Virus that blocks webmail then stops boot

View previous topic View next topic Go down

Virus that blocks webmail then stops boot

Post by AMP on 24th March 2011, 12:58 am

So, I somehow contracted a virus on my computer that kept me from accessing any page with a webmail server, I couldn't get on gmail, yahoo, hotmail or even IRC. It also blocked gtalk and AIM. I ran Avast and Malwerbytes anti-malwere and they detected nothing (this virus also kept them from updating however). As I was in the process of running hijackthis the computer bluescreened. When I rebooted into my windows install the checkdisk screen came up and no amount of button pressing allowed me to bypass it. It the got stuck at "press any button within 1 second to cancel" After this I attempted a system restore using three different points in time. All failed.

I'm at my wits end and posting this from my ubuntu partition. I really don't know what to do at this point, I have files I need on there so reformating seems like a poor choice, although if it happens to be a rootkit then I guess I'll have no choice.

Help Please!

EDIT: I forgot some key information, the windows partition is running Windows 7 64bit, (Home edition I think).

EDIT 2: after 17 attempts at booting I finaly got it to let me on in safe mode, I ran a hijack this, here is the log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:27:05 PM, on 3/23/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [OSD] c:\Program Files\OSD\Launch.exe
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
O4 - HKLM\..\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [googletalk] C:\Users\Felipe\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~2\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~2\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: Vista Session Launcher Service (CustomSvc) - Unknown owner - C:\Program Files\OSD\Service1.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FAService - Sensible Vision - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Tenable Nessus - Tenable Network Security, Inc - C:\Program Files\Tenable\Nessus\nessus-service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11748 bytes

AMP
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-03-24
OS OS : Windos 7 64
Points Points : 21028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by Belahzur on 24th March 2011, 8:58 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by AMP on 24th March 2011, 9:11 pm

Alright, I already ran it earlier and I have the log, it was a full scan too, not just a quick scan

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

3/24/2011 12:00:16 AM
mbam-log-2011-03-24 (00-00-16).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 450310
Time elapsed: 43 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

AMP
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-03-24
OS OS : Windos 7 64
Points Points : 21028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by Belahzur on 25th March 2011, 8:21 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by AMP on 25th March 2011, 8:55 pm

[You must be registered and logged in to see this link.] wrote:Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Downloads dont seem to work, even in safe mode, I'm going to download it onto a flahsdrive from another computer and try to run it, but I'm afraid I'll infect the flash drive, is there any way to virus proof it?

EDIT: used a nonrewritable cd instead, worst comes to worst I'll throw it out when I'm done

AMP
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-03-24
OS OS : Windos 7 64
Points Points : 21028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by AMP on 25th March 2011, 9:31 pm

OTL logfile created on: 3/25/2011 5:23:41 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 210.16 Gb Total Space | 26.65 Gb Free Space | 12.68% Space Free | Partition Type: NTFS
Drive F: | 7.52 Gb Total Space | 7.22 Gb Free Space | 95.98% Space Free | Partition Type: FAT32

