Missing Local Drive!

katulu50

katulu50

New Member
Hi, I had problems with a virus that made some damage into my OS, I've fixed each of them but i've realized that also my LOCAL DRIVE C: disappear from the My PC window, It only shows the other Drives, like Floppy, DVD, CD, but do not shows the Drive C:, also I can find it through the explorer, so any tip about what can do would be great, thanks.
 
Last edited:
Hello! Please do the following:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 
Other way round, post the Hijackthis first, wait until we tell you to proceed to do the Combo Fix.
 
Hijack Report

Logfile of HijackThis v1.99.1
Scan saved at 12:56:33 p.m., on 06/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Archivos de programa\Eset\nod32krn.exe
c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe
C:\Archivos de programa\BitLord\BitLord.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrador\Escritorio\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = a-8.info:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O3 - Toolbar: nqgpedlr - {E4E8B8EA-E4C9-4DCD-B90D-AD89191AC2E5} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARCHIV~1\ARCHIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: okmdepgb - {2656DCB5-FB3A-4D9E-9668-128442494281} - (no file)
O21 - SSODL: axrfgvek - {56DD56BA-4204-4122-AC70-C4CB17DA1280} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe
 
Please do the ComboFix scan now. Cohen, I believe when I suggest a fix, you shouldn't be correcting me...I have a reason why I wanted to see the ComboFix log first.

Please never interrupt again THIS way.
 
ComboFix Report

ComboFix 08-07-05.1 - Administrador 2008-07-06 13:16:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.177 [GMT 2:00]
Se ejecuta desde: C:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
* Creado un nuevo punto de restauración
* Resident AV is active


ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrador\Datos de programa\inst.exe
C:\WINDOWS\egbd.exe
C:\WINDOWS\system32\adMVuBeg.ini
C:\WINDOWS\system32\adMVuBeg.ini2
C:\WINDOWS\system32\lfmoonof.ini
C:\WINDOWS\system32\oosagjgt.ini

.
(((((((((((((((((( Archivos creados desde 2008-06-06 - 2008-07-06 )))))))))))))))))))))))))))))))))
.

