Internet Security System Virus

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Internet Security System Virus26th May 2010, 3:54 pm

hi,

yesterday may 25th, i got a virus, related with internet security system virus. A pop up message below right on my screen appears as soon i start windows and I can't execute anything, because lots of pop ups warning about virus appears immediately. After that internet explorer is open automatically, accesing to web pages such as porno.org or viagra.org.
I run a solution followings instructions given for an internet security system 2010 virus in another forum of this webpage but it didn't work. I downloaded Malwarebytes;Anti-Malware as you suggested, it found four trojans, and I deleted it, but then i restart my computer and the problem appeared again. I can't work with normal version of XP because the virus doesn't allow me, then I run the solution in a safe mode ( pressing f8 before windows start ).
I have attached a picture in which you can see how my screen looks like when i start windows. (It is in spanish, but at least you can get an idea about what's happening)

I hope you can help me.

Thanks in advance,

Alejandro

Re: Internet Security System Virus26th May 2010, 10:05 pm

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Internet Security System Virus DXwU4

Re: Internet Security System Virus27th May 2010, 1:43 am

I run OTL.exe in safe mode. It didn't seem to be working but after one minute the program generated this files. Hopefully you can find what are you looking for. Thanks

OTL logfile created on: 27/05/2010 11:33:48 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Alejandro Damian\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 775.00 Mb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 52.14 Gb Total Space | 4.52 Gb Free Space | 8.66% Space Free | Partition Type: NTFS
Drive D: | 51.84 Gb Total Space | 19.27 Gb Free Space | 37.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 954.10 Mb Total Space | 627.56 Mb Free Space | 65.78% Space Free | Partition Type: FAT32

Computer Name: ALEJANDRO-DAVAN
Current User Name: Alejandro Damian
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/27 11:26:34 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alejandro Damian\Escritorio\OTL.exe
PRC - [2008/04/14 20:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/05/27 11:26:34 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alejandro Damian\Escritorio\OTL.exe
MOD - [2008/04/14 20:47:12 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/01/29 13:52:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/22 02:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/27 01:57:41 | 000,069,632 | ---- | M] (Adobe Systems) [Disabled | Stopped] -- C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/05/14 04:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/24 22:45:58 | 000,127,656 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\WINDOWS\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2009/01/05 16:16:12 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Archivos de programa\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008/11/04 14:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/29 05:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- C:\Archivos de programa\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/10/26 05:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2006/10/27 04:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 13:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/06/20 13:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

========== Driver Services (SafeList) ==========

DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/15 12:11:48 | 000,689,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athr.sys -- (athr)
DRV - [2010/04/14 09:26:01 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/03/09 20:01:57 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Archivos de programa\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/06 13:55:08 | 001,590,528 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/11 22:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 22:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/15 20:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/02/14 00:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/21 11:16:58 | 000,465,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2008/04/14 11:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/18 00:03:46 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/06/01 01:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/05 07:19:20 | 000,546,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/12/23 01:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/23 01:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/23 01:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/17 09:17:38 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/06/17 09:17:38 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/06/17 09:17:36 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/03/04 02:52:30 | 000,192,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/01 04:17:00 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/03/15 03:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/pages/business/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/22 12:03:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2010/02/02 17:37:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2010/04/15 13:18:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Components: C:\Archivos de programa\Mozilla Thunderbird\components [2009/02/04 01:08:54 | 000,000,000 | ---D | M]