Computer Name: FELIPE-PC | User Name: Felipe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/25 17:08:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/03/24 03:51:18 | 001,006,778 | ---- | M] () -- C:\Users\Felipe\Desktop\rkill.exe
PRC - [2010/11/21 02:16:22 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/09/29 17:21:34 | 000,018,432 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/21 14:34:38 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2010/05/21 14:33:48 | 000,063,304 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/05/21 10:38:54 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/04/04 14:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
PRC - [2010/04/04 14:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
PRC - [2010/04/04 14:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
PRC - [2010/01/12 11:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
PRC - [2009/10/13 13:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/09/17 15:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/07/13 21:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009/07/10 12:46:08 | 000,086,016 | ---- | M] (Microsoft) -- C:\Program Files\OSD\OSD_Main.exe
PRC - [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\Users\Felipe\AppData\Local\Temp\RarSFX7\nircmd.exe
PRC - [2009/05/15 09:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/04/29 01:50:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
PRC - [2009/04/16 01:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/02/20 15:13:04 | 000,013,312 | ---- | M] () -- C:\Program Files\OSD\Service1.exe
PRC - [2009/02/19 16:45:42 | 000,020,480 | ---- | M] (Alienware Corporation) -- C:\Program Files\OSD\Launch_CC.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/03/25 17:08:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/09 18:41:52 | 000,011,264 | ---- | M] (Tenable Network Security, Inc) [On_Demand | Stopped] -- C:\Program Files\Tenable\Nessus\nessus-service.exe -- (Tenable Nessus)
SRV:64bit: - [2010/09/10 18:50:59 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/21 10:39:22 | 000,014,648 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2010/04/04 14:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService)
SRV:64bit: - [2009/09/16 05:49:02 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 04:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2009/02/20 15:13:04 | 000,013,312 | ---- | M] () [Auto | Running] -- C:\Program Files\OSD\Service1.exe -- (CustomSvc)
SRV - [2011/03/24 16:00:25 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/17 22:10:30 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_d76cf65.dll -- (Akamai)
SRV - [2010/11/21 02:16:22 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/09/29 17:21:34 | 000,018,432 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/17 15:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/15 09:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/02 14:17:52 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/07 10:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/01/13 08:59:28 | 000,164,496 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplfw64.sys -- (pctplfw)
DRV:64bit: - [2010/01/12 09:34:16 | 000,095,504 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys -- (PCTFW-PacketFilter)
DRV:64bit: - [2010/01/07 12:40:24 | 000,306,648 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2010/01/07 11:35:10 | 000,081,584 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNDIS)
DRV:64bit: - [2009/10/23 15:27:12 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/16 05:49:02 | 000,499,712 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/09/15 14:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/08/05 20:58:06 | 000,273,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009/08/05 20:57:50 | 000,041,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) Intel(R)
DRV:64bit: - [2009/08/05 20:57:50 | 000,041,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma) Intel(R)
DRV:64bit: - [2009/08/05 20:57:50 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/08/05 20:57:48 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE) Driver for Intel(R)
DRV:64bit: - [2009/08/05 20:57:48 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE) Driver for Intel(R)
DRV:64bit: - [2009/08/05 20:57:38 | 000,154,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)
DRV:64bit: - [2009/07/24 18:53:58 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/09 18:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2008/10/03 17:39:00 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/24 23:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2008/07/25 17:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files\OSD\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV:64bit: - [2008/03/03 20:19:04 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/27 21:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/01/29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009/04/16 01:28:08 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/24 17:13:32] [Kernel | Auto | Running] -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.1
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}:1.6.0
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {49eba0b5-0393-4e13-8cc4-06298a281c5d}:0.4.3.9
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.22.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.4.4
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.4.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.2.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: {bbeee172-6a96-6f83-cf0c-a3bf46b77f94}:1.0.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.9
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.9
FF - prefs.js..network.proxy.http: "0"
FF - prefs.js..network.proxy.no_proxies_on: "0"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/23 22:48:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/23 22:48:30 | 000,000,000 | ---D | M]

