TechSpot

System Check virus help needed

By trucksales
Jan 9, 2012
  1. Hello,
    I'm needing help. I have got the system check virus. Once I turn my system on it goes to a black screen. It will not let me even go to Safe Mode. Any suggestions?

    Thanks Chad
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  3. trucksales

    trucksales TS Rookie Topic Starter

    Problem

    Ok here is my problem. My computer doesn't have a CD drive nor can I get online. My system is completely down. It starts to boot and stops in the middle of it. I have gone on line from my office computer and in the process of downloading the OTLPNet to a USB Flash drive. Hopefully we can work with this.

    Thanks Chad
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

  5. trucksales

    trucksales TS Rookie Topic Starter

    OTL File

    OTL logfile created on: 1/9/2012 4:52:48 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    (Version = .) - Type =
    Internet Explorer (Version = )
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.00 Mb Total Physical Memory | 305.00 Mb Available Physical Memory | 61.00% Memory free
    454.00 Mb Paging File | 328.00 Mb Available in Paging File | 72.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 142.05 Gb Total Space | 99.36 Gb Free Space | 69.95% Space Free | Partition Type: NTFS
    Drive X: | 3.77 Gb Total Space | 2.34 Gb Free Space | 62.11% Space Free | Partition Type: FAT

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet004

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto] -- -- (TuneUp.UtilitiesSvc)
    SRV - File not found [Auto] -- -- (HidServ)
    SRV - File not found [On_Demand] -- -- (AppMgmt)
    SRV - [2010/10/27 19:21:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2010/07/18 11:50:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/25 22:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/02/05 10:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | System] -- -- (xuszjihl)
    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)
    DRV - File not found [Kernel | On_Demand] -- -- (TuneUpUtilitiesDrv)
    DRV - File not found [Kernel | System] -- -- (SASKUTIL)
    DRV - File not found [Kernel | On_Demand] -- -- (Rts516xIR)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand] -- -- (NPF)
    DRV - File not found [Kernel | System] -- -- (MpKslc9e848df)
    DRV - File not found [Kernel | System] -- -- (MpKsl84553c1f)
    DRV - File not found [Kernel | System] -- -- (MpKsl53c1ce70)
    DRV - File not found [Kernel | System] -- -- (MpKsl22c8c8c2)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand] -- -- (int15.sys)
    DRV - File not found [Kernel | On_Demand] -- -- (cpuz132)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - [2012/01/06 01:41:46 | 000,028,752 | -H-- | M] (Microsoft Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4636AC13-2939-4A29-BC07-61924591E111}\MpKsl51c7c1a4.sys -- (MpKsl51c7c1a4)
    DRV - [2010/02/17 19:25:50 | 000,012,872 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Documents and Settings\Chad\Local Settings\Temp\HBCD\SuperAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2009/07/23 14:07:40 | 000,006,528 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jumi.sys -- (jumi)
    DRV - [2009/06/15 16:21:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
    DRV - [2009/06/03 11:01:28 | 000,341,504 | ---- | M] (Novatel Wireless, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NWVNdis.sys -- (NWVNDIS)
    DRV - [2009/06/03 11:01:28 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
    DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
    DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV - [2009/03/02 00:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
    DRV - [2009/02/25 22:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
    DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2009/02/24 03:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/02/03 01:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/01/02 20:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
    DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2006/11/02 08:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
    DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2005/04/21 16:10:30 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)
    DRV - [2005/01/13 11:06:48 | 000,035,107 | ---- | M] (Winternals) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VDiskBus.sys -- (vdiskbus)
    DRV - [2002/12/16 19:11:02 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
    DRV - [2002/12/16 19:11:02 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 01:06:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 01:05:53 | 000,000,000 | ---D | M]

    [2011/12/30 22:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/11/06 09:46:58 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
    [2009/10/07 16:59:43 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Program Files\Mozilla Firefox\extensions\plugin@yontoo.com

