Solved Show hidden files messed up after virus rampage

Status
Not open for further replies.
C

Chaos999

Posts: 19   +0
Hello

I have recurred to this forum several times to solve some minor problems or find some info about a topic, but now I come asking for help.

I had de bad luck to get mi flash memory into a computer that was infected with something. I didn't noticed until I got home and got the USB into my own PC. Then I realized that my folders on the USB "dissapeared" and became shortcuts, a problem I have seen before on other people's memories.

I quickly ran a scan on the flash drive with Kaspersky internet security 2009 (databases up to date) and it found an infection as Trojan.win32.inject.bgsv and deleted it right away. Then I simply formated my flash drive.

Sadly that wasn't all I would see from that nasty virus.

Soon I realized some changes on my folder options. I couldn't see the hidden stuff anymore. Going to the options and cheking the showall option was of no use because y just kept getting back to the nohidden option by itself.

I suspected the virus had taken over my pc while I wasnt watching (curse you kaspersky) so I ran Dr. Web cure it! software, wich I trust more for removal, on full protection mode, then waited for 6 hours until it was finished (damn), but it didn't found anything suspicious (kind of a let down).

I google it a bit and found that some people fixed that problem changing a couple of entry values on the registry and I gave it a shot, but when tried it I noticed that there was nothing to fix (all values were as they were supposed to be) and I couldn't find anything else that refers my problem, so I came here.

I have ran Hijackthis and I'm attaching the log on this thread. I hope you can help.

Thanks in advance and sorry for any spelling errors, english is not my native language.

Also all my folder options used to be in spanish, but since the problem started they actually are shown in english, wich is odd.

I have this info on my pc in case it is of any use:

Os: Windows XP professional v. 2002 service pack 3 (fully updated)
AV: Kaspersky internet security 2009 (fully updated)
 

Attachments

  • hijackthis.log
    13.4 KB · Views: 0
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hi, thanks for your fast response. I have read your instructions, and those of the thread you gave me and follwed them. Here is the MBAM report log. As a side note, the first time I ran the quick scan, at some point i got a windows msg saying tha MBAM had found an error and had to close, but it went just fine the second time. I dunno if it means something or was just random.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Versión de la Base de Datos: 7457

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

13/08/2011 02:25:23 p.m.
mbam-log-2011-08-13 (14-25-23).txt

Tipos de Análisis: Análisis Rápido
Objetos examinados: 180067
Tiempo transcurrido: 7 minuto(s), 51 segundo(s)

Procesos en Memoria Infectados: 0
Módulos de Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Archivos Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos de Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Archivos Infectados:
(No se han detectado elementos maliciosos)

Will update this post shortly after step 3 (gotta go offline for it)

[EDIT] adding gmer log report

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-13 14:40:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340014A rev.8.10
Running: vuu6pe9g.exe; Driver: C:\DOCUME~1\LORDOF~1\CONFIG~1\Temp\uxldapob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xEDC9D0A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xEDC9D110]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7324B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7324B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7324B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7324B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\aamb7t56 \Device\Scsi\aamb7t561 865721E8
Device \FileSystem\Ntfs \Ntfs 867D61E8
Device \FileSystem\Fastfat \Fat 86039430

