Kernel_Stack_inpage_error and Virus?

[Mortadelo]

Hello,
I received yesterday the Blue Screen of Death with the message Kernel_stack_inpage_error, I went to Microsoft tech help, found out about possible rootkit infection and run LiveOne Care online AV scanner, with the result of a non-removable infection of several files.
I have then run the programs you recommend prior to posting, and here are the logs. Any and all help is greatly appreciated.
Here is DDS:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Mortadelo at 14:58:13,18 on 26/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.3327.2896 [GMT 1:00]

AV: avast! antivirus 4.8.1356 [VPS 091025-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Mortadelo\Escritorio\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [bluebirds] c:\documents and settings\mortadelo\bluebirds\BlueBirds.exe
mRun: [nwiz] c:\archivos de programa\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IAAnotif] c:\archivos de programa\intel\intel matrix storage manager\iaanotif.exe
mRun: [avast!] c:\archiv~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\archivos de programa\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\admini~1.lnk - c:\archivos de programa\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&xportar a Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254470281531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {5C046835-0B15-4946-8B63-224EB53EF40F} = 80.58.61.250,80.58.61.254
TCP: {82B5AFA1-A0EA-4F4B-A9C6-4070638AC7D7} = 80.58.32.97,80.58.0.33
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\archivos de programa\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-3 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-3 20560]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\archivos de programa\archivos comunes\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2009-10-1 38400]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [2002-11-28 39048]