[2010/06/05 13:39:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Extensions
[2011/03/23 22:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions
[2010/10/27 14:48:19 | 000,000,000 | ---D | M] ("Malware Search") -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2011/03/23 22:41:40 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/12/02 21:33:53 | 000,000,000 | ---D | M] (HostIP.info Geolocation Plugin) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\{49eba0b5-0393-4e13-8cc4-06298a281c5d}
[2011/03/23 22:48:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/10 00:54:27 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/11/15 22:34:05 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2011/03/08 18:03:31 | 000,000,000 | ---D | M] (OneManga Manager) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\{bbeee172-6a96-6f83-cf0c-a3bf46b77f94}
[2011/01/03 09:16:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/11 12:50:54 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/03/23 22:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/12 00:11:21 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/01/26 14:05:07 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/15 23:07:37 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
[2011/03/17 15:37:52 | 000,000,000 | ---D | M] (HackBar) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}
[2010/12/02 21:47:26 | 000,000,000 | ---D | M] (Access Me) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\accessme@security.compass
[2011/03/08 14:09:48 | 000,000,000 | ---D | M] (LavaFox V1-Blue) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\djziggy@gmail.com
[2011/03/23 22:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\firebug@software.joehewitt.com
[2010/10/29 18:08:11 | 000,000,000 | ---D | M] (Firesheep) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\firesheep@codebutler.com
[2011/01/21 15:26:00 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\foxyproxy@eric.h.jung
[2010/12/02 21:33:53 | 000,000,000 | ---D | M] ("ClearForest Gnosis") -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\gnosis@clearforest.com
[2011/03/08 14:09:48 | 000,000,000 | ---D | M] (LavaFox V1) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\info@djzig.com
[2010/12/02 21:55:59 | 000,000,000 | ---D | M] (refspoof) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\refspoof@mozdev.org
[2011/01/16 14:12:32 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\SkipScreen@SkipScreen
[2010/12/02 21:47:26 | 000,000,000 | ---D | M] (SQL Inject Me) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\sqlime@security.compass
[2011/02/23 08:08:14 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\tineye@ideeinc.com
[2010/12/02 21:47:26 | 000,000,000 | ---D | M] (XSS Me) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\xssme@security.compass
[2011/03/23 13:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011/02/26 03:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/26 03:16:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/11/19 03:12:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/13 17:19:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/22 16:42:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/11/16 20:52:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch_CC App] c:\Program Files\OSD\Launch_CC.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [OSD] c:\Program Files\OSD\Launch.exe (AlienWare)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [googletalk] C:\Users\Felipe\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/10 18:08:44 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/25 17:22:16 | 000,000,000 | R--D | C] -- C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/03/22 12:37:02 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/03/19 17:03:29 | 000,000,000 | ---D | C] -- C:\Users\Felipe\Documents\AIMLogger
[2011/03/19 01:33:30 | 000,000,000 | ---D | C] -- C:\Users\Felipe\Umineko4
[2011/03/19 01:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\07th_Expansion
[2011/03/19 01:26:48 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\DAEMON Tools Lite
[2011/03/19 01:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/03/13 15:21:49 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2011/03/13 15:21:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6
[2011/03/12 19:30:19 | 000,000,000 | ---D | C] -- C:\Users\Felipe\.thumbnails
[2011/03/12 19:29:01 | 000,000,000 | ---D | C] -- C:\Users\Felipe\Documents\gegl-0.0
[2011/03/12 19:29:01 | 000,000,000 | ---D | C] -- C:\Users\Felipe\.gimp-2.6