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- EOF - GMER 1.0.15 ----

[EDIT] adding DDS report log

DDS.txt

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by Lord of Chaos at 14:47:35 on 2011-08-13
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.991.417 [GMT -5:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\hkcmd.exe
C:\windows\system32\ICO.EXE
C:\windows\system32\FSRremoS.EXE
C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe
C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
C:\windows\system32\ctfmon.exe
C:\Archivos de programa\DAEMON Tools Lite\DTLite.exe
C:\windows\system32\Pelmiced.exe
C:\windows\system32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\Archivos de programa\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Archivos de programa\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Mozilla Firefox\plugin-container.exe
C:\windows\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431232
uURLSearchHooks: softonic.com4 Toolbar: {0974848a-b5bc-49f2-9778-307742b4a55d} - c:\archivos de programa\softonic.com4\tbsoft.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: softonic.com4 Toolbar: {0974848a-b5bc-49f2-9778-307742b4a55d} - c:\archivos de programa\softonic.com4\tbsoft.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\archivos de programa\winamp toolbar\winamptb.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\archivos de programa\conduitengine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\archivos de programa\divx\divx plus web player\npdivx32.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\archivos de programa\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\archivos de programa\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\archivos de programa\divx\divx plus web player\npdivx32.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\archivos de programa\moyea\flv downloader\MoyeaCth.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Barra de Herramientas MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\archivos de programa\msn toolbar\01.01.1601.0\msgr.es.es-mx\msntb.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\archivos de programa\daemon tools toolbar\DTToolbar.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\archivos de programa\winamp toolbar\winamptb.dll
TB: softonic.com4 Toolbar: {0974848a-b5bc-49f2-9778-307742b4a55d} - c:\archivos de programa\softonic.com4\tbsoft.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\archivos de programa\conduitengine\ConduitEngine.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\archivos de programa\daemon tools lite\DTLite.exe" -autorun
uRunOnce: [<NO NAME>] c:\archivos de programa\mozilla firefox\firefox.exe http://www.symantec.com/techsupp/se...0000015.00000022&c=00000082.00000049.000000b9
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [AVP] "c:\archivos de programa\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\archivos de programa\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [LogMeIn Hamachi Ui] "c:\archivos de programa\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [DivXUpdate] "c:\archivos de programa\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\archivos de programa\archivos comunes\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\archivos de programa\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [<NO NAME>]
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\adobeg~1.lnk - c:\archivos de programa\archivos comunes\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: DisallowRun = 0 (0x0)
mPolicies-explorer: DisallowRun = 0 (0x0)
IE: &D&escargar &con BitComet - c:\archivos de programa\bitcomet\BitComet.exe/AddLink.htm
IE: &D&escargar todo con BitComet - c:\archivos de programa\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Winamp Search - c:\documents and settings\all users\datos de programa\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Banner Ad Blocker - c:\archivos de programa\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office10\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\archivos de programa\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\archivos de programa\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\archivos de programa\windows live\writer\WriterBrowserExtension.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/ES-MX/a-UNO1/GAME_UNO1.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: LogCrypt - LogCrypt.dll
AppInit_DLLs: c:\archiv~1\kasper~1\kasper~1\mzvkbd3.dll,c:\archiv~1\kasper~1\kasper~1\adialhk.dll,c:\archiv~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
IFEO: hamachi-2-ui.exe - "c:\archivos de programa\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: softwareupdate.exe - "c:\archivos de programa\tuneup utilities 2011\TUAutoReactivator32.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lord of chaos\datos de programa\mozilla\firefox\profiles\6i6unky1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431232&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - softonic.com4 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.mx/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\archivos de programa\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - component: c:\archivos de programa\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\documents and settings\lord of chaos\datos de programa\mozilla\firefox\profiles\6i6unky1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\lord of chaos\datos de programa\mozilla\firefox\profiles\6i6unky1.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\documents and settings\lord of chaos\datos de programa\mozilla\firefox\profiles\6i6unky1.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll
FF - plugin: c:\archivos de programa\archivos comunes\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\archivos de programa\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\archivos de programa\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\archivos de programa\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\archivos de programa\microsoft\office live\npOLW.dll
FF - plugin: c:\archivos de programa\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\archivos de programa\mpcstar\codecs\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\archivos de programa\mpcstar\codecs\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\archivos de programa\mpcstar\codecs\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\archivos de programa\mpcstar\codecs\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\archivos de programa\mpcstar\codecs\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\archivos de programa\mpcstar\codecs\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\archivos de programa\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\archivos de programa\mpcstar\codecs\real\browser\plugins\nprpjplug.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-7-19 226832]
R2 AVP;Kaspersky Internet Security;c:\archivos de programa\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-11-11 208616]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]
S1 smtpdrv;smtpdrv;c:\windows\system32\drivers\smtpdrv.sys --> c:\windows\system32\drivers\smtpdrv.sys [?]
S2 NetCM;Network Connection Manager;c:\archivos de programa\common files\microsoft shared\speech\svchost.exe --> c:\archivos de programa\common files\microsoft shared\speech\svchost.exe [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\archivos de programa\garena\safedrv.sys --> c:\archivos de programa\garena\safedrv.sys [?]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\archivos de programa\logmein hamachi\hamachi-2.exe [2011-3-28 1242504]
.
=============== Created Last 30 ================
.
2011-08-13 19:07:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-13 19:07:01 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 03:33:15 388096 ----a-r- c:\documents and settings\lord of chaos\datos de programa\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-10 13:37:27 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 13:36:32 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:39 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:19:04 669696 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:19:04 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 18:19:03 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:16:11 371200 ----a-w- c:\windows\system32\html.iec
2011-06-21 01:03:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 17:44:48 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35:25 1859072 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 14:48:57.21 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 17/10/2006 10:50:05 p.m.
System Uptime: 13/08/2011 10:20:53 a.m. (4 hours ago)
.
Motherboard: Intel | | D865GKD
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | WMT478/NWD | 2800/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 6.335 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Módem PCI
Device ID: PCI\VEN_0086&DEV_1080&SUBSYS_10001028&REV_04\4&3A321F38&0&00F0
Manufacturer:
Name: Módem PCI
PNP Device ID: PCI\VEN_0086&DEV_1080&SUBSYS_10001028&REV_04\4&3A321F38&0&00F0
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_02C71014&REV_02\4&3A321F38&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_02C71014&REV_02\4&3A321F38&0&40F0
Service: E100B
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Actualización de seguridad para Windows XP (KB2507938)
Actualización de seguridad para Windows XP (KB2536276-v2)
Actualización de seguridad para Windows XP (KB2555917)
Actualización de seguridad para Windows XP (KB2559049)
Actualización de seguridad para Windows XP (KB2562937)
Actualización de seguridad para Windows XP (KB2566454)
Actualización de seguridad para Windows XP (KB2567680)
Actualización de seguridad para Windows XP (KB2570222)
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Astroburn Pro
BitComet 1.27
BlackBerry Device Software Updater
Conduit Engine
DAEMON Tools Lite
DAEMON Tools Toolbar
Defraggler
Fraps
Free Video to MP3 Converter version 4.2.19.324
Garena 2010
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
IcoFX 1.6.4
Instalación de DivX
Java Auto Updater
Junk Mail filter update
Kaspersky Internet Security 2009
LogMeIn Hamachi
Magic Video Converter Trial Version (English) 8.0.2.18
Malwarebytes' Anti-Malware versión 1.51.1.1800
Metal Slug Series with Enabled MAME 0.78
Metin2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office XP Professional con FrontPage
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mIRC
Mozilla Firefox 5.0 (x86 es-ES)
MpcStar 5.1
MSXML 4.0 SP2 (KB973688)
OpenAL
PBP Unpacker v0.94
Populus
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
softonic.com4 Toolbar
Songr
Star Wars Galactic Battlegrounds: Saga
TotalAudioConverter
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Writer
WinDS PRO
.
==== Event Viewer Messages From Past Week ========
.
13/08/2011 02:39:46 p.m., ERROR: atapi [9] - El dispositivo, \Device\Ide\IdePort0, no respondió en el tiempo de espera permitido.
13/08/2011 02:38:30 p.m., ERROR: atapi [9] - El dispositivo, \Device\Ide\IdePort0, no respondió en el tiempo de espera permitido.
13/08/2011 02:35:46 p.m., ERROR: atapi [9] - El dispositivo, \Device\Ide\IdePort0, no respondió en el tiempo de espera permitido.
12/08/2011 09:47:08 p.m., ERROR: Service Control Manager [7011] - Intervalo de espera (30000 ms.) para la respuesta de transacción del servicio TuneUp.UtilitiesSvc.
12/08/2011 09:46:10 p.m., ERROR: Service Control Manager [7023] - El servicio Servicio de restauración de sistema terminó con el error: El sistema no puede hallar el archivo especificado.
12/08/2011 09:46:06 p.m., ERROR: SRService [104] - Error en el proceso de inicialización de Restaurar sistema.
12/08/2011 09:02:35 p.m., ERROR: Service Control Manager [7011] - Intervalo de espera (30000 ms.) para la respuesta de transacción del servicio TuneUp.UtilitiesSvc.
12/08/2011 09:01:59 p.m., ERROR: Service Control Manager [7023] - El servicio Servicio de restauración de sistema terminó con el error: El sistema no puede hallar el archivo especificado.
12/08/2011 09:01:57 p.m., ERROR: SRService [104] - Error en el proceso de inicialización de Restaurar sistema.
12/08/2011 02:34:40 p.m., ERROR: Service Control Manager [7023] - El servicio Servicio de restauración de sistema terminó con el error: El sistema no puede hallar el archivo especificado.
12/08/2011 02:34:34 p.m., ERROR: SRService [104] - Error en el proceso de inicialización de Restaurar sistema.
12/08/2011 02:34:12 p.m., ERROR: Dhcp [1002] - La concesión de la dirección IP 192.168.1.103 para la tarjeta de red con la dirección de red 0011254BFC35 ha sido denegada por el servidor DHCP 192.168.1.254 (el servidor DHCP envió un mensaje DHCPNACK).
11/08/2011 10:22:04 a.m., ERROR: Service Control Manager [7011] - Intervalo de espera (30000 ms.) para la respuesta de transacción del servicio TuneUp.UtilitiesSvc.
11/08/2011 06:35:37 p.m., ERROR: Service Control Manager [7023] - El servicio Servicio de restauración de sistema terminó con el error: El sistema no puede hallar el archivo especificado.
11/08/2011 06:35:35 p.m., ERROR: SRService [104] - Error en el proceso de inicialización de Restaurar sistema.
10/08/2011 05:10:03 p.m., ERROR: Service Control Manager [7011] - Intervalo de espera (30000 ms.) para la respuesta de transacción del servicio TuneUp.UtilitiesSvc.
09/08/2011 04:44:38 p.m., ERROR: Service Control Manager [7011] - Intervalo de espera (30000 ms.) para la respuesta de transacción del servicio TuneUp.UtilitiesSvc.
08/08/2011 05:48:59 p.m., ERROR: Service Control Manager [7011] - Intervalo de espera (30000 ms.) para la respuesta de transacción del servicio TuneUp.UtilitiesSvc.
07/08/2011 11:35:17 a.m., ERROR: Dhcp [1002] - La concesión de la dirección IP 192.168.1.103 para la tarjeta de red con la dirección de red 0011254BFC35 ha sido denegada por el servidor DHCP 192.168.1.254 (el servidor DHCP envió un mensaje DHCPNACK).
06/08/2011 11:06:24 a.m., ERROR: Service Control Manager [7011] - Intervalo de espera (30000 ms.) para la respuesta de transacción del servicio TuneUp.UtilitiesSvc.
.
==== End Of File ===========================

Thats about it. If I missed something, please let me know (and sorry), but I think I did it right.
 
Let's see, if we can recover your missing/hidden features.
Download and run UnHide
Let me know, if it worked.
 
Hi. I downloaded and ran the tool. hidden stuff isn't hidden anymore, but the option on the folder options are still messed up. However i just noticed something, I made a new hidden folder for experimentation and i noticed i can see it even while hidden.

anyway, the option NOHIDDEN is still checked and keeps checking itself and still in english.

At this point i could consider myself satisfied since hidden folders are visible now, but if there was some way to completelly fix this peculiarity, it would be great. It just bugs me knowing something is not quite right.

Thanks again for all the time you dedicated to my problem
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Here it is what you asked. No reboot required.