[2009/10/09 11:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alejandro Damian\Datos de programa\Mozilla\Extensions
[2010/05/25 18:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alejandro Damian\Datos de programa\Mozilla\Firefox\default\extensions
[2009/10/09 23:09:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alejandro Damian\Datos de programa\Mozilla\Firefox\default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/05 19:49:29 | 000,000,000 | -HSD | M] (GooglePreview) -- C:\Documents and Settings\Alejandro Damian\Datos de programa\Mozilla\Firefox\default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/05/25 18:06:38 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2007/06/21 18:38:54 | 000,079,432 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\plugins\CgpCore.dll
[2007/06/21 18:38:56 | 000,071,240 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\plugins\confmgr.dll
[2007/06/21 18:39:18 | 000,034,376 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\plugins\logging.dll
[2007/06/21 18:39:34 | 000,325,200 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\plugins\npicaN.dll
[2007/06/21 18:40:02 | 000,030,280 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\plugins\TcpPServ.dll
[2009/08/25 05:08:47 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2009/08/25 05:08:47 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2009/08/25 05:08:47 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2009/08/25 05:08:47 | 000,000,798 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2010/05/25 20:00:33 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISTray] C:\Archivos de programa\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Archivos de programa\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [sbdrafht] C:\Documents and Settings\Alejandro Damian\Configuración local\Datos de programa\eqvqamsvy\vproqsptssd.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [sbdrafht] C:\Documents and Settings\Alejandro Damian\Configuración local\Datos de programa\eqvqamsvy\vproqsptssd.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Synchronizer.lnk = C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Acrobat.lnk = C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\TL-WN321G Wireless Utility.lnk = C:\Archivos de programa\TP-LINK\TL-WN321G\COMMON\TWCU.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytoosl = 0
O8 - Extra context menu item: Anexar a PDF existente - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir a Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir destino de vínculo en archivo Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir selección a Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir selección a archivo PDF existente - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir vínculos seleccionados a Adobe PDF - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/18 02:52:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4dc41b70-1dd9-11de-82d0-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{508d9e02-1087-11de-8290-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{5320f8e6-0b0d-11de-827f-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{5a37245e-33e7-11de-834c-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{65b85d6f-443d-11de-839f-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{700cde00-0b0f-11de-8280-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{700cde01-0b0f-11de-8280-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{700cde02-0b0f-11de-8280-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{8d68cb5d-6dcb-11de-8456-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{8d68cb61-6dcb-11de-8456-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{9e406d50-43a9-11de-839d-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{a4766676-0b72-11de-8281-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{c6561374-22d5-11df-8706-0016d4cc348e}\Shell\AutoRun\command - "" = USBVAU~1\usbvault.exe
O33 - MountPoints2\{c6561374-22d5-11df-8706-0016d4cc348e}\Shell\explore\command - "" = USBVAU~1/usbvault.exe
O33 - MountPoints2\{c6561374-22d5-11df-8706-0016d4cc348e}\Shell\open\command - "" = USBVAU~1/usbvault.exe
O33 - MountPoints2\{cc21d4be-30c3-11de-8338-0016d4cc348e}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/27 11:30:17 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alejandro Damian\Escritorio\OTL.exe
[2010/05/27 01:20:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/27 01:05:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/27 01:05:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/27 01:05:14 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010/05/27 01:04:53 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alejandro Damian\Escritorio\mbam-setup.exe
[2010/05/26 23:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Sun
[2010/05/25 22:27:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Alejandro Damian\Recent
[2010/05/25 22:24:51 | 000,000,000 | ---D | C] -- C:\Archivos de programa\CCleaner
[2010/05/25 21:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
[2010/05/25 21:48:42 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SUPERAntiSpyware
[2010/05/25 21:03:01 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/05/25 19:59:39 | 000,467,750 | ---- | C] (InfoSpyware ) -- C:\Documents and Settings\Alejandro Damian\Escritorio\DelPSGuard.exe
[2010/05/25 19:31:51 | 000,000,000 | ---D | C] -- C:\Archivos de programa\DelPSGuard
[2010/05/25 19:04:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/25 18:50:30 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/05/25 18:50:25 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/05/25 18:50:24 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/05/25 18:50:08 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/05/25 18:49:45 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\PC Tools
[2010/05/25 18:49:44 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Spyware Doctor
[2010/05/25 18:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\PC Tools
[2010/05/25 18:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alejandro Damian\Datos de programa\PC Tools
[2010/05/25 18:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
[2010/05/25 17:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Macromedia
[2010/05/25 17:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Datos de programa\Adobe
[2010/05/25 17:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alejandro Damian\Configuración local\Datos de programa\eqvqamsvy
[2010/05/05 08:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alejandro Damian\Escritorio\pago derechos de autor
[2010/05/05 08:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alejandro Damian\Escritorio\Liquidación ventas de libros de terceros
[2010/04/27 20:21:41 | 000,000,000 | ---D | C] -- C:\Archivos de programa\TP-LINK
[2010/04/27 20:21:27 | 000,465,152 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt73.sys
[2010/04/27 20:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\TP-LINK Driver
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Datos de programa\*.tmp files -> C:\Documents and Settings\All Users\Datos de programa\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/27 11:32:14 | 000,498,526 | ---- | M] () -- C:\WINDOWS\System32\perfh00A.dat
[2010/05/27 11:32:14 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/27 11:32:14 | 000,086,560 | ---- | M] () -- C:\WINDOWS\System32\perfc00A.dat
[2010/05/27 11:32:14 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/27 11:32:13 | 001,102,808 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/27 11:27:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/27 11:26:34 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alejandro Damian\Escritorio\OTL.exe
[2010/05/27 01:20:36 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Alejandro Damian\NTUSER.DAT
[2010/05/27 01:20:36 | 000,000,304 | -HS- | M] () -- C:\Documents and Settings\Alejandro Damian\ntuser.ini
[2010/05/27 01:19:09 | 004,846,988 | -H-- | M] () -- C:\Documents and Settings\Alejandro Damian\Configuración local\Datos de programa\IconCache.db
[2010/05/27 01:18:08 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Acrobat.lnk
[2010/05/27 01:17:49 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/27 01:17:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/27 01:05:19 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2010/05/27 00:57:10 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alejandro Damian\Escritorio\mbam-setup.exe
[2010/05/26 23:29:47 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/25 22:24:52 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\CCleaner.lnk
[2010/05/25 21:48:45 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\SUPERAntiSpyware Free Edition.lnk