=============== Created Last 30 ================

2009-10-24 21:32:23 0 d--h--w- c:\windows\PIF
2009-10-24 21:09:44 0 d-----w- c:\docume~1\mortad~1\datosd~1\Windows Search
2009-10-24 20:30:29 0 d-----w- c:\docume~1\mortad~1\datosd~1\Windows Desktop Search
2009-10-24 20:30:12 0 d-----w- c:\archivos de programa\Windows Desktop Search
2009-10-24 20:29:18 0 d-----w- c:\windows\system32\URTTEMP
2009-10-22 11:38:10 0 d-sh--w- c:\windows\system32\lowsec
2009-10-21 18:03:37 0 d-----w- C:\downloads
2009-10-21 17:44:30 0 d-----w- c:\docume~1\mortad~1\datosd~1\GrabPro
2009-10-21 17:44:28 0 d-----w- c:\archivos de programa\Orbitdownloader
2009-10-21 17:22:20 0 ----a-w- c:\windows\DVEdit.INI
2009-10-21 16:44:58 83968 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-10-21 16:28:00 995328 ------w- c:\windows\system32\lcstde.ax
2009-10-21 16:28:00 81920 ------w- c:\windows\system32\dsp_trc.dll
2009-10-21 16:28:00 69632 ------w- c:\windows\system32\trcde.ax
2009-10-21 16:28:00 69632 ------w- c:\windows\system32\lpecde.ax
2009-10-21 16:28:00 323584 ------w- c:\windows\system32\LPEC.dll
2009-10-21 16:28:00 317440 ------w- c:\windows\system32\IcdXa.dll
2009-10-21 16:28:00 1650688 ------w- c:\windows\system32\IcdShlex.dll
2009-10-21 16:28:00 126976 ------w- c:\windows\system32\IcdYsys.dll
2009-10-21 16:28:00 110592 ------w- c:\windows\system32\trcsp.ax
2009-10-21 16:28:00 110592 ------w- c:\windows\system32\lpecsp.ax
2009-10-21 16:28:00 110592 ------w- c:\windows\system32\lcstsp.ax
2009-10-21 16:28:00 102400 ------w- c:\windows\system32\msvdec.ax
2009-10-21 16:27:59 0 d-----w- c:\archivos de programa\Sony
2009-10-19 09:19:59 0 d-----w- c:\archivos de programa\EPSON
2009-10-19 0900 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-19 0900 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-16 13:57:26 0 d-----w- c:\windows\system32\NtmsData
2009-10-16 10:51:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-16 10:51:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-14 17:36:40 0 d-----w- c:\archivos de programa\UltraISO
2009-10-14 17:36:40 0 d-----w- c:\archivos de programa\archivos comunes\EZB Systems
2009-10-13 06:30:54 0 d-----w- c:\documents and settings\mortadelo\Bluebirds
2009-10-09 17:41:07 0 d-----w- C:\Utilidades
2009-10-08 16:24:56 0 d-----w- c:\docume~1\mortad~1\datosd~1\uTorrent
2009-10-07 07:40:10 0 d-----w- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ESN$
2009-10-07 07:38:02 0 d-----w- c:\windows\system32\XPSViewer
2009-10-07 07:37:45 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-07 07:37:45 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-07 07:37:45 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-07 07:37:45 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-07 07:37:45 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-07 07:37:45 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-07 07:37:45 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-06 1730 0 d--h--w- c:\windows\system32\GroupPolicy
2009-10-06 16:54:01 0 d-----w- c:\docume~1\mortad~1\datosd~1\TeamViewer
2009-10-06 16:54:00 0 d-----w- c:\documents and settings\mortadelo\temp
2009-10-06 16:01:24 33340 ----a-w- c:\windows\system32\dbmsqlgc.dll
2009-10-06 16:01:24 24576 ----a-w- c:\windows\system32\dbmsgnet.dll
2009-10-06 15:58:50 89088 ----a-w- c:\windows\system32\atl71.dll
2009-10-06 15:58:50 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2009-10-06 15:57:29 0 d-----w- c:\archivos de programa\archivos comunes\Borland Shared
2009-10-06 15:57:20 0 d-----w- c:\archivos de programa\Farmatic
2009-10-06 15:57:20 0 d-----w- c:\archivos de programa\archivos comunes\Crystal Decisions
2009-10-06 15:51:17 1806 ----a-w- c:\windows\sql.mif
2009-10-06 15:50:36 129808 ----a-w- c:\windows\system32\Comdlg32.ocx
2009-10-06 15:50:33 36939 ----a-w- c:\windows\system32\insrepim.exe
2009-10-06 15:50:33 188473 ----a-w- c:\windows\system32\msrpjt40.dll
2009-10-06 15:50:28 81920 ----a-w- c:\windows\system32\mdt2fw95.dll
2009-10-06 15:50:22 97552 ----a-w- c:\windows\system32\rdocurs.dll
2009-10-06 15:50:22 376592 ----a-w- c:\windows\system32\Msrdo20.dll
2009-10-06 15:50:22 294912 ----a-w- c:\windows\system32\ntwdblib.dll
2009-10-06 15:50:21 21504 ----a-w- c:\windows\system32\dbmsshrn.dll
2009-10-06 15:50:21 20480 ----a-w- c:\windows\system32\dbmslpcn.dll
2009-10-06 15:49:47 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-06 15:49:42 0 d-----w- c:\archivos de programa\Microsoft SQL Server
2009-10-06 15:46:38 308224 ----a-w- c:\windows\IsUn040a.exe
2009-10-06 15:41:49 0 d-----w- C:\Docs y Más
2009-10-03 14:38:42 0 d-----w- c:\archivos de programa\Microsoft
2009-10-03 14:38:29 0 d-----w- c:\archivos de programa\Windows Media Connect 2
2009-10-03 14:37:49 0 d-----w- c:\windows\system32\LogFiles
2009-10-03 12:23:13 0 d-sh--w- c:\documents and settings\mortadelo\IECompatCache
2009-10-02 18:41:40 0 d-----w- c:\archivos de programa\MSECache
2009-10-02 18:34:18 0 d-----w- c:\windows\SHELLNEW
2009-10-02 1851 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-10-02 1851 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-10-02 1851 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-10-02 17:45:00 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2009-10-02 17:45:00 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2009-10-02 17:44:58 0 d-----w- c:\windows\system32\Lang
2009-10-02 17:43:37 319456 ----a-w- c:\windows\system32\difxapi.dll
2009-10-02 17:41:59 7552 -c--a-w- c:\windows\system32\dllcache\mskssrv.sys
2009-10-02 17:41:49 0 d-----w- c:\archivos de programa\Realtek
2009-10-02 17:41:45 0 d-----w- c:\archivos de programa\archivos comunes\InstallShield
2009-10-02 17:35:25 0 d-----w- c:\windows\system32\ReinstallBackups
2009-10-02 17:35:24 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-10-02 17:32:45 0 d-----w- C:\Intel
2009-10-02 16:03:24 46 ----a-w- c:\windows\system32\SP701ASM.dat
2009-10-02 15:48:21 0 d-----w- c:\windows\pss
2009-10-02 12:20:42 0 d-sh--w- c:\documents and settings\mortadelo\PrivacIE
2009-10-02 12:14:26 0 d-sh--w- c:\documents and settings\mortadelo\IETldCache
2009-10-02 12:12:03 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-02 12:11:56 0 d-----w- c:\windows\ie8updates
2009-10-02 12:11:52 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-02 12:11:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-02 12:11:52 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-02 12:11:52 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-02 12:11:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-02 12:11:52 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-02 12:11:37 0 dc-h--w- c:\windows\ie8
2009-10-02 10:38:10 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-02 10:38:10 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-02 10:38:10 17776 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-02 09:20:03 3410 ----a-w- c:\windows\system32\wbem\Outlook_01ca434185dcb650.mof
2009-10-02 08:14:14 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-02 07:32:47 15584 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-10-01 16:59:22 0 d-----w- c:\archivos de programa\NVIDIA Corporation
2009-10-01 16:59:21 0 d-----w- c:\docume~1\alluse~1\datosd~1\NVIDIA Corporation
2009-10-01 16:59:09 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-10-01 16:59:09 19495 ----a-w- c:\windows\system32\nvdisp.nvu
2009-10-01 16:59:00 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-01 16:58:53 0 d-----w- C:\NVIDIA
2009-10-01 16:09:29 272512 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-01 16:09:29 272512 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-01 16:03:55 0 d-sh--w- c:\documents and settings\mortadelo\UserData
2009-10-01 15:50:47 2191616 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-01 15:50:46 2147840 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-01 15:50:45 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-01 15:44:01 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-01 15:37:48 0 d-----w- c:\windows\SxsCaPendDel
2009-10-01 15:25:58 0 d-----w- c:\windows\system32\appmgmt
2009-10-01 15:16:11 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-01 15:16:11 0 d-----w- c:\windows\system32\PreInstall
2009-10-01 15:16:09 0 d--h--w- c:\windows\$hf_mig$
2009-10-01 14:42:54 6144 ----a-w- c:\windows\system32\SV_SQL3_Config.db
2009-10-01 14:42:54 2048 ----a-w- c:\windows\system32\SV_SQL3_Events.db
2009-10-01 14:36:02 1408 ----a-w- c:\windows\setup.iss
2009-10-01 14:35:50 24576 ----a-r- c:\windows\system32\AsIO.dll
2009-10-01 14:35:50 12400 ----a-r- c:\windows\system32\drivers\AsIO.sys
2009-10-01 14:35:48 0 d-----w- c:\archivos de programa\ASUS
2009-10-01 14:33:49 38021 ----a-w- c:\windows\Ascd_log.ini
2009-10-01 14:31:12 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-01 14:30:18 38400 ----a-r- c:\windows\system32\drivers\l1e51x86.sys
2009-10-01 14:30:14 0 d-----w- c:\windows\system32\Atheros_L1e
2009-10-01 14:25:46 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2009-10-01 14:25:39 37180 ----a-w- c:\windows\Ascd_tmp.ini
2009-10-01 14:25:39 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-09-30 02:29:53 0 d-----w- c:\archivos de programa\archivos comunes\ODBC
2009-09-30 02:29:50 0 d-----w- c:\archivos de programa\archivos comunes\SpeechEngines
2009-09-30 02:29:31 0 d--h--w- c:\documents and settings\all users\Plantillas
2009-09-30 02:29:31 0 d-----w- c:\documents and settings\all users\Favoritos
2009-09-30 02:29:31 0 d-----w- c:\documents and settings\all users\Escritorio
2009-09-30 02:29:31 0 d-----r- c:\documents and settings\all users\Menú Inicio
2009-09-30 02:29:31 0 d-----r- c:\documents and settings\all users\Documentos
2009-09-30 02:29:15 0 d--h--r- c:\documents and settings\all users\Datos de programa
2009-09-29 08:39:24 0 d-sh--w- c:\documents and settings\all users\DRM
2009-09-29 08:39:12 0 d--h--w- c:\archivos de programa\WindowsUpdate
2009-09-29 08:39:11 0 d-----w- c:\archivos de programa\Servicios en línea
2009-09-29 08:38:42 0 d-----w- c:\archivos de programa\archivos comunes\MSSoap
2009-09-29 08:37:37 0 d-----w- c:\archivos de programa\Messenger
2009-09-29 08:37:33 0 d-----w- c:\archivos de programa\MSN Gaming Zone
2009-09-29 08:36:56 0 d-----w- c:\archivos de programa\Windows NT