    O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - ftp Prefix: missing
    O13 - gopher Prefix: missing
    O13 - home Prefix: missing
    O13 - mosaic Prefix: missing
    O13 - www Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - ( ) - (Registry key not found)
    O20 - HKLM Winlogon: UserInit - ( ) - (Registry key not found)
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/12 00:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 01:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O36 - AppCertDlls: mounsol - (C:\WINDOWS\system32\locarate.dll) - C:\WINDOWS\system32\locarate.dll ()
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/09 15:58:44 | 000,000,000 | ---D | C] -- \[BOOT]
    [2012/01/09 15:58:42 | 000,000,000 | ---D | C] -- \SFX
    [2012/01/09 15:57:52 | 000,000,000 | ---D | C] -- \PROGRAMS
    [2012/01/09 15:52:51 | 000,000,000 | ---D | C] -- \OTLPEStd
    [2012/01/09 15:50:33 | 000,000,000 | ---D | C] -- \minint
    [2012/01/05 17:08:40 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RNDISMPK.sys
    [2012/01/05 17:08:40 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usb8023k.sys
    [2012/01/05 17:08:39 | 000,013,335 | ---- | C] (Microsystems Corp) -- C:\Windows\System32\usbcm.sys
    [2012/01/05 17:08:39 | 000,013,335 | ---- | C] (Microsystems Corp) -- C:\Windows\System32\drivers\usbcm.sys
    [2012/01/05 17:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ubee
    [2011/12/30 21:36:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smierrsm.dll
    [2011/12/30 21:36:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smimsgif.dll
    [2011/12/30 21:36:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smierrsy.dll
    [2011/12/30 21:36:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpstup.dll
    [2011/12/30 21:35:59 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smi2smir.exe
    [2011/12/30 21:35:58 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpincl.dll
    [2011/12/30 21:35:58 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpsmir.dll
    [2011/12/30 21:35:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpthrd.dll
    [2011/12/30 21:35:57 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpcl.dll
    [2011/12/30 21:35:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evntwin.exe
    [2011/12/30 21:35:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\evntwin.exe
    [2011/12/30 21:35:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmp.exe
    [2011/12/30 21:35:56 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmptrap.exe
    [2011/12/30 21:35:55 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evntcmd.exe
    [2011/12/30 21:35:55 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\evntcmd.exe
    [2011/12/30 21:35:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evntagnt.dll
    [2011/12/30 21:35:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\evntagnt.dll
    [2011/12/30 21:35:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hostmib.dll
    [2011/12/30 21:35:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\hostmib.dll
    [2011/12/30 21:35:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\snmpmib.dll
    [2011/12/30 21:35:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpmib.dll
    [2011/12/30 21:35:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lmmib2.dll
    [2011/12/30 21:35:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\lmmib2.dll
    [2009/03/11 07:53:14 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
    [5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/09 13:45:53 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2012/01/09 11:58:39 | 000,002,048 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/06 01:46:48 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\MP Scheduled Scan.job
    [2012/01/06 01:46:40 | 000,495,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/01/06 01:46:40 | 000,085,588 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/01/06 01:41:43 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\xhxygufv.job
    [2011/12/30 13:23:01 | 000,001,158 | ---- | M] () -- C:\Windows\System32\wpa.dbl
    [2011/12/22 13:47:57 | 000,001,393 | ---- | M] () -- C:\Windows\imsins.BAK
    [2011/12/19 10:05:02 | 000,251,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\Windows\System32\fehuwifa
    [2012/01/09 15:58:44 | 000,000,000 | ---- | C] () -- \WIN51IP.SP2
    [2012/01/09 15:58:44 | 000,000,000 | ---- | C] () -- \WIN51IP
    [2012/01/09 15:58:42 | 000,240,128 | ---- | C] () -- \reatogoMenu.exe
    [2012/01/09 15:58:42 | 000,001,052 | ---- | C] () -- \reatogoMenu.ini
    [2012/01/09 15:57:26 | 297,922,560 | ---- | C] () -- \OTLPE_New_Std.iso
    [2012/01/09 15:57:10 | 098,077,435 | ---- | C] () -- \OTLPEStd.exe
    [2012/01/09 15:50:33 | 000,260,272 | ---- | C] () -- \ntldr
    [2012/01/09 15:50:33 | 000,047,564 | ---- | C] () -- \ntdetect.com
    [2012/01/09 15:50:33 | 000,000,167 | ---- | C] () -- \winbom.ini
    [2012/01/09 15:50:33 | 000,000,053 | ---- | C] () -- \AUTORUN.INF
    [2012/01/05 17:08:40 | 000,012,063 | ---- | C] () -- C:\Windows\System32\netusbcm.inf
    [2012/01/05 17:08:39 | 000,011,044 | ---- | C] () -- C:\Windows\System32\usbcm.cat
    [2012/01/05 17:08:39 | 000,003,626 | ---- | C] () -- C:\Windows\System32\usbcm.inf
    [2011/12/30 21:36:02 | 000,049,275 | ---- | C] () -- C:\Windows\System32\wfospf.mib
    [2011/12/30 21:36:02 | 000,026,236 | ---- | C] () -- C:\Windows\System32\wins.mib
    [2011/12/30 21:36:02 | 000,004,332 | ---- | C] () -- C:\Windows\System32\smi.mib
    [2011/12/30 21:36:01 | 000,038,608 | ---- | C] () -- C:\Windows\System32\nipx.mib
    [2011/12/30 21:36:01 | 000,034,317 | ---- | C] () -- C:\Windows\System32\msiprip2.mib
    [2011/12/30 21:36:01 | 000,021,386 | ---- | C] () -- C:\Windows\System32\mipx.mib