[2010/05/25 20:00:33 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/05/25 19:54:17 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\HijackThis.lnk
[2010/05/25 18:50:20 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Spyware Doctor.lnk
[2010/05/25 17:46:03 | 001,645,568 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\NEWScorp.ppt
[2010/05/25 13:37:51 | 001,959,936 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\News_Corp_still_going_2.ppt
[2010/05/24 16:44:52 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/22 19:56:52 | 002,330,519 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\Acr3.tmp.pdf
[2010/05/22 03:28:21 | 000,060,744 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (16).png
[2010/05/22 03:27:02 | 001,730,560 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\Recorte.shs
[2010/05/22 03:14:22 | 000,080,969 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (15).png
[2010/05/22 03:10:37 | 000,211,295 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (14).png
[2010/05/22 03:08:02 | 000,173,256 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (13).png
[2010/05/22 03:05:59 | 000,256,867 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (12).png
[2010/05/22 03:04:21 | 000,215,458 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (11).png
[2010/05/22 03:02:39 | 000,324,128 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (10).png
[2010/05/22 03:01:05 | 000,129,696 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (9).png
[2010/05/22 02:56:03 | 000,410,048 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (8).png
[2010/05/22 02:52:53 | 000,107,237 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (7).png
[2010/05/21 14:11:54 | 000,516,608 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\News Corporation Executive Summary.doc
[2010/05/20 22:11:55 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/17 04:10:33 | 000,190,361 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\xid-3821427_2.pdf
[2010/05/17 04:07:17 | 000,055,932 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\Student Name.docx
[2010/05/17 03:59:24 | 000,048,900 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\xid-3813380_2.pdf
[2010/05/07 12:32:22 | 000,263,767 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\2010 UBS Investment Banking Challenge.pdf
[2010/05/06 10:04:37 | 000,196,608 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\Reglamento_InternoEdificio_Mirador_del_Puerto.doc
[2010/05/02 12:06:20 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 12:34:18 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\Rescate Dolares.doc
[2010/04/29 12:34:05 | 000,054,889 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\Rescate Dolares.pdf
[2010/04/27 21:30:42 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\PORTER_five_force3.doc
[2010/04/27 20:21:56 | 000,001,933 | ---- | M] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\TL-WN321G Wireless Utility.lnk
[2010/04/27 20:21:56 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\TL-WN321G Wireless Utility.lnk
[2010/04/27 18:21:08 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\ALE2009.XLS
[2010/04/27 18:20:29 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\HONOR_AD_2009.xls
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Datos de programa\*.tmp files -> C:\Documents and Settings\All Users\Datos de programa\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/27 01:05:19 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2010/05/25 22:24:52 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\CCleaner.lnk
[2010/05/25 21:48:45 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\SUPERAntiSpyware Free Edition.lnk
[2010/05/25 19:54:17 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\HijackThis.lnk
[2010/05/25 18:50:31 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/05/25 18:50:25 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/05/25 18:50:25 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/05/25 18:50:20 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Spyware Doctor.lnk
[2010/05/25 18:50:09 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/05/25 17:46:00 | 001,645,568 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\NEWScorp.ppt
[2010/05/23 22:37:10 | 001,959,936 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\News_Corp_still_going_2.ppt
[2010/05/22 19:56:47 | 002,330,519 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\Acr3.tmp.pdf
[2010/05/22 03:28:30 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (16).png
[2010/05/22 03:27:01 | 001,730,560 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\Recorte.shs
[2010/05/22 03:14:37 | 000,080,969 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (15).png
[2010/05/22 03:10:49 | 000,211,295 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (14).png
[2010/05/22 03:08:16 | 000,173,256 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (13).png
[2010/05/22 03:06:11 | 000,256,867 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (12).png
[2010/05/22 03:04:34 | 000,215,458 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (11).png
[2010/05/22 03:02:50 | 000,324,128 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (10).png
[2010/05/22 03:01:19 | 000,129,696 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (9).png
[2010/05/22 02:56:34 | 000,410,048 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (8).png
[2010/05/22 02:53:07 | 000,107,237 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\New Picture (7).png
[2010/05/21 10:19:03 | 000,516,608 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\News Corporation Executive Summary.doc
[2010/05/17 04:10:33 | 000,190,361 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\xid-3821427_2.pdf
[2010/05/17 04:07:16 | 000,055,932 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\Student Name.docx
[2010/05/17 03:59:24 | 000,048,900 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\xid-3813380_2.pdf
[2010/05/07 12:32:22 | 000,263,767 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\2010 UBS Investment Banking Challenge.pdf
[2010/05/06 10:04:35 | 000,196,608 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\Reglamento_InternoEdificio_Mirador_del_Puerto.doc
[2010/04/29 12:34:05 | 000,054,889 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\Rescate Dolares.pdf
[2010/04/27 21:30:42 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\PORTER_five_force3.doc
[2010/04/27 20:21:56 | 000,001,933 | ---- | C] () -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\TL-WN321G Wireless Utility.lnk
[2010/04/27 20:21:56 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\TL-WN321G Wireless Utility.lnk
[2010/04/27 18:21:08 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\ALE2009.XLS
[2010/04/27 18:20:29 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Alejandro Damian\Escritorio\HONOR_AD_2009.xls
[2010/03/04 08:14:08 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\spd__l3.dll
[2010/03/04 08:14:06 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\DscPnt1.dll
[2010/03/04 08:14:06 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\DscPnt0.dll
[2010/03/04 08:14:06 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\DscPnt.dll
[2009/10/08 16:01:40 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/10/05 10:59:44 | 000,000,091 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/09/23 11:33:14 | 000,000,169 | ---- | C] () -- C:\WINDOWS\htsprefs.ini
[2009/08/23 22:00:47 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\dg151.dll
[2009/08/05 17:00:41 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2009/08/04 05:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/13 20:37:08 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/22 12:05:46 | 000,000,059 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/03 09:46:51 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/18 06:08:37 | 000,007,683 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2008/04/18 05:43:07 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2008/04/18 05:32:22 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2008/04/18 03:11:57 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/18 00:57:24 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 27/05/2010 11:33:48 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Alejandro Damian\Escritorio
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 775.00 Mb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 52.14 Gb Total Space | 4.52 Gb Free Space | 8.66% Space Free | Partition Type: NTFS
Drive D: | 51.84 Gb Total Space | 19.27 Gb Free Space | 37.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 954.10 Mb Total Space | 627.56 Mb Free Space | 65.78% Space Free | Partition Type: FAT32