==================== Find3M ====================

2009-10-25 21:05:37 553930 ----a-w- c:\windows\system32\perfh00A.dat
2009-10-25 21:05:37 112108 ----a-w- c:\windows\system32\perfc00A.dat
2009-10-02 17:41:46 319488 ----a-w- c:\windows\HideWin.exe
2009-10-02 17:38:45 77824 ----a-w- c:\windows\SoundMan.exe
2009-10-02 17:38:45 1826816 ----a-w- c:\windows\SkyTel.exe
2009-10-02 17:38:44 9715200 ----a-w- c:\windows\RTLCPL.exe
2009-10-02 17:38:44 4745216 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-10-02 17:38:44 16876032 ----a-w- c:\windows\RTHDCPL.exe
2009-10-02 17:38:44 1196032 ----a-w- c:\windows\RtlUpd.exe
2009-10-02 17:38:43 2165760 ----a-w- c:\windows\MicCal.exe
2009-10-02 17:38:42 2808832 ----a-w- c:\windows\alcwzrd.exe
2009-10-02 17:38:41 57344 ----a-w- c:\windows\Alcmtr.exe
2009-10-02 17:38:39 528384 ----a-w- c:\windows\RtlExUpd.dll
2009-10-02 17:38:37 69632 ----a-w- c:\windows\system32\ChCfg.exe
2009-09-29 08:37:45 21900 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-11 14:18:29 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04:33 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:01:17 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 21:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 01:03:50 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-08-17 01:02:52 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 22:57:00 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 22:57:00 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-16 22:57:00 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 22:57:00 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 22:57:00 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 22:57:00 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 22:57:00 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 22:57:00 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 22:57:00 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-05 09:00:12 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:27:55 2147840 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:27:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-03 13:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-29 04:36:13 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:36:13 119808 ----a-w- c:\windows\system32\t2embed.dll

============= FINISH: 14:58:24,51 ===============

I have my Windows XP Pro OEM CD at hand (SP1 included), and I am currently running sp3.
Thanks very much in advance for taking the time to help,
Javier

[tetonbob]

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

You can get help on disabling your protection programs here

Be sure to allow Combofix to install the Windows Recovery Console as part of it's routine.

Please include the C:\ComboFix.txt in your next reply for further review.

[tetonbob]

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

[Mortadelo]

Hello,
I posted a few days ago this log from my then-infected computer
http://www.techsupportforum.com/secu...ror-virus.html

I could not run combofix at the time, but I have now, and here is the log. I would be grateful if you could check wether I solved the infection or not.
Thanks (especially to Tetonbob),
Javier
ComboFix 09-11-08.03 - Mortadelo 09/11/2009 11:56.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.3327.2847 [GMT 1:00]
Running from: c:\documents and settings\Mortadelo\Escritorio\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091108-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mortadelo\Escritorio\games.url

.
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-11-04 09:23 . 2009-11-04 09:23 152576 ----a-w- c:\documents and settings\Mortadelo\Datos de programa\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-27 06:50 . 2009-10-27 08:15 -------- d-----w- c:\windows\BDOSCAN8
2009-10-26 22:12 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-26 22:12 . 2009-10-26 22:12 -------- d-----w- c:\archivos de programa\Panda Security
2009-10-26 21:38 . 2009-10-26 21:38 77921 ----a-w- c:\windows\system32\v3w32se2.dll
2009-10-26 21:37 . 2009-10-26 21:37 -------- d-----w- C:\PROGRA~1
2009-10-26 21:37 . 2009-10-26 21:37 -------- d-----w- c:\archivos de programa\AhnLab
2009-10-26 20:56 . 2009-10-26 20:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-24 21:32 . 2009-10-24 21:32 -------- d--h--w- c:\windows\PIF
2009-10-24 21:09 . 2009-10-24 21:09 -------- d-----w- c:\documents and settings\Mortadelo\Datos de programa\Windows Search
2009-10-24 20:30 . 2009-10-24 20:30 -------- d-----w- c:\documents and settings\Mortadelo\Datos de programa\Windows Desktop Search
2009-10-24 20:30 . 2009-10-24 20:30 -------- d-sh--w- c:\documents and settings\COPIAS FARMATIC\IETldCache
2009-10-24 20:30 . 2009-10-25 22:00 -------- d-----w- c:\archivos de programa\Windows Desktop Search
2009-10-24 20:29 . 2009-10-24 20:29 -------- d-----w- c:\windows\system32\URTTEMP
2009-10-22 11:38 . 2009-10-22 11:38 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-21 18:03 . 2009-10-21 18:03 -------- d-----w- C:\downloads
2009-10-21 17:44 . 2009-10-21 17:44 -------- d-----w- c:\documents and settings\Mortadelo\Datos de programa\GrabPro
2009-10-21 17:44 . 2009-10-21 18:19 -------- d-----w- c:\archivos de programa\Orbitdownloader
2009-10-21 17:44 . 2009-10-21 18:05 -------- d-----w- c:\documents and settings\Mortadelo\Datos de programa\Orbit
2009-10-21 16:44 . 2004-07-09 02:26 354816 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2009-10-21 16:28 . 2008-11-22 01:33 1650688 ------w- c:\windows\system32\IcdShlex.dll
2009-10-21 16:28 . 2008-11-22 01:11 126976 ------w- c:\windows\system32\IcdYsys.dll
2009-10-21 16:28 . 2001-11-30 10:15 323584 ------w- c:\windows\system32\LPEC.dll
2009-10-21 16:28 . 2001-03-07 13:23 81920 ------w- c:\windows\system32\dsp_trc.dll
2009-10-21 16:28 . 2001-01-10 05:47 317440 ------w- c:\windows\system32\IcdXa.dll
2009-10-21 16:27 . 2009-10-21 16:45 -------- d-----w- c:\archivos de programa\Sony
2009-10-19 09:19 . 2009-10-19 09:19 -------- d-----w- c:\archivos de programa\EPSON
2009-10-19 09:06 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-19 09:06 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-16 13:57 . 2009-10-16 13:58 -------- d-----w- c:\windows\system32\NtmsData
2009-10-16 10:51 . 2009-10-16 10:51 -------- d-----w- c:\windows\Sun
2009-10-16 10:51 . 2009-10-11 03:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-16 10:51 . 2009-11-04 09:23 -------- d-----w- c:\archivos de programa\Java
2009-10-16 10:51 . 2009-10-16 10:51 152576 ----a-w- c:\documents and settings\Mortadelo\Datos de programa\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-14 17:36 . 2009-10-14 17:36 -------- d-----w- c:\archivos de programa\UltraISO
2009-10-14 17:36 . 2009-10-14 17:36 -------- d-----w- c:\archivos de programa\Archivos comunes\EZB Systems
2009-10-13 15:27 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Datos de programa\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-10-13 06:30 . 2009-10-13 14:53 -------- d-----w- c:\documents and settings\Mortadelo\Bluebirds