2011/08/13 18:49:02.0781 2680 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/13 18:49:04.0421 2680 ================================================================================
2011/08/13 18:49:04.0421 2680 SystemInfo:
2011/08/13 18:49:04.0421 2680
2011/08/13 18:49:04.0421 2680 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/13 18:49:04.0421 2680 Product type: Workstation
2011/08/13 18:49:04.0421 2680 ComputerName: PCCHAOS
2011/08/13 18:49:04.0421 2680 UserName: Lord of Chaos
2011/08/13 18:49:04.0421 2680 Windows directory: C:\windows
2011/08/13 18:49:04.0421 2680 System windows directory: C:\windows
2011/08/13 18:49:04.0421 2680 Processor architecture: Intel x86
2011/08/13 18:49:04.0421 2680 Number of processors: 2
2011/08/13 18:49:04.0421 2680 Page size: 0x1000
2011/08/13 18:49:04.0421 2680 Boot type: Normal boot
2011/08/13 18:49:04.0421 2680 ================================================================================
2011/08/13 18:49:05.0890 2680 Initialize success
2011/08/13 18:49:13.0843 0296 ================================================================================
2011/08/13 18:49:13.0843 0296 Scan started
2011/08/13 18:49:13.0843 0296 Mode: Manual;
2011/08/13 18:49:13.0843 0296 ================================================================================
2011/08/13 18:49:14.0906 0296 ACPI (cf2a07e1751a2d612d7e13aa431ab057) C:\windows\system32\DRIVERS\ACPI.sys
2011/08/13 18:49:15.0000 0296 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\windows\system32\drivers\ACPIEC.sys
2011/08/13 18:49:15.0156 0296 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\windows\system32\drivers\aeaudio.sys
2011/08/13 18:49:15.0296 0296 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
2011/08/13 18:49:15.0421 0296 AFD (355556d9e580915118cd7ef736653a89) C:\windows\System32\drivers\afd.sys
2011/08/13 18:49:15.0906 0296 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\windows\system32\drivers\ASAPIW2k.sys
2011/08/13 18:49:16.0296 0296 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\windows\system32\drivers\Aspi32.sys
2011/08/13 18:49:16.0453 0296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
2011/08/13 18:49:16.0593 0296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
2011/08/13 18:49:16.0781 0296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
2011/08/13 18:49:16.0921 0296 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
2011/08/13 18:49:17.0078 0296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
2011/08/13 18:49:17.0390 0296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
2011/08/13 18:49:17.0578 0296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
2011/08/13 18:49:17.0718 0296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
2011/08/13 18:49:17.0859 0296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
2011/08/13 18:49:18.0500 0296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
2011/08/13 18:49:18.0687 0296 dmboot (c252a99c0a78b39faa2e2d1d048b1050) C:\windows\system32\drivers\dmboot.sys
2011/08/13 18:49:18.0906 0296 dmio (33b4d4039cd2cb25351a7bf13b2988d9) C:\windows\system32\drivers\dmio.sys
2011/08/13 18:49:19.0046 0296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
2011/08/13 18:49:19.0234 0296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
2011/08/13 18:49:19.0468 0296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
2011/08/13 18:49:19.0703 0296 E100B (98b46b331404a951cabad8b4877e1276) C:\windows\system32\DRIVERS\e100b325.sys
2011/08/13 18:49:20.0000 0296 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
2011/08/13 18:49:20.0218 0296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys
2011/08/13 18:49:20.0343 0296 Fips (e5e61f2c07344e91dbfb7eafde549ab4) C:\windows\system32\drivers\Fips.sys
2011/08/13 18:49:20.0453 0296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\DRIVERS\flpydisk.sys
2011/08/13 18:49:20.0562 0296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys
2011/08/13 18:49:20.0734 0296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
2011/08/13 18:49:20.0890 0296 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\windows\system32\DRIVERS\ftdisk.sys
2011/08/13 18:49:21.0125 0296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
2011/08/13 18:49:21.0234 0296 hamachi (833051c6c6c42117191935f734cfbd97) C:\windows\system32\DRIVERS\hamachi.sys
2011/08/13 18:49:21.0890 0296 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
2011/08/13 18:49:22.0078 0296 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
2011/08/13 18:49:22.0328 0296 i8042prt (4a2490a66e8271901e89dd5fb79748ae) C:\windows\system32\DRIVERS\i8042prt.sys
2011/08/13 18:49:22.0453 0296 ialm (cfc89f98c436c6687bd818abb6a4480b) C:\windows\system32\DRIVERS\ialmnt5.sys
2011/08/13 18:49:22.0578 0296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
2011/08/13 18:49:22.0781 0296 IntelIde (cdc98c84965ac816b3f76ec388e24078) C:\windows\system32\DRIVERS\intelide.sys
2011/08/13 18:49:22.0890 0296 intelppm (49a060498c09db18c3ea9939789005ab) C:\windows\system32\DRIVERS\intelppm.sys
2011/08/13 18:49:22.0984 0296 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys
2011/08/13 18:49:23.0093 0296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/08/13 18:49:23.0187 0296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
2011/08/13 18:49:23.0281 0296 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
2011/08/13 18:49:23.0390 0296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
2011/08/13 18:49:23.0500 0296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
2011/08/13 18:49:23.0609 0296 isapnp (0f3d281b0410fe5d482aada37d20524b) C:\windows\system32\DRIVERS\isapnp.sys
2011/08/13 18:49:23.0750 0296 Kbdclass (188ddd286bc0daea6984858c6a4d7bbf) C:\windows\system32\DRIVERS\kbdclass.sys
2011/08/13 18:49:23.0875 0296 kl1 (cd6a8fa9395460ffe7fd8881a6c67254) C:\windows\system32\drivers\kl1.sys
2011/08/13 18:49:23.0984 0296 klbg (f9089982ed97340984e3dd60edd75490) C:\windows\system32\drivers\klbg.sys
2011/08/13 18:49:24.0062 0296 KLFLTDEV (73eb94ad1c85b4a3c5a8b4d879f668b9) C:\windows\system32\DRIVERS\klfltdev.sys
2011/08/13 18:49:24.0187 0296 KLIF (2627c389ba33065b2e98118ce9d71e57) C:\windows\system32\DRIVERS\klif.sys
2011/08/13 18:49:24.0296 0296 klim5 (cd16a39c6f61c2ae0272e1f431353bf7) C:\windows\system32\DRIVERS\klim5.sys
2011/08/13 18:49:24.0421 0296 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
2011/08/13 18:49:24.0531 0296 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
2011/08/13 18:49:24.0765 0296 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\windows\system32\DRIVERS\mdc8021x.sys
2011/08/13 18:49:24.0859 0296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
2011/08/13 18:49:24.0937 0296 Modem (9024556e739b8469d2b8f5f0e4c9bc9f) C:\windows\system32\drivers\Modem.sys
2011/08/13 18:49:25.0031 0296 Mouclass (6fd36b4994a2363659a65c9f970cfdb7) C:\windows\system32\DRIVERS\mouclass.sys
2011/08/13 18:49:25.0109 0296 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\windows\system32\DRIVERS\mouhid.sys
2011/08/13 18:49:25.0203 0296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
2011/08/13 18:49:25.0312 0296 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
2011/08/13 18:49:25.0437 0296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
2011/08/13 18:49:25.0562 0296 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/08/13 18:49:25.0718 0296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
2011/08/13 18:49:25.0828 0296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
2011/08/13 18:49:25.0937 0296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
2011/08/13 18:49:26.0031 0296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
2011/08/13 18:49:26.0125 0296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
2011/08/13 18:49:26.0234 0296 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys
2011/08/13 18:49:26.0343 0296 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
2011/08/13 18:49:26.0484 0296 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys
2011/08/13 18:49:26.0625 0296 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
2011/08/13 18:49:26.0968 0296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
2011/08/13 18:49:27.0453 0296 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
2011/08/13 18:49:27.0625 0296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
2011/08/13 18:49:27.0937 0296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
2011/08/13 18:49:28.0421 0296 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
2011/08/13 18:49:28.0828 0296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
2011/08/13 18:49:28.0984 0296 NTIDrvr (3c25d8a23c366fbe1511b4a250a1a2ad) C:\windows\system32\DRIVERS\NTIDrvr.sys
2011/08/13 18:49:29.0078 0296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
2011/08/13 18:49:29.0156 0296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
2011/08/13 18:49:29.0250 0296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
2011/08/13 18:49:29.0359 0296 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\windows\system32\DRIVERS\nwlnkipx.sys
2011/08/13 18:49:29.0453 0296 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\windows\system32\DRIVERS\nwlnknb.sys
2011/08/13 18:49:29.0531 0296 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\windows\system32\DRIVERS\nwlnkspx.sys
2011/08/13 18:49:29.0656 0296 Parport (e7855cbd8bd1fda085a3f92cff7906e2) C:\windows\system32\DRIVERS\parport.sys
2011/08/13 18:49:29.0750 0296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
2011/08/13 18:49:29.0843 0296 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\windows\system32\drivers\ParVdm.sys
2011/08/13 18:49:29.0984 0296 PCI (f11bc84ae6c7b003b5e0c8eeb4a1f444) C:\windows\system32\DRIVERS\pci.sys
2011/08/13 18:49:30.0125 0296 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\windows\system32\DRIVERS\pciide.sys
2011/08/13 18:49:30.0234 0296 Pcmcia (f50c27cca56dc97b3a45e7f0059bd2ba) C:\windows\system32\drivers\Pcmcia.sys
2011/08/13 18:49:30.0531 0296 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\windows\system32\DRIVERS\pelmouse.sys
2011/08/13 18:49:30.0609 0296 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\windows\system32\DRIVERS\pelusblf.sys
2011/08/13 18:49:30.0890 0296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
2011/08/13 18:49:31.0015 0296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
