Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Win32.Delf.zd


  • This topic is locked This topic is locked
18 replies to this topic

#1 jbantunes

jbantunes

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 03 November 2009 - 05:53 AM

Hi,

Since my computer has been infected it often shuts down, getting consecutively trying to start up without success.
I ran straight away Karpersky which detected and eliminated the Trojan.Win32.delf.zd but the problem keeps going on.
I followed the steps of your forum and I´m sending the txt files.

Thanks for your attention.



DDS (Ver_09-10-26.01) - NTFSx86 NETWORK
Run by LC at 10:04:45.31 on 2009-11-03
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.351.1033.18.1023.735 [GMT 0:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\LC\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.pt/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON PX800FW Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieme.exe /fu "c:\windows\temp\E_S53.tmp" /EF "HKCU"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [FLMOFFICE4DMOUSE] c:\program files\labtec\mouse\2.1\moffice.exe
mRun: [LWBKEYBOARD] c:\program files\labtec\media keyboard\v5.0\KbdAp32A.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wlanut~1.lnk - c:\program files\microstar\wlanutility\WlanUtility.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\ie_banner_deny.htm
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\SCIEPlgn.dll
Trusted Zone: usgs.gov \extract.cr
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175960357812
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://www.musica.gulbenkian.pt/template/fonts/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {5AA6D639-74B1-494C-9AC3-1FD3A7DBE3A8} = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\kasper~1\kasper~1.0fo\adialhk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-2-2 24344]
S2 gupdate1c9ae044050c18a;Google Update Service (gupdate1c9ae044050c18a);c:\program files\google\update\GoogleUpdate.exe [2009-3-26 133104]

=============== Created Last 30 ================

2009-11-02 16:36:45 0 d-----w- c:\program files\ESET
2009-11-02 10:14:46 0 d-----w- C:\arcscript
2009-10-19 14:54:34 57344 ----a-w- c:\windows\system32\astsrv.exe
2009-10-19 14:54:34 53248 ----a-w- c:\windows\system32\astdll.dll
2009-10-19 14:54:34 49152 ----a-w- c:\windows\system32\check_internet.dll
2009-10-19 14:54:34 102400 ----a-w- c:\windows\system32\filechck.dll
2009-10-19 14:54:33 49152 ----a-w- c:\windows\system32\dllnt.dll
2009-10-19 14:54:33 0 d-----w- c:\program files\CrossView
2009-10-19 14:51:29 0 d-----w- c:\program files\ET Surface
2009-10-19 14:51:29 0 d-----w- c:\docume~1\lc\applic~1\ET
2009-10-06 07:15:35 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan

==================== Find3M ====================

2009-11-03 09:33:35 73868064 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-02 10:49:13 5676320 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-30 17:26:25 990560 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-30 17:26:25 544544 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-16 08:32:30 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-16 08:32:30 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 11:00:44 112752 ----a-w- c:\docume~1\lc\applic~1\GDIPFONTCACHEV1.DAT
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 14:09:06 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 18:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 18:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2008-09-19 07:56:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091920080920\index.dat

============= FINISH: 10:05:08.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:05 AM

Posted 08 November 2009 - 06:26 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 jbantunes

jbantunes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 09 November 2009 - 05:04 AM

Hello!

First of all thank you for your answer and attention to my problem.

I just run the OTL and the reports are pasted bellow.

I haven´t done nothing since last post, however the problem is aggravated. Today it toke an hour to turn pc on... It is allways shuting down and keeps trying to turn on intermittently without success...

Here go the reports and once more thanks for your help!