    [2011/12/30 21:36:01 | 000,013,767 | ---- | C] () -- C:\Windows\System32\msipbtp.mib
    [2011/12/30 21:36:01 | 000,010,313 | ---- | C] () -- C:\Windows\System32\mripsap.mib
    [2011/12/30 21:36:01 | 000,000,581 | ---- | C] () -- C:\Windows\System32\msft.mib
    [2011/12/30 21:36:00 | 000,107,882 | ---- | C] () -- C:\Windows\System32\mib_ii.mib
    [2011/12/30 21:36:00 | 000,048,593 | ---- | C] () -- C:\Windows\System32\hostmib.mib
    [2011/12/30 21:36:00 | 000,030,448 | ---- | C] () -- C:\Windows\System32\mcastmib.mib
    [2011/12/30 21:36:00 | 000,026,100 | ---- | C] () -- C:\Windows\System32\lmmib2.mib
    [2011/12/30 21:36:00 | 000,015,799 | ---- | C] () -- C:\Windows\System32\ipforwd.mib
    [2011/12/30 21:35:59 | 000,016,617 | ---- | C] () -- C:\Windows\System32\authserv.mib
    [2011/12/30 21:35:59 | 000,015,597 | ---- | C] () -- C:\Windows\System32\accserv.mib
    [2011/12/30 21:35:59 | 000,004,597 | ---- | C] () -- C:\Windows\System32\dhcp.mib
    [2011/10/06 15:39:19 | 000,042,376 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
    [2010/12/23 18:53:58 | 000,055,732 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2010/12/10 01:06:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/11/07 00:36:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\locarate.dll
    [2010/06/27 21:14:19 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/03/23 21:58:16 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
    [2010/02/20 04:24:36 | 000,002,855 | ---- | C] () -- C:\Program Files\wpp.PIF
    [2010/02/20 03:41:43 | 000,000,008 | ---- | C] () -- C:\Program Files\wpp.exe
    [2010/02/19 19:58:04 | 000,001,324 | ---- | C] () -- C:\Windows\System32\d3d9caps.dat
    [2009/09/17 19:45:37 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2009/09/17 19:45:36 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2009/09/17 19:45:36 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2009/09/17 19:45:36 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2009/09/17 19:45:36 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2009/09/17 19:45:36 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2009/09/17 19:45:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2009/09/17 19:45:36 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2009/09/17 19:45:36 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2009/09/17 19:45:36 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2009/09/17 19:45:36 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2009/09/17 19:45:36 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2009/09/17 19:45:36 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2009/09/17 19:45:35 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2009/09/17 19:45:35 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2009/09/17 19:45:35 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
    [2009/05/08 01:11:12 | 000,233,472 | ---- | C] () -- C:\Windows\System32\M3000DIF.dll
    [2009/05/08 01:11:12 | 000,145,408 | ---- | C] () -- C:\Windows\System32\drivers\M3000KNT.sys
    [2009/05/08 01:11:12 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
    [2009/05/08 01:11:09 | 000,040,960 | ---- | C] () -- C:\Windows\AutosetFrequency.exe
    [2009/05/08 01:11:09 | 000,000,639 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
    [2009/03/12 01:47:07 | 000,000,061 | ---- | C] () -- C:\Windows\smscfg.ini
    [2009/03/12 00:56:32 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
    [2009/03/12 00:56:32 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
    [2009/03/12 00:56:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
    [2009/03/12 00:56:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
    [2009/03/12 00:56:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2009/03/12 00:56:32 | 000,000,164 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
    [2009/03/12 00:56:32 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
    [2009/03/12 00:55:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4926.dll
    [2009/03/12 00:10:15 | 000,032,768 | ---- | C] () -- C:\Windows\AMove.exe
    [2009/03/12 00:10:15 | 000,006,782 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
    [2009/03/12 00:09:26 | 000,002,048 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/03/12 00:06:10 | 000,021,640 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
    [2009/03/12 00:05:25 | 000,001,793 | ---- | C] () -- C:\Windows\System32\fxsperf.ini
    [2009/03/11 16:03:29 | 000,004,161 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2009/03/11 16:02:48 | 000,251,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/03/11 07:56:14 | 000,312,344 | ---- | C] () -- C:\Windows\System32\drivers\iaStor.sys
    [2009/03/11 07:53:14 | 000,020,480 | ---- | C] () -- C:\Windows\LauncheRyDiscCalc.exe
    [2009/03/11 07:53:06 | 000,004,569 | ---- | C] () -- C:\Windows\System32\secupd.dat
    [2009/03/11 07:53:05 | 000,495,880 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/03/11 07:53:05 | 000,272,128 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/03/11 07:53:05 | 000,085,588 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/03/11 07:53:05 | 000,028,626 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/03/11 07:53:04 | 013,107,200 | ---- | C] () -- C:\Windows\System32\oembios.bin
    [2009/03/11 07:53:04 | 000,004,524 | ---- | C] () -- C:\Windows\System32\oembios.dat
    [2009/03/11 07:53:04 | 000,000,741 | ---- | C] () -- C:\Windows\System32\noise.dat
    [2009/03/11 07:53:02 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/03/11 07:53:02 | 000,046,258 | ---- | C] () -- C:\Windows\System32\mib.bin
    [2009/03/11 07:52:59 | 000,218,003 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/03/11 07:52:57 | 000,001,804 | ---- | C] () -- C:\Windows\System32\Dcache.bin