2011/08/13 18:49:31.0078 0296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
2011/08/13 18:49:31.0187 0296 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\DRIVERS\PxHelp20.sys
2011/08/13 18:49:31.0515 0296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
2011/08/13 18:49:31.0625 0296 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/08/13 18:49:31.0734 0296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
2011/08/13 18:49:31.0828 0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
2011/08/13 18:49:31.0937 0296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
2011/08/13 18:49:32.0062 0296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/08/13 18:49:32.0187 0296 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys
2011/08/13 18:49:32.0296 0296 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\windows\system32\drivers\RDPWD.sys
2011/08/13 18:49:32.0406 0296 redbook (20950948970a0ea329b4254052bcf093) C:\windows\system32\DRIVERS\redbook.sys
2011/08/13 18:49:32.0546 0296 RimUsb (f17713d108aca124a139fde877eef68a) C:\windows\system32\Drivers\RimUsb.sys
2011/08/13 18:49:32.0625 0296 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
2011/08/13 18:49:32.0718 0296 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
2011/08/13 18:49:32.0921 0296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
2011/08/13 18:49:33.0062 0296 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys
2011/08/13 18:49:33.0140 0296 Serial (f41b42b92ae9c1191858c3f80cc24a9c) C:\windows\system32\DRIVERS\serial.sys
2011/08/13 18:49:33.0234 0296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
2011/08/13 18:49:33.0500 0296 smwdm (f41896d591106713649b7eba668324e6) C:\windows\system32\drivers\smwdm.sys
2011/08/13 18:49:33.0718 0296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
2011/08/13 18:49:33.0843 0296 sptd (614deea4bdcec3fd5a07bdc705723ad7) C:\windows\System32\Drivers\sptd.sys
2011/08/13 18:49:33.0843 0296 Suspicious file (NoAccess): C:\windows\System32\Drivers\sptd.sys. md5: 614deea4bdcec3fd5a07bdc705723ad7
2011/08/13 18:49:33.0859 0296 sptd - detected LockedFile.Multi.Generic (1)
2011/08/13 18:49:33.0968 0296 sr (ccb3065c3ee63a4515fe84af9e78d1dd) C:\windows\system32\DRIVERS\sr.sys
2011/08/13 18:49:34.0093 0296 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys
2011/08/13 18:49:34.0234 0296 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
2011/08/13 18:49:34.0343 0296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
2011/08/13 18:49:34.0593 0296 symlcbrd (6596892dd5abbe48f5876a551867a166) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/08/13 18:49:34.0812 0296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
2011/08/13 18:49:34.0921 0296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
2011/08/13 18:49:35.0046 0296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
2011/08/13 18:49:35.0156 0296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
2011/08/13 18:49:35.0265 0296 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
2011/08/13 18:49:35.0500 0296 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Archivos de programa\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
2011/08/13 18:49:35.0609 0296 tunmp (8f861eda21c05857eb8197300a92501c) C:\windows\system32\DRIVERS\tunmp.sys
2011/08/13 18:49:35.0687 0296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
2011/08/13 18:49:35.0859 0296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
2011/08/13 18:49:36.0000 0296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
2011/08/13 18:49:36.0093 0296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
2011/08/13 18:49:36.0218 0296 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys
2011/08/13 18:49:36.0343 0296 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/08/13 18:49:36.0437 0296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys
2011/08/13 18:49:36.0546 0296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
2011/08/13 18:49:36.0687 0296 VolSnap (c41ffdc191e6c832e2e53c967eae0a16) C:\windows\system32\drivers\VolSnap.sys
2011/08/13 18:49:36.0828 0296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
2011/08/13 18:49:36.0984 0296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
2011/08/13 18:49:37.0187 0296 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\windows\System32\drivers\ws2ifsl.sys
2011/08/13 18:49:37.0296 0296 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
2011/08/13 18:49:37.0437 0296 {6080A529-897E-4629-A488-ABA0C29B635E} (5ff57eedf48f189859d6e9bf81e297c5) C:\windows\system32\drivers\ialmsbw.sys
2011/08/13 18:49:37.0546 0296 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (c2eb14d84069443437f1b3b856bcb665) C:\windows\system32\drivers\ialmkchw.sys
2011/08/13 18:49:37.0578 0296 MBR (0x1B8) (792f61657fece3d17a9122b4ee282847) \Device\Harddisk0\DR0
2011/08/13 18:49:37.0750 0296 Boot (0x1200) (f50488eb12186df63203fd52768c3b6f) \Device\Harddisk0\DR0\Partition0
2011/08/13 18:49:37.0750 0296 ================================================================================
2011/08/13 18:49:37.0750 0296 Scan finished
2011/08/13 18:49:37.0750 0296 ================================================================================
2011/08/13 18:49:37.0765 1136 Detected object count: 1
2011/08/13 18:49:37.0765 1136 Actual detected object count: 1
2011/08/13 18:50:41.0718 1136 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/13 18:50:58.0500 2932 ================================================================================
2011/08/13 18:50:58.0500 2932 Scan started
2011/08/13 18:50:58.0500 2932 Mode: Manual;
2011/08/13 18:50:58.0500 2932 ================================================================================
2011/08/13 18:50:59.0015 2932 ACPI (cf2a07e1751a2d612d7e13aa431ab057) C:\windows\system32\DRIVERS\ACPI.sys
2011/08/13 18:50:59.0078 2932 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\windows\system32\drivers\ACPIEC.sys
2011/08/13 18:50:59.0234 2932 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\windows\system32\drivers\aeaudio.sys
2011/08/13 18:50:59.0343 2932 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
2011/08/13 18:50:59.0453 2932 AFD (355556d9e580915118cd7ef736653a89) C:\windows\System32\drivers\afd.sys
2011/08/13 18:50:59.0890 2932 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\windows\system32\drivers\ASAPIW2k.sys
2011/08/13 18:51:00.0156 2932 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\windows\system32\drivers\Aspi32.sys
2011/08/13 18:51:00.0281 2932 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
2011/08/13 18:51:00.0375 2932 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
2011/08/13 18:51:00.0515 2932 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
2011/08/13 18:51:00.0625 2932 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
2011/08/13 18:51:00.0718 2932 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
2011/08/13 18:51:00.0937 2932 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
2011/08/13 18:51:01.0093 2932 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
2011/08/13 18:51:01.0187 2932 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
2011/08/13 18:51:01.0296 2932 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
2011/08/13 18:51:01.0687 2932 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
2011/08/13 18:51:01.0796 2932 dmboot (c252a99c0a78b39faa2e2d1d048b1050) C:\windows\system32\drivers\dmboot.sys
2011/08/13 18:51:01.0906 2932 dmio (33b4d4039cd2cb25351a7bf13b2988d9) C:\windows\system32\drivers\dmio.sys
2011/08/13 18:51:01.0984 2932 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
2011/08/13 18:51:02.0078 2932 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
2011/08/13 18:51:02.0218 2932 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
2011/08/13 18:51:02.0343 2932 E100B (98b46b331404a951cabad8b4877e1276) C:\windows\system32\DRIVERS\e100b325.sys
2011/08/13 18:51:02.0546 2932 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
2011/08/13 18:51:02.0671 2932 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys
2011/08/13 18:51:02.0781 2932 Fips (e5e61f2c07344e91dbfb7eafde549ab4) C:\windows\system32\drivers\Fips.sys
2011/08/13 18:51:02.0875 2932 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\DRIVERS\flpydisk.sys
2011/08/13 18:51:02.0984 2932 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys
2011/08/13 18:51:03.0093 2932 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
2011/08/13 18:51:03.0171 2932 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\windows\system32\DRIVERS\ftdisk.sys
2011/08/13 18:51:03.0359 2932 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
2011/08/13 18:51:03.0437 2932 hamachi (833051c6c6c42117191935f734cfbd97) C:\windows\system32\DRIVERS\hamachi.sys
2011/08/13 18:51:03.0562 2932 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
2011/08/13 18:51:03.0703 2932 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
2011/08/13 18:51:03.0921 2932 i8042prt (4a2490a66e8271901e89dd5fb79748ae) C:\windows\system32\DRIVERS\i8042prt.sys
2011/08/13 18:51:04.0000 2932 ialm (cfc89f98c436c6687bd818abb6a4480b) C:\windows\system32\DRIVERS\ialmnt5.sys
2011/08/13 18:51:04.0109 2932 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
2011/08/13 18:51:04.0281 2932 IntelIde (cdc98c84965ac816b3f76ec388e24078) C:\windows\system32\DRIVERS\intelide.sys
2011/08/13 18:51:04.0390 2932 intelppm (49a060498c09db18c3ea9939789005ab) C:\windows\system32\DRIVERS\intelppm.sys
2011/08/13 18:51:04.0500 2932 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys
2011/08/13 18:51:04.0593 2932 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/08/13 18:51:04.0687 2932 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
2011/08/13 18:51:04.0765 2932 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
2011/08/13 18:51:04.0859 2932 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
2011/08/13 18:51:04.0968 2932 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
2011/08/13 18:51:05.0078 2932 isapnp (0f3d281b0410fe5d482aada37d20524b) C:\windows\system32\DRIVERS\isapnp.sys
2011/08/13 18:51:05.0187 2932 Kbdclass (188ddd286bc0daea6984858c6a4d7bbf) C:\windows\system32\DRIVERS\kbdclass.sys
2011/08/13 18:51:05.0312 2932 kl1 (cd6a8fa9395460ffe7fd8881a6c67254) C:\windows\system32\drivers\kl1.sys