[2011/03/12 19:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011/03/12 19:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2011/03/10 23:07:42 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2011/03/08 14:15:29 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/03/08 14:15:29 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/03/08 14:15:29 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/03/08 14:15:29 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/03/08 14:15:28 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/03/08 14:15:27 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/03/08 14:15:27 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/03/08 14:15:27 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/03/08 14:15:27 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/03/08 14:15:27 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/08 14:15:26 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/03/08 14:15:26 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/03/08 14:15:25 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/03/08 14:15:25 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/08 14:15:25 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/03/08 14:15:25 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/02/26 03:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/02/26 03:16:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/02/26 02:17:15 | 000,000,000 | ---D | C] -- C:\Users\Felipe\Documents\G-Senjou no Maou English Savedata
[2011/02/26 02:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AKABEiSOFT2
[2011/02/26 02:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AKABEiSOFT2
[2011/02/26 02:15:27 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\savedata
[2011/02/26 02:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSen Jap
[2011/02/26 02:14:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gsen
[2011/02/26 01:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/02/26 01:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011/02/25 15:20:04 | 000,000,000 | ---D | C] -- C:\Users\Felipe\Documents\GURPS Character Assistant 4
[2011/02/25 15:19:52 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\Steve Jackson Games
[2011/02/25 15:17:29 | 000,874,248 | ---- | C] (Xceed Software Inc (450) 442-2626 [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] -- C:\Windows\SysWow64\SmartUI2.ocx
[2011/02/25 15:17:29 | 000,416,528 | ---- | C] (Microsoft Corporation ) -- C:\Windows\SysWow64\COMCT332.OCX
[2011/02/25 15:17:29 | 000,053,248 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
[1996/11/18 22:15:46 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\implode.dll
[1 C:\Users\Felipe\Desktop\*.tmp files -> C:\Users\Felipe\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/25 17:22:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/25 17:22:03 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2011/03/25 17:21:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/25 17:21:41 | 3212,181,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/24 16:09:18 | 000,771,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/24 16:09:18 | 000,655,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/24 16:09:18 | 000,118,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/24 16:03:59 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/24 16:03:59 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/24 15:59:29 | 462,594,156 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/24 14:32:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/24 03:51:18 | 001,006,778 | ---- | M] () -- C:\Users\Felipe\Desktop\rkill.exe
[2011/03/23 22:13:31 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/03/23 14:45:16 | 000,002,776 | ---- | M] () -- C:\Users\Felipe\.recently-used.xbel
[2011/03/22 12:38:38 | 000,006,640 | ---- | M] () -- C:\bootsqm.dat
[2011/03/10 23:06:57 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2011/03/09 00:12:16 | 000,000,109 | ---- | M] () -- C:\Users\Felipe\webct_upload_applet.properties
[2011/03/06 14:38:20 | 000,001,234 | ---- | M] () -- C:\Users\Felipe\Desktop\World of Warcraft.lnk
[2011/02/26 13:59:59 | 000,494,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Felipe\Desktop\*.tmp files -> C:\Users\Felipe\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/24 03:51:02 | 001,006,778 | ---- | C] () -- C:\Users\Felipe\Desktop\rkill.exe
[2011/03/23 22:13:31 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/03/23 14:45:16 | 000,002,776 | ---- | C] () -- C:\Users\Felipe\.recently-used.xbel
[2011/03/22 12:38:38 | 000,006,640 | ---- | C] () -- C:\bootsqm.dat
[2011/01/28 00:56:41 | 000,765,830 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/21 02:03:42 | 000,189,480 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/11/21 02:03:27 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/11/21 02:03:26 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/05 15:17:33 | 000,000,210 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/21 14:38:00 | 000,097,584 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2010/04/04 14:45:06 | 000,089,416 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/04/04 14:42:44 | 000,247,624 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/24 19:31:45 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1998/05/31 00:00:00 | 000,748,160 | ---- | C] () -- C:\Windows\SysWow64\CO2C40EN.DLL
[1996/11/18 22:15:52 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\p2sodbc.dll
[1996/11/18 22:15:50 | 000,054,272 | ---- | C] () -- C:\Windows\SysWow64\p2irdao.dll
[1996/11/18 22:15:50 | 000,050,176 | ---- | C] () -- C:\Windows\SysWow64\p2ctdao.dll
[1996/11/18 22:15:50 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\p2bbnd.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:C31F31E6
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >

AMP
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-03-24
OS OS : Windos 7 64
Points Points : 21028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by AMP on 25th March 2011, 9:31 pm

TL Extras logfile created on: 3/25/2011 5:23:41 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 210.16 Gb Total Space | 26.65 Gb Free Space | 12.68% Space Free | Partition Type: NTFS
Drive F: | 7.52 Gb Total Space | 7.22 Gb Free Space | 95.98% Space Free | Partition Type: FAT32

Computer Name: FELIPE-PC | User Name: Felipe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-9001-0409-0102-0060B0CE6BBA}" = AutoCAD 2011 - English
"{5783F2D7-9001-0409-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
"{7924F1F6-D445-4C97-8136-99069421F467}" = ProductView Express 9.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9E73823F-FFDA-4E2E-B74C-7D4487788A61}" = Pro/ENGINEER Thumbnail Viewer 1.0
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{E000DF04-E0D6-426D-A372-35A164713EE2}" = Nessus64
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EEEFE7A9-293E-4F5F-A114-81731A9C3826}" = Intel(R) Network Connections 14.2.100.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AutoCAD 2011 - English" = AutoCAD 2011 - English
"HyperCam 2 (64 bit)" = HyperCam 2 (64 bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Pro/ENGINEER Schools Edition Release Wildfire 5.0 Datecode M040" = Pro/ENGINEER Schools Edition Release Wildfire 5.0 Datecode M040
"PROSetDX" = Intel(R) Network Connections 14.2.100.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 23
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}" = Python 2.5.4
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{349a3c5e-1362-4d63-a032-c98afb3207b0}" = Nero 9 Essentials
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F488AC-11FE-4105-8AF5-A6D0B6E2C33A}" = League of Legends
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65690500-C4AF-4A61-BB9F-FF2F6A42167F}" = Dungeon Master's Battle Screen
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6C15DC29-040C-433F-B1AE-783D37E9C08B}" = Python 2.6 pygame-1.9.1
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6D15B89B-EFAD-40D8-A9BB-205094F21698}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype 5.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"f̖_is1" = f̖ ver.1.00
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"airpcapinst" = AirPcap software 4.1.1
"Akamai" = Akamai NetSession Interface
"avast5" = avast! Free Antivirus
"Cain & Abel v4.9.36" = Cain & Abel v4.9.36
"CamStudio" = CamStudio
"D&D 3.5 DM Tools" = D&D 3.5 DM Tools v0.42.9
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"EVE" = EVE Online (remove only)
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"G-Senjou_no_Maou_Aegis" = G-Senjou no Maou English
"GURPS Character Assistant 4" = GURPS Character Assistant 4
"Impulse" = Impulse
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Nmap" = Nmap 5.21
"OpenTTD" = OpenTTD 1.0.1
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"Pidgin" = Pidgin
"Privateer" = Privateer
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter (remove only)
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST6UNST #1" = Prism Dice
"ST6UNST #2" = Aurora
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"Steam App 13140" = America's Army 3
"Steam App 22380" = Fallout: New Vegas
"Steam App 400" = Portal
"Steam App 40100" = Supreme Commander 2
"Steam App 630" = Alien Swarm
"Teleport Pro" = Teleport Pro
"The Ur-Quan Masters" = The Ur-Quan Masters 0.6.2
"UltraISO_is1" = UltraISO Premium V9.36
"uTorrent" = Torrent
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.4.1
"World of Warcraft" = World of Warcraft
"wxPython2.8-unicode-py25_is1" = wxPython 2.8.10.1 (unicode) for Python 2.5
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"090215de958f1060" = Curse Client
"bcf809bf3fb49806" = Monster Maker
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

AMP
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-03-24
OS OS : Windos 7 64
Points Points : 21028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by Belahzur on 26th March 2011, 9:12 pm

Hello.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by AMP on 27th March 2011, 2:47 am

Just one thing, I was unable to complete step 2 as when I clicked combofix it just started running the scan giving me no chance to imput that in anywhere