    ========== LOP Check ==========

    [2009/07/26 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2012/01/09 15:50:34 | 000,000,000 | ---D | M] -- \minint
    [2012/01/09 15:52:52 | 000,000,000 | ---D | M] -- \OTLPEStd
    [2012/01/09 15:57:54 | 000,000,000 | ---D | M] -- \PROGRAMS
    [2012/01/09 15:58:44 | 000,000,000 | ---D | M] -- \SFX
    [2012/01/09 15:58:46 | 000,000,000 | ---D | M] -- \[BOOT]
    [2012/01/06 01:46:48 | 000,000,408 | -H-- | M] () -- C:\Windows\Tasks\MP Scheduled Scan.job
    [2012/01/06 01:41:43 | 000,000,296 | ---- | M] () -- C:\Windows\Tasks\xhxygufv.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Windows\System32\rundll32.exe.exe:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Windows\System32\RUNDLL32.EX_:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Windows\System32\locarate.dll:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Windows\System32\Copy of rundll32.exe.exe:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Program Files\wpp.exe:SummaryInformation
    @Alternate Data Stream - 768 bytes -> C:\Windows\System32\drivers\teuncohm.sys:changelist
    @Alternate Data Stream - 768 bytes -> C:\Windows\System32\drivers\puymlpgc.sys:changelist
    @Alternate Data Stream - 610 bytes -> C:\Windows\System32\drivers\qskgltym.sys:changelist
    @Alternate Data Stream - 610 bytes -> C:\Windows\System32\drivers\hefwrycu.sys:changelist
    @Alternate Data Stream - 522 bytes -> C:\Windows\System32\drivers\uxtiqeky.sys:changelist
    @Alternate Data Stream - 384 bytes -> C:\Windows\System32\drivers\ikupexvg.sys:changelist
    @Alternate Data Stream - 1110 bytes -> C:\Windows\System32\drivers\cpgpihny.sys:changelist
    < End of report >
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    We have very serious issues there.

    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
    SRV - File not found [Auto] -- -- (TuneUp.UtilitiesSvc)
    DRV - File not found [Kernel | System] -- -- (xuszjihl)
    DRV - File not found [Kernel | System] -- -- (MpKslc9e848df)
    DRV - File not found [Kernel | System] -- -- (MpKsl84553c1f)
    DRV - File not found [Kernel | System] -- -- (MpKsl53c1ce70)
    DRV - File not found [Kernel | System] -- -- (MpKsl22c8c8c2)
    O36 - AppCertDlls: mounsol - (C:\WINDOWS\system32\locarate.dll) - C:\WINDOWS\system32\locarate.dll ()
    [5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2012/01/06 01:41:43 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\xhxygufv.job
    [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\Windows\System32\fehuwifa
    @Alternate Data Stream - 88 bytes -> C:\Windows\System32\rundll32.exe.exe:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Windows\System32\RUNDLL32.EX_:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Windows\System32\locarate.dll:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Windows\System32\Copy of rundll32.exe.exe:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Program Files\wpp.exe:SummaryInformation
    @Alternate Data Stream - 768 bytes -> C:\Windows\System32\drivers\teuncohm.sys:changelist
    @Alternate Data Stream - 768 bytes -> C:\Windows\System32\drivers\puymlpgc.sys:changelist
    @Alternate Data Stream - 610 bytes -> C:\Windows\System32\drivers\qskgltym.sys:changelist
    @Alternate Data Stream - 610 bytes -> C:\Windows\System32\drivers\hefwrycu.sys:changelist
    @Alternate Data Stream - 522 bytes -> C:\Windows\System32\drivers\uxtiqeky.sys:changelist
    @Alternate Data Stream - 384 bytes -> C:\Windows\System32\drivers\ikupexvg.sys:changelist
    @Alternate Data Stream - 1110 bytes -> C:\Windows\System32\drivers\cpgpihny.sys:changelist
    
    :Services
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Shell"="Explorer.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "userinit"="C:\Windows\system32\userinit.exe,"
    
    
    :Files
    
    :Commands
    [purity]
    
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into Windows.
     