2011/08/13 18:51:05.0421 2932 klbg (f9089982ed97340984e3dd60edd75490) C:\windows\system32\drivers\klbg.sys
2011/08/13 18:51:05.0531 2932 KLFLTDEV (73eb94ad1c85b4a3c5a8b4d879f668b9) C:\windows\system32\DRIVERS\klfltdev.sys
2011/08/13 18:51:05.0640 2932 KLIF (2627c389ba33065b2e98118ce9d71e57) C:\windows\system32\DRIVERS\klif.sys
2011/08/13 18:51:05.0750 2932 klim5 (cd16a39c6f61c2ae0272e1f431353bf7) C:\windows\system32\DRIVERS\klim5.sys
2011/08/13 18:51:05.0859 2932 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
2011/08/13 18:51:05.0937 2932 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
2011/08/13 18:51:06.0156 2932 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\windows\system32\DRIVERS\mdc8021x.sys
2011/08/13 18:51:06.0250 2932 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
2011/08/13 18:51:06.0343 2932 Modem (9024556e739b8469d2b8f5f0e4c9bc9f) C:\windows\system32\drivers\Modem.sys
2011/08/13 18:51:06.0453 2932 Mouclass (6fd36b4994a2363659a65c9f970cfdb7) C:\windows\system32\DRIVERS\mouclass.sys
2011/08/13 18:51:06.0515 2932 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\windows\system32\DRIVERS\mouhid.sys
2011/08/13 18:51:06.0625 2932 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
2011/08/13 18:51:06.0703 2932 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
2011/08/13 18:51:06.0828 2932 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
2011/08/13 18:51:06.0921 2932 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/08/13 18:51:07.0046 2932 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
2011/08/13 18:51:07.0140 2932 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
2011/08/13 18:51:07.0250 2932 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
2011/08/13 18:51:07.0343 2932 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
2011/08/13 18:51:07.0421 2932 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
2011/08/13 18:51:07.0531 2932 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys
2011/08/13 18:51:07.0640 2932 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
2011/08/13 18:51:07.0750 2932 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys
2011/08/13 18:51:07.0843 2932 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
2011/08/13 18:51:07.0921 2932 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
2011/08/13 18:51:08.0031 2932 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
2011/08/13 18:51:08.0109 2932 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
2011/08/13 18:51:08.0203 2932 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
2011/08/13 18:51:08.0359 2932 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
2011/08/13 18:51:08.0468 2932 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
2011/08/13 18:51:08.0593 2932 NTIDrvr (3c25d8a23c366fbe1511b4a250a1a2ad) C:\windows\system32\DRIVERS\NTIDrvr.sys
2011/08/13 18:51:08.0671 2932 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
2011/08/13 18:51:08.0750 2932 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
2011/08/13 18:51:08.0828 2932 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
2011/08/13 18:51:08.0921 2932 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\windows\system32\DRIVERS\nwlnkipx.sys
2011/08/13 18:51:09.0000 2932 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\windows\system32\DRIVERS\nwlnknb.sys
2011/08/13 18:51:09.0093 2932 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\windows\system32\DRIVERS\nwlnkspx.sys
2011/08/13 18:51:09.0203 2932 Parport (e7855cbd8bd1fda085a3f92cff7906e2) C:\windows\system32\DRIVERS\parport.sys
2011/08/13 18:51:09.0296 2932 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
2011/08/13 18:51:09.0406 2932 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\windows\system32\drivers\ParVdm.sys
2011/08/13 18:51:09.0515 2932 PCI (f11bc84ae6c7b003b5e0c8eeb4a1f444) C:\windows\system32\DRIVERS\pci.sys
2011/08/13 18:51:09.0671 2932 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\windows\system32\DRIVERS\pciide.sys
2011/08/13 18:51:09.0781 2932 Pcmcia (f50c27cca56dc97b3a45e7f0059bd2ba) C:\windows\system32\drivers\Pcmcia.sys
2011/08/13 18:51:10.0093 2932 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\windows\system32\DRIVERS\pelmouse.sys
2011/08/13 18:51:10.0187 2932 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\windows\system32\DRIVERS\pelusblf.sys
2011/08/13 18:51:10.0453 2932 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
2011/08/13 18:51:10.0578 2932 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
2011/08/13 18:51:10.0640 2932 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
2011/08/13 18:51:10.0734 2932 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\DRIVERS\PxHelp20.sys
2011/08/13 18:51:11.0062 2932 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
2011/08/13 18:51:11.0156 2932 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/08/13 18:51:11.0203 2932 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
2011/08/13 18:51:11.0296 2932 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
2011/08/13 18:51:11.0375 2932 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
2011/08/13 18:51:11.0437 2932 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/08/13 18:51:11.0578 2932 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys
2011/08/13 18:51:11.0687 2932 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\windows\system32\drivers\RDPWD.sys
2011/08/13 18:51:11.0796 2932 redbook (20950948970a0ea329b4254052bcf093) C:\windows\system32\DRIVERS\redbook.sys
2011/08/13 18:51:11.0906 2932 RimUsb (f17713d108aca124a139fde877eef68a) C:\windows\system32\Drivers\RimUsb.sys
2011/08/13 18:51:12.0000 2932 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
2011/08/13 18:51:12.0093 2932 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
2011/08/13 18:51:12.0296 2932 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
2011/08/13 18:51:12.0390 2932 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys
2011/08/13 18:51:12.0484 2932 Serial (f41b42b92ae9c1191858c3f80cc24a9c) C:\windows\system32\DRIVERS\serial.sys
2011/08/13 18:51:12.0578 2932 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
2011/08/13 18:51:12.0859 2932 smwdm (f41896d591106713649b7eba668324e6) C:\windows\system32\drivers\smwdm.sys
2011/08/13 18:51:13.0031 2932 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
2011/08/13 18:51:13.0171 2932 sptd (614deea4bdcec3fd5a07bdc705723ad7) C:\windows\System32\Drivers\sptd.sys
2011/08/13 18:51:13.0171 2932 Suspicious file (NoAccess): C:\windows\System32\Drivers\sptd.sys. md5: 614deea4bdcec3fd5a07bdc705723ad7
2011/08/13 18:51:13.0187 2932 sptd - detected LockedFile.Multi.Generic (1)
2011/08/13 18:51:13.0296 2932 sr (ccb3065c3ee63a4515fe84af9e78d1dd) C:\windows\system32\DRIVERS\sr.sys
2011/08/13 18:51:13.0437 2932 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys
2011/08/13 18:51:13.0562 2932 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
2011/08/13 18:51:13.0671 2932 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
2011/08/13 18:51:13.0890 2932 symlcbrd (6596892dd5abbe48f5876a551867a166) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/08/13 18:51:14.0109 2932 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
2011/08/13 18:51:14.0250 2932 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
2011/08/13 18:51:14.0359 2932 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
2011/08/13 18:51:14.0468 2932 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
2011/08/13 18:51:14.0578 2932 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
2011/08/13 18:51:14.0796 2932 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Archivos de programa\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
2011/08/13 18:51:14.0906 2932 tunmp (8f861eda21c05857eb8197300a92501c) C:\windows\system32\DRIVERS\tunmp.sys
2011/08/13 18:51:15.0000 2932 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
2011/08/13 18:51:15.0156 2932 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
2011/08/13 18:51:15.0281 2932 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
2011/08/13 18:51:15.0375 2932 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
2011/08/13 18:51:15.0468 2932 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys
2011/08/13 18:51:15.0578 2932 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/08/13 18:51:15.0671 2932 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys
2011/08/13 18:51:15.0796 2932 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
2011/08/13 18:51:15.0953 2932 VolSnap (c41ffdc191e6c832e2e53c967eae0a16) C:\windows\system32\drivers\VolSnap.sys
2011/08/13 18:51:16.0093 2932 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
2011/08/13 18:51:16.0234 2932 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
2011/08/13 18:51:16.0437 2932 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\windows\System32\drivers\ws2ifsl.sys
2011/08/13 18:51:16.0546 2932 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
2011/08/13 18:51:16.0687 2932 {6080A529-897E-4629-A488-ABA0C29B635E} (5ff57eedf48f189859d6e9bf81e297c5) C:\windows\system32\drivers\ialmsbw.sys
2011/08/13 18:51:16.0796 2932 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (c2eb14d84069443437f1b3b856bcb665) C:\windows\system32\drivers\ialmkchw.sys
2011/08/13 18:51:16.0843 2932 MBR (0x1B8) (792f61657fece3d17a9122b4ee282847) \Device\Harddisk0\DR0
2011/08/13 18:51:16.0968 2932 Boot (0x1200) (f50488eb12186df63203fd52768c3b6f) \Device\Harddisk0\DR0\Partition0
2011/08/13 18:51:16.0984 2932 ================================================================================
2011/08/13 18:51:16.0984 2932 Scan finished
2011/08/13 18:51:16.0984 2932 ================================================================================
2011/08/13 18:51:17.0000 1284 Detected object count: 1
2011/08/13 18:51:17.0000 1284 Actual detected object count: 1
2011/08/13 18:51:20.0812 1284 LockedFile.Multi.Generic(sptd) - User select action: Skip
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hey there, just finished what you asked, here is the results. As a side note, when I ran combofix it did asked me to install recovery console, I clicked YES, but then an error msg popped up saying that partition couldn't be numbered correctly (or something like that) and recovery console was not installed. combofix however continued the scan and thats the log I posted.