2008-07-06 13:11 . 2008-07-06 13:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Datos de programa\Webroot
2008-07-06 13:11 . 2008-07-06 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Webroot
2008-07-06 13:11 . 2008-07-06 13:11 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Webroot
2008-07-06 13:11 . 2008-07-06 13:11 <DIR> d-------- C:\Archivos de programa\Webroot
2008-07-06 13:11 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-06 13:11 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-06 13:11 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-06 13:11 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-06 13:11 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-05 20:17 . 2008-07-05 20:17 <DIR> d-------- C:\Archivos de programa\VSO
2008-07-05 20:17 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-07-05 20:17 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-07-05 20:17 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-07-05 20:17 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-07-05 20:17 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-07-05 20:17 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-07-05 20:17 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-07-05 20:00 . 2008-07-05 20:17 <DIR> d-------- C:\WINDOWS\LastGood
2008-07-05 20:00 . 2008-07-05 21:27 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Vso
2008-07-05 20:00 . 2008-07-05 20:17 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-05 20:00 . 2008-07-05 20:17 47,360 --a------ C:\Documents and Settings\Administrador\Datos de programa\pcouffin.sys
2008-07-05 19:32 . 2008-07-05 19:34 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-05 17:00 . 2008-07-05 17:00 84 --a------ C:\WINDOWS\wininit.ini
2008-07-05 16:50 . 2008-07-05 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Lavasoft
2008-07-05 16:50 . 2008-07-05 16:50 <DIR> d-------- C:\Archivos de programa\Lavasoft
2008-07-05 16:35 . 2008-07-05 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-07-05 16:35 . 2008-07-05 16:35 <DIR> d-------- C:\Archivos de programa\Spybot - Search & Destroy
2008-07-05 15:28 . 2008-07-05 15:28 <DIR> d-------- C:\Archivos de programa\Alwil Software
2008-07-05 14:14 . 2008-07-05 14:14 <DIR> d-------- C:\WinLogon
2008-07-05 13:58 . 2008-07-05 14:14 <DIR> d-------- C:\Muestras
2008-07-05 09:13 . 2008-07-05 09:13 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\TmpRecentIcons
2008-07-05 03:51 . 2008-07-05 03:52 88,576 --a------ C:\WINDOWS\system32\TGJGASOO.DLL.VIR
2008-07-04 21:42 . 2008-07-05 01:17 86,016 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-06-26 09:41 . 2008-06-26 09:43 287 --a------ C:\rutina.vbs
2008-06-24 21:24 . 2007-07-29 14:47 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-24 21:24 . 2007-07-29 14:47 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-24 21:24 . 2007-07-29 14:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-21 23:09 . 2008-06-21 23:09 <DIR> d-------- C:\WINDOWS\Sun
2008-06-21 18:01 . 2007-07-29 14:47 12,416 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-21 18:01 . 2007-07-29 14:46 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-21 07:28 . 2008-06-21 07:28 <DIR> d-------- C:\Archivos de programa\PowerQuest
2008-06-21 07:26 . 2008-06-21 07:26 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Ahead
2008-06-19 18:44 . 2008-06-19 18:44 <DIR> d-------- C:\Archivos de programa\QuickTime
2008-06-19 18:43 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-06-19 18:43 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-06-19 11:27 . 2008-06-19 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\FLEXnet
2008-06-19 00:39 . 2008-06-19 00:39 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\ALM
2008-06-19 00:38 . 2008-06-19 00:38 <DIR> d-------- C:\Archivos de programa\Bonjour
2008-06-18 17:57 . 2008-06-18 17:57 <DIR> d-------- C:\Archivos de programa\MSXML 6.0
2008-06-16 17:47 . 2008-06-16 17:47 <DIR> d-------- C:\Archivos de programa\MSXML 4.0
2008-06-16 13:43 . 2008-06-16 13:44 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Corel
2008-06-16 13:43 . 2008-07-05 20:23 2,516 --ahs---- C:\Documents and Settings\All Users\Datos de programa\KGyGaAvL.sys
2008-06-16 13:43 . 2008-07-05 20:23 88 -r-hs---- C:\Documents and Settings\All Users\Datos de programa\12E63B6724.sys
2008-06-16 13:36 . 2008-06-21 13:50 <DIR> d-------- C:\Archivos de programa\SWiSH Max2
2008-06-16 13:36 . 2004-03-29 15:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-06-16 13:31 . 2008-06-16 13:31 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Macrovision Shared
2008-06-16 13:22 . 2008-07-05 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Corel
2008-06-16 13:22 . 2008-06-16 13:22 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Protexis
2008-06-16 13:15 . 2008-06-16 13:15 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Corel
2008-06-16 13:14 . 2008-06-16 13:14 <DIR> d-------- C:\Archivos de programa\Corel
2008-06-15 22:00 . 2008-06-21 13:50 <DIR> d-------- C:\Archivos de programa\MagicISO
2008-06-15 07:57 . 2008-06-15 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\EPSON
2008-06-15 07:57 . 2008-06-15 07:57 <DIR> d-------- C:\Archivos de programa\EPSON
2008-06-15 07:57 . 2006-12-08 02:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCKL.DLL
2008-06-15 07:57 . 2006-04-19 02:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCKL.DLL
2008-06-15 07:57 . 2007-06-08 02:00 1,448 --a------ C:\WINDOWS\EPBUYINK.RTF
2008-06-15 07:43 . 2007-07-29 14:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-15 07:29 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-15 07:29 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-15 07:29 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-15 06:07 . 2008-06-15 06:07 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Thinstall
2008-06-14 19:55 . 2008-07-04 17:12 <DIR> d-------- C:\Archivos de programa\eMule
2008-06-14 19:03 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-14 19:02 . 2008-06-14 19:02 <DIR> d-------- C:\Archivos de programa\Microsoft Works
2008-06-14 19:01 . 2008-06-14 19:01 <DIR> d-------- C:\Archivos de programa\Microsoft.NET
2008-06-14 18:58 . 2008-06-14 19:01 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-14 18:56 . 2008-06-14 18:56 <DIR> dr-h----- C:\MSOCache
2008-06-14 18:56 . 2008-06-16 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-06-14 17:35 . 2007-07-06 14:50 660,992 --------- C:\WINDOWS\system32\dllcache\mqqm.dll
2008-06-14 17:35 . 2007-07-06 14:50 521,216 --------- C:\WINDOWS\system32\dllcache\mqutil.dll
2008-06-14 17:35 . 2007-07-06 14:50 177,152 --------- C:\WINDOWS\system32\dllcache\mqrt.dll
2008-06-14 17:35 . 2007-07-06 14:50 138,240 --------- C:\WINDOWS\system32\dllcache\mqad.dll
2008-06-14 17:35 . 2007-07-06 14:50 95,744 --------- C:\WINDOWS\system32\dllcache\mqsec.dll
2008-06-14 17:35 . 2007-07-06 12:05 72,960 --------- C:\WINDOWS\system32\dllcache\mqac.sys
2008-06-14 17:35 . 2007-07-06 14:50 48,640 --------- C:\WINDOWS\system32\dllcache\mqupgrd.dll
2008-06-14 17:35 . 2007-07-06 14:50 47,104 --------- C:\WINDOWS\system32\dllcache\mqdscli.dll
2008-06-14 17:35 . 2007-07-06 14:50 16,896 --------- C:\WINDOWS\system32\dllcache\mqise.dll
2008-06-14 17:34 . 2007-06-26 08:09 1,104,896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2008-06-14 17:34 . 2007-10-30 19:20 360,064 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-14 17:32 . 2008-03-20 10:09 1,845,376 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-06-14 17:32 . 2007-12-18 11:51 179,584 --------- C:\WINDOWS\system32\dllcache\mrxdav.sys
2008-06-14 17:31 . 2007-08-21 08:17 683,520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-06-14 17:31 . 2008-02-20 08:51 282,624 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2008-06-14 17:30 . 2007-11-07 11:28 726,528 --------- C:\WINDOWS\system32\dllcache\lsasrv.dll
2008-06-14 17:30 . 2008-02-20 07:35 148,992 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-14 17:30 . 2008-02-20 07:35 45,568 --------- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-06-14 17:28 . 2008-02-26 14:00 294,912 --------- C:\WINDOWS\system32\dllcache\msctf.dll
2008-06-14 17:27 . 2007-12-04 20:41 550,912 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll
2008-06-14 17:25 . 2008-04-23 06:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-14 17:25 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-14 17:25 . 2007-03-08 07:10 1,040,384 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-14 17:25 . 2008-04-23 06:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-14 17:25 . 2008-04-23 06:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-14 17:25 . 2008-04-23 06:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-14 17:25 . 2008-04-23 06:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-14 17:25 . 2008-04-23 06:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-14 17:25 . 2008-04-22 09:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-14 17:20 . 2007-10-25 18:56 8,496,640 --------- C:\WINDOWS\system32\dllcache\shell32.dll
2008-06-14 17:13 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-14 17:10 . 2008-06-14 19:59 272,512 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:10 . 2008-06-14 19:59 272,512 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 17:10 . 2008-05-08 14:28 202,752 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-14 14:00 . 2008-06-14 14:00 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Media Player Classic
2008-06-14 13:42 . 2008-06-24 18:02 <DIR> d-------- C:\My Downloads
2008-06-14 13:42 . 2008-06-24 11:24 <DIR> d-------- C:\Archivos de programa\BearShare
2008-06-14 13:18 . 2008-06-14 13:18 <DIR> d-------- C:\Archivos de programa\BitLord
2008-06-14 13:15 . 2008-06-14 13:15 <DIR> d-------- C:\WINDOWS\OEM_ICPLUS
2008-06-14 13:15 . 2008-06-14 13:15 <DIR> d-------- C:\Archivos de programa\IC Plus
2008-06-14 13:15 . 2004-08-03 20:04 26,624 --a------ C:\WINDOWS\system32\drivers\ipfnd51.sys
2008-06-14 13:15 . 2008-06-14 17:02 0 --a------ C:\WINDOWS\reboot.icp
2008-06-14 13:12 . 2008-06-14 13:12 268 --ah----- C:\sqmdata01.sqm
2008-06-14 13:12 . 2008-06-14 13:12 244 --ah----- C:\sqmnoopt01.sqm
2008-06-14 13:11 . 2008-06-14 13:11 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-06-14 13:11 . 2008-06-14 13:11 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-14 13:01 . 2008-06-14 13:01 <DIR> d-------- C:\Archivos de programa\Windows Live Favorites

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 14:50 --------- d-----w C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-06-21 11:50 --------- d-----w C:\Archivos de programa\QT Lite
2008-06-20 14:17 --------- d-----w C:\Documents and Settings\Administrador\Datos de programa\BSplayer PRO
2008-06-18 22:38 --------- d-----w C:\Archivos de programa\Archivos comunes\Adobe
2008-06-16 11:52 --------- d-----w C:\Archivos de programa\Eset
2008-06-13 23:51 --------- d-----w C:\Archivos de programa\Unlocker
2008-06-13 23:51 --------- d-----w C:\Archivos de programa\TuneUp Utilities 2007
2008-06-13 23:50 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Apple Computer
2008-06-13 23:50 --------- d-----w C:\Documents and Settings\Administrador\Datos de programa\TuneUp Software
2008-06-13 23:50 --------- d-----w C:\Archivos de programa\Windows Media Connect 2
2008-06-13 23:50 --------- d-----w C:\Archivos de programa\My Company Name
2008-06-13 23:49 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-06-13 23:49 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-06-13 23:49 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-06-13 23:48 --------- d-----w C:\Archivos de programa\Webteh
2008-06-13 23:48 --------- d-----w C:\Archivos de programa\Nero
2008-06-13 23:48 --------- d-----w C:\Archivos de programa\K-Lite Codec Pack
2008-06-13 23:48 --------- d-----w C:\Archivos de programa\Java
2008-06-13 23:48 --------- d-----w C:\Archivos de programa\HashTab Shell Extension
2008-06-13 23:48 --------- d-----w C:\Archivos de programa\DAMN NFO Viewer
2008-06-13 23:48 --------- d-----w C:\Archivos de programa\CCleaner
2008-06-13 23:48 --------- d-----w C:\Archivos de programa\Archivos comunes\Java
2008-06-13 23:48 --------- d-----w C:\Archivos de programa\Archivos comunes\Ahead
2008-06-13 23:39 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