  7. trucksales

    trucksales TS Rookie Topic Starter

    FIX LOG ( Would Not Start in Normal Windows)

    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TuneUp.UtilitiesSvc deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\xuszjihl deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MpKslc9e848df deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MpKsl84553c1f deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MpKsl53c1ce70 deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MpKsl22c8c8c2 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Session Manager\AppCertDlls\\mounsol deleted successfully.
    C:\WINDOWS\system32\locarate.dll moved successfully.
    C:\Windows\System32\CONFIG.TMP deleted successfully.
    C:\Windows\System32\SETB3.tmp deleted successfully.
    C:\Windows\System32\SETB7.tmp deleted successfully.
    C:\Windows\System32\SETB8.tmp deleted successfully.
    C:\Windows\System32\SETBF.tmp deleted successfully.
    C:\Windows\DUMP663b.tmp deleted successfully.
    C:\Windows\tasks\xhxygufv.job moved successfully.
    C:\WINDOWS\system32\fehuwifa moved successfully.
    ADS C:\Windows\System32\rundll32.exe.exe:SummaryInformation deleted successfully.
    ADS C:\Windows\System32\RUNDLL32.EX_:SummaryInformation deleted successfully.
    Unable to delete ADS C:\Windows\System32\locarate.dll:SummaryInformation .
    ADS C:\Windows\System32\Copy of rundll32.exe.exe:SummaryInformation deleted successfully.
    ADS C:\Program Files\wpp.exe:SummaryInformation deleted successfully.
    ADS C:\Windows\System32\drivers\teuncohm.sys:changelist deleted successfully.
    ADS C:\Windows\System32\drivers\puymlpgc.sys:changelist deleted successfully.
    ADS C:\Windows\System32\drivers\qskgltym.sys:changelist deleted successfully.
    ADS C:\Windows\System32\drivers\hefwrycu.sys:changelist deleted successfully.
    ADS C:\Windows\System32\drivers\uxtiqeky.sys:changelist deleted successfully.
    ADS C:\Windows\System32\drivers\ikupexvg.sys:changelist deleted successfully.
    ADS C:\Windows\System32\drivers\cpgpihny.sys:changelist deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"Explorer.exe" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"userinit"|"C:\Windows\system32\userinit.exe," /E : value set successfully!
    ========== FILES ==========
    ========== COMMANDS ==========

    OTLPE by OldTimer - Version 3.1.48.0 log created on 01092012_211636
     
  8. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    ....
     
  9. trucksales

    trucksales TS Rookie Topic Starter

    No Luck. Still Coming up to a black screen
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Try safe mode.

    If same issue boot again to OTLPE, double click on OTL and....
    Under the Custom Scan box paste this in:

    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    /md5stop

    Press Run Scan to start the scan.
    Post new log.
     
  11. trucksales

    trucksales TS Rookie Topic Starter

    OTL logfile created on: 1/9/2012 10:02:24 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    (Version = .) - Type =
    Internet Explorer (Version = )
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.00 Mb Total Physical Memory | 292.00 Mb Available Physical Memory | 58.00% Memory free
    454.00 Mb Paging File | 316.00 Mb Available in Paging File | 70.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 142.05 Gb Total Space | 99.37 Gb Free Space | 69.95% Space Free | Partition Type: NTFS
    Drive D: | 3.76 Gb Total Space | 3.75 Gb Free Space | 99.88% Space Free | Partition Type: FAT32
    Drive X: | 3.77 Gb Total Space | 2.34 Gb Free Space | 62.10% Space Free | Partition Type: FAT