Anyway, I noticed changes. the folder options have returned to normal (most of them), including the show hidden files, its now on spanish and it keeps checked (or not) as i choose. There are stil a couple of options still on english, like the show friendly tree, but the options are now saving correctly.

aswMBR

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-13 19:25:13
-----------------------------
19:25:13.093 OS Version: Windows 5.1.2600 Service Pack 3
19:25:13.093 Number of processors: 2 586 0x304
19:25:13.093 ComputerName: PCCHAOS UserName:
19:25:13.656 Initialize success
19:25:19.453 AVAST engine defs: 11081301
19:25:21.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:25:21.796 Disk 0 Vendor: ST340014A 8.10 Size: 38162MB BusType: 3
19:25:23.812 Disk 0 MBR read successfully
19:25:23.812 Disk 0 MBR scan
19:25:23.843 Disk 0 Windows XP default MBR code
19:25:23.843 Disk 0 scanning sectors +78140160
19:25:23.921 Disk 0 scanning C:\windows\system32\drivers
19:25:41.890 Service scanning
19:25:42.593 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
19:25:43.171 Modules scanning
19:25:55.687 Disk 0 trace - called modules:
19:25:55.718 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
19:25:55.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86723ab8]
19:25:55.734 3 CLASSPNP.SYS[f7541fd7] -> nt!IofCallDriver -> \Device\00000073[0x86765258]
19:25:55.734 5 ACPI.sys[f738f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86768d98]
19:25:56.140 AVAST engine scan C:\windows
19:26:02.218 AVAST engine scan C:\windows\system32
19:28:30.187 AVAST engine scan C:\windows\system32\drivers
19:28:52.406 AVAST engine scan C:\Documents and Settings\Lord of Chaos
19:35:28.437 AVAST engine scan C:\Documents and Settings\All Users
19:42:31.484 Scan finished successfully
19:42:44.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lord of Chaos\Escritorio\MBR.dat"
19:42:44.468 The log file has been saved successfully to "C:\Documents and Settings\Lord of Chaos\Escritorio\aswMBR.txt"

ComboFix

ComboFix 11-08-14.01 - Lord of Chaos 13/08/2011 19:47:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.991.397 [GMT -5:00]
Running from: c:\documents and settings\Lord of Chaos\Escritorio\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\1.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\a.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\b.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\c.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\d.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\e.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\f.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\g.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\h.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\i.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\J.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\k.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\l.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\m.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\mru.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\n.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\o.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\p.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\q.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\r.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\s.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\t.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\u.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\v.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\w.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\x.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\y.xml
c:\documents and settings\Lord of Chaos\Datos de programa\PriceGong\Data\z.xml
c:\documents and settings\Lord of Chaos\WINDOWS
C:\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_smtpdrv
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-13 19:07 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-13 19:07 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 03:33 . 2011-08-13 03:33 388096 ----a-r- c:\documents and settings\Lord of Chaos\Datos de programa\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-10 13:37 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 13:36 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-09-10 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-10-18 03:43 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:19 . 2004-08-19 13:42 669696 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:19 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 18:19 . 2004-08-19 13:42 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:16 . 2004-08-19 13:23 371200 ----a-w- c:\windows\system32\html.iec
2011-06-21 01:03 . 2011-05-22 14:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 17:44 . 2004-08-19 13:42 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2004-08-19 13:30 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-06-26 03:04 . 2011-05-09 11:48 142296 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-09-20 . C1CE50ED49C5D436BAAE3A76F206B0FC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[7] 2008-04-14 . 671ACA589DA3733FAC878A751C5BF0ED . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
.
[-] 2009-09-21 . 3E36FA37BA0587C76373214E6FFCB356 . 112640 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[7] 2009-02-09 . AA6E1769469F9D15603A619FC1FB9E18 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . D658A8C2FC7B2AD53D1259741A09EE04 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
.
[-] 2009-09-20 . 40751D7E3A3BFA1FB8C3D56ACFCB617F . 511488 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . 213C80D912880BBF04453D09FFCCB28C . 510976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
.
[-] 2009-09-20 . 88CFAD56A0BF2D730B040AA66C8272BD . 16896 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2008-04-14 . 4F2340F0BD5B6365C38E74DD391919A8 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
.
[-] 2009-09-13 . 782456326A2E059F1D6FBABBCEE97EC5 . 1038336 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . DBB6B75CC6CB2CF8EC0BAFCA08AED6BE . 1035776 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0974848a-b5bc-49f2-9778-307742b4a55d}"= "c:\archivos de programa\softonic.com4\tbsoft.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{0974848a-b5bc-49f2-9778-307742b4a55d}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974848a-b5bc-49f2-9778-307742b4a55d}]
2010-10-18 18:26 3908192 ----a-w- c:\archivos de programa\softonic.com4\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 18:26 3908192 ----a-w- c:\archivos de programa\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974848a-b5bc-49f2-9778-307742b4a55d}"= "c:\archivos de programa\softonic.com4\tbsoft.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\archivos de programa\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{0974848a-b5bc-49f2-9778-307742b4a55d}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0974848A-B5BC-49F2-9778-307742B4A55D}"= "c:\archivos de programa\softonic.com4\tbsoft.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{0974848a-b5bc-49f2-9778-307742b4a55d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\archivos de programa\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-08-28 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-08-28 118784]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344]
"AVP"="c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"Malwarebytes Anti-Malware (reboot)"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
"LogMeIn Hamachi Ui"="c:\archivos de programa\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"DivXUpdate"="c:\archivos de programa\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Adobe Gamma Loader.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-5 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\archivos de programa\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
"PinnacleDriverCheck"=c:\windows\system32\PSDrvCheck.exe -CheckReg
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\BitComet\\BitComet.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10143:TCP"= 10143:TCP:BitComet 10143 TCP
"10143:UDP"= 10143:UDP:BitComet 10143 UDP
"23648:TCP"= 23648:TCP:Gnutella
"23648:UDP"= 23648:UDP:Gnutella
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 p.m. 33808]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [27/10/2010 06:23 p.m. 1483072]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 p.m. 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 p.m. 24592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 01:34 p.m. 10064]
S2 NetCM;Network Connection Manager;c:\archivos de programa\Common Files\Microsoft Shared\Speech\svchost.exe --> c:\archivos de programa\Common Files\Microsoft Shared\Speech\svchost.exe [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\archivos de programa\Garena\safedrv.sys --> c:\archivos de programa\Garena\safedrv.sys [?]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\archivos de programa\LogMeIn Hamachi\hamachi-2.exe [28/03/2011 04:41 p.m. 1242504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431232
IE: &D&escargar &con BitComet - c:\archivos de programa\BitComet\BitComet.exe/AddLink.htm
IE: &D&escargar todo con BitComet - c:\archivos de programa\BitComet\BitComet.exe/AddAllLink.htm
IE: &Winamp Search - c:\documents and settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Banner Ad Blocker - c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Lord of Chaos\Datos de programa\Mozilla\Firefox\Profiles\6i6unky1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431232&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - softonic.com4 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.mx/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 19:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-299502267-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3808)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\msdtc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\ICO.EXE
c:\windows\system32\Pelmiced.exe
c:\windows\system32\wscntfy.exe
c:\archivos de programa\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Completion time: 2011-08-13 20:08:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-14 01:07
.
Pre-Run: 6,640,910,336 bytes libres
Post-Run: 7,203,459,072 bytes libres
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 731820108B4CF4804E0CBCBE3D37F72A
 
