I need help!!!

Hi

Let's see if connection works after following fix.

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Driver::
Qux71
Vyc03

File::
c:\windows\system32\Drivers\Qux71.sys
c:\windows\system32\Drivers\Vyc03.sys

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinManage]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log. Let me know the status of connection.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
it didn´t worked

Here is the log of combofix!!
i reboot but it didn´t worked, tried to repair the connetion and it keep saying the same message that we talked before!

ComboFix 08-12-26.03 - CINTHIA 2008-12-29 5:42:47.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.3082.18.255.47 [GMT -4:00]
Se ejecuta desde: c:\documents and settings\TEMP\Escritorio\ComboFix.exe
Comando de interruptores utilizados :: c:\documents and settings\TEMP\Escritorio\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!

FILE ::
c:\windows\system32\Drivers\Qux71.sys
c:\windows\system32\Drivers\Vyc03.sys
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Servicios )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QUX71
-------\Service_Passthru
-------\Service_Qux71
-------\Service_Vyc03


(((((((((((((((((( Archivos creados desde 2008-11-28 - 2008-12-29 )))))))))))))))))))))))))))))))))
.

2008-12-28 09:18 . 2008-12-28 09:18 59,800 --a------ c:\documents and settings\TEMP\Datos de programa\GDIPFONTCACHEV1.DAT
2008-12-21 09:38 . 2008-12-21 09:38 <DIR> d-------- c:\archivos de programa\Trend Micro
2008-12-21 09:38 . 2008-12-21 09:39 1,393 --a------ c:\windows\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 09:54 6,083,872 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-29 09:52 152,096 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-29 09:50 85,616 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-29 09:50 16,304 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-27 11:24 100,864 ----a-w c:\windows\system32\drivers\ndisio.sys
2008-07-12 03:12 67,696 ----a-w c:\archivos de programa\mozilla firefox\components\jar50.dll
2008-07-12 03:12 54,376 ----a-w c:\archivos de programa\mozilla firefox\components\jsd3250.dll
2008-07-12 03:12 34,952 ----a-w c:\archivos de programa\mozilla firefox\components\myspell.dll
2008-07-12 03:13 46,720 ----a-w c:\archivos de programa\mozilla firefox\components\spellchk.dll
2008-07-12 03:13 172,144 ----a-w c:\archivos de programa\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\archivos de programa\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Easy-PrintToolBox"="c:\archivos de programa\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-13 409600]
"AVG8_TRAY"="c:\archiv~1\AVG\AVG8\avgtray.exe" [2008-09-04 1235736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
AutoCAD Startup Accelerator.lnk - c:\archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe [05/03/2005 16:18:22 10872]
Software Kodak EasyShare.lnk - c:\archivos de programa\Kodak\Kodak EasyShare software\bin\EasyShare.exe [23/07/2004 8:26:34 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Inicio rápido de Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Reader.lnk
backup=c:\windows\pss\Inicio rápido de Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
NULL [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-02-20 10:33 963072 c:\archivos de programa\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-13 22:18 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-06-04 07:33 1400944 c:\archivos de programa\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-05-11 20:52 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-03-31 21:54 507904 c:\archivos de programa\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-07-06 22:09 77824 c:\archivos de programa\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 14:49 36352 c:\archivos de programa\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
--a------ 2003-07-18 04:01 180224 c:\windows\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PV92TRAY]
--a------ 2003-06-25 07:47 311296 c:\windows\system32\PV92Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Archivos de programa\\Microsoft Encarta\\Biblioteca de Consulta Encarta 2004\\EDICT.EXE"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Archivos de programa\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Archivos de programa\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Archivos de programa\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Archivos de programa\\AVG\\AVG8\\avgupd.exe"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [04/09/2008 21:19:36 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\archiv~1\AVG\AVG8\avgwdsvc.exe [04/09/2008 21:17:57 231704]
.
.
------- Análisis Suplementario -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: &Clean Traces - c:\archivos de programa\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\archivos de programa\DAP\dapextie.htm
IE: &Winamp Search - c:\documents and settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download &all with DAP - c:\archivos de programa\DAP\dapextie2.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office10\EXCEL.EXE/3000
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\archiv~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\archiv~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\TEMP\Datos de programa\Mozilla\Firefox\Profiles\1yjxsgn9.default\
FF - prefs.js: browser.startup.homepage - hxxp://es-AR.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:es-AR:official
FF - component: c:\archivos de programa\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\archivos de programa\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\documents and settings\TEMP\Datos de programa\Mozilla\Firefox\Profiles\1yjxsgn9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 05:52:32
Windows 5.1.2600 Service Pack 3 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
------------------------ Otros procesos en ejecución ------------------------
.
c:\archivos de programa\Ahead\InCD\InCDsrv.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
c:\archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
c:\archiv~1\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Tiempo completado: 2008-12-29 6:00:49 - Reiniciando la máquina
ComboFix-quarantined-files.txt 2008-12-29 10:00:43
ComboFix2.txt 2008-12-28 13:01:55
ComboFix3.txt 2008-12-27 11:54:04
ComboFix4.txt 2008-09-28 12:33:02