ComboFix 11-03-26.01 - Felipe 03/26/2011 22:31:18.1.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4085.2786 [GMT -4:00]
Running from: c:\users\Felipe\Desktop\commy.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\temp.001
.
.
((((((((((((((((((((((((( Files Created from 2011-02-27 to 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-27 02:36 . 2011-03-27 02:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-25 21:26 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0019B15C-93ED-4D07-8235-ACE3F156CD91}\mpengine.dll
2011-03-24 01:24 . 2011-03-24 01:24 -------- d-----w- c:\users\Guest
2011-03-22 16:37 . 2011-03-22 16:37 -------- d-----w- C:\found.000
2011-03-19 05:33 . 2011-03-24 02:48 -------- d-----w- c:\users\Felipe\Umineko4
2011-03-19 05:30 . 2011-03-19 05:30 -------- d-----w- c:\program files\07th_Expansion
2011-03-19 05:26 . 2011-03-19 05:32 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-03-19 05:26 . 2011-03-19 05:30 -------- d-----w- c:\users\Felipe\AppData\Roaming\DAEMON Tools Lite
2011-03-13 19:21 . 2011-03-13 19:21 40960 ----a-r- c:\users\Felipe\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-03-13 19:21 . 2011-03-13 19:21 40960 ----a-r- c:\users\Felipe\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-03-13 19:21 . 2011-03-13 19:21 -------- d-----w- c:\program files (x86)\Project64 1.6
2011-03-12 23:30 . 2011-03-12 23:30 -------- d-----w- c:\users\Felipe\.thumbnails
2011-03-12 23:29 . 2011-03-23 18:45 -------- d-----w- c:\users\Felipe\.gimp-2.6
2011-03-12 23:28 . 2011-03-12 23:28 -------- d-----w- c:\program files (x86)\GIMP-2.0
2011-03-11 03:07 . 2011-03-11 03:06 720896 ----a-w- c:\windows\iun6002.exe
2011-02-26 07:16 . 2011-02-26 07:16 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-02-26 06:16 . 2011-02-26 06:16 -------- d-----w- c:\program files (x86)\AKABEiSOFT2
2011-02-26 06:15 . 2011-02-26 06:15 -------- d-----w- c:\users\Felipe\AppData\Roaming\savedata
2011-02-26 06:14 . 2011-02-26 06:14 -------- d-----w- c:\program files (x86)\gsen
2011-02-26 05:55 . 2011-02-26 05:55 -------- d-----w- c:\program files (x86)\7-Zip
2011-02-25 19:19 . 2011-02-25 19:19 -------- d-----w- c:\users\Felipe\AppData\Roaming\Steve Jackson Games
2011-02-25 19:17 . 2005-04-27 18:28 874248 ----a-w- c:\windows\SysWow64\SmartUI2.ocx
2011-02-25 19:17 . 2004-04-26 01:39 53248 ----a-w- c:\windows\SysWow64\SSubTmr6.dll
2011-02-25 19:17 . 2004-03-09 06:00 416528 ----a-w- c:\windows\SysWow64\COMCT332.OCX
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-27 02:39 . 2010-12-03 01:01 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2011-02-09 14:34 . 2011-02-09 14:34 181608 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin
2011-02-02 22:11 . 2010-08-05 23:06 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-08 21:12 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-08 21:12 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-08 21:12 144384 ----a-w- c:\windows\system32\cdd.dll
2011-01-07 08:07 . 2011-02-23 12:12 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 08:07 . 2011-02-23 12:12 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 08:06 . 2011-02-08 21:12 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:31 . 2011-02-23 12:12 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 12:12 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-08 21:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-08 21:12 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-08 21:12 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-08 21:12 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-08 21:12 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-08 21:12 3127808 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-17 1242448]
"googletalk"="c:\users\Felipe\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"OSD"="c:\program files\OSD\Launch.exe" [2009-05-12 36864]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-04-29 75048]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-10 117248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R1 aswSP;aswSP; [x]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/01/24 17:13];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-16 05:28 146928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-03 89600]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2010-09-29 18432]
R2 CustomSvc;Vista Session Launcher Service;c:\program files\OSD\Service1.exe [2009-02-20 13312]
R2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 136176]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-10 1436424]
R3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys [x]
R3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys [x]
R3 ioatdma;Intel(R) QuickData Technology device;c:\windows\System32\Drivers\qd260x64.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [x]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [x]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [x]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [x]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\OSD\WinRing0x64.sys [2008-07-25 14544]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 pctNDIS;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 02:16]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 02:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\commy\CF23665.cfxxe" [X]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-16 487424]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16335392]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-07-28 94240]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-24 171520]
"Launch_CC App"="c:\program files\osd\launch_cc.exe" [2009-02-19 20480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\commy\CF23665.cfxxe" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = ;*.local
IE: &NeoTrace It! - c:\progra~2\NEOTRA~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p3tmotoh.default\
FF - prefs.js: network.proxy.http - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
Wow6432Node-HKLM-RunOnce- - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-(Default) - (no file)
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-26 22:44:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-27 02:44
.
Pre-Run: 28,521,275,392 bytes free
Post-Run: 28,381,650,944 bytes free
.
- - End Of File - - 94DF3CD22B3EB42F5FC235130EC0A745