------- Sigcheck -------

2007-07-29 14:46 579072 237fb93c6b4330d8ee7d2448cf71c5ed C:\WINDOWS\system32\user32.dll

2007-07-29 14:46 2019840 53ff54334b619c46e0919f1f7d112493 C:\WINDOWS\system32\ntkrnlpa.exe

2007-07-29 14:46 2140160 5501760f52eb0930e89992600a4d4592 C:\WINDOWS\system32\ntoskrnl.exe

2007-07-29 14:45 1035776 dbb6b75cc6cb2cf8ec0bafca08aed6be C:\WINDOWS\explorer.exe

2007-07-29 14:46 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Archivos de programa\Eset\nod32kui.exe" [2008-06-14 01:49 949376]
"SpySweeper"="C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:42 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater"=C:\Archivos de programa\Archivos comunes\Adobe\Updater5\AdobeUpdater.exe
"SpybotSD TeaTimer"=C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Archivos de programa\\eMule\\emule.exe"=
"C:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5667:TCP"= 5667:TCP:5667
"8077:UDP"= 8077:UDP:8077

R2 PSI_SVC_2;Protexis Licensing V2;c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2004-08-03 20:04]
S2 UxTuneUp;TuneUp Ampliación del thema;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:43]
S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-27 18:31]
S3 usbscan;Controlador de escáner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2007-07-29 14:47]
S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-07-29 14:47]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{083073ce-39ae-11dd-89c2-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \Install\WPI\wpi.hta

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{184555db-3bac-11dd-83cd-00064f1bd5d9}]
\Shell\AutoRun\command - F:\LinksysConnectPC.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - DMADMIN
*Newly Created Service* - NTMSSVC
*Newly Created Service* - SSFS0BB9
*Newly Created Service* - SSHRMD
*Newly Created Service* - SSIDRV
*Newly Created Service* - WEBROOTSPYSWEEPERSERVICE
.
Contenido de carpeta 'Tareas Programadas'
"2008-07-05 16:32:13 C:\WINDOWS\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job"
- C:\Archivos de programa\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-04 15:16:10 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job"
- C:\Archivos de programa\TuneUp Utilities 2007\SystemOptimizer.exe
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{E4E8B8EA-E4C9-4DCD-B90D-AD89191AC2E5} - (no file)
ShellExecuteHooks-{AE99EB12-A2D7-42D7-8BC2-754431199E2F} - (no file)
SSODL-okmdepgb-{2656DCB5-FB3A-4D9E-9668-128442494281} - (no file)
SSODL-axrfgvek-{56DD56BA-4204-4122-AC70-C4CB17DA1280} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 13:19:16
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
Tiempo completado: 2008-07-06 13:21:06
ComboFix-quarantined-files.txt 2008-07-06 11:20:53

13 dirs 6,991,896,576 bytes libres
16 dirs 7,149,883,392 bytes libres

300 --- E O F --- 2008-07-03 10:17:45
 
Cohen, can you see now why I wanted to run ComboFix before?
And I also wanted to have HijackThis show me if any remnants are present AFTER the ComboFix.

I don't have any rights to stop you from posting, but please at least don't tweak my suggestions :D


@katulu:
There are more things to do if you get back here.

Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.

  • Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
  • Click Format, and ensure Word Wrap is unchecked.
  • Copy and Paste the text in the box below into Notepad.
  • Now save the file as RemoveFiles.txt in a location where you can find it.

Files to delete:
C:\WINDOWS\mrvtdpqe.exe
C:\Documents and Settings\All Users\Datos de programa\12E63B6724.sys
C:\WINDOWS\unvise32.exe
C:\WINDOWS\system32\E_FLBCKL.DLL
C:\WINDOWS\system32\E_FD4BCKL.DLL
C:\WINDOWS\ativpsrm.bin
Click to expand...

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.
  • Check Load script from file:
  • Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
  • Double click it to enter it into Avenger.
  • Click the green traffic light symbol.
  • You will be asked if you want to execute the script, answer Yes.
  • At this point you may get prompts from your protection systems, allow them please.
  • Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
  • Answer Yes, and allow your computer to re-boot.
  • Upon re-boot a command window will briefly appear on screen (this is normal).
  • A Notepad text file will be created C:\avenger.txt.
  • Copy and Paste it into your next post please.

I found a suspicious file. Please go to Virust Total or Jotti and upload C:\WINDOWS\EPBUYINK.RTF.

Once that file has finished scanning please post the results here.
 
You must log in or register to reply here.
Back
Top