windows\War3Unin.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]
"SunJavaUpdateSched"="c:\program files\Javaa\bin\jusched.exe" [2009-06-19 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^alcampo1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warkeys Update.lnk]
backup=c:\windows\pss\Warkeys Update.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-217714583-4194319969-1051342774-1000]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-217714583-4194319969-1051342774-500]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{695E5BE4-81A0-4F18-B52D-5244ED268DD3}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E3885589-22E5-44D9-A1F6-87C0ADF8DF74}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C43A8824-6240-4546-AA9A-0F3CB741B81E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{682FD993-B8D4-4C5C-80C2-7B002CE099C1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{61CCD114-4A3F-419A-B554-37D9231D55D4}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{6E9E4911-B565-411A-89D2-14810C7219A6}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{58690707-D648-48D0-AFF1-7DB16B75C025}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{9BE32045-DAB1-4095-8C4B-35AC702B0406}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{934D9F7C-7C0E-4E13-B2C4-A1C44BF405B0}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{12D4FB4B-AD55-4780-8DDD-327E99F92CFF}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{62013BCC-9D1E-473B-ABBF-7E52CD297958}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{A1D5EB88-71E6-45B3-A7B8-C72A93E1224C}c:\\users\\alcampo1\\downloads\\wow-engb-installer-downloader.exe"= UDP:c:\users\alcampo1\downloads\wow-engb-installer-downloader.exe:wow-engb-installer-downloader.exe
"UDP Query User{9006C75E-2343-496B-B7CE-7D73A06931D0}c:\\users\\alcampo1\\downloads\\wow-engb-installer-downloader.exe"= TCP:c:\users\alcampo1\downloads\wow-engb-installer-downloader.exe:wow-engb-installer-downloader.exe
"{93541C9F-A915-4784-87D5-89C52D9311E5}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{61618467-A997-40BC-AB90-AAE8E2C06D90}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{6E6C57FA-1111-4D27-81EC-4455328A905A}c:\\games\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= UDP:c:\games\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{61C2EB6E-3B3E-41A3-B7FF-673F3D96986C}c:\\games\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= TCP:c:\games\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader
"{7BBD95DF-0DDB-4E23-BDBD-659B54BFEBDD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{A3D09180-987F-4C6C-801D-CAB4498B9BB6}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena
"UDP Query User{144A6189-D986-46F8-82F2-CED0CBE41F7A}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena
"TCP Query User{215AE43D-0AC8-4046-B56A-BBD7447EC097}c:\\games\\warcraft iii\\war3.exe"= UDP:c:\games\warcraft iii\war3.exe:Warcraft III
"UDP Query User{F383A11B-80D5-42A6-A4C9-778FCEA656CE}c:\\games\\warcraft iii\\war3.exe"= TCP:c:\games\warcraft iii\war3.exe:Warcraft III
"TCP Query User{8190D838-658F-46F9-86E4-9036EA723BE5}c:\\games\\freelancer\\exe\\freelancer.exe"= UDP:c:\games\freelancer\exe\freelancer.exe:Freelancer
"UDP Query User{E38174B0-63CE-43AF-B47F-CEF306E87964}c:\\games\\freelancer\\exe\\freelancer.exe"= TCP:c:\games\freelancer\exe\freelancer.exe:Freelancer
"{A71B26F2-BE20-45A5-BDEC-A61F91E632AC}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{929ED409-A442-419F-AD34-52976A574190}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{594A20B4-0F77-46A3-9FF2-25917D57F255}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{E302EE4B-3268-4A3A-BFF1-4E3B92DA8857}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{3181935D-870E-4F2F-8617-68D7BF028D51}c:\\games\\world of warcraft\\launcher.exe"= UDP:c:\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{A5C12CDE-F095-4229-8D29-95845CC7E19A}c:\\games\\world of warcraft\\launcher.exe"= TCP:c:\games\world of warcraft\launcher.exe:Blizzard Launcher
"{AB1D6581-B2DD-4DBC-90DA-00ACC2F5275A}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe:Blizzard Downloader
"{4B7C4695-F862-439A-833E-938D2C3DB2E7}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe:Blizzard Downloader
"{F417F5A3-BAE7-43DF-8529-E0E92A2CED01}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{8CB0D931-7567-4095-B597-26982B90DC7A}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena
"UDP Query User{85119C32-686F-4D06-B148-194B19B24603}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena
"TCP Query User{380BB5FB-F9A6-42F1-9D49-A8E5B3C379FC}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{00412640-E11E-4384-B96D-2610DF47A3AF}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{72157AFA-CC24-4A9C-B19A-7DBD9DBD848C}c:\\games\\warcraft iii\\war3.exe"= UDP:c:\games\warcraft iii\war3.exe:Warcraft III
"UDP Query User{6991FEF4-D582-4543-9470-04C1993D5C28}c:\\games\\warcraft iii\\war3.exe"= TCP:c:\games\warcraft iii\war3.exe:Warcraft III
"{565E54B6-DD95-49DA-A09E-B7DA2845F90D}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GARENAPENGINE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-06-24 c:\windows\Tasks\User_Feed_Synchronization-{E07B0668-736C-42E9-A5B5-B04A127A5466}.job
- c:\windows\system32\msfeedssync.exe [2009-06-06 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=81&bd=Pavilion&pf=laptop
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\6r03ctcx.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - plugin: c:\progra~1\Sony Online Entertainment\npsoe.dll
FF - plugin: c:\program files\Javaa\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Javaa\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 23:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Administrador\AppData\Local\Temp\EAXC7A8.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,4c,4e,c0,12,e8,94,45,82,56,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,4c,4e,c0,12,e8,94,45,82,56,b9,\

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FLV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BSPlayerFile.FLV"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-217714583-4194319969-1051342774-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2009-06-24 23:25
ComboFix-quarantined-files.txt 2009-06-24 21:25

Pre-Run: 110.161.252.352 bytes libres
Post-Run: 111.864.623.104 bytes libres

412 --- E O F --- 2008-10-24 11:36