Good news :)

Any other outstanding issues?

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
c:\windows\ServicePackFiles\i386\lsass.exe | c:\windows\system32\lsass.exe
c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe | c:\windows\system32\services.exe
c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\svchost.exe | c:\windows\system32\svchost.exe
c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\explorer.exe


File::
c:\archivos de programa\Common Files\Microsoft Shared\Speech\svchost.exe

Driver::
NetCM

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
here it is. same error when starting ComboFix, "Boot partition cannot be enumbered correctly".
Not noticeable changes on PC

ComboFix 11-08-14.01 - Lord of Chaos 13/08/2011 22:29:03.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.991.616 [GMT -5:00]
Running from: c:\documents and settings\Lord of Chaos\Escritorio\ComboFix.exe
Command switches used :: c:\documents and settings\Lord of Chaos\Escritorio\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\archivos de programa\Common Files\Microsoft Shared\Speech\svchost.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\lsass.exe --> c:\windows\system32\lsass.exe
c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe --> c:\windows\system32\services.exe
c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\svchost.exe --> c:\windows\system32\svchost.exe
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETCM
-------\Service_NetCM
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-13 19:07 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-13 19:07 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 03:33 . 2011-08-13 03:33 388096 ----a-r- c:\documents and settings\Lord of Chaos\Datos de programa\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-10 13:37 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 13:36 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-09-10 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-10-18 03:43 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:19 . 2004-08-19 13:42 669696 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:19 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 18:19 . 2004-08-19 13:42 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:16 . 2004-08-19 13:23 371200 ----a-w- c:\windows\system32\html.iec
2011-06-21 01:03 . 2011-05-22 14:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 17:44 . 2004-08-19 13:42 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2004-08-19 13:30 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-06-26 03:04 . 2011-05-09 11:48 142296 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-14_00.59.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-14 03:39 . 2011-08-14 03:39 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
+ 2011-08-14 03:17 . 2011-08-14 03:17 16384 c:\windows\Temp\Perflib_Perfdata_614.dat
+ 2011-08-14 03:39 . 2011-08-14 03:39 16384 c:\windows\Temp\Perflib_Perfdata_3ac.dat
+ 2004-08-19 13:43 . 2008-04-14 02:19 14336 c:\windows\system32\dllcache\svchost.exe
+ 2004-08-19 13:42 . 2008-04-14 02:19 13312 c:\windows\system32\dllcache\lsass.exe
+ 2007-06-10 06:14 . 2011-08-14 03:39 231249 c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-07-19 18:27 . 2011-08-14 03:38 843808 c:\windows\system32\drivers\fidbox2.dat
+ 2004-08-19 13:43 . 2008-04-14 02:19 510976 c:\windows\system32\dllcache\winlogon.exe
+ 2004-08-19 13:43 . 2009-02-09 11:16 111104 c:\windows\system32\dllcache\services.exe
- 2009-07-19 18:27 . 2011-08-14 00:57 3308064 c:\windows\system32\drivers\fidbox.dat
+ 2009-07-19 18:27 . 2011-08-14 03:38 3308064 c:\windows\system32\drivers\fidbox.dat
+ 2004-08-19 13:42 . 2008-04-14 02:18 1036288 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0974848a-b5bc-49f2-9778-307742b4a55d}"= "c:\archivos de programa\softonic.com4\tbsoft.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{0974848a-b5bc-49f2-9778-307742b4a55d}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974848a-b5bc-49f2-9778-307742b4a55d}]
2010-10-18 18:26 3908192 ----a-w- c:\archivos de programa\softonic.com4\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 18:26 3908192 ----a-w- c:\archivos de programa\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974848a-b5bc-49f2-9778-307742b4a55d}"= "c:\archivos de programa\softonic.com4\tbsoft.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\archivos de programa\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{0974848a-b5bc-49f2-9778-307742b4a55d}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0974848A-B5BC-49F2-9778-307742B4A55D}"= "c:\archivos de programa\softonic.com4\tbsoft.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{0974848a-b5bc-49f2-9778-307742b4a55d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\archivos de programa\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-08-28 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-08-28 118784]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344]
"AVP"="c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"Malwarebytes Anti-Malware (reboot)"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
"LogMeIn Hamachi Ui"="c:\archivos de programa\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"DivXUpdate"="c:\archivos de programa\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Adobe Gamma Loader.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-5 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\archivos de programa\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
"PinnacleDriverCheck"=c:\windows\system32\PSDrvCheck.exe -CheckReg
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\BitComet\\BitComet.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10143:TCP"= 10143:TCP:BitComet 10143 TCP
"10143:UDP"= 10143:UDP:BitComet 10143 UDP
"23648:TCP"= 23648:TCP:Gnutella
"23648:UDP"= 23648:UDP:Gnutella
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 p.m. 33808]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [27/10/2010 06:23 p.m. 1483072]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 p.m. 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 p.m. 24592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 01:34 p.m. 10064]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\archivos de programa\Garena\safedrv.sys --> c:\archivos de programa\Garena\safedrv.sys [?]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\archivos de programa\LogMeIn Hamachi\hamachi-2.exe [28/03/2011 04:41 p.m. 1242504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431232
IE: &D&escargar &con BitComet - c:\archivos de programa\BitComet\BitComet.exe/AddLink.htm
IE: &D&escargar todo con BitComet - c:\archivos de programa\BitComet\BitComet.exe/AddAllLink.htm
IE: &Winamp Search - c:\documents and settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Banner Ad Blocker - c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Lord of Chaos\Datos de programa\Mozilla\Firefox\Profiles\6i6unky1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431232&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - softonic.com4 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.mx/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 22:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-299502267-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2004)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\msdtc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\ICO.EXE
c:\windows\system32\Pelmiced.exe
c:\archivos de programa\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-13 22:45:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-14 03:45
ComboFix2.txt 2011-08-14 01:08
.
Pre-Run: 7,212,285,952 bytes libres
Post-Run: 7,187,042,304 bytes libres
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2647D92A89410E1EEE9402348A099EB7
 
Boot partition cannot be enumbered correctly
Click to expand...

Download BootCheck.exe to your desktop.

  • Double click BootCheck.exe to run the check
  • When complete, a Notepad window will open with some text in it
  • Save the Notepad file to your desktop as BootCheck.txt
  • Copy the contents of BootCheck.txt and post it in your next reply
 
It looks like boot.ini may be missing...