Joana Antunes

OTL logfile created on: 2009-11-09 9:45:53 - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: yyyy-MM-dd

1023.23 Mb Total Physical Memory | 741.61 Mb Available Physical Memory | 72.48% Memory free
2.41 Gb Paging File | 2.32 Gb Available in Paging File | 96.38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 70.18 Gb Free Space | 71.87% Space Free | Partition Type: NTFS
Drive D: | 461.30 Gb Total Space | 371.04 Gb Free Space | 80.43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3.76 Gb Total Space | 3.75 Gb Free Space | 99.78% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SINESE4
Current User Name: LC
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009-11-09 08:36:12 | 00,528,896 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2008-04-14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009-11-09 08:36:12 | 00,528,896 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2008-04-14 00:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008-04-14 00:11:56 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2008-04-14 00:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (WUSB54GCSVC)
SRV - [2009-10-02 07:34:24 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-03-26 11:15:51 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ae044050c18a)
SRV - [2008-09-01 08:16:32 | 00,211,568 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe -- (AVP)
SRV - [2008-07-29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008-07-29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008-07-29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008-07-25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-07-25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008-07-21 09:40:10 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\astsrv.exe -- (astcc)
SRV - [2008-04-14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2006-10-18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006-03-14 07:22:00 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2005-06-28 21:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005-04-06 16:03:28 | 00,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2004-10-22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-08-01 05:41:00 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2003-06-20 07:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2009-04-02 17:25:17 | 00,187,168 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2009-02-04 09:48:11 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP)
DRV - [2008-05-28 14:55:30 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008-04-13 18:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007-11-13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-02-02 11:31:52 | 00,024,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2006-03-14 07:22:00 | 00,090,176 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006-03-14 07:22:00 | 00,028,216 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006-02-14 11:05:06 | 00,107,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006-01-12 19:46:28 | 00,252,928 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005-06-20 10:53:30 | 00,060,928 | R--- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid)
DRV - [2005-04-07 19:50:32 | 00,011,860 | ---- | M] () -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005-04-07 19:48:56 | 00,028,271 | ---- | M] (IVT Corporation) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005-04-06 11:48:44 | 00,023,000 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005-03-25 17:18:48 | 00,082,148 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2005-02-01 18:00:24 | 00,020,096 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004-12-16 16:32:54 | 00,013,304 | ---- | M] () -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004-12-15 19:12:04 | 00,218,368 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2004-11-17 11:05:38 | 02,297,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004-10-19 13:37:38 | 00,061,312 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004-09-21 18:15:34 | 00,010,804 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2004-08-04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004-08-04 12:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004-08-03 21:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFDPSP2.sys -- (HSF_DP)
DRV - [2004-08-03 21:41:56 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004-08-03 21:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFCXTS2.sys -- (winachsf)
DRV - [2004-08-03 21:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFBS2S2.sys -- (HSFHWBS2)
DRV - [2004-08-01 05:41:00 | 01,241,088 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003-11-11 10:41:08 | 00,041,984 | R--- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB)
DRV - [2003-09-25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003-07-17 08:10:06 | 00,007,040 | R--- | M] (VIA Networking Technologies, Inc. ) -- C:\WINDOWS\system32\ntsim.sys -- (NTSIM)
DRV - [2003-07-01 21:26:16 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2001-08-17 12:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)
DRV - [2000-11-22 03:20:00 | 00,070,608 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\DRIVERS\drvmcdb.sys -- (drvmcdb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-515967899-1580818891-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-515967899-1580818891-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-515967899-1580818891-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
IE - HKU\S-1-5-21-515967899-1580818891-682003330-1004\S-1-5-21-515967899-1580818891-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-17 11:02:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-01 17:17:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\portable_app\FirefoxPortable\App\firefox\components [2009-04-06 07:57:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\portable_app\FirefoxPortable\App\firefox\plugins [2009-10-06 07:15:32 | 00,000,000 | ---D | M]