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 19:10 . 2009-10-02 16:03 46 ----a-w- c:\windows\system32\SP701ASM.dat
2009-11-04 09:23 . 2008-04-14 12:00 553930 ----a-w- c:\windows\system32\perfh00A.dat
2009-11-04 09:23 . 2008-04-14 12:00 112108 ----a-w- c:\windows\system32\perfc00A.dat
2009-10-30 09:04 . 2009-10-02 09:32 -------- d-----w- c:\archivos de programa\Windows Live Safety Center
2009-10-24 20:10 . 2009-10-08 16:24 -------- d-----w- c:\documents and settings\Mortadelo\Datos de programa\uTorrent
2009-10-21 16:44 . 2009-10-01 14:30 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
2009-10-20 17:24 . 2009-10-01 14:37 -------- d-----w- c:\archivos de programa\Archivos comunes\Adobe
2009-10-16 18:13 . 2009-10-01 17:12 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Microsoft Help
2009-10-07 07:38 . 2009-10-07 07:38 -------- d-----w- c:\archivos de programa\MSBuild
2009-10-07 07:37 . 2009-10-07 07:37 -------- d-----w- c:\archivos de programa\Reference Assemblies
2009-10-07 06:26 . 2009-10-03 14:38 -------- d-----w- c:\archivos de programa\Microsoft Silverlight
2009-10-06 16:54 . 2009-10-06 16:54 -------- d-----w- c:\documents and settings\Mortadelo\Datos de programa\TeamViewer
2009-10-06 15:57 . 2009-10-06 15:57 -------- d-----w- c:\archivos de programa\Archivos comunes\Borland Shared
2009-10-06 15:57 . 2009-10-06 15:57 -------- d-----w- c:\archivos de programa\Farmatic
2009-10-06 15:57 . 2009-10-06 15:57 -------- d-----w- c:\archivos de programa\Archivos comunes\Crystal Decisions
2009-10-06 15:49 . 2009-10-06 15:49 -------- d-----w- c:\archivos de programa\Microsoft SQL Server
2009-10-03 14:38 . 2009-10-03 14:38 -------- d-----w- c:\archivos de programa\Microsoft
2009-10-03 14:38 . 2009-10-03 14:38 -------- d-----w- c:\archivos de programa\Windows Media Connect 2
2009-10-02 18:41 . 2009-10-02 18:41 -------- d-----w- c:\archivos de programa\MSECache
2009-10-02 18:38 . 2009-10-02 18:36 -------- d-----w- c:\archivos de programa\Microsoft Works
2009-10-02 18:06 . 2009-10-02 18:06 -------- d-----w- c:\archivos de programa\Alwil Software
2009-10-02 17:43 . 2009-10-02 17:35 -------- d-----w- c:\archivos de programa\Intel
2009-10-02 17:38 . 2009-10-02 17:42 69632 ----a-w- c:\windows\system32\ChCfg.exe
2009-10-02 17:37 . 2009-10-02 17:37 -------- d-----w- c:\documents and settings\Mortadelo\Datos de programa\InstallShield
2009-10-02 17:32 . 2009-10-02 17:35 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-10-01 16:59 . 2009-10-01 16:59 -------- d-----w- c:\archivos de programa\NVIDIA Corporation
2009-10-01 16:59 . 2009-10-01 16:59 -------- d-----w- c:\documents and settings\All Users\Datos de programa\NVIDIA Corporation
2009-10-01 15:26 . 2009-10-01 14:35 -------- d-----w- c:\archivos de programa\ASUS
2009-10-01 15:25 . 2009-10-01 14:41 -------- d-----w- c:\documents and settings\All Users\Datos de programa\WinZip
2009-10-01 14:54 . 2009-09-29 08:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-29 08:40 . 2009-09-29 08:40 -------- d-----w- c:\archivos de programa\microsoft frontpage
2009-09-29 08:39 . 2009-09-29 08:39 -------- d-----w- c:\archivos de programa\Servicios en línea
2009-09-29 08:37 . 2009-09-29 08:37 21900 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-15 10:59 . 2009-10-03 12:46 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-10-03 12:46 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-10-03 12:46 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-10-03 12:46 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-10-03 12:46 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-10-03 12:46 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-10-03 12:46 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-10-03 12:46 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-10-03 12:46 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:01 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 01:03 . 2009-08-17 01:03 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-08-17 01:02 . 2009-08-17 01:02 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 22:57 . 2009-10-01 16:59 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 22:57 . 2009-08-16 22:57 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 22:57 . 2009-08-16 22:57 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-08-16 22:57 . 2009-08-16 22:57 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-16 22:57 . 2009-08-16 22:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 22:57 . 2009-08-16 22:57 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 22:57 . 2009-08-16 22:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 22:57 . 2009-08-16 22:57 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 22:57 . 2009-08-16 22:57 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 22:57 . 2009-08-16 22:57 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 22:57 . 2009-08-16 22:57 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\archivos de programa\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"IAAnotif"="c:\archivos de programa\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"avast!"="c:\archiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2009-10-02 16876032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Administrador de servicios.lnk - c:\archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2009-10-6 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\archivos de programa\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\java.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [26/10/2009 23:12 28552]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/10/2009 13:46 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/10/2009 13:46 20560]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLIDSVC.EXE [30/03/2009 15:28 1533808]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [01/10/2009 15:30 38400]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [28/11/2002 20:23 39048]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportar a Microsoft Excel
TCP: {5C046835-0B15-4946-8B63-224EB53EF40F} = 80.58.61.250,80.58.61.254
TCP: {82B5AFA1-A0EA-4F4B-A9C6-4070638AC7D7} = 80.58.32.97,80.58.0.33
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 11:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-09 12:00
ComboFix-quarantined-files.txt 2009-11-09 11:00