Click Start, click Run, type sysdm.cpl, and then click OK.
On the Advanced tab, click Settings under Startup and Recovery.
Under System Startup, click Edit. This will open boot.ini file in Notepad.
Copy all content, and post it in your next reply.
 
It says Boot.ini cannot be found and asks me if i want to create a new one. I Clicked Cancel so I can get your instructions on this matter.

I don't suppose this is good =/
 
I just finished what you asked. Also answering a previous post:

Broni said:
It looks like boot.ini may be missing...

Click Start, click Run, type sysdm.cpl, and then click OK.
On the Advanced tab, click Settings under Startup and Recovery.
Under System Startup, click Edit. This will open boot.ini file in Notepad.
Copy all content, and post it in your next reply.
Click to expand...

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="MICROSOFT WINDOWS XP PRO" /fastdetect
 
Perfect!

Re-run Combofix and see if recovery console will install (you can see from your issues why recovery console is an important troubleshooting tool).
 
Combo fix ran just fine, recovery console installed succesfully, no reboot required after CF. No noticeable changes.

ComboFix 11-08-15.06 - Lord of Chaos 14/08/2011 18:50:08.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.991.512 [GMT -5:00]
Running from: c:\documents and settings\Lord of Chaos\Escritorio\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-14 21:16 . 2011-08-14 21:16 -------- d-----w- c:\documents and settings\Lord of Chaos\Datos de programa\ImgBurn
2011-08-14 21:14 . 2011-08-14 21:14 -------- d-----w- c:\archivos de programa\ImgBurn
2011-08-13 19:07 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-13 19:07 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 03:33 . 2011-08-13 03:33 388096 ----a-r- c:\documents and settings\Lord of Chaos\Datos de programa\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-10 13:37 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 13:36 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-09-10 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-10-18 03:43 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:19 . 2004-08-19 13:42 669696 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:19 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 18:19 . 2004-08-19 13:42 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:16 . 2004-08-19 13:23 371200 ----a-w- c:\windows\system32\html.iec
2011-06-21 01:03 . 2011-05-22 14:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 17:44 . 2004-08-19 13:42 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2004-08-19 13:30 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-06-26 03:04 . 2011-05-09 11:48 142296 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-14_00.59.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-14 23:35 . 2011-08-14 23:35 16384 c:\windows\Temp\Perflib_Perfdata_228.dat
+ 2011-08-14 23:35 . 2011-08-14 23:35 16384 c:\windows\Temp\Perflib_Perfdata_1c4.dat
+ 2004-08-19 13:43 . 2008-04-14 02:19 14336 c:\windows\system32\svchost.exe
+ 2004-08-19 13:42 . 2008-04-14 02:19 13312 c:\windows\system32\lsass.exe
+ 2004-08-19 13:43 . 2008-04-14 02:19 14336 c:\windows\system32\dllcache\svchost.exe
+ 2004-08-19 13:42 . 2008-04-14 02:19 13312 c:\windows\system32\dllcache\lsass.exe
+ 2004-08-19 13:43 . 2008-04-14 02:19 510976 c:\windows\system32\winlogon.exe
+ 2004-08-19 13:43 . 2009-02-09 11:16 111104 c:\windows\system32\services.exe
+ 2007-06-10 06:14 . 2011-08-14 23:36 231249 c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-07-19 18:27 . 2011-08-14 22:36 843808 c:\windows\system32\drivers\fidbox2.dat
+ 2004-08-19 13:43 . 2008-04-14 02:19 510976 c:\windows\system32\dllcache\winlogon.exe
+ 2004-08-19 13:43 . 2009-02-09 11:16 111104 c:\windows\system32\dllcache\services.exe
+ 2009-07-19 18:27 . 2011-08-14 22:36 3308064 c:\windows\system32\drivers\fidbox.dat
- 2009-07-19 18:27 . 2011-08-14 00:57 3308064 c:\windows\system32\drivers\fidbox.dat
+ 2004-08-19 13:42 . 2008-04-14 02:18 1036288 c:\windows\system32\dllcache\explorer.exe
+ 2004-08-19 13:42 . 2008-04-14 02:18 1036288 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0974848a-b5bc-49f2-9778-307742b4a55d}"= "c:\archivos de programa\softonic.com4\tbsoft.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{0974848a-b5bc-49f2-9778-307742b4a55d}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974848a-b5bc-49f2-9778-307742b4a55d}]
2010-10-18 18:26 3908192 ----a-w- c:\archivos de programa\softonic.com4\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 18:26 3908192 ----a-w- c:\archivos de programa\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974848a-b5bc-49f2-9778-307742b4a55d}"= "c:\archivos de programa\softonic.com4\tbsoft.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\archivos de programa\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{0974848a-b5bc-49f2-9778-307742b4a55d}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0974848A-B5BC-49F2-9778-307742B4A55D}"= "c:\archivos de programa\softonic.com4\tbsoft.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{0974848a-b5bc-49f2-9778-307742b4a55d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\archivos de programa\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-08-28 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-08-28 118784]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344]
"AVP"="c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"Malwarebytes Anti-Malware (reboot)"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
"LogMeIn Hamachi Ui"="c:\archivos de programa\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"DivXUpdate"="c:\archivos de programa\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Adobe Gamma Loader.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-5 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\archivos de programa\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
"PinnacleDriverCheck"=c:\windows\system32\PSDrvCheck.exe -CheckReg
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\BitComet\\BitComet.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10143:TCP"= 10143:TCP:BitComet 10143 TCP
"10143:UDP"= 10143:UDP:BitComet 10143 UDP
"23648:TCP"= 23648:TCP:Gnutella
"23648:UDP"= 23648:UDP:Gnutella
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 p.m. 33808]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [27/10/2010 06:23 p.m. 1483072]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 p.m. 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 p.m. 24592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 01:34 p.m. 10064]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\archivos de programa\Garena\safedrv.sys --> c:\archivos de programa\Garena\safedrv.sys [?]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\archivos de programa\LogMeIn Hamachi\hamachi-2.exe [28/03/2011 04:41 p.m. 1242504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431232
IE: &D&escargar &con BitComet - c:\archivos de programa\BitComet\BitComet.exe/AddLink.htm
IE: &D&escargar todo con BitComet - c:\archivos de programa\BitComet\BitComet.exe/AddAllLink.htm
IE: &Winamp Search - c:\documents and settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Banner Ad Blocker - c:\archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Lord of Chaos\Datos de programa\Mozilla\Firefox\Profiles\6i6unky1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431232&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - softonic.com4 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.mx/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-14 18:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-299502267-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(984)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
.
Completion time: 2011-08-14 19:00:05
ComboFix-quarantined-files.txt 2011-08-15 00:00
ComboFix2.txt 2011-08-14 03:45
ComboFix3.txt 2011-08-14 01:08
.
Pre-Run: 7,478,067,200 bytes libres
Post-Run: 7,458,967,552 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="MICROSOFT WINDOWS XP PRO" /fastdetect
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BB743F02EAA08E532C3AACECB1C4A454
 
Good job :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
This is not working =(

I did as you told, and also disabled kaspersky to ensure no interruptions. The scan starts allright, and goes for a couple minutes, but when it gets to "scanning firefox setting" it won't progress anymore. I left it for around 40 minutes and nothing happened and the window wasn't responding anymore. so I closed it and rebooted the PC and ran it again, left for over an hour but to no good.

What should i do?
 
Still not working. I have uninstalled Firefox, but OTL still freezes at "scanning firefox settings", as it was still installed, even after rebooting the pc. Also 3 news:

kaspersky is now displaying the out of date databases warning, should i update or let it be until repair is finished?

for some reason the hide system hidden files is now uncheking itself every time i reboot the pc. so now i see the thumbs file on every folder among other things. perhaps have something to do with the unfinished OTL scan.... =(

Also, plz let me know when i can reinstall Firefox (or some other browser), because it was the only web browser I had (other than IE), and its quite dificult to post here with my extremely obsolete IE v6.0
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
544
Mark Fuller
M
Shawn Knight
Maingear launches Zero Series gaming desktops with hidden motherboard connectors
Replies
3
Views
158
hahahanoobs
hahahanoobs
S
Dell Latitude E5470 Video Issues
Replies
1
Views
722
Mark Fuller
M

Latest posts

Back