Pre-Run: 14,451,511,296 bytes libres
Post-Run: 14,398,803,968 bytes libres

150 --- E O F --- 2008-12-28 12:35:39
 
Hi

Download WinSockFix to your desktop. Run it and click 'Fix' -button there. Reboot and check the connection.
 
Excelent it worked!!!

Here is the log file from eset online scan, and the others logs

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3722 (20081229)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=8e1a9c4937b26a41b103a42265d176ff
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-12-30 09:56:59
# local_time=2008-12-30 05:56:59 (-0400, Hora estándar de Sudamérica O.)
# country="Dominican Republic"
# osver=5.1.2600 NT Service Pack 3
# scanned=237501
# found=29
# scan_time=3801
C:\Archivos de programa\Mozilla Firefox\plugins\NPMyWebS.dll probably a variant of Win32/Adware.SearchAid application 747EFD8954EFD1B0C9B940A7FF9A5D63
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\2.bin\F3HTMLMU.DLL.vir probably a variant of Win32/Adware.SearchAid application 17C7770230C6C75054B2A9210755584E
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir probably a variant of Win32/Adware.SearchAid application E75F15F3DB5D4D933FC8A0C72C6441CE
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\3.bin\F3DTACTL.DLL.vir probably a variant of Win32/Adware.SearchAid application 18B13265CFF2939571F4975159D47E50
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\3.bin\F3HTMLMU.DLL.vir probably a variant of Win32/Adware.SearchAid application 17C7770230C6C75054B2A9210755584E
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\3.bin\F3SHLLVW.DLL.vir probably a variant of Win32/Adware.SearchAid application 5719E6DC6E3F1379D4B0C15B1E3FB9E4
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\3.bin\M3PLUGIN.DLL.vir probably a variant of Win32/Adware.SearchAid application 314E0468433FCCD2A52B0B4E192D109B
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\3.bin\M3SRCHMN.EXE.vir probably a variant of Win32/Adware.SearchAid application BAA6CFD45C7B190AC59C14A7B5A9CAF9
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\3.bin\MWSOEPLG.DLL.vir probably a variant of Win32/Adware.SearchAid application 29446F22E4FCED88C402CB4F907B4868
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\3.bin\NPMYWEBS.DLL.vir probably a variant of Win32/Adware.SearchAid application 747EFD8954EFD1B0C9B940A7FF9A5D63
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\3.bin\_MWSBAR.DLL.vir probably a variant of Win32/Adware.SearchAid application E75F15F3DB5D4D933FC8A0C72C6441CE
C:\QooBox\Quarantine\C\WINDOWS\system32\2.tmp.vir Win32/TrojanDownloader.FakeAlert.FK trojan 58100D6E7AF052DF713CDB627F19B29C
C:\QooBox\Quarantine\C\WINDOWS\system32\3.tmp.vir Win32/TrojanDownloader.FakeAlert.FK trojan 58100D6E7AF052DF713CDB627F19B29C
C:\QooBox\Quarantine\C\WINDOWS\system32\4.tmp.vir Win32/TrojanDownloader.FakeAlert.FK trojan 58100D6E7AF052DF713CDB627F19B29C
C:\QooBox\Quarantine\C\WINDOWS\system32\5.tmp.vir Win32/TrojanDownloader.FakeAlert.FK trojan 58100D6E7AF052DF713CDB627F19B29C
C:\QooBox\Quarantine\C\WINDOWS\system32\6.tmp.vir Win32/TrojanDownloader.FakeAlert.FK trojan 58100D6E7AF052DF713CDB627F19B29C