Computer Name: ALEJANDRO-DAVAN
Current User Name: Alejandro Damian
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Archivos de programa\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Archivos de programa\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\ARCHIV~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\DNA\btdna.exe" = C:\Archivos de programa\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Archivos de programa\BitTorrent\bittorrent.exe" = C:\Archivos de programa\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Archivos de programa\uTorrent\uTorrent.exe" = C:\Archivos de programa\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Archivos de programa\Ares\Ares.exe" = C:\Archivos de programa\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- File not found
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe" = C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Archivos de programa\Microsoft Office\Office12\GROOVE.EXE" = C:\Archivos de programa\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Archivos de programa\Microsoft Office\Office12\ONENOTE.EXE" = C:\Archivos de programa\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\system32\SUPDSvc.exe" = C:\WINDOWS\system32\SUPDSvc.exe:*:Enabled:Samsung UPD Service -- (Samsung Electronics CO., LTD.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF78023-EFA4-491F-9F5A-284DE97AA326}" = TL-WN321G Wireless Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype

4.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call
"{593AFFA4-D08E-4272-BABB-420949D32A10}" = QUICKfind
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}" = Windows Live Essentials
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{903B0C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1040-7D00-7760-000000000003}" = Adobe Acrobat 8 Professional - Italiano, Español, Nederlands
"{AC76BA86-7AD7-1034-7B44-A81200000003}" = Adobe Reader 8.1.2 - Español
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Cliente Citrix Presentation Server - Web solamente
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2FFEEAA-0B48-4342-9B67-12ABB0B58F24}" = Windows Live Messenger
"{F70D5D8C-C1AF-40B3-9E47-3BB5F19EEA3A}" = Atheros for Acer Driver 5.3.0.35_Foxconn Installation Program
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 8 Professional - Italiano, Español, Nederlands" = Adobe Acrobat 8 Professional - Italiano, Español, Nederlands
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSPlayerp" = BS.Player PRO
"cald2" = Cambridge Advanced Learner's Dictionary - 2nd edition
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DelPSGuard_is1" = DelPSGuard versión 5.0.6
"DriverAgent.exe" = DriverAgent by eSupport.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InterActual Player" = InterActual Player
"KaraFun_is1" = KaraFun 1.18
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Thunderbird (2.0.0.6)" = Mozilla Thunderbird (2.0.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PowerISO" = PowerISO
"RealPlayer 6.0" = RealPlayer
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SopCast" = SopCast 3.0.3
"Spyware Doctor" = Spyware Doctor 7.0
"ST6UNST #1" = Maths Practice Space, Order & Chance Helper
"ST6UNST #2" = Math Addict 6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVAnts 1.0" = TVAnts 1.0
"Veetle TV" = Veetle TV 0.9.17
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Compresor WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

Re: Internet Security System Virus27th May 2010, 8:21 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

Internet Explorer

Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

Firefox

Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [sbdrafht] C:\Documents and Settings\Alejandro Damian\Configuración local\Datos de programa\eqvqamsvy\vproqsptssd.exe ()
O4 - HKCU..\Run: [sbdrafht] C:\Documents and Settings\Alejandro Damian\Configuración local\Datos de programa\eqvqamsvy\vproqsptssd.exe ()
O33 - MountPoints2\{4dc41b70-1dd9-11de-82d0-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{508d9e02-1087-11de-8290-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{5320f8e6-0b0d-11de-827f-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{5a37245e-33e7-11de-834c-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{65b85d6f-443d-11de-839f-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{700cde00-0b0f-11de-8280-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{700cde01-0b0f-11de-8280-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{700cde02-0b0f-11de-8280-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{8d68cb5d-6dcb-11de-8456-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{8d68cb61-6dcb-11de-8456-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{9e406d50-43a9-11de-839d-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{a4766676-0b72-11de-8281-0016d4cc348e}\Shell - "" = AutoRun
O33 - MountPoints2\{c6561374-22d5-11df-8706-0016d4cc348e}\Shell\AutoRun\command - "" = USBVAU~1\usbvault.exe
O33 - MountPoints2\{c6561374-22d5-11df-8706-0016d4cc348e}\Shell\explore\command - "" = USBVAU~1/usbvault.exe
O33 - MountPoints2\{c6561374-22d5-11df-8706-0016d4cc348e}\Shell\open\command - "" = USBVAU~1/usbvault.exe
O33 - MountPoints2\{cc21d4be-30c3-11de-8338-0016d4cc348e}\Shell - "" = AutoRun
[2010/05/25 17:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alejandro Damian\Configuración local\Datos de programa\eqvqamsvy
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Internet Security System Virus28th May 2010, 12:59 am

After removed the proxy settings in both browsers restarted my computer in normal mode, but the virus, didn't allow me to execute any program. I tried to open OTL.exe but a security warning window appeared: "Application cannot be executed. The file avwsc.exe is infected. Dou you want to activate your antivirus software now?"

Thanks

Re: Internet Security System Virus28th May 2010, 6:01 pm

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

Please Download Rkill.com. Save it to your Desktop.
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.
Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
Please be patient while the program looks for various malware programs and ends them.
When it has finished, the black window will automatically close and you can continue with the next step.

NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try my fix now.

Re: Internet Security System Virus29th May 2010, 2:51 am

Sorry, I made a mistake before, this is the result of the process indicated in post 4. Thanks.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sbdrafht deleted successfully.
C:\Documents and Settings\Alejandro Damian\Configuración local\Datos de programa\eqvqamsvy\vproqsptssd.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\sbdrafht deleted successfully.
File C:\Documents and Settings\Alejandro Damian\Configuración local\Datos de programa\eqvqamsvy\vproqsptssd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4dc41b70-1dd9-11de-82d0-0016d4cc348e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4dc41b70-1dd9-11de-82d0-0016d4cc348e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{508d9e02-1087-11de-8290-0016d4cc348e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{508d9e02-1087-11de-8290-0016d4cc348e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5320f8e6-0b0d-11de-827f-0016d4cc348e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5320f8e6-0b0d-11de-827f-0016d4cc348e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a37245e-33e7-11de-834c-0016d4cc348e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a37245e-33e7-11de-834c-0016d4cc348e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65b85d6f-443d-11de-839f-0016d4cc348e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65b85d6f-443d-11de-839f-0016d4cc348e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{700cde00-0b0f-11de-8280-0016d4cc348e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{700cde00-0b0f-11de-8280-0016d4cc348e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{700cde01-0b0f-11de-8280-0016d4cc348e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{700cde01-0b0f-11de-8280-0016d4cc348e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{700cde02-0b0f-11de-8280-0016d4cc348e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{700cde02-0b0f-11de-8280-0016d4cc348e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d68cb5d-6dcb-11de-8456-0016d4cc348e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d68cb5d-6dcb-11de-8456-0016d4cc348e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d68cb61-6dcb-11de-8456-0016d4cc348e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d68cb61-6dcb-11de-8456-0016d4cc348e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e406d50-43a9-11de-839d-0016d4cc348e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e406d50-43a9-11de-839d-0016d4cc348e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4766676-0b72-11de-8281-0016d4cc348e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4766676-0b72-11de-8281-0016d4cc348e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6561374-22d5-11df-8706-0016d4cc348e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6561374-22d5-11df-8706-0016d4cc348e}\ not found.
File USBVAU~1\usbvault.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6561374-22d5-11df-8706-0016d4cc348e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6561374-22d5-11df-8706-0016d4cc348e}\ not found.
File USBVAU~1/usbvault.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6561374-22d5-11df-8706-0016d4cc348e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6561374-22d5-11df-8706-0016d4cc348e}\ not found.
File USBVAU~1/usbvault.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc21d4be-30c3-11de-8338-0016d4cc348e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc21d4be-30c3-11de-8338-0016d4cc348e}\ not found.
C:\Documents and Settings\Alejandro Damian\Configuración local\Datos de programa\eqvqamsvy folder moved successfully.

