I ran Spybot, afterwards ran HijackThis, this is the log:

Logfile of HijackThis v1.98.2
Scan saved at 10:43:42 a.m., on 09/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\ARCHIV~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\ARCHIV~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\HP_DeskJet_500.exe
C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\winsnd32.exe
C:\windows\system32\qttask.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\msfu**.exe
C:\WINDOWS\System32\systemm.exe
C:\Program Files\Windows TaskAd\WinTaskAd.exe
C:\WINDOWS\System32\muamgr.exe
C:\Program Files\Windows AdService\WinAdServ.exe
C:\Program Files\Windows TaskAd\WinSched.exe
C:\WINDOWS\xklkb.exe
C:\Program Files\Windows AdService\WinAdSlave.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\ARCHIV~1\COMMON~1\tsa\tsm2.exe
C:\Archivos de programa\Sony\VAIO Action Setup\VAServ.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\ISTsvc\istsvc.exe
C:\Archivos de programa\HijackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.searchmiracle.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O2 - BHO: BHO Class - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\ELITES~1\ELITES~1.DLL
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [QuickTime Task] C:\windows\system32\qttask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\Run: [msfu**] msfu**.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [Microsoft update service] systemm.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] winsnd32.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Microsoft Update Agent] muamgr.exe
O4 - HKLM\..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe
O4 - HKLM\..\Run: [REGRUN] C:\WINDOWS\m.exe
O4 - HKLM\..\Run: [rt5l9] C:\WINDOWS\xklkb.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvrjc32.exe
O4 - HKLM\..\Run: [vql] C:\WINDOWS\vql.exe
O4 - HKLM\..\Run: [IST Service] C:\Archivos de programa\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunServices: [msfu**] msfu**.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Microsoft update service] systemm.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] winsnd32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Agent] muamgr.exe
O4 - HKLM\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] winsnd32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Compliant] gtcxmg.exe
O4 - HKCU\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\Run: [USB Device] servicelog.exe
O4 - HKCU\..\Run: [Start Upping] svchostes.exe
O4 - HKCU\..\Run: [*windows update] wrauclt.exe
O4 - HKCU\..\Run: [Microsoft Office] svxhost.exe
O4 - HKCU\..\Run: [Tsa2] C:\ARCHIV~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Microsoft AOL32 Protocol] aol32.exe
O4 - HKCU\..\Run: [MS Remote Procedure Call] msrpc32.exe
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] winsnd32.exe
O4 - HKCU\..\Run: [Microsoft Update Agent] muamgr.exe
O4 - HKCU\..\RunServices: [Microsoft Update Agent] muamgr.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] winsnd32.exe
O4 - HKCU\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: v3cab - http://searchmiracle.com/cab/2.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c7.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-mx/mx/games2.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Filter: text/html - {D0A43E3F-E91D-41D5-AE5B-B555BCB045F5} - C:\Documents and Settings\GERARDO\Configuración local\Datos de programa\microsoft\internet explorer\V0.26.dat

I'll very much appreciatte any help in getting rid of this annoying features and pages.

Before we begin, please be sure that HiJackThis is in its own folder. This will allow us to use backups to restore entries if necessary. Please do not put HiJackThis in a temporary folder, or on the Desktop. I suggest using 'c:\program files\hijackthis\' or C:\HiJackThis\, but any name you choose is fine.

Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

Check the following items in HijackThis.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.searchmiracle.co
R3 - Default URLSearchHook is missing

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O2 - BHO: BHO Class - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\ELITES~1\ELITES~1.DLL

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll

O4 - HKLM\..\Run: [msfuck] msfuck.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [Microsoft update service] systemm.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] winsnd32.exe
O4 - HKLM\..\Run: [Microsoft Update Agent] muamgr.exe
O4 - HKLM\..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe
O4 - HKLM\..\Run: [REGRUN] C:\WINDOWS\m.exe
O4 - HKLM\..\Run: [rt5l9] C:\WINDOWS\xklkb.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvrjc32.exe
O4 - HKLM\..\Run: [vql] C:\WINDOWS\vql.exe
O4 - HKLM\..\Run: [IST Service] C:\Archivos de programa\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [msfuck] msfuck.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [Microsoft update service] systemm.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] winsnd32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Agent] muamgr.exe
O4 - HKLM\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] winsnd32.exe
O4 - HKCU\..\Run: [Windows Compliant] gtcxmg.exe
O4 - HKCU\..\Run: [USB Device] servicelog.exe
O4 - HKCU\..\Run: [Start Upping] svchostes.exe
O4 - HKCU\..\Run: [*windows update] wrauclt.exe
O4 - HKCU\..\Run: [Microsoft Office] svxhost.exe
O4 - HKCU\..\Run: [Tsa2] C:\ARCHIV~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Microsoft AOL32 Protocol] aol32.exe
O4 - HKCU\..\Run: [MS Remote Procedure Call] msrpc32.exe
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] winsnd32.exe
O4 - HKCU\..\Run: [Microsoft Update Agent] muamgr.exe
O4 - HKCU\..\RunServices: [Microsoft Update Agent] muamgr.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] winsnd32.exe

O16 - DPF: v3cab - http://searchmiracle.com/cab/2.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c7.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-mx/mx/games2.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB

O18 - Filter: text/html - {D0A43E3F-E91D-41D5-AE5B-B555BCB045F5} - C:\Documents and Settings\GERARDO\Configuración local\Datos de programa\microsoft\internet explorer\V0.26.dat


Close all windows except HijackThis and click Fix checked.