[2009-03-18 10:53:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\Mozilla\Extensions
[2009-03-18 10:53:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007-03-14 14:41:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\Mozilla\Firefox\Profiles\eoa6fhkz.default\extensions
[2006-09-18 09:17:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LC\Application Data\Mozilla\Firefox\Profiles\eoa6fhkz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008-09-12 15:45:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006-08-07 14:14:54 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2004-11-13 03:36:20 | 00,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2007-12-19 12:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2005-09-23 20:44:16 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008-09-10 19:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008-09-09 21:53:00 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008-09-09 21:53:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008-09-09 21:53:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008-09-09 21:53:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008-09-09 21:53:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008-09-10 19:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-515967899-1580818891-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-515967899-1580818891-682003330-1004\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-515967899-1580818891-682003330-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe ()
O4 - HKLM..\Run: [LWBKEYBOARD] C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-515967899-1580818891-682003330-1004..\Run: [EPSON PX800FW Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEME.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-515967899-1580818891-682003330-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-1580818891-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-515967899-1580818891-682003330-1004\..Trusted Domains: usgs.gov ([extract.cr] http in Trusted sites)
O15 - HKU\S-1-5-21-515967899-1580818891-682003330-1004\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1175960357812 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://www.musica.gulbenkian.pt/template/fonts/clearadj.cab (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-01-26 23:06:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{014c6da3-85fa-11dc-8667-00138f67dcd9}\Shell\AutoOpen\command - "" = .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
O33 - MountPoints2\{014c6da3-85fa-11dc-8667-00138f67dcd9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{014c6dac-85fa-11dc-8667-00138f67dcd9}\Shell\AutoOpen\command - "" = .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
O33 - MountPoints2\{014c6dac-85fa-11dc-8667-00138f67dcd9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{05613227-4d8b-11dd-8628-00138f67dcd9}\Shell\AutoOpen\command - "" = .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
O33 - MountPoints2\{05613227-4d8b-11dd-8628-00138f67dcd9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{083a37f0-13d5-11de-86cd-00226b9cd249}\Shell\AutoRun\command - "" = F:\wdsync.exe -- File not found
O33 - MountPoints2\{53ee8b83-c800-11dc-85aa-00138f67dcd9}\Shell\AutoRun\command - "" = ie.exe
O33 - MountPoints2\{53ee8b83-c800-11dc-85aa-00138f67dcd9}\Shell\explore\Command - "" = ie.exe
O33 - MountPoints2\{53ee8b83-c800-11dc-85aa-00138f67dcd9}\Shell\open\Command - "" = ie.exe
O33 - MountPoints2\{54edaa85-64f0-11dc-863e-00138f67dcd9}\Shell\AutoOpen\command - "" = .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
O33 - MountPoints2\{54edaa85-64f0-11dc-863e-00138f67dcd9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c390f4b8-2ac7-11dc-8611-00138f67dcd9}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{c390f4b8-2ac7-11dc-8611-00138f67dcd9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe2bd716-3a81-11dc-8621-00138f67dcd9}\Shell\AutoOpen\command - "" = .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
O33 - MountPoints2\{fe2bd716-3a81-11dc-8621-00138f67dcd9}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-11-03 10:01:13 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\LC\Desktop\RootRepeal.exe
[2009-11-03 08:41:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\LC\Local Settings\Application Data\Temp
[2009-11-02 16:36:45 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009-11-02 10:14:46 | 00,000,000 | ---D | C] -- C:\arcscript
[2009-10-19 14:54:34 | 00,057,344 | ---- | C] (Nalpeiron Ltd.) -- C:\WINDOWS\System32\astsrv.exe
[2009-10-19 14:54:34 | 00,053,248 | ---- | C] ( Nalpeiron Ltd.) -- C:\WINDOWS\System32\astdll.dll
[2009-10-19 14:54:33 | 00,000,000 | ---D | C] -- C:\Program Files\CrossView
[2009-10-19 14:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\LC\My Documents\Terrain Viewer
[2009-10-19 14:51:29 | 00,000,000 | ---D | C] -- C:\Program Files\ET Surface
[2009-10-19 14:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\LC\Application Data\ET
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\LC\*.tmp files -> C:\Documents and Settings\LC\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009-11-09 09:43:04 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-11-09 09:43:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-11-03 14:22:02 | 00,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-11-03 14:21:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-11-03 12:05:23 | 17,039,360 | -H-- | M] () -- C:\Documents and Settings\LC\NTUSER.DAT
[2009-11-03 12:05:23 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\LC\ntuser.ini
[2009-11-03 10:06:30 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\LC\Desktop\settings.dat
[2009-11-03 10:03:28 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\LC\Desktop\dds.scr
[2009-11-03 10:01:13 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\LC\Desktop\RootRepeal.exe
[2009-11-03 09:33:35 | 73,868,064 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009-11-03 08:46:02 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-11-02 16:56:00 | 01,487,877 | ---- | M] () -- C:\Documents and Settings\LC\Desktop\Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools.mht
[2009-11-02 10:49:13 | 05,676,320 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009-10-30 17:26:25 | 00,990,560 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009-10-30 17:26:25 | 00,544,544 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009-10-26 08:26:28 | 00,523,694 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-10-26 08:26:28 | 00,442,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-10-26 08:26:28 | 00,071,674 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-10-23 08:01:46 | 00,000,155 | ---- | M] () -- C:\Documents and Settings\LC\default.pls
[2009-10-23 08:01:31 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-10-22 13:06:39 | 00,000,438 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009-10-16 09:59:52 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-10-16 09:56:56 | 00,000,675 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-10-16 08:32:30 | 00,108,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009-10-16 08:32:30 | 00,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\LC\*.tmp files -> C:\Documents and Settings\LC\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009-11-03 10:06:30 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\LC\Desktop\settings.dat
[2009-11-03 10:03:28 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\LC\Desktop\dds.scr
[2009-11-02 16:56:00 | 01,487,877 | ---- | C] () -- C:\Documents and Settings\LC\Desktop\Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools.mht
[2009-10-19 14:54:34 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\filechck.dll
[2009-10-19 14:54:34 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\check_internet.dll
[2009-10-19 14:54:33 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\dllnt.dll
[2009-10-16 09:56:20 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009-07-15 09:16:32 | 00,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2009-04-07 13:54:11 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009-03-04 09:17:11 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\imgpdf2.dll
[2009-03-04 09:17:07 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2009-02-16 10:22:26 | 00,000,139 | ---- | C] () -- C:\WINDOWS\ArcView9x.INI
[2009-02-16 08:57:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\omcore.INI
[2009-02-04 09:48:09 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008-12-09 09:02:57 | 00,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008-07-11 07:57:53 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007-11-16 11:10:34 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\LC\Local Settings\Application Data\PUTTY.RND
[2007-08-29 14:39:51 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007-08-28 11:53:24 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.DLL
[2007-04-11 12:29:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\import71.INI
[2007-03-28 12:32:06 | 00,000,759 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-08-28 09:33:06 | 00,000,438 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006-07-27 15:03:33 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\LC\Local Settings\Application Data\fusioncache.dat
[2006-06-29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006-06-29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-06-08 13:52:51 | 00,081,920 | ---- | C] () -- C:\Documents and Settings\LC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-05-11 10:34:33 | 00,000,060 | ---- | C] () -- C:\WINDOWS\DirectionsUI.INI
[2006-05-11 10:34:33 | 00,000,043 | ---- | C] () -- C:\WINDOWS\NetworkAnalystUI.INI
[2006-05-08 16:02:12 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll
[2006-05-08 16:02:12 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2006-04-21 13:21:42 | 00,112,752 | ---- | C] () -- C:\Documents and Settings\LC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006-04-19 15:18:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2006-04-19 10:42:05 | 02,768,896 | ---- | C] () -- C:\WINDOWS\System32\GSDLL32.dll
[2006-04-19 10:42:05 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\psparam.ini
[2006-04-18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-04-18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-04-05 15:51:36 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-02-18 15:27:09 | 00,112,752 | ---- | C] () -- C:\Documents and Settings\LC\Application Data\GDIPFONTCACHEV1.DAT
[2006-02-02 10:11:57 | 00,001,616 | ---- | C] () -- C:\WINDOWS\Copy (2) of cognos.ini
[2006-02-02 10:08:43 | 00,001,194 | ---- | C] () -- C:\WINDOWS\ppstyles.ini
[2006-02-02 10:08:38 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2006-02-02 10:08:33 | 00,001,221 | ---- | C] () -- C:\WINDOWS\Copy (1) of cognos.ini
[2006-02-02 10:05:11 | 00,001,768 | ---- | C] () -- C:\WINDOWS\cognos.ini
[2006-01-31 16:22:32 | 00,001,235 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-01-26 23:47:38 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2006-01-26 23:47:38 | 00,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2006-01-26 23:17:17 | 00,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006-01-26 23:14:01 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006-01-26 23:13:59 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006-01-26 23:11:35 | 05,888,378 | -H-- | C] () -- C:\Documents and Settings\LC\Local Settings\Application Data\IconCache.db
[2006-01-26 23:10:55 | 00,003,281 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006-01-26 23:10:54 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006-01-26 23:10:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\LC\Application Data\desktop.ini
[2006-01-26 07:00:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005-01-05 10:05:14 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\WlanInstallDll.dll
[2004-08-04 12:00:00 | 00,000,675 | ---- | C] () -- C:\WINDOWS\win.ini
[2004-08-04 12:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004-03-17 17:02:56 | 00,000,962 | ---- | C] () -- C:\WINDOWS\System32\Wlan.ini
[2003-12-05 09:41:32 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\shapelib.dll
[2003-09-26 19:42:10 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ZD12APP.dll
[2002-06-16 07:27:46 | 00,011,134 | ---- | C] () -- C:\WINDOWS\System32\mingwm10.dll
[2002-02-27 09:41:28 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002-02-27 09:41:26 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002-02-27 09:41:26 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001-10-28 16:42:30 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\prnmnt.dll
[1997-06-25 13:24:16 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll
[1996-11-21 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996-11-21 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996-11-21 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4A25FD3
< End of report >