OTL by OldTimer - Version 3.2.5.0 log created on 05292010_124830

Re: Internet Security System Virus29th May 2010, 2:58 am

I have restarted my computer after the process above indicated and the problem seems to be dissapeared. Many Thanks for your help and let me know if you need more information about my system

Alejandro.

Re: Internet Security System Virus29th May 2010, 9:38 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: Internet Security System Virus31st May 2010, 1:16 pm

Thanks a lot. These are the contents of the MBAM Log.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versión de la Base de Datos: 4157

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31/05/2010 23:05:11
mbam-log-2010-05-31 (23-05-11).txt

Tipos de Análisis: Análisis Rápido
Objetos examinados: 129147
Tiempo transcurrido: 8 minuto(s), 4 segundo(s)

Procesos en Memoria Infectados: 0
Módulos de Memoria Infectados: 0
Claves del Registro Infectadas: 4
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Archivos Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos de Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Archivos Infectados:
(No se han detectado elementos maliciosos)

Re: Internet Security System Virus31st May 2010, 11:33 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Internet Security System Virus1st June 2010, 2:06 am

Why do I need to run the combo fix, if the system seems to be OK after run the RKill and the Malwarebytes' Anti-Malware 1.46?

Thanks

Re: Internet Security System Virus1st June 2010, 8:45 pm

Combofix can check deeper places that MBAM can't.

Re: Internet Security System Virus2nd June 2010, 8:37 am

Ok, thanks, This is the LOG.TXT:

ComboFix 10-06-01.01 - Alejandro Damian 02/06/2010 18:14:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.1014.643 [GMT 10:00]
Running from: c:\documents and settings\Alejandro Damian\Escritorio\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Desktop_.ini

Infected copy of c:\windows\system32\drivers\disk.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-02 to 2010-06-02 )))))))))))))))))))))))))))))))
.