C:\QooBox\Quarantine\C\WINDOWS\system32\7.tmp.vir Win32/TrojanDownloader.FakeAlert.FK trojan 58100D6E7AF052DF713CDB627F19B29C
C:\QooBox\Quarantine\C\WINDOWS\system32\8.tmp.vir Win32/TrojanDownloader.FakeAlert.FK trojan 58100D6E7AF052DF713CDB627F19B29C
C:\QooBox\Quarantine\C\WINDOWS\system32\9.tmp.vir Win32/TrojanDownloader.FakeAlert.FK trojan 58100D6E7AF052DF713CDB627F19B29C
C:\QooBox\Quarantine\C\WINDOWS\system32\A.tmp.vir Win32/TrojanDownloader.FakeAlert.FK trojan 58100D6E7AF052DF713CDB627F19B29C
C:\QooBox\Quarantine\C\WINDOWS\system32\B.tmp.vir Win32/TrojanDownloader.FakeAlert.FK trojan 58100D6E7AF052DF713CDB627F19B29C
C:\QooBox\Quarantine\C\WINDOWS\system32\C.tmp.vir Win32/TrojanDownloader.FakeAlert.FK trojan 58100D6E7AF052DF713CDB627F19B29C
C:\QooBox\Quarantine\C\WINDOWS\system32\D.tmp.vir Win32/TrojanDownloader.FakeAlert.FK trojan 58100D6E7AF052DF713CDB627F19B29C
C:\QooBox\Quarantine\C\WINDOWS\system32\E.tmp.vir Win32/TrojanDownloader.FakeAlert.FK trojan 58100D6E7AF052DF713CDB627F19B29C
C:\QooBox\Quarantine\C\WINDOWS\system32\F.tmp.vir Win32/TrojanDownloader.FakeAlert.FK trojan 58100D6E7AF052DF713CDB627F19B29C
C:\QooBox\Quarantine\C\WINDOWS\system32\phc52qj0et8j.bmp.vir Win32/TrojanDownloader.FakeAlert.GS trojan 66FA7A528D4472EBB47D70E8F088B10C
C:\QooBox\Quarantine\C\WINDOWS\system32\pphc52qj0et8j.exe.vir Win32/TrojanDownloader.FakeAlert.FK trojan 58100D6E7AF052DF713CDB627F19B29C
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\_Adg82_.sys.zip Win32/Wigon trojan E21FB8CB217925008A55DE8A585A57BF
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\_Adg82_.sys.zip »ZIP »Adg82.sys Win32/Wigon trojan 00000000000000000000000000000000

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:02:55 a.m., on 30/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Microsoft Office\Office10\WINWORD.EXE
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\ARCHIV~1\AVG\AVG8\aAvgApi.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARCHIV~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Archivos de programa\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARCHIV~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Archivos de programa\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe
O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Archivos de programa\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Archivos de programa\Autodesk Architectural Desktop 3\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Archivos de programa\Autodesk Architectural Desktop 3\InstBanr.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Archivos de programa\Autodesk Architectural Desktop 3\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Archivos de programa\Autodesk Architectural Desktop 3\AcPreview.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7106 bytes


ComboFix 08-12-26.03 - CINTHIA 2008-12-28 8:43:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.3082.18.255.74 [GMT -4:00]
Se ejecuta desde: c:\documents and settings\TEMP\Escritorio\ComboFix.exe
Comando de interruptores utilizados :: c:\documents and settings\TEMP\Escritorio\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!

FILE ::
c:\windows\system32\Drivers\Adg82.sys
c:\windows\system32\Drivers\Qux71.sys
c:\windows\system32\Drivers\Vyc03.sys
c:\windows\Tasks\9CD3906491C041C4.job
c:\windows\Tasks\A0222F749199DFA0.job
c:\windows\Tasks\AC599C6C91E21AD0.job
G:\cfdflx.com
H:\cfdflx.com
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Drivers\Adg82.sys
c:\windows\Tasks\9CD3906491C041C4.job
c:\windows\Tasks\A0222F749199DFA0.job
c:\windows\Tasks\AC599C6C91E21AD0.job
G:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Servicios )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Passthru
-------\Legacy_Adg82
-------\Service_Adg82


(((((((((((((((((( Archivos creados desde 2008-11-28 - 2008-12-28 )))))))))))))))))))))))))))))))))
.

2008-12-21 09:38 . 2008-12-21 09:38 <DIR> d-------- c:\archivos de programa\Trend Micro
2008-12-21 09:38 . 2008-12-21 09:39 1,393 --a------ c:\windows\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 12:55 5,953,056 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-28 12:55 140,064 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-28 12:50 83,816 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-28 12:50 15,152 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-27 11:24 100,864 ----a-w c:\windows\system32\drivers\ndisio.sys
2008-07-12 03:12 67,696 ----a-w c:\archivos de programa\mozilla firefox\components\jar50.dll
2008-07-12 03:12 54,376 ----a-w c:\archivos de programa\mozilla firefox\components\jsd3250.dll
2008-07-12 03:12 34,952 ----a-w c:\archivos de programa\mozilla firefox\components\myspell.dll
2008-07-12 03:13 46,720 ----a-w c:\archivos de programa\mozilla firefox\components\spellchk.dll
2008-07-12 03:13 172,144 ----a-w c:\archivos de programa\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\archivos de programa\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Easy-PrintToolBox"="c:\archivos de programa\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-13 409600]
"AVG8_TRAY"="c:\archiv~1\AVG\AVG8\avgtray.exe" [2008-09-04 1235736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
AutoCAD Startup Accelerator.lnk - c:\archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe [05/03/2005 16:18:22 10872]
Inicio r*pido de Adobe Reader.lnk - c:\archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26 29696]
Software Kodak EasyShare.lnk - c:\archivos de programa\Kodak\Kodak EasyShare software\bin\EasyShare.exe [23/07/2004 8:26:34 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Inicio rápido de Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Reader.lnk
backup=c:\windows\pss\Inicio rápido de Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
NULL [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinManage]
NULL [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-02-20 10:33 963072 c:\archivos de programa\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-13 22:18 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-06-04 07:33 1400944 c:\archivos de programa\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-05-11 20:52 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-03-31 21:54 507904 c:\archivos de programa\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-07-06 22:09 77824 c:\archivos de programa\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 14:49 36352 c:\archivos de programa\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
--a------ 2003-07-18 04:01 180224 c:\windows\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PV92TRAY]
--a------ 2003-06-25 07:47 311296 c:\windows\system32\PV92Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Archivos de programa\\Microsoft Encarta\\Biblioteca de Consulta Encarta 2004\\EDICT.EXE"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Archivos de programa\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Archivos de programa\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Archivos de programa\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Archivos de programa\\AVG\\AVG8\\avgupd.exe"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [04/09/2008 21:19:36 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\archiv~1\AVG\AVG8\avgwdsvc.exe [04/09/2008 21:17:57 231704]
S0 Qux71;Qux71;c:\windows\system32\Drivers\Qux71.sys []
S0 Vyc03;Vyc03;c:\windows\system32\Drivers\Vyc03.sys []
.
.
------- Análisis Suplementario -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: &Clean Traces - c:\archivos de programa\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\archivos de programa\DAP\dapextie.htm
IE: &Winamp Search - c:\documents and settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download &all with DAP - c:\archivos de programa\DAP\dapextie2.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office10\EXCEL.EXE/3000
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\archiv~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\archiv~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\TEMP\Datos de programa\Mozilla\Firefox\Profiles\1yjxsgn9.default\
FF - prefs.js: browser.startup.homepage - hxxp://es-AR.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:es-AR:official
FF - component: c:\archivos de programa\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\archivos de programa\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\documents and settings\TEMP\Datos de programa\Mozilla\Firefox\Profiles\1yjxsgn9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 08:53:16
Windows 5.1.2600 Service Pack 3 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
------------------------ Otros procesos en ejecución ------------------------
.
c:\archivos de programa\Ahead\InCD\InCDsrv.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
c:\archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
c:\archiv~1\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Tiempo completado: 2008-12-28 9:01:51 - Reiniciando la máquina
ComboFix-quarantined-files.txt 2008-12-28 13:01:41
ComboFix2.txt 2008-12-27 11:54:04
ComboFix3.txt 2008-09-28 12:33:02