OTL Extras logfile created on: 2009-11-09 9:45:53 - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: yyyy-MM-dd

1023.23 Mb Total Physical Memory | 741.61 Mb Available Physical Memory | 72.48% Memory free
2.41 Gb Paging File | 2.32 Gb Available in Paging File | 96.38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 70.18 Gb Free Space | 71.87% Space Free | Partition Type: NTFS
Drive D: | 461.30 Gb Total Space | 371.04 Gb Free Space | 80.43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3.76 Gb Total Space | 3.75 Gb Free Space | 99.78% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SINESE4
Current User Name: LC
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-515967899-1580818891-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE" = C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE:*:Enabled:Microsoft FrontPage -- File not found
"C:\Program Files\LeechFTP\Leechftp.exe" = C:\Program Files\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP -- (jan debis)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office10\POWERPNT.EXE" = C:\Program Files\Microsoft Office\Office10\POWERPNT.EXE:*:Enabled:Microsoft PowerPoint -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe" = C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe:*:Enabled:mRouterRuntime -- (Intuwave Ltd.)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\ArcGIS\Bin\ArcMap.exe" = C:\Program Files\ArcGIS\Bin\ArcMap.exe:*:Enabled:ArcMap -- (ESRI )
"C:\portable_app\aMSNPortable\App\aMSN\bin\wish.exe" = C:\portable_app\aMSNPortable\App\aMSN\bin\wish.exe:*:Enabled:Wish Application -- File not found
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Documents and Settings\LC\Desktop\2009-03-31\utorrent\utorrent.exe" = C:\Documents and Settings\LC\Desktop\2009-03-31\utorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\portable_app\utorrent\utorrent.exe" = C:\portable_app\utorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A64EE3-F1FE-46F3-AAE1-8CDB35B6038B}" = Surfer 8
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15
"{2D54D793-57C0-4A38-B043-50125C347043}" = Geosoft Plug-In for ArcGIS
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38920060-BFA6-48E3-81A8-9967E99C6715}" = XTools Pro 5.3
"{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}" = Nokia Connectivity Cable Driver
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop
"{5ED69AF4-C38E-11D3-B10A-00500406C16C}" = STATISTICA 6
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7505DE9C-4E85-4636-82F0-50F38077B900}" = Crystal Reports XI for ESRI
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90190816-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{902C0D79-8D7F-4956-9DCB-A223D5BF55B3}" = IEEE802.11a/b/g Wireless LAN Software
"{90300816-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110816-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{954A4300-30EB-4E29-836E-DF88470B2C24}" = TauDEM 4.0.6
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications ® Core - English
"{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE643E63-F1C6-4845-B88F-A27E5B7588D0}" = Shapefile Repair Tool
"{B3AC5354-22F7-43F7-A9FF-C4F5B0E3AACE}" = KML2SHP Converter
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C17FEEB8-0AD9-481A-B76B-B2B38201C2EF}" = ET Surface
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D9DE059E-AAEB-4FDE-887F-B30726BFF6D3}" = TypeConvert
"{F19131BB-1B2F-46D8-840B-9A619DBAF5B5}" = F19131BB-1B2F-46D8-840B-9A619DBAF5B5
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications ® Core
"{FC18114B-05A0-11D6-8140-000102E745A6}" = Sony Ericsson PC Suite 3.2.0
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"7-Zip" = 7-Zip 4.60 beta
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"ArcGIS Desktop" = ArcGIS Desktop
"ATI Display Driver" = ATI Display Driver
"CamStudio" = CamStudio
"CDisplay_is1" = CDisplay 1.8
"Cognos PowerPlay 6.0 (Standard Edition)" = Cognos PowerPlay 6.0 (Standard Edition)
"Cognos Scenario 2.1 Standard" = Cognos Scenario 2.1 Standard
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CrossView_is1" = CrossView
"EndNote" = EndNote
"EPSON PX800FW Series" = EPSON PX800FW Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"ET GeoWizards 9.7" = ET GeoWizards 9.7
"ET GeoWizards 9.8" = ET GeoWizards 9.8
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 4.2.3.183
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Impromptu 5.0 (User Edition)" = Cognos Impromptu 5.0 (User Edition)
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}" = Nokia Connectivity Cable Driver
"InstallWIX_{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Labtec Media Keyboard" = Labtec Media Keyboard V5.0
"Labtec Mouse V2.1" = Labtec Mouse V2.1
"LCCS" = LCCS
"LeechFTP" = LeechFTP LCCS

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Netscape Communicator 4.5" = Netscape Communicator 4.5
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NTXShape Converter_is1" = NTXShape 1.4a
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"Papi" = Device drivers for HP Simple Backup
"Python 2.1" = Python 2.1
"Python 2.1 combined Win32 extensions" = Python 2.1 combined Win32 extensions
"Python 2.4.1" = Python 2.4.1
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"qt7lite_is1" = QT Lite 2.7.0
"RealAlt_is1" = Real Alternative 1.9.0
"SyncBackSE_is1" = SyncBackSE
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-10-30 5:40:09 | Computer Name = SINESE4 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2009-10-30 8:16:12 | Computer Name = SINESE4 | Source = Application Hang | ID = 1002
Description = Hanging application ArcCatalog.exe, version 9.3.0.1770, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2009-10-30 8:18:58 | Computer Name = SINESE4 | Source = Application Hang | ID = 1002
Description = Hanging application ArcCatalog.exe, version 9.3.0.1770, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2009-10-30 8:21:33 | Computer Name = SINESE4 | Source = Application Hang | ID = 1002
Description = Hanging application ArcCatalog.exe, version 9.3.0.1770, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2009-10-30 8:32:29 | Computer Name = SINESE4 | Source = Application Hang | ID = 1002
Description = Hanging application ArcCatalog.exe, version 9.3.0.1770, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2009-10-30 13:22:34 | Computer Name = SINESE4 | Source = Application Error | ID = 1000
Description = Faulting application moffice.exe, version 1.0.0.1, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2009-11-02 6:51:52 | Computer Name = SINESE4 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2009-11-02 7:35:19 | Computer Name = SINESE4 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2009-11-02 7:35:19 | Computer Name = SINESE4 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2009-11-03 4:26:19 | Computer Name = SINESE4 | Source = Application Error | ID = 1000
Description = Faulting application moffice.exe, version 1.0.0.1, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 2009-11-03 5:47:08 | Computer Name = SINESE4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2009-11-03 5:48:28 | Computer Name = SINESE4 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm kl1 klif

Error - 2009-11-03 8:05:22 | Computer Name = SINESE4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2009-11-09 5:43:24 | Computer Name = SINESE4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2009-11-09 5:43:31 | Computer Name = SINESE4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2009-11-09 5:43:37 | Computer Name = SINESE4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2009-11-09 5:44:49 | Computer Name = SINESE4 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 2009-11-09 5:44:49 | Computer Name = SINESE4 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 2009-11-09 5:44:49 | Computer Name = SINESE4 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2009-11-09 5:44:49 | Computer Name = SINESE4 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec kl1 klif MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:05 AM

Posted 09 November 2009 - 06:15 AM

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofixHi,

please try to run Combofix on your system:

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 jbantunes

jbantunes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 09 November 2009 - 06:48 AM

Hi there!

Can i run ComboFix.exe in safe mode? It's the only way i can get my pc on...

Thank's once more,

Joana Antunes

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:05 AM

Posted 09 November 2009 - 06:55 AM

Hi,

if you can get into Safe Mode with network support, you can simply run the instructions I gave you earlier, there.

If you can not get online with your PC right now, please do the following:

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Posted Image


Download the file & save it as it's originally named.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image

  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 jbantunes

jbantunes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 09 November 2009 - 09:46 AM

Hello again!

Since my last post I could not turn on my pc...Not even in safe mode. When starts running Windows in safe mode it shutdown...

Can you advise me what to do?

Tanks,

Joana Antunes

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:05 AM

Posted 09 November 2009 - 11:41 AM

Hi,

I will try to help you, but I will need more info on this first: how did you boot into safe-mode, did you use msconfig? Have you tried to run Combofix yet? When you try to boot into safe mode does it turn of your PC or does it automatically reboot? When does it stop booting into safe mode, do you see any text before it stops? If so please tell me the last line you can see. What happens if you try to boot into normal mode?

regards _tmep_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 jbantunes

jbantunes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 09 November 2009 - 12:04 PM

Hi,

I'll answer by order to your questions:

-To boot into safe mode I sart pressing F8 to choose safe mode in boot menu when pc is turning on.
-No, I hadn't run Combofix;
-Either in safe or normal mode, it starts automatically rebooting without any message in the screen.

When I try to turn pc on it always start rebooting, sometimes I can get to the boot menu and Windows starts running, but other, and most of all, pc doesn´t even start booting, getting in loop reboot.

Thank you once more,

Joana Antunes

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:05 AM

Posted 09 November 2009 - 12:11 PM

Hi,

ok, please try to disable the automatic restart through your boot menue.

When you hit F8 do get into safe mode, hit F8 once more to get into the advanced boot menue and select Disable automatic restart on system failure. Let your PC reboot. The next time your PC reboots it should stop at a blue screen with an error message. Type that message down and post it in your next reply.

Do you get the option to boot into recovery console in the F8 boot menue? Do you have a XP-CD close by?

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 jbantunes

jbantunes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 10 November 2009 - 05:06 AM

Hello once more,

I tried to choose the Disable automatic restart on system failure, then the pc reboot, but it keeps in loop reboot. When I turn it on again it keeps letting me choose to Disable automatic restart on system failure, shouldn´t it change to Enable automatic restart on system failure? Seems that it is not saving my changes...

Thanks,

Joana Antunes

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:05 AM

Posted 10 November 2009 - 08:05 AM

Hi,

what was the last thing you changed before the PC wouldn't boot any more?


Do you get the option to boot into recovery console in the F8 boot menue? Do you have a XP-CD close by?

I changed my nick from _temp_ to myrti today, I hope this won't cause to much confusion.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 jbantunes

jbantunes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 10 November 2009 - 01:27 PM

Hi myrti :(

This problem began with a pen drive...My collegue insert the pen drive and the pc automatically started reboot (this was a friday about 10 day ago). Next monday (precisely 8 day ago) we were working on that pc and it started rebooting in the midle of the work, we were using Arcgis software but we only did changes on our usual files. Since then that behaviour is getting more frequent, and now sometimes it takes about 15min to turn on with so much reboot loops...
Yes, i think i get the option to boot into recovery console in the F8 boot menue, however i'm not in that pc right now, i'll check it by tomorrow morning.
Yes, i also have de Xp-cd, i forgot to answer on last post, sorry!

Thanks again,

Joana Antunes

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:05 AM

Posted 10 November 2009 - 02:02 PM

Hi,

the quickest solution might be a repair install since you have your xp cd at hand.

let me know what you decide.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 jbantunes

jbantunes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 10 November 2009 - 08:32 PM

Ok, lets do it!

In a few hours i'll be in front of that sick computer again...
Can you please advise me how to do it?

Thanks,

Joana Antunes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users