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet004

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto] -- -- (HidServ)
    SRV - File not found [On_Demand] -- -- (AppMgmt)
    SRV - [2010/10/27 19:21:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2010/07/18 11:50:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/25 22:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/02/05 10:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)
    DRV - File not found [Kernel | On_Demand] -- -- (TuneUpUtilitiesDrv)
    DRV - File not found [Kernel | System] -- -- (SASKUTIL)
    DRV - File not found [Kernel | On_Demand] -- -- (Rts516xIR)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand] -- -- (NPF)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand] -- -- (int15.sys)
    DRV - File not found [Kernel | On_Demand] -- -- (cpuz132)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - [2012/01/06 01:41:46 | 000,028,752 | -H-- | M] (Microsoft Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4636AC13-2939-4A29-BC07-61924591E111}\MpKsl51c7c1a4.sys -- (MpKsl51c7c1a4)
    DRV - [2010/02/17 19:25:50 | 000,012,872 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Documents and Settings\Chad\Local Settings\Temp\HBCD\SuperAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2009/07/23 14:07:40 | 000,006,528 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jumi.sys -- (jumi)
    DRV - [2009/06/15 16:21:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
    DRV - [2009/06/03 11:01:28 | 000,341,504 | ---- | M] (Novatel Wireless, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NWVNdis.sys -- (NWVNDIS)
    DRV - [2009/06/03 11:01:28 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
    DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
    DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV - [2009/03/02 00:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
    DRV - [2009/02/25 22:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
    DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2009/02/24 03:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/02/03 01:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/01/02 20:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
    DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2006/11/02 08:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
    DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2005/04/21 16:10:30 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)
    DRV - [2005/01/13 11:06:48 | 000,035,107 | ---- | M] (Winternals) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VDiskBus.sys -- (vdiskbus)
    DRV - [2002/12/16 19:11:02 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
    DRV - [2002/12/16 19:11:02 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 01:06:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 01:05:53 | 000,000,000 | ---D | M]

    [2011/12/30 22:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/11/06 09:46:58 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
    [2009/10/07 16:59:43 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Program Files\Mozilla Firefox\extensions\plugin@yontoo.com