Pre-Run: 147.734.196.224 bytes libres
Post-Run: 148.142.080.000 bytes libres

- - End Of File - - FEC0D5817CFB1367D3FDC61668EA6A25

[tetonbob]

Hello, Javier -

Quote:

Originally Posted by tetonbob

Be sure to allow Combofix to install the Windows Recovery Console as part of it's routine.

Quote:

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

Without installing the Recovery Console, ComboFix will not fix some infections, so I can't know the current state of the machine in that regard.

Was there a problem installing the Recovery Console? Did you not receive this prompt?



The language of this machine is Brazilian Portuguese, correct?

[Mortadelo]

Hi there,
my machine is in Spanish, and I was never prompted to install the recovery console, just informed that it was not installed. Shall I install it manually?
TIA

[tetonbob]

Whoops, my mistake. I was looking at the wrong section of the header.

Please use the manual installation instructions for installing the Recovery Console with ComboFix

http://www.bleepingcomputer.com/comb...anual_recovery

You'll want to download the appropriate Installation package for your OS language and Service Pack level, from this page

http://support.microsoft.com/kb/310994/es

From the logs, it seems you're using either Windows XP Professional or Windows XP Media Center (which is based on Windows XP Pro), with Service Pack 3

Use this download package, for XP Pro, SP2

http://www.microsoft.com/downloads/d...displaylang=es

Save it as it is originally named to your Desktop.

Now close all open windows and programs, and disable all antivirus and antispyware programs. This is usually done via a right click on the applications' system tray icon. Get help here for how to disable them, if required.



Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement (EULA) to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:



Click on Yes, to continue scanning for malware.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Post that log in your next reply

[Mortadelo]

Hi again,
the deed is done, and here I paste the last combofix log. I would like to ask you something: when I started my pc today, the MSSQL Server application had been deleted, and the only thing that may have caused it is my running of combofix yesterday. Does it make sense to you? (is was an .exe file, thats why I am suspicious of combofix).
Regards
ComboFix 09-11-09.01 - Mortadelo 10/11/2009 10:25.2.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.3327.2849 [GMT 1:00]
Running from: c:\documents and settings\Mortadelo\Escritorio\ComboFix.exe
Command switches used :: c:\documents and settings\Mortadelo\Escritorio\WindowsXP-KB310994-SP2-Pro-BootDisk-ESN.exe
AV: avast! antivirus 4.8.1356 [VPS 091110-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-10-10 to 2009-11-10 )))))))))))))))))))))))))))))))
.

2009-11-04 09:23 . 2009-11-04 09:23 152576 ----a-w- c:\documents and settings\Mortadelo\Datos de programa\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-27 06:50 . 2009-10-27 08:15 -------- d-----w- c:\windows\BDOSCAN8
2009-10-26 22:12 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-26 22:12 . 2009-10-26 22:12 -------- d-----w- c:\archivos de programa\Panda Security
2009-10-26 21:38 . 2009-10-26 21:38 77921 ----a-w- c:\windows\system32\v3w32se2.dll
2009-10-26 21:37 . 2009-10-26 21:37 -------- d-----w- C:\PROGRA~1
2009-10-26 21:37 . 2009-10-26 21:37 -------- d-----w- c:\archivos de programa\AhnLab
2009-10-26 20:56 . 2009-10-26 20:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-24 21:32 . 2009-10-24 21:32 -------- d--h--w- c:\windows\PIF
2009-10-24 21:09 . 2009-10-24 21:09 -------- d-----w- c:\documents and settings\Mortadelo\Datos de programa\Windows Search
2009-10-24 20:30 . 2009-10-24 20:30 -------- d-----w- c:\documents and settings\Mortadelo\Datos de programa\Windows Desktop Search
2009-10-24 20:30 . 2009-10-24 20:30 -------- d-sh--w- c:\documents and settings\COPIAS FARMATIC\IETldCache
2009-10-24 20:30 . 2009-10-25 22:00 -------- d-----w- c:\archivos de programa\Windows Desktop Search
2009-10-24 20:29 . 2009-10-24 20:29 -------- d-----w- c:\windows\system32\URTTEMP
2009-10-22 11:38 . 2009-10-22 11:38 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-21 17:44 . 2009-10-21 17:44 -------- d-----w- c:\documents and settings\Mortadelo\Datos de programa\GrabPro
2009-10-21 17:44 . 2009-10-21 18:19 -------- d-----w- c:\archivos de programa\Orbitdownloader
2009-10-21 17:44 . 2009-10-21 18:05 -------- d-----w- c:\documents and settings\Mortadelo\Datos de programa\Orbit
2009-10-21 16:44 . 2004-07-09 02:26 354816 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2009-10-21 16:28 . 2008-11-22 01:33 1650688 ------w- c:\windows\system32\IcdShlex.dll
2009-10-21 16:28 . 2008-11-22 01:11 126976 ------w- c:\windows\system32\IcdYsys.dll
2009-10-21 16:28 . 2001-11-30 10:15 323584 ------w- c:\windows\system32\LPEC.dll
2009-10-21 16:28 . 2001-03-07 13:23 81920 ------w- c:\windows\system32\dsp_trc.dll
2009-10-21 16:28 . 2001-01-10 05:47 317440 ------w- c:\windows\system32\IcdXa.dll
2009-10-21 16:27 . 2009-10-21 16:45 -------- d-----w- c:\archivos de programa\Sony
2009-10-19 09:19 . 2009-10-19 09:19 -------- d-----w- c:\archivos de programa\EPSON
2009-10-19 09:06 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-19 09:06 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-16 13:57 . 2009-10-16 13:58 -------- d-----w- c:\windows\system32\NtmsData
2009-10-16 10:51 . 2009-10-16 10:51 -------- d-----w- c:\windows\Sun
2009-10-16 10:51 . 2009-10-11 03:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-16 10:51 . 2009-11-04 09:23 -------- d-----w- c:\archivos de programa\Java
2009-10-16 10:51 . 2009-10-16 10:51 152576 ----a-w- c:\documents and settings\Mortadelo\Datos de programa\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-14 17:36 . 2009-10-14 17:36 -------- d-----w- c:\archivos de programa\UltraISO
2009-10-14 17:36 . 2009-10-14 17:36 -------- d-----w- c:\archivos de programa\Archivos comunes\EZB Systems
2009-10-13 15:27 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Datos de programa\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-10-13 06:30 . 2009-10-13 14:53 -------- d-----w- c:\documents and settings\Mortadelo\Bluebirds

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 08:29 . 2008-04-14 12:00 553930 ----a-w- c:\windows\system32\perfh00A.dat
2009-11-10 08:29 . 2008-04-14 12:00 112108 ----a-w- c:\windows\system32\perfc00A.dat
2009-11-07 19:10 . 2009-10-02 16:03 46 ----a-w- c:\windows\system32\SP701ASM.dat
2009-10-30 09:04 . 2009-10-02 09:32 -------- d-----w- c:\archivos de programa\Windows Live Safety Center
2009-10-24 20:10 . 2009-10-08 16:24 -------- d-----w- c:\documents and settings\Mortadelo\Datos de programa\uTorrent
2009-10-21 16:44 . 2009-10-01 14:30 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
2009-10-20 17:24 . 2009-10-01 14:37 -------- d-----w- c:\archivos de programa\Archivos comunes\Adobe
2009-10-16 18:13 . 2009-10-01 17:12 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Microsoft Help
2009-10-07 07:38 . 2009-10-07 07:38 -------- d-----w- c:\archivos de programa\MSBuild
2009-10-07 07:37 . 2009-10-07 07:37 -------- d-----w- c:\archivos de programa\Reference Assemblies
2009-10-07 06:26 . 2009-10-03 14:38 -------- d-----w- c:\archivos de programa\Microsoft Silverlight
2009-10-06 16:54 . 2009-10-06 16:54 -------- d-----w- c:\documents and settings\Mortadelo\Datos de programa\TeamViewer
2009-10-06 15:57 . 2009-10-06 15:57 -------- d-----w- c:\archivos de programa\Archivos comunes\Borland Shared
2009-10-06 15:57 . 2009-10-06 15:57 -------- d-----w- c:\archivos de programa\Farmatic
2009-10-06 15:57 . 2009-10-06 15:57 -------- d-----w- c:\archivos de programa\Archivos comunes\Crystal Decisions
2009-10-06 15:49 . 2009-10-06 15:49 -------- d-----w- c:\archivos de programa\Microsoft SQL Server
2009-10-03 14:38 . 2009-10-03 14:38 -------- d-----w- c:\archivos de programa\Microsoft
2009-10-03 14:38 . 2009-10-03 14:38 -------- d-----w- c:\archivos de programa\Windows Media Connect 2
2009-10-02 18:41 . 2009-10-02 18:41 -------- d-----w- c:\archivos de programa\MSECache
2009-10-02 18:38 . 2009-10-02 18:36 -------- d-----w- c:\archivos de programa\Microsoft Works
2009-10-02 18:06 . 2009-10-02 18:06 -------- d-----w- c:\archivos de programa\Alwil Software
2009-10-02 17:43 . 2009-10-02 17:35 -------- d-----w- c:\archivos de programa\Intel
2009-10-02 17:38 . 2009-10-02 17:42 69632 ----a-w- c:\windows\system32\ChCfg.exe
2009-10-02 17:37 . 2009-10-02 17:37 -------- d-----w- c:\documents and settings\Mortadelo\Datos de programa\InstallShield
2009-10-02 17:32 . 2009-10-02 17:35 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-10-01 16:59 . 2009-10-01 16:59 -------- d-----w- c:\archivos de programa\NVIDIA Corporation
2009-10-01 16:59 . 2009-10-01 16:59 -------- d-----w- c:\documents and settings\All Users\Datos de programa\NVIDIA Corporation
2009-10-01 15:26 . 2009-10-01 14:35 -------- d-----w- c:\archivos de programa\ASUS
2009-10-01 15:25 . 2009-10-01 14:41 -------- d-----w- c:\documents and settings\All Users\Datos de programa\WinZip
2009-10-01 14:54 . 2009-09-29 08:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-29 08:40 . 2009-09-29 08:40 -------- d-----w- c:\archivos de programa\microsoft frontpage
2009-09-29 08:39 . 2009-09-29 08:39 -------- d-----w- c:\archivos de programa\Servicios en línea
2009-09-29 08:37 . 2009-09-29 08:37 21900 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-15 10:59 . 2009-10-03 12:46 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-10-03 12:46 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-10-03 12:46 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-10-03 12:46 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-10-03 12:46 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-10-03 12:46 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-10-03 12:46 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-10-03 12:46 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-10-03 12:46 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:01 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 01:03 . 2009-08-17 01:03 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-08-17 01:02 . 2009-08-17 01:02 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 22:57 . 2009-10-01 16:59 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 22:57 . 2009-08-16 22:57 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 22:57 . 2009-08-16 22:57 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-08-16 22:57 . 2009-08-16 22:57 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-16 22:57 . 2009-08-16 22:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 22:57 . 2009-08-16 22:57 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 22:57 . 2009-08-16 22:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 22:57 . 2009-08-16 22:57 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 22:57 . 2009-08-16 22:57 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 22:57 . 2009-08-16 22:57 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 22:57 . 2009-08-16 22:57 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-09_10.59.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-10 08:44 . 2009-11-10 08:44 16384 c:\windows\Temp\Perflib_Perfdata_7e8.dat
+ 2009-11-10 08:24 . 2009-11-10 08:24 16384 c:\windows\Temp\Perflib_Perfdata_620.dat
+ 2009-11-10 08:44 . 2009-11-10 08:44 16384 c:\windows\Temp\Perflib_Perfdata_1b0.dat
- 2008-04-14 12:00 . 2009-11-04 09:23 79326 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2009-11-10 08:29 79326 c:\windows\system32\perfc009.dat
- 2009-10-06 15:50 . 2005-05-03 22:02 21504 c:\windows\system32\dbmsshrn.dll
+ 2009-10-06 15:50 . 2005-05-03 23:02 21504 c:\windows\system32\dbmsshrn.dll
- 2009-10-06 16:01 . 2002-12-17 15:23 33340 c:\windows\system32\dbmsqlgc.dll
+ 2009-10-06 16:01 . 2002-12-17 16:23 33340 c:\windows\system32\dbmsqlgc.dll
- 2009-10-06 15:50 . 2005-05-03 22:02 20480 c:\windows\system32\dbmslpcn.dll
+ 2009-10-06 15:50 . 2005-05-03 23:02 20480 c:\windows\system32\dbmslpcn.dll
+ 2009-10-06 16:01 . 2002-10-20 14:01 24576 c:\windows\system32\dbmsgnet.dll
- 2009-10-06 16:01 . 2002-10-20 13:01 24576 c:\windows\system32\dbmsgnet.dll
- 2008-04-14 12:00 . 2009-11-04 09:23 461554 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2009-11-10 08:29 461554 c:\windows\system32\perfh009.dat
+ 2009-10-06 15:50 . 2005-05-03 23:20 294912 c:\windows\system32\ntwdblib.dll
- 2009-10-06 15:50 . 2005-05-03 22:20 294912 c:\windows\system32\ntwdblib.dll
+ 2009-10-06 15:50 . 2004-04-25 18:26 188473 c:\windows\system32\msrpjt40.dll
- 2009-10-06 15:50 . 2004-04-25 17:26 188473 c:\windows\system32\msrpjt40.dll
- 2009-10-06 15:49 . 1998-10-29 14:45 306688 c:\windows\IsUninst.exe
+ 2009-10-06 15:49 . 1998-10-29 15:45 306688 c:\windows\IsUninst.exe
- 2009-10-06 15:46 . 1998-11-13 11:04 308224 c:\windows\IsUn040a.exe
+ 2009-10-06 15:46 . 1998-11-13 12:04 308224 c:\windows\IsUn040a.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bluebirds"="c:\documents and settings\Mortadelo\Bluebirds\BlueBirds.exe" [2009-04-29 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\archivos de programa\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"IAAnotif"="c:\archivos de programa\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"avast!"="c:\archiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2009-10-02 16876032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Administrador de servicios.lnk - c:\archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2009-10-6 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\archivos de programa\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\java.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [26/10/2009 23:12 28552]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/10/2009 13:46 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/10/2009 13:46 20560]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLIDSVC.EXE [30/03/2009 15:28 1533808]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [01/10/2009 15:30 38400]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [28/11/2002 20:23 39048]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportar a Microsoft Excel
TCP: {5C046835-0B15-4946-8B63-224EB53EF40F} = 80.58.61.250,80.58.61.254
TCP: {82B5AFA1-A0EA-4F4B-A9C6-4070638AC7D7} = 80.58.32.97,80.58.0.33
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-10 10:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3888)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-10 10:29
ComboFix-quarantined-files.txt 2009-11-10 09:29
ComboFix2.txt 2009-11-09 11:00