While still in Safe Mode*, delete the following: (you may need to show hidden files**)
C:\windows\system32\msfuck.exe
C:\windows\system32\crsss.exe
C:\windows\system32\systemm.exe
C:\Program Files\Windows TaskAd\ <-- delete entire folder
C:\windows\system32\winsnd32.exe
C:\windows\system32\muamgr.exe
C:\Program Files\Windows AdService\ <-- delete entire folder
C:\WINDOWS\m.exe
C:\WINDOWS\xklkb.exe
C:\windows\system32\kalvrjc32.exe
C:\WINDOWS\vql.exe
C:\Archivos de programa\ISTsvc\i <-- delete entire folder
C:\windows\system32\gtcxmg.exe
C:\windows\system32\servicelog.exe
C:\windows\system32\svchostes.exe
C:\windows\system32\wrauclt.exe
C:\windows\system32\svxhost.exe
C:\ARCHIV~1\COMMON~1\tsa\tsm2.exe
C:\windows\system32\aol32.exe
C:\windows\system32\msrpc32.exe
C:\windows\system32\Yahoo.exe


*How to Boot into Safe mode: http://service1.symantec.com/SUPPORT/tsgen...001052409420406
**Show Hidden and System files and folders
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode.

HiJackThis version 198.2 is now available.
If you do not already have it installed, download it from here:
http://www.computercops.biz/downloads-file-328.html
http://tomcoyote.org/hjt/

Run HiJackThis again and post a new log in this thread.

Ok, so I followed your instructions. The new HijackThis logo reads:

Logfile of HijackThis v1.98.2
Scan saved at 11:28:34 p.m., on 09/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\ARCHIV~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\ARCHIV~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\HP_DeskJet_500.exe
C:\windows\system32\qttask.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\HijackThis\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prodigy.net.mx/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.searchmiracle.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [QuickTime Task] C:\windows\system32\qttask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunServices: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Compliant] gtcxmg.exe
O4 - HKCU\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\Run: [USB Device] servicelog.exe
O4 - HKCU\..\Run: [Start Upping] svchostes.exe
O4 - HKCU\..\Run: [*windows update] wrauclt.exe
O4 - HKCU\..\Run: [Microsoft Office] svxhost.exe
O4 - HKCU\..\Run: [Tsa2] C:\ARCHIV~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Microsoft AOL32 Protocol] aol32.exe
O4 - HKCU\..\Run: [MS Remote Procedure Call] msrpc32.exe
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] winsnd32.exe
O4 - HKCU\..\Run: [Microsoft Update Agent] muamgr.exe
O4 - HKCU\..\RunServices: [Microsoft Update Agent] muamgr.exe
O4 - HKCU\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab


What should I do now? Also, what can I do in the future to avoid getting reinfected. We have Norton system Works and Spybot on our PC; the two times I have tried to downlowd the XP ServicePack 2, Internet has just ceased to work, so I have had to unistall it. what's your advise?

Thank you very much....

If it is still available, order the SP2 CD from Microsoft.

Now, still more to fix. I suggest you disconnect from the internet while doing this.


First:
Download Killbox from here: http://www.downloads.subratam.org/KillBox.zip

Run Killbox.exe and be sure that 'Delete on Reboot is checked'

Select the Folder Icon to the Right of the right of the Address Area and find the following file(s) one at a time:
wrauclt.exe

Note: You can also cut and paste the files listed above if the full path and file name has been specified. Most files are located in C:\Windows\ or C:\Windows\System32\

After each one, press the delete button on the far right of the address bar

Each time you will get a dialog box asking if you want to reboot
Press 'No' for all but the last file
After the last file has been entered, press 'Yes'
Your computer will reboot and delete the files

Verify that all the files have actually been deleted.


Then:
Before we begin, please be sure that HiJackThis is in its own folder. This will allow us to use backups to restore entries if necessary. Please do not put HiJackThis in a temporary folder, or on the Desktop. I suggest using 'c:\program files\hijackthis\' or C:\HiJackThis\, but any name you choose is fine.

Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

Check the following items in HijackThis.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.searchmiracle.com/

O4 - HKCU\..\Run: [Windows Compliant] gtcxmg.exe
O4 - HKCU\..\Run: [USB Device] servicelog.exe
O4 - HKCU\..\Run: [Start Upping] svchostes.exe
O4 - HKCU\..\Run: [*windows update] wrauclt.exe
O4 - HKCU\..\Run: [Microsoft Office] svxhost.exe
O4 - HKCU\..\Run: [Tsa2] C:\ARCHIV~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Microsoft AOL32 Protocol] aol32.exe
O4 - HKCU\..\Run: [MS Remote Procedure Call] msrpc32.exe
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] winsnd32.exe
O4 - HKCU\..\Run: [Microsoft Update Agent] muamgr.exe
O4 - HKCU\..\RunServices: [Microsoft Update Agent] muamgr.exe


Close all windows except HijackThis and click Fix checked.

While still in Safe Mode*, delete the following: (you may need to show hidden files**)
C:\WINDOWS\System32gtcxmg.exe
C:\WINDOWS\System32servicelog.exe
C:\WINDOWS\System32svchostes.exe
C:\WINDOWS\System32svxhost.exe
C:\ARCHIV~1\COMMON~1\tsa\tsm2.exe
C:\WINDOWS\System32aol32.exe
C:\WINDOWS\System32msrpc32.exe
C:\WINDOWS\System32Yahoo.exe
C:\WINDOWS\System32winsnd32.exe
C:\WINDOWS\System32muamgr.exe


*How to Boot into Safe mode: http://service1.symantec.com/SUPPORT/tsgen...001052409420406
**Show Hidden and System files and folders
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode.

HiJackThis version 198.2 is now available.
If you do not already have it installed, download it from here:
http://www.computercops.biz/downloads-file-328.html
http://tomcoyote.org/hjt/

Run HiJackThis again and post a new log in this thread.