Pre-Run: 14,429,270,016 bytes libres
Post-Run: 14,373,376,000 bytes libres

163 --- E O F --- 2008-12-28 12:35:39
 
Hi

You seem to have posted old ComboFix log. Did you run ComboFix again after the one you posted in post #22? If you haven't then let me know (no need to run again). However, if you run ComboFix after that reply then please post the log back here.
 
Hi

We need to execute an OTMoveIt3 script
  1. Please download OTMoveIt3 by OldTimer and save it to your desktop.
  2. Double click theOTMoveIt3 icon on your desktop.
  3. Paste the following code under the Paste Fix Here area. Do not include the word
    Code
    .
    Code: 
    :Files
C:\Archivos de programa\Mozilla Firefox\plugins\NPMyWebS.dll
  4. Push the large MoveIt button.
  5. OTMI3 may ask to reboot the machine. Please do so if asked.
  6. Copy/Paste the contents under the Results line here in your next reply with a fresh hjt log. How's the system running?
  7. If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
 
Hi!! Happy New Year!!!

here is what you asked for!! the system is responding better...
========== FILES ==========
DllUnregisterServer procedure not found in C:\Archivos de programa\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Archivos de programa\Mozilla Firefox\plugins\NPMyWebS.dll NOT unregistered.
C:\Archivos de programa\Mozilla Firefox\plugins\NPMyWebS.dll moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01012009_124451


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:22 p.m., on 01/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\ARCHIV~1\AVG\AVG8\aAvgApi.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Archivos de programa\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\TEMP\Escritorio\OTMoveIt3.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARCHIV~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Archivos de programa\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARCHIV~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Archivos de programa\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe
O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Archivos de programa\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Archivos de programa\Autodesk Architectural Desktop 3\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Archivos de programa\Autodesk Architectural Desktop 3\InstBanr.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Archivos de programa\Autodesk Architectural Desktop 3\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Archivos de programa\Autodesk Architectural Desktop 3\AcPreview.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7204 bytes
 
Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis




Now lets uninstall ComboFix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

Next we remove all used tools.


  • Double-click OTMoveIt3.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • Download Adaware
    Adaware is a free program. It scans for known spyware on your computer. These scans should be run at least once every two weeks. For more information, see this tutorial
    The program is available for download here
  • Download Spybot
    Spybot is a scanner like adaware. It scans for spyware and other malicious programs. It is important to have both Adaware and Spybot on your computer because each program provides unique detection and pretection measures. Spybot has preventitive tools that stop programs from even installing on your computer.
    To see how to set this up as well as more spybot features, see here
    Spybot can be downloaded at this location
  • Download SpywareBlaster
    Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
    kill bits
    in the registry, so that certain activex controls can't install.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster here here
    SpywareBlaster tutorial
  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
    If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!).


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top