2010-05-31 12:54 . 2010-06-02 07:59 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-05-31 04:01 . 2010-05-31 04:02 -------- d-----w- c:\windows\ie8updates
2010-05-30 12:53 . 2010-05-30 12:53 503808 ----a-w- c:\documents and settings\Alejandro Damian\Datos de programa\Sun\Java\Deployment\cache\6.0\46\f84c6ae-1400ffd7-n\msvcp71.dll
2010-05-30 12:53 . 2010-05-30 12:53 499712 ----a-w- c:\documents and settings\Alejandro Damian\Datos de programa\Sun\Java\Deployment\cache\6.0\46\f84c6ae-1400ffd7-n\jmc.dll
2010-05-30 12:53 . 2010-05-30 12:53 348160 ----a-w- c:\documents and settings\Alejandro Damian\Datos de programa\Sun\Java\Deployment\cache\6.0\46\f84c6ae-1400ffd7-n\msvcr71.dll
2010-05-30 12:33 . 2010-05-30 12:35 -------- d-----w- c:\archivos de programa\EViews6
2010-05-30 08:13 . 2010-05-30 08:13 -------- d-----w- c:\documents and settings\Alejandro Damian\Datos de programa\Quantitative Micro Software
2010-05-30 08:02 . 2010-05-30 08:02 45 ---h--r- c:\windows\pjd_user.dat
2010-05-30 07:22 . 2010-02-25 06:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-30 07:22 . 2010-02-25 06:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-30 07:15 . 2010-05-30 07:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-29 04:42 . 2010-05-29 04:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-29 03:21 . 2010-05-29 03:21 -------- d-sh--w- c:\documents and settings\Alejandro Damian\PrivacIE
2010-05-29 03:19 . 2010-05-29 03:19 -------- d-sh--w- c:\documents and settings\Alejandro Damian\IETldCache
2010-05-29 03:10 . 2010-05-29 03:12 -------- dc-h--w- c:\windows\ie8
2010-05-29 02:48 . 2010-05-29 02:48 -------- d-----w- C:\_OTL
2010-05-25 12:24 . 2010-05-25 12:24 -------- d-----w- c:\archivos de programa\CCleaner
2010-05-25 11:03 . 2009-06-29 23:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-05-25 09:31 . 2010-05-29 02:33 -------- d-----w- c:\archivos de programa\DelPSGuard
2010-05-25 08:49 . 2010-05-29 02:36 -------- d---a-w- c:\documents and settings\All Users\Datos de programa\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 11:34 . 2009-04-10 10:13 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Google Updater
2010-05-30 15:51 . 2008-09-01 03:08 -------- d-----w- c:\documents and settings\Alejandro Damian\Datos de programa\uTorrent
2010-05-30 12:33 . 2008-04-17 19:32 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
2010-05-30 10:47 . 2008-09-01 02:58 -------- d-----w- c:\documents and settings\Alejandro Damian\Datos de programa\BitTorrent
2010-05-30 07:24 . 2010-04-15 03:53 -------- d-----w- c:\documents and settings\Alejandro Damian\Datos de programa\ICAClient
2010-05-29 02:57 . 2004-08-20 12:00 86976 ----a-w- c:\windows\system32\perfc00A.dat
2010-05-29 02:57 . 2004-08-20 12:00 499124 ----a-w- c:\windows\system32\perfh00A.dat
2010-05-26 13:29 . 2009-11-26 07:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-25 11:02 . 2010-04-12 12:41 -------- d-----w- c:\archivos de programa\Panda Security
2010-05-25 10:59 . 2009-02-06 18:48 -------- d-----w- c:\archivos de programa\ESET
2010-05-25 00:27 . 2010-04-05 00:49 439816 ----a-w- c:\documents and settings\Alejandro Damian\Datos de programa\Real\Update\setup3.10\setup.exe
2010-05-13 04:03 . 2009-07-30 13:10 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Microsoft Help
2010-05-11 02:57 . 2009-03-27 01:20 -------- d-----w- c:\documents and settings\Alejandro Damian\Datos de programa\Skype
2010-04-27 10:21 . 2010-04-27 10:21 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-27 10:21 . 2010-04-27 10:21 -------- d-----w- c:\archivos de programa\TP-LINK
2010-04-27 10:21 . 2010-04-27 10:21 -------- d-----w- c:\documents and settings\All Users\Datos de programa\TP-LINK Driver
2010-04-25 00:49 . 2010-04-25 00:48 -------- d-----w- c:\archivos de programa\Veetle
2010-04-15 03:18 . 2010-04-15 03:18 -------- d-----w- c:\archivos de programa\Citrix
2010-04-15 02:33 . 2008-04-17 19:32 -------- d-----w- c:\archivos de programa\Atheros
2010-04-15 02:11 . 2009-11-21 00:18 689664 ----a-w- c:\windows\system32\drivers\athr.sys
2010-04-15 01:59 . 2009-10-21 06:08 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
2010-04-15 01:59 . 2009-10-21 06:08 -------- d-----w- c:\archivos de programa\Spybot - Search & Destroy
2010-04-15 01:56 . 2010-04-13 23:59 -------- d-----w- c:\archivos de programa\Yahoo!
2010-04-15 01:52 . 2010-04-14 00:23 -------- d-----w- c:\archivos de programa\Lavasoft
2010-04-15 01:52 . 2010-04-13 23:40 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Lavasoft
2010-04-13 23:59 . 2010-04-13 23:59 -------- d-----w- c:\documents and settings\Alejandro Damian\Datos de programa\Yahoo!
2010-04-13 23:55 . 2010-04-13 23:55 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Grisoft
2010-04-13 23:26 . 2010-04-13 23:26 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-04-13 10:43 . 2010-04-13 10:43 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Alwil Software
2010-04-13 10:43 . 2010-04-13 10:43 -------- d-----w- c:\archivos de programa\Alwil Software
2010-03-10 06:16 . 2004-08-20 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 10:01 . 2010-03-08 09:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2007-06-21 08:38 . 2007-06-21 08:38 30280 ----a-w- c:\archivos de programa\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 08:38 . 2007-06-21 08:38 79432 ----a-w- c:\archivos de programa\mozilla firefox\plugins\CgpCore.dll
2007-06-21 08:38 . 2007-06-21 08:38 71240 ----a-w- c:\archivos de programa\mozilla firefox\plugins\confmgr.dll
2007-06-21 08:38 . 2007-06-21 08:38 140872 ----a-w- c:\archivos de programa\mozilla firefox\plugins\ctxmui.dll
2007-06-21 08:39 . 2007-06-21 08:39 38472 ----a-w- c:\archivos de programa\mozilla firefox\plugins\icafile.dll
2007-06-21 08:39 . 2007-06-21 08:39 46664 ----a-w- c:\archivos de programa\mozilla firefox\plugins\icalogon.dll
2007-06-21 08:39 . 2007-06-21 08:39 34376 ----a-w- c:\archivos de programa\mozilla firefox\plugins\logging.dll
2007-06-21 08:39 . 2007-06-21 08:39 685640 ----a-w- c:\archivos de programa\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 08:40 . 2007-06-21 08:40 30280 ----a-w- c:\archivos de programa\mozilla firefox\plugins\TcpPServ.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 2744C713F0217BD8FFD13E2EF731371C . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 2744C713F0217BD8FFD13E2EF731371C . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\c6accdcd02a08bf2b2edd97027272422\eventlog.dll
[7] 2004-08-20 . 5696DF4EF09C375CE42FB2DDE1E68AB7 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2008-08-22 185896]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2010-02-13 149280]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2009-03-07 155648]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MaxMenuMgr"="c:\archivos de programa\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"Acrobat Assistant 8.0"="c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Adobe Reader Synchronizer.lnk - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Inicio r pido de Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2010-1-29 295606]
TL-WN321G Wireless Utility.lnk - c:\archivos de programa\TP-LINK\TL-WN321G\COMMON\TWCU.exe [2010-4-27 1298432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\DNA\\btdna.exe"=
"c:\\Archivos de programa\\BitTorrent\\bittorrent.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [25/05/2010 21:03 28552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [08/03/2010 19:19 108289]
R2 FreeAgentGoNext Service;Seagate Service;c:\archivos de programa\Seagate\SeagateManager\Sync\FreeAgentService.exe [29/10/2008 5:42 156968]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [14/04/2010 9:26 23456]
S3 PEEK5;PEEK5 Protocol Driver;\??\c:\docume~1\ALEJAN~1\ESCRIT~1\AC\AIRCRA~1.3-W\bin\PEEK5.SYS --> c:\docume~1\ALEJAN~1\ESCRIT~1\AC\AIRCRA~1.3-W\bin\PEEK5.SYS [?]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [04/03/2010 8:14 127656]
.
Contents of the 'Scheduled Tasks' folder

2010-06-02 c:\windows\Tasks\Google Software Updater.job
- c:\archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-27 10:13]

2010-03-05 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-02-02 07:44]

2009-10-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nytimes.com/pages/business/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Anexar a PDF existente - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir a Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir destino de vínculo a PDF existente - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir destino de vínculo en archivo Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a archivo PDF existente - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir vínculos seleccionados a Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir vínculos seleccionados a PDF existente - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-02 18:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-413027322-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:38,09,ee,a7,78,65,46,3a,86,d7,06,7e,69,da,95,ef,d7,2c,78,e5,1f,13,2a,
18,39,1c,90,0a,16,ae,ce,32,5b,3b,df,8d,1d,2c,52,0c,5d,6a,60,73,43,ab,9a,f2,\
"??"=hex:42,5b,9e,1f,ee,fa,1c,d0,97,09,10,d1,40,52,ac,db

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Completion time: 2010-06-02 18:29:23
ComboFix-quarantined-files.txt 2010-06-02 08:29

Pre-Run: 3,167,318,016 bytes libres
Post-Run: 3,232,354,304 bytes libres

- - End Of File - - 491A37DD3EA67EC0AB0B8F235533A11D

Re: Internet Security System Virus2nd June 2010, 8:32 pm

Hello.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
KILLALL:: FCopy:: c:\windows\$NtServicePackUninstall$\eventlog.dll | c:\windows\System32\eventlog.dll Registry:: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "disableregistrytoosl"=- DDS:: uInternet Settings,ProxyOverride = uInternet Settings,ProxyServer = http=127.0.0.1:5555
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Internet Security System Virus3rd June 2010, 8:08 am

ComboFix 10-06-01.01 - Alejandro Damian 03/06/2010 17:52:03.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.1014.659 [GMT 10:00]
Running from: c:\documents and settings\Alejandro Damian\Escritorio\Combo-Fix.exe
Command switches used :: c:\documents and settings\Alejandro Damian\Escritorio\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\eventlog.dll --> c:\windows\System32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))
.

2010-06-03 07:52 . 2004-08-20 12:00 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2010-06-03 07:52 . 2004-08-20 12:00 55808 ----a-w- c:\windows\system32\eventlog.dll
2010-05-31 12:54 . 2010-06-02 07:59 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-05-31 04:01 . 2010-05-31 04:02 -------- d-----w- c:\windows\ie8updates
2010-05-30 12:53 . 2010-05-30 12:53 503808 ----a-w- c:\documents and settings\Alejandro Damian\Datos de programa\Sun\Java\Deployment\cache\6.0\46\f84c6ae-1400ffd7-n\msvcp71.dll
2010-05-30 12:53 . 2010-05-30 12:53 499712 ----a-w- c:\documents and settings\Alejandro Damian\Datos de programa\Sun\Java\Deployment\cache\6.0\46\f84c6ae-1400ffd7-n\jmc.dll
2010-05-30 12:53 . 2010-05-30 12:53 348160 ----a-w- c:\documents and settings\Alejandro Damian\Datos de programa\Sun\Java\Deployment\cache\6.0\46\f84c6ae-1400ffd7-n\msvcr71.dll
2010-05-30 12:33 . 2010-05-30 12:35 -------- d-----w- c:\archivos de programa\EViews6
2010-05-30 08:13 . 2010-05-30 08:13 -------- d-----w- c:\documents and settings\Alejandro Damian\Datos de programa\Quantitative Micro Software
2010-05-30 08:02 . 2010-05-30 08:02 45 ---h--r- c:\windows\pjd_user.dat
2010-05-30 07:22 . 2010-02-25 06:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-30 07:22 . 2010-02-25 06:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-30 07:15 . 2010-05-30 07:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-29 04:42 . 2010-05-29 04:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-29 03:21 . 2010-05-29 03:21 -------- d-sh--w- c:\documents and settings\Alejandro Damian\PrivacIE
2010-05-29 03:19 . 2010-05-29 03:19 -------- d-sh--w- c:\documents and settings\Alejandro Damian\IETldCache
2010-05-29 03:10 . 2010-05-29 03:12 -------- dc-h--w- c:\windows\ie8
2010-05-29 02:48 . 2010-05-29 02:48 -------- d-----w- C:\_OTL
2010-05-25 12:24 . 2010-05-25 12:24 -------- d-----w- c:\archivos de programa\CCleaner
2010-05-25 11:03 . 2009-06-29 23:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-05-25 09:31 . 2010-05-29 02:33 -------- d-----w- c:\archivos de programa\DelPSGuard
2010-05-25 08:49 . 2010-05-29 02:36 -------- d---a-w- c:\documents and settings\All Users\Datos de programa\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-03 00:37 . 2009-04-10 10:13 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Google Updater
2010-05-30 15:51 . 2008-09-01 03:08 -------- d-----w- c:\documents and settings\Alejandro Damian\Datos de programa\uTorrent
2010-05-30 12:33 . 2008-04-17 19:32 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
2010-05-30 10:47 . 2008-09-01 02:58 -------- d-----w- c:\documents and settings\Alejandro Damian\Datos de programa\BitTorrent
2010-05-30 07:24 . 2010-04-15 03:53 -------- d-----w- c:\documents and settings\Alejandro Damian\Datos de programa\ICAClient
2010-05-29 02:57 . 2004-08-20 12:00 86976 ----a-w- c:\windows\system32\perfc00A.dat
2010-05-29 02:57 . 2004-08-20 12:00 499124 ----a-w- c:\windows\system32\perfh00A.dat
2010-05-26 13:29 . 2009-11-26 07:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-25 11:02 . 2010-04-12 12:41 -------- d-----w- c:\archivos de programa\Panda Security
2010-05-25 10:59 . 2009-02-06 18:48 -------- d-----w- c:\archivos de programa\ESET
2010-05-25 00:27 . 2010-04-05 00:49 439816 ----a-w- c:\documents and settings\Alejandro Damian\Datos de programa\Real\Update\setup3.10\setup.exe
2010-05-13 04:03 . 2009-07-30 13:10 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Microsoft Help
2010-05-11 02:57 . 2009-03-27 01:20 -------- d-----w- c:\documents and settings\Alejandro Damian\Datos de programa\Skype
2010-04-27 10:21 . 2010-04-27 10:21 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-27 10:21 . 2010-04-27 10:21 -------- d-----w- c:\archivos de programa\TP-LINK
2010-04-27 10:21 . 2010-04-27 10:21 -------- d-----w- c:\documents and settings\All Users\Datos de programa\TP-LINK Driver
2010-04-25 00:49 . 2010-04-25 00:48 -------- d-----w- c:\archivos de programa\Veetle
2010-04-15 03:18 . 2010-04-15 03:18 -------- d-----w- c:\archivos de programa\Citrix
2010-04-15 02:33 . 2008-04-17 19:32 -------- d-----w- c:\archivos de programa\Atheros
2010-04-15 02:11 . 2009-11-21 00:18 689664 ----a-w- c:\windows\system32\drivers\athr.sys
2010-04-15 01:59 . 2009-10-21 06:08 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
2010-04-15 01:59 . 2009-10-21 06:08 -------- d-----w- c:\archivos de programa\Spybot - Search & Destroy
2010-04-15 01:56 . 2010-04-13 23:59 -------- d-----w- c:\archivos de programa\Yahoo!
2010-04-15 01:52 . 2010-04-14 00:23 -------- d-----w- c:\archivos de programa\Lavasoft
2010-04-15 01:52 . 2010-04-13 23:40 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Lavasoft
2010-04-13 23:59 . 2010-04-13 23:59 -------- d-----w- c:\documents and settings\Alejandro Damian\Datos de programa\Yahoo!
2010-04-13 23:55 . 2010-04-13 23:55 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Grisoft
2010-04-13 23:26 . 2010-04-13 23:26 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-04-13 10:43 . 2010-04-13 10:43 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Alwil Software
2010-04-13 10:43 . 2010-04-13 10:43 -------- d-----w- c:\archivos de programa\Alwil Software
2010-03-10 06:16 . 2004-08-20 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 10:01 . 2010-03-08 09:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2007-06-21 08:38 . 2007-06-21 08:38 30280 ----a-w- c:\archivos de programa\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 08:38 . 2007-06-21 08:38 79432 ----a-w- c:\archivos de programa\mozilla firefox\plugins\CgpCore.dll
2007-06-21 08:38 . 2007-06-21 08:38 71240 ----a-w- c:\archivos de programa\mozilla firefox\plugins\confmgr.dll
2007-06-21 08:38 . 2007-06-21 08:38 140872 ----a-w- c:\archivos de programa\mozilla firefox\plugins\ctxmui.dll
2007-06-21 08:39 . 2007-06-21 08:39 38472 ----a-w- c:\archivos de programa\mozilla firefox\plugins\icafile.dll
2007-06-21 08:39 . 2007-06-21 08:39 46664 ----a-w- c:\archivos de programa\mozilla firefox\plugins\icalogon.dll
2007-06-21 08:39 . 2007-06-21 08:39 34376 ----a-w- c:\archivos de programa\mozilla firefox\plugins\logging.dll
2007-06-21 08:39 . 2007-06-21 08:39 685640 ----a-w- c:\archivos de programa\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 08:40 . 2007-06-21 08:40 30280 ----a-w- c:\archivos de programa\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2008-08-22 185896]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2010-02-13 149280]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2009-03-07 155648]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MaxMenuMgr"="c:\archivos de programa\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"Acrobat Assistant 8.0"="c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Adobe Reader Synchronizer.lnk - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Inicio r pido de Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2010-1-29 295606]
TL-WN321G Wireless Utility.lnk - c:\archivos de programa\TP-LINK\TL-WN321G\COMMON\TWCU.exe [2010-4-27 1298432]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\DNA\\btdna.exe"=
"c:\\Archivos de programa\\BitTorrent\\bittorrent.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [25/05/2010 21:03 28552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [08/03/2010 19:19 108289]
R2 FreeAgentGoNext Service;Seagate Service;c:\archivos de programa\Seagate\SeagateManager\Sync\FreeAgentService.exe [29/10/2008 5:42 156968]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [14/04/2010 9:26 23456]
S3 PEEK5;PEEK5 Protocol Driver;\??\c:\docume~1\ALEJAN~1\ESCRIT~1\AC\AIRCRA~1.3-W\bin\PEEK5.SYS --> c:\docume~1\ALEJAN~1\ESCRIT~1\AC\AIRCRA~1.3-W\bin\PEEK5.SYS [?]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [04/03/2010 8:14 127656]
.
Contents of the 'Scheduled Tasks' folder