    O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - ftp Prefix: missing
    O13 - gopher Prefix: missing
    O13 - home Prefix: missing
    O13 - mosaic Prefix: missing
    O13 - www Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/12 00:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 01:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/09 21:16:36 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/01/09 15:58:44 | 000,000,000 | ---D | C] -- \[BOOT]
    [2012/01/09 15:58:42 | 000,000,000 | ---D | C] -- \SFX
    [2012/01/09 15:57:52 | 000,000,000 | ---D | C] -- \PROGRAMS
    [2012/01/09 15:52:51 | 000,000,000 | ---D | C] -- \OTLPEStd
    [2012/01/09 15:50:33 | 000,000,000 | ---D | C] -- \minint
    [2012/01/05 17:08:40 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RNDISMPK.sys
    [2012/01/05 17:08:40 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usb8023k.sys
    [2012/01/05 17:08:39 | 000,013,335 | ---- | C] (Microsystems Corp) -- C:\Windows\System32\usbcm.sys
    [2012/01/05 17:08:39 | 000,013,335 | ---- | C] (Microsystems Corp) -- C:\Windows\System32\drivers\usbcm.sys
    [2012/01/05 17:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ubee
    [2011/12/30 21:36:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smierrsm.dll
    [2011/12/30 21:36:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smimsgif.dll
    [2011/12/30 21:36:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smierrsy.dll
    [2011/12/30 21:36:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpstup.dll
    [2011/12/30 21:35:59 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smi2smir.exe
    [2011/12/30 21:35:58 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpincl.dll
    [2011/12/30 21:35:58 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpsmir.dll
    [2011/12/30 21:35:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpthrd.dll
    [2011/12/30 21:35:57 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpcl.dll
    [2011/12/30 21:35:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evntwin.exe
    [2011/12/30 21:35:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\evntwin.exe
    [2011/12/30 21:35:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmp.exe
    [2011/12/30 21:35:56 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmptrap.exe
    [2011/12/30 21:35:55 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evntcmd.exe
    [2011/12/30 21:35:55 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\evntcmd.exe
    [2011/12/30 21:35:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evntagnt.dll
    [2011/12/30 21:35:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\evntagnt.dll
    [2011/12/30 21:35:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hostmib.dll
    [2011/12/30 21:35:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\hostmib.dll
    [2011/12/30 21:35:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\snmpmib.dll
    [2011/12/30 21:35:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpmib.dll
    [2011/12/30 21:35:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lmmib2.dll
    [2011/12/30 21:35:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\lmmib2.dll
    [2009/03/11 07:53:14 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/01/09 22:41:24 | 000,002,048 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/09 13:45:53 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2012/01/06 01:46:48 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\MP Scheduled Scan.job
    [2012/01/06 01:46:40 | 000,495,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/01/06 01:46:40 | 000,085,588 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/12/30 13:23:01 | 000,001,158 | ---- | M] () -- C:\Windows\System32\wpa.dbl
    [2011/12/22 13:47:57 | 000,001,393 | ---- | M] () -- C:\Windows\imsins.BAK
    [2011/12/19 10:05:02 | 000,251,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/01/09 15:58:44 | 000,000,000 | ---- | C] () -- \WIN51IP.SP2
    [2012/01/09 15:58:44 | 000,000,000 | ---- | C] () -- \WIN51IP
    [2012/01/09 15:58:42 | 000,240,128 | ---- | C] () -- \reatogoMenu.exe
    [2012/01/09 15:58:42 | 000,001,052 | ---- | C] () -- \reatogoMenu.ini
    [2012/01/09 15:57:26 | 297,922,560 | ---- | C] () -- \OTLPE_New_Std.iso
    [2012/01/09 15:57:10 | 098,077,435 | ---- | C] () -- \OTLPEStd.exe
    [2012/01/09 15:50:33 | 000,260,272 | ---- | C] () -- \ntldr
    [2012/01/09 15:50:33 | 000,047,564 | ---- | C] () -- \ntdetect.com
    [2012/01/09 15:50:33 | 000,000,167 | ---- | C] () -- \winbom.ini
    [2012/01/09 15:50:33 | 000,000,053 | ---- | C] () -- \AUTORUN.INF
    [2012/01/05 17:08:40 | 000,012,063 | ---- | C] () -- C:\Windows\System32\netusbcm.inf
    [2012/01/05 17:08:39 | 000,011,044 | ---- | C] () -- C:\Windows\System32\usbcm.cat
    [2012/01/05 17:08:39 | 000,003,626 | ---- | C] () -- C:\Windows\System32\usbcm.inf
    [2011/12/30 21:36:02 | 000,049,275 | ---- | C] () -- C:\Windows\System32\wfospf.mib
    [2011/12/30 21:36:02 | 000,026,236 | ---- | C] () -- C:\Windows\System32\wins.mib
    [2011/12/30 21:36:02 | 000,004,332 | ---- | C] () -- C:\Windows\System32\smi.mib
    [2011/12/30 21:36:01 | 000,038,608 | ---- | C] () -- C:\Windows\System32\nipx.mib
    [2011/12/30 21:36:01 | 000,034,317 | ---- | C] () -- C:\Windows\System32\msiprip2.mib
    [2011/12/30 21:36:01 | 000,021,386 | ---- | C] () -- C:\Windows\System32\mipx.mib
    [2011/12/30 21:36:01 | 000,013,767 | ---- | C] () -- C:\Windows\System32\msipbtp.mib
    [2011/12/30 21:36:01 | 000,010,313 | ---- | C] () -- C:\Windows\System32\mripsap.mib
    [2011/12/30 21:36:01 | 000,000,581 | ---- | C] () -- C:\Windows\System32\msft.mib
    [2011/12/30 21:36:00 | 000,107,882 | ---- | C] () -- C:\Windows\System32\mib_ii.mib
    [2011/12/30 21:36:00 | 000,048,593 | ---- | C] () -- C:\Windows\System32\hostmib.mib
    [2011/12/30 21:36:00 | 000,030,448 | ---- | C] () -- C:\Windows\System32\mcastmib.mib
    [2011/12/30 21:36:00 | 000,026,100 | ---- | C] () -- C:\Windows\System32\lmmib2.mib
    [2011/12/30 21:36:00 | 000,015,799 | ---- | C] () -- C:\Windows\System32\ipforwd.mib
    [2011/12/30 21:35:59 | 000,016,617 | ---- | C] () -- C:\Windows\System32\authserv.mib
    [2011/12/30 21:35:59 | 000,015,597 | ---- | C] () -- C:\Windows\System32\accserv.mib
    [2011/12/30 21:35:59 | 000,004,597 | ---- | C] () -- C:\Windows\System32\dhcp.mib
    [2011/10/06 15:39:19 | 000,042,376 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
    [2010/12/23 18:53:58 | 000,055,732 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2010/12/10 01:06:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/06/27 21:14:19 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/03/23 21:58:16 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
    [2010/02/20 04:24:36 | 000,002,855 | ---- | C] () -- C:\Program Files\wpp.PIF
    [2010/02/20 03:41:43 | 000,000,008 | ---- | C] () -- C:\Program Files\wpp.exe
    [2010/02/19 19:58:04 | 000,001,324 | ---- | C] () -- C:\Windows\System32\d3d9caps.dat
    [2009/09/17 19:45:37 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2009/09/17 19:45:36 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2009/09/17 19:45:36 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2009/09/17 19:45:36 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2009/09/17 19:45:36 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2009/09/17 19:45:36 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2009/09/17 19:45:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2009/09/17 19:45:36 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2009/09/17 19:45:36 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2009/09/17 19:45:36 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2009/09/17 19:45:36 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2009/09/17 19:45:36 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2009/09/17 19:45:36 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2009/09/17 19:45:35 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2009/09/17 19:45:35 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2009/09/17 19:45:35 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
    [2009/05/08 01:11:12 | 000,233,472 | ---- | C] () -- C:\Windows\System32\M3000DIF.dll
    [2009/05/08 01:11:12 | 000,145,408 | ---- | C] () -- C:\Windows\System32\drivers\M3000KNT.sys
    [2009/05/08 01:11:12 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
    [2009/05/08 01:11:09 | 000,040,960 | ---- | C] () -- C:\Windows\AutosetFrequency.exe
    [2009/05/08 01:11:09 | 000,000,639 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
    [2009/03/12 01:47:07 | 000,000,061 | ---- | C] () -- C:\Windows\smscfg.ini
    [2009/03/12 00:56:32 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
    [2009/03/12 00:56:32 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
    [2009/03/12 00:56:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
    [2009/03/12 00:56:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
    [2009/03/12 00:56:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2009/03/12 00:56:32 | 000,000,164 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
    [2009/03/12 00:56:32 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
    [2009/03/12 00:55:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4926.dll
    [2009/03/12 00:10:15 | 000,032,768 | ---- | C] () -- C:\Windows\AMove.exe
    [2009/03/12 00:10:15 | 000,006,782 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
    [2009/03/12 00:09:26 | 000,002,048 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/03/12 00:06:10 | 000,021,640 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
    [2009/03/12 00:05:25 | 000,001,793 | ---- | C] () -- C:\Windows\System32\fxsperf.ini
    [2009/03/11 16:03:29 | 000,004,161 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2009/03/11 16:02:48 | 000,251,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/03/11 07:56:14 | 000,312,344 | ---- | C] () -- C:\Windows\System32\drivers\iaStor.sys
    [2009/03/11 07:53:14 | 000,020,480 | ---- | C] () -- C:\Windows\LauncheRyDiscCalc.exe
    [2009/03/11 07:53:06 | 000,004,569 | ---- | C] () -- C:\Windows\System32\secupd.dat
    [2009/03/11 07:53:05 | 000,495,880 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/03/11 07:53:05 | 000,272,128 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/03/11 07:53:05 | 000,085,588 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/03/11 07:53:05 | 000,028,626 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/03/11 07:53:04 | 013,107,200 | ---- | C] () -- C:\Windows\System32\oembios.bin
    [2009/03/11 07:53:04 | 000,004,524 | ---- | C] () -- C:\Windows\System32\oembios.dat
    [2009/03/11 07:53:04 | 000,000,741 | ---- | C] () -- C:\Windows\System32\noise.dat
    [2009/03/11 07:53:02 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/03/11 07:53:02 | 000,046,258 | ---- | C] () -- C:\Windows\System32\mib.bin
    [2009/03/11 07:52:59 | 000,218,003 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/03/11 07:52:57 | 000,001,804 | ---- | C] () -- C:\Windows\System32\Dcache.bin