Pre-Run: 148.058.619.904 bytes libres
Post-Run: 148.016.754.688 bytes libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ESN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AE73FFC0E3BBEEA3266933090F407FD4

[Mortadelo]

TetonBob,
yes, I can confirm that Combofix messes up Microsoft SQL Server 2000.
Regards

[tetonbob]

There's listed only one item deleted by Combofix, and it would not appear to be related to the application you're mentioning.

c:\documents and settings\Mortadelo\Escritorio\games.url

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\ComboFix-quarantined-files.txt

Post the contents of the logfile which will open.

[Mortadelo]

Hi, yes, I noticed so, but nevertheless it has reproduced, with no other action but a run of combofix.
Here is the log
2009-11-09 10:57:57 . 2009-11-10 09:27:45 7,266 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-11-09 10:55:40 . 2009-11-10 09:25:00 153 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-10-21 17:38:01 . 2009-10-21 17:38:01 244 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Mortadelo\Escritorio\games.url.vir

[tetonbob]

Well, the only thing I can say about that is, if the application is not functioning, you'll have to reinstall it, but the records show ComboFix did not delete it, and ComboFix keeps records and backups of it's deletions.

Other than that, how is the machine behaving?

[Mortadelo]

Other than that, the computer has never given up another BSOD, and the online AV shows no problem.

[tetonbob]

Ok, good.

I'd like to look at one more log.

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.

[Mortadelo]