2010-06-03 c:\windows\Tasks\Google Software Updater.job
- c:\archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-27 10:13]

2010-06-03 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-02-02 07:44]

2010-06-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nytimes.com/pages/business/
uInternet Connection Wizard,ShellNext = iexplore
IE: Anexar a PDF existente - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir a Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir destino de vínculo a PDF existente - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir destino de vínculo en archivo Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a archivo PDF existente - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir vínculos seleccionados a Adobe PDF - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir vínculos seleccionados a PDF existente - c:\archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 17:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-413027322-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ae,10,16,83,2a,e8,c0,26,91,4d,31,1b,e0,42,0d,a1,17,fe,52,49,c5,fa,d2,
f3,12,53,b3,60,97,a9,7a,22,d8,a4,0f,4f,88,f0,61,2a,76,d0,3a,eb,82,1b,39,88,\
"??"=hex:63,71,4c,5a,41,89,29,93,64,f0,c1,9f,03,11,a5,5e

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3328)
c:\windows\system32\WININET.dll
c:\archiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Avira\AntiVir Desktop\avguard.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\archivos de programa\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2010-06-03 18:04:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-03 08:04
ComboFix2.txt 2010-06-02 08:29

Pre-Run: 3,213,225,984 bytes libres
Post-Run: 3,190,194,176 bytes libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0513EB538C8A0691428F66D073C7EA89

Re: Internet Security System Virus3rd June 2010, 9:26 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.s
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Internet Security System Virus

descriptionInternet Security System Virus26th May 2010, 3:54 pm

descriptionRe: Internet Security System Virus26th May 2010, 10:05 pm

descriptionRe: Internet Security System Virus27th May 2010, 1:43 am

descriptionRe: Internet Security System Virus27th May 2010, 8:21 pm

descriptionRe: Internet Security System Virus28th May 2010, 12:59 am

descriptionRe: Internet Security System Virus28th May 2010, 6:01 pm

descriptionRe: Internet Security System Virus29th May 2010, 2:51 am

descriptionRe: Internet Security System Virus29th May 2010, 2:58 am

descriptionRe: Internet Security System Virus29th May 2010, 9:38 pm

descriptionRe: Internet Security System Virus31st May 2010, 1:16 pm

descriptionRe: Internet Security System Virus31st May 2010, 11:33 pm

descriptionRe: Internet Security System Virus1st June 2010, 2:06 am

descriptionRe: Internet Security System Virus1st June 2010, 8:45 pm

descriptionRe: Internet Security System Virus2nd June 2010, 8:37 am

descriptionRe: Internet Security System Virus2nd June 2010, 8:32 pm

descriptionRe: Internet Security System Virus3rd June 2010, 8:08 am

descriptionRe: Internet Security System Virus3rd June 2010, 9:26 pm

descriptionRe: Internet Security System Virus