    ========== LOP Check ==========

    [2009/07/26 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2012/01/09 15:50:34 | 000,000,000 | ---D | M] -- \minint
    [2012/01/09 15:52:52 | 000,000,000 | ---D | M] -- \OTLPEStd
    [2012/01/09 15:57:54 | 000,000,000 | ---D | M] -- \PROGRAMS
    [2012/01/09 15:58:44 | 000,000,000 | ---D | M] -- \SFX
    [2012/01/09 15:58:46 | 000,000,000 | ---D | M] -- \[BOOT]
    [2012/01/06 01:46:48 | 000,000,408 | -H-- | M] () -- C:\Windows\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    ========== Custom Scans ==========



    < MD5 for: EXPLORER.EXE >
    [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
    [2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
    [2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
    [2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    From what I can see your Windows installation is seriously damaged.

    OTLPE can't even read Windows version.

    Is it Windows XP?
    Do you have Windows disk?
     
  13. trucksales

    trucksales TS Rookie Topic Starter

    It is XP and I don't have the disk but can probably find one. Would you suggest copying all of my pictures and documents off the C drive before we try and reload windows
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Yes. You can actually use OTLPE to do so.

    When you have Windows disk we can try repair installation but in my opinion your best option would be fresh installation.
     
  15. trucksales

    trucksales TS Rookie Topic Starter

    I appreciate all your help!!!!
     
  16. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You're very welcome [​IMG]
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...