Here it comes:
2007 Microsoft Office Suite Service Pack 2 (SP2)
Actualización de seguridad para el Reproductor de Windows Media (KB952069)
Actualización de seguridad para el Reproductor de Windows Media (KB954155)
Actualización de seguridad para el Reproductor de Windows Media (KB968816)
Actualización de seguridad para el Reproductor de Windows Media (KB973540)
Actualización de seguridad para el Reproductor de Windows Media 11 (KB954154)
Actualización de seguridad para Windows Internet Explorer 8 (KB971961)
Actualización de seguridad para Windows Internet Explorer 8 (KB972260)
Actualización de seguridad para Windows Internet Explorer 8 (KB974455)
Actualización de seguridad para Windows XP (KB923561)
Actualización de seguridad para Windows XP (KB923789)
Actualización de seguridad para Windows XP (KB938464-v2)
Actualización de seguridad para Windows XP (KB941569)
Actualización de seguridad para Windows XP (KB946648)
Actualización de seguridad para Windows XP (KB950762)
Actualización de seguridad para Windows XP (KB950974)
Actualización de seguridad para Windows XP (KB951066)
Actualización de seguridad para Windows XP (KB951376-v2)
Actualización de seguridad para Windows XP (KB951748)
Actualización de seguridad para Windows XP (KB952004)
Actualización de seguridad para Windows XP (KB952954)
Actualización de seguridad para Windows XP (KB954459)
Actualización de seguridad para Windows XP (KB954600)
Actualización de seguridad para Windows XP (KB955069)
Actualización de seguridad para Windows XP (KB956572)
Actualización de seguridad para Windows XP (KB956744)
Actualización de seguridad para Windows XP (KB956802)
Actualización de seguridad para Windows XP (KB956803)
Actualización de seguridad para Windows XP (KB956844)
Actualización de seguridad para Windows XP (KB957097)
Actualización de seguridad para Windows XP (KB958644)
Actualización de seguridad para Windows XP (KB958687)
Actualización de seguridad para Windows XP (KB958869)
Actualización de seguridad para Windows XP (KB959426)
Actualización de seguridad para Windows XP (KB960225)
Actualización de seguridad para Windows XP (KB960803)
Actualización de seguridad para Windows XP (KB960859)
Actualización de seguridad para Windows XP (KB961371-v2)
Actualización de seguridad para Windows XP (KB961501)
Actualización de seguridad para Windows XP (KB968537)
Actualización de seguridad para Windows XP (KB969059)
Actualización de seguridad para Windows XP (KB970238)
Actualización de seguridad para Windows XP (KB971486)
Actualización de seguridad para Windows XP (KB971557)
Actualización de seguridad para Windows XP (KB971633)
Actualización de seguridad para Windows XP (KB971657)
Actualización de seguridad para Windows XP (KB971961)
Actualización de seguridad para Windows XP (KB972260)
Actualización de seguridad para Windows XP (KB973346)
Actualización de seguridad para Windows XP (KB973354)
Actualización de seguridad para Windows XP (KB973507)
Actualización de seguridad para Windows XP (KB973525)
Actualización de seguridad para Windows XP (KB973869)
Actualización de seguridad para Windows XP (KB974112)
Actualización de seguridad para Windows XP (KB974571)
Actualización de seguridad para Windows XP (KB975025)
Actualización de seguridad para Windows XP (KB975467)
Actualización para Windows Internet Explorer 8 (KB973874)
Actualización para Windows Internet Explorer 8 (KB976749)
Actualización para Windows XP (KB898461)
Actualización para Windows XP (KB951978)
Actualización para Windows XP (KB967715)
Actualización para Windows XP (KB968389)
Actualización para Windows XP (KB973815)
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2 - Español
AhnLab MyV3
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
µTorrent
avast! Antivirus
Ayudante para el inicio de sesión de Windows Live ID
Compresor WinRAR
Digital Voice Editor 3
Farmatic v8
Farmatic v8.2 - Actualización
Hotfix 2055 for SQL Server 2000 ESN (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Matrix Storage Manager
Java(TM) 6 Update 17
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 1.1 Spanish Language Pack
Microsoft .NET Framework 2.0 Language Pack - ESN
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Groove MUI (Spanish) 2007
Microsoft Office InfoPath MUI (Spanish) 2007
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (Spanish) 12
Microsoft SQL Server 2000
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
NVIDIA Drivers
NVIDIA nView Desktop Manager
OGA Notifier 2.0.0048.0
Panda ActiveScan 2.0
Paquete de compatibilidad para 2007 Office system
Paquete de idioma de Microsoft .NET Framework 2.0 - ESN
Realtek High Definition Audio Driver
Reproductor de Windows Media 11
Revisión para el Reproductor de Windows Media 11 (KB939683)
Revisión para Windows XP (KB952287)
Revisión para Windows XP (KB961118)
Revisión para Windows XP (KB970653-v3)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Search 4 - KB963093
Software de impresora EPSON
Sony Player Plug-in for Windows Media Player
UltraISO Premium V9.31
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (KB974810)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0

[tetonbob]

OK, good.

The online AV you referred to which found nothing, was Panda ActiveScan? That's good, too.

Is Microsoft SQL Server 2000 functioning? I see it still in the installed programs list.

[Mortadelo]

Yes, I run Panda, Kaspersky and Microsoft OneCare, which yielded no infection.
SQL Server would not run, though. It "can´t find SQL Server instance", I re-installed, worked ok. Then run combo again, and the same message appeared. Now I will un-install all SQL services and re-install them again, hopefully.
I feel un-ease that I did not carry out a blank installation of OS after the virus, but if you think the PC is cleaned, I will carry on.
Regards

[tetonbob]

Having not seen any reports which indicate a serious infection, other than your personal report of a LiveOneCare scan indicating rootkit, I see no reason to reinstall, but of course, that's your choice, and never truly a bad idea after an infection., though I'm not sure there was one once you got here. Reason for running ComboFix was, it targets many rootkits, some of which are currently evading detection in our usual tools, but it also found nothing of that type.

As you've already run kaspersky also, which is what I would have you do lastly, and it found nothing, I would suggest there's no malware afoot here. The logs I have seen would seem to confirm that.

I'll have final instructions for you if all else is well..

[Mortadelo]

Awaiting instructions, Sir

[tetonbob]

Some final housekeeping instructions, and protection information for you.

Your logs appear clean.You should be good to go. We still have a few items to address.


Disconnect from the internet and disable your AntiVirus temporarily.

Go to -> Run -> copy/paste in the following single line command & click OK

ComboFix /Uninstall

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Re-enable your AntiVirus now. Reconnect to the internet at your leisure.

Delete any remaining tools we've used (DDS and GMER) and logs from them.

Empty your Recycle Bin.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

• Microsoft Windows Update - http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
  
  
• Winpatrol
  
  Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.
  
  You can get a free copy of Winpatrol or use the Plus version for more features.
  
  You can read Winpatrol's FAQ if you run into problems.
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  
  Do not install more than one AntiVirus program because they will conflict with each other.
  
  
• Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer
  
  
• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• How did I get infected in the first place?
• PC Safety and Security--What Do I Need?

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.