AMP
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-03-24
OS OS : Windos 7 64
Points Points : 21028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by Belahzur on 28th March 2011, 2:54 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by AMP on 29th March 2011, 10:06 am

It found nothing T.T

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=a49a315d3e2eaf42aef3278f5269f401
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-29 10:03:09
# local_time=2011-03-29 06:03:09 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 11442490 11442490 0 0
# compatibility_mode=770 16774142 100 100 13061994 77177068 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 214012 52932246 0 0
# compatibility_mode=8192 67108863 100 0 11362824 11362824 0 0
# scanned=289821
# found=0
# cleaned=0
# scan_time=4193

AMP
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-03-24
OS OS : Windos 7 64
Points Points : 21028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by Belahzur on 29th March 2011, 6:37 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Torrent
    Adobe Reader 9.4.2

  • Click on the Uninstall/Change button at the top.

Your Java needs updating!

  • Please go to Start > Control Panel, click on Java.
  • When the Java control panel opens, go into the Update tab.
  • At the bottom of that window, press the "Update Now" button and it will attempt to download the latest Java update.
  • Next, the Updater window opens, hit the Install button. It will now attempt to download the update.
  • Untick the box for installing the Yahoo Toolbar when asked.


Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by AMP on 29th March 2011, 7:01 pm

[You must be registered and logged in to see this link.] wrote:Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Torrent
    Adobe Reader 9.4.2

  • Click on the Uninstall/Change button at the top.

Your Java needs updating!

  • Please go to Start > Control Panel, click on Java.
  • When the Java control panel opens, go into the Update tab.
  • At the bottom of that window, press the "Update Now" button and it will attempt to download the latest Java update.
  • Next, the Updater window opens, hit the Install button. It will now attempt to download the update.
  • Untick the box for installing the Yahoo Toolbar when asked.


Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?

I am not running limewire, I assume you mean utorrent, I am content to remove it, I only used it once to download the backtrack program for my flash drive. However I cannot do anything else of what you instruct because the computer insists on not allowing me to open any browser other than IE in private browsing mode, it also crashes every 5-10 minutes. I suspect we might have missed something.

AMP
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-03-24
OS OS : Windos 7 64
Points Points : 21028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by AMP on 1st April 2011, 5:59 pm

BUMP! ^_^

AMP
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-03-24
OS OS : Windos 7 64
Points Points : 21028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by Belahzur on 1st April 2011, 8:17 pm

Yes, sorry, meant uTorrent. Does the crashing happen with every browser or just some?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by AMP on 2nd April 2011, 12:31 am

Well the only browser that I can get open at all is Internet explorer. But independent of if I have a browser open or even if I am connected to the Internet the computer crashes every 5-10 minutes. Its also developed a strange flicker where the monitor seems to be turning on and off every few seconds, which makes it rather difficult to use at all. I know it has to be software based because my ubuntu installation is working great, no issues at all.

Sorry to keep bothering you like this

AMP
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-03-24
OS OS : Windos 7 64
Points Points : 21028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by AMP on 5th April 2011, 12:10 am

Bump ^_^

AMP
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-03-24
OS OS : Windos 7 64
Points Points : 21028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by AMP on 8th April 2011, 12:48 am

Bump ^_^

AMP
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-03-24
OS OS : Windos 7 64
Points Points : 21028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus that blocks webmail then stops boot

Post by Belahzur on 8th April 2011, 1:33 am

It may be a good idea to start a topic in the OS forum, not too sure of your problem here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum