[Inactive] System Check virus help needed

trucksales · Jan 9, 2012

Hello,
I'm needing help. I have got the system check virus. Once I turn my system on it goes to a black screen. It will not let me even go to Safe Mode. Any suggestions?

Thanks Chad

Broni · Jan 9, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps HERE

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.

trucksales · Jan 9, 2012

Problem

Ok here is my problem. My computer doesn't have a CD drive nor can I get online. My system is completely down. It starts to boot and stops in the middle of it. I have gone on line from my office computer and in the process of downloading the OTLPNet to a USB Flash drive. Hopefully we can work with this.

Thanks Chad

Broni · Jan 9, 2012

OTLPE on flash drive: http://forums.majorgeeks.com/showthread.php?t=216844

trucksales · Jan 9, 2012

OTL File

OTL logfile created on: 1/9/2012 4:52:48 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
(Version = .) - Type =
Internet Explorer (Version = )
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 305.00 Mb Available Physical Memory | 61.00% Memory free
454.00 Mb Paging File | 328.00 Mb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 99.36 Gb Free Space | 69.95% Space Free | Partition Type: NTFS
Drive X: | 3.77 Gb Total Space | 2.34 Gb Free Space | 62.11% Space Free | Partition Type: FAT

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TuneUp.UtilitiesSvc)
SRV - File not found [Auto] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2010/10/27 19:21:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/07/18 11:50:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/25 22:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/02/05 10:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System] -- -- (xuszjihl)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)
DRV - File not found [Kernel | On_Demand] -- -- (TuneUpUtilitiesDrv)
DRV - File not found [Kernel | System] -- -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand] -- -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (NPF)
DRV - File not found [Kernel | System] -- -- (MpKslc9e848df)
DRV - File not found [Kernel | System] -- -- (MpKsl84553c1f)
DRV - File not found [Kernel | System] -- -- (MpKsl53c1ce70)
DRV - File not found [Kernel | System] -- -- (MpKsl22c8c8c2)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (int15.sys)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz132)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/01/06 01:41:46 | 000,028,752 | -H-- | M] (Microsoft Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4636AC13-2939-4A29-BC07-61924591E111}\MpKsl51c7c1a4.sys -- (MpKsl51c7c1a4)
DRV - [2010/02/17 19:25:50 | 000,012,872 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Documents and Settings\Chad\Local Settings\Temp\HBCD\SuperAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/23 14:07:40 | 000,006,528 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jumi.sys -- (jumi)
DRV - [2009/06/15 16:21:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/06/03 11:01:28 | 000,341,504 | ---- | M] (Novatel Wireless, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NWVNdis.sys -- (NWVNDIS)
DRV - [2009/06/03 11:01:28 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/03/02 00:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/25 22:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/24 03:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/03 01:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/01/02 20:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/11/02 08:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/04/21 16:10:30 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)
DRV - [2005/01/13 11:06:48 | 000,035,107 | ---- | M] (Winternals) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VDiskBus.sys -- (vdiskbus)
DRV - [2002/12/16 19:11:02 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2002/12/16 19:11:02 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 01:06:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 01:05:53 | 000,000,000 | ---D | M]

[2011/12/30 22:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/06 09:46:58 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2009/10/07 16:59:43 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Program Files\Mozilla Firefox\extensions\plugin@yontoo.com

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - ftp Prefix: missing
O13 - gopher Prefix: missing
O13 - home Prefix: missing
O13 - mosaic Prefix: missing
O13 - www Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - ( ) - (Registry key not found)
O20 - HKLM Winlogon: UserInit - ( ) - (Registry key not found)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/12 00:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 01:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: mounsol - (C:\WINDOWS\system32\locarate.dll) - C:\WINDOWS\system32\locarate.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/09 15:58:44 | 000,000,000 | ---D | C] -- \[BOOT]
[2012/01/09 15:58:42 | 000,000,000 | ---D | C] -- \SFX
[2012/01/09 15:57:52 | 000,000,000 | ---D | C] -- \PROGRAMS
[2012/01/09 15:52:51 | 000,000,000 | ---D | C] -- \OTLPEStd
[2012/01/09 15:50:33 | 000,000,000 | ---D | C] -- \minint
[2012/01/05 17:08:40 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RNDISMPK.sys
[2012/01/05 17:08:40 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usb8023k.sys
[2012/01/05 17:08:39 | 000,013,335 | ---- | C] (Microsystems Corp) -- C:\Windows\System32\usbcm.sys
[2012/01/05 17:08:39 | 000,013,335 | ---- | C] (Microsystems Corp) -- C:\Windows\System32\drivers\usbcm.sys
[2012/01/05 17:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ubee
[2011/12/30 21:36:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smierrsm.dll
[2011/12/30 21:36:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smimsgif.dll
[2011/12/30 21:36:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smierrsy.dll
[2011/12/30 21:36:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpstup.dll
[2011/12/30 21:35:59 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smi2smir.exe
[2011/12/30 21:35:58 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpincl.dll
[2011/12/30 21:35:58 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpsmir.dll
[2011/12/30 21:35:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpthrd.dll
[2011/12/30 21:35:57 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpcl.dll
[2011/12/30 21:35:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evntwin.exe
[2011/12/30 21:35:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\evntwin.exe
[2011/12/30 21:35:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmp.exe
[2011/12/30 21:35:56 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmptrap.exe
[2011/12/30 21:35:55 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evntcmd.exe
[2011/12/30 21:35:55 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\evntcmd.exe
[2011/12/30 21:35:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evntagnt.dll
[2011/12/30 21:35:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\evntagnt.dll
[2011/12/30 21:35:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hostmib.dll
[2011/12/30 21:35:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\hostmib.dll
[2011/12/30 21:35:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\snmpmib.dll
[2011/12/30 21:35:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpmib.dll
[2011/12/30 21:35:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lmmib2.dll
[2011/12/30 21:35:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\lmmib2.dll
[2009/03/11 07:53:14 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/09 13:45:53 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/01/09 11:58:39 | 000,002,048 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/06 01:46:48 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\MP Scheduled Scan.job
[2012/01/06 01:46:40 | 000,495,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/06 01:46:40 | 000,085,588 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/06 01:41:43 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\xhxygufv.job
[2011/12/30 13:23:01 | 000,001,158 | ---- | M] () -- C:\Windows\System32\wpa.dbl
[2011/12/22 13:47:57 | 000,001,393 | ---- | M] () -- C:\Windows\imsins.BAK
[2011/12/19 10:05:02 | 000,251,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\Windows\System32\fehuwifa
[2012/01/09 15:58:44 | 000,000,000 | ---- | C] () -- \WIN51IP.SP2
[2012/01/09 15:58:44 | 000,000,000 | ---- | C] () -- \WIN51IP
[2012/01/09 15:58:42 | 000,240,128 | ---- | C] () -- \reatogoMenu.exe
[2012/01/09 15:58:42 | 000,001,052 | ---- | C] () -- \reatogoMenu.ini
[2012/01/09 15:57:26 | 297,922,560 | ---- | C] () -- \OTLPE_New_Std.iso
[2012/01/09 15:57:10 | 098,077,435 | ---- | C] () -- \OTLPEStd.exe
[2012/01/09 15:50:33 | 000,260,272 | ---- | C] () -- \ntldr
[2012/01/09 15:50:33 | 000,047,564 | ---- | C] () -- \ntdetect.com
[2012/01/09 15:50:33 | 000,000,167 | ---- | C] () -- \winbom.ini
[2012/01/09 15:50:33 | 000,000,053 | ---- | C] () -- \AUTORUN.INF
[2012/01/05 17:08:40 | 000,012,063 | ---- | C] () -- C:\Windows\System32\netusbcm.inf
[2012/01/05 17:08:39 | 000,011,044 | ---- | C] () -- C:\Windows\System32\usbcm.cat
[2012/01/05 17:08:39 | 000,003,626 | ---- | C] () -- C:\Windows\System32\usbcm.inf
[2011/12/30 21:36:02 | 000,049,275 | ---- | C] () -- C:\Windows\System32\wfospf.mib
[2011/12/30 21:36:02 | 000,026,236 | ---- | C] () -- C:\Windows\System32\wins.mib
[2011/12/30 21:36:02 | 000,004,332 | ---- | C] () -- C:\Windows\System32\smi.mib
[2011/12/30 21:36:01 | 000,038,608 | ---- | C] () -- C:\Windows\System32\nipx.mib
[2011/12/30 21:36:01 | 000,034,317 | ---- | C] () -- C:\Windows\System32\msiprip2.mib
[2011/12/30 21:36:01 | 000,021,386 | ---- | C] () -- C:\Windows\System32\mipx.mib
[2011/12/30 21:36:01 | 000,013,767 | ---- | C] () -- C:\Windows\System32\msipbtp.mib
[2011/12/30 21:36:01 | 000,010,313 | ---- | C] () -- C:\Windows\System32\mripsap.mib
[2011/12/30 21:36:01 | 000,000,581 | ---- | C] () -- C:\Windows\System32\msft.mib
[2011/12/30 21:36:00 | 000,107,882 | ---- | C] () -- C:\Windows\System32\mib_ii.mib
[2011/12/30 21:36:00 | 000,048,593 | ---- | C] () -- C:\Windows\System32\hostmib.mib
[2011/12/30 21:36:00 | 000,030,448 | ---- | C] () -- C:\Windows\System32\mcastmib.mib
[2011/12/30 21:36:00 | 000,026,100 | ---- | C] () -- C:\Windows\System32\lmmib2.mib
[2011/12/30 21:36:00 | 000,015,799 | ---- | C] () -- C:\Windows\System32\ipforwd.mib
[2011/12/30 21:35:59 | 000,016,617 | ---- | C] () -- C:\Windows\System32\authserv.mib
[2011/12/30 21:35:59 | 000,015,597 | ---- | C] () -- C:\Windows\System32\accserv.mib
[2011/12/30 21:35:59 | 000,004,597 | ---- | C] () -- C:\Windows\System32\dhcp.mib
[2011/10/06 15:39:19 | 000,042,376 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2010/12/23 18:53:58 | 000,055,732 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/12/10 01:06:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/07 00:36:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\locarate.dll
[2010/06/27 21:14:19 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/23 21:58:16 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2010/02/20 04:24:36 | 000,002,855 | ---- | C] () -- C:\Program Files\wpp.PIF
[2010/02/20 03:41:43 | 000,000,008 | ---- | C] () -- C:\Program Files\wpp.exe
[2010/02/19 19:58:04 | 000,001,324 | ---- | C] () -- C:\Windows\System32\d3d9caps.dat
[2009/09/17 19:45:37 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/09/17 19:45:36 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/09/17 19:45:36 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/09/17 19:45:36 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/09/17 19:45:36 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/09/17 19:45:36 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/09/17 19:45:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/09/17 19:45:36 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/09/17 19:45:36 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/09/17 19:45:36 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/09/17 19:45:36 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/09/17 19:45:36 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/09/17 19:45:36 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/09/17 19:45:35 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/09/17 19:45:35 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/09/17 19:45:35 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/05/08 01:11:12 | 000,233,472 | ---- | C] () -- C:\Windows\System32\M3000DIF.dll
[2009/05/08 01:11:12 | 000,145,408 | ---- | C] () -- C:\Windows\System32\drivers\M3000KNT.sys
[2009/05/08 01:11:12 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/05/08 01:11:09 | 000,040,960 | ---- | C] () -- C:\Windows\AutosetFrequency.exe
[2009/05/08 01:11:09 | 000,000,639 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2009/03/12 01:47:07 | 000,000,061 | ---- | C] () -- C:\Windows\smscfg.ini
[2009/03/12 00:56:32 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2009/03/12 00:56:32 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009/03/12 00:56:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009/03/12 00:56:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/03/12 00:56:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/03/12 00:56:32 | 000,000,164 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/03/12 00:56:32 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/03/12 00:55:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4926.dll
[2009/03/12 00:10:15 | 000,032,768 | ---- | C] () -- C:\Windows\AMove.exe
[2009/03/12 00:10:15 | 000,006,782 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
[2009/03/12 00:09:26 | 000,002,048 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/03/12 00:06:10 | 000,021,640 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/03/12 00:05:25 | 000,001,793 | ---- | C] () -- C:\Windows\System32\fxsperf.ini
[2009/03/11 16:03:29 | 000,004,161 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/03/11 16:02:48 | 000,251,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/03/11 07:56:14 | 000,312,344 | ---- | C] () -- C:\Windows\System32\drivers\iaStor.sys
[2009/03/11 07:53:14 | 000,020,480 | ---- | C] () -- C:\Windows\LauncheRyDiscCalc.exe
[2009/03/11 07:53:06 | 000,004,569 | ---- | C] () -- C:\Windows\System32\secupd.dat
[2009/03/11 07:53:05 | 000,495,880 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/03/11 07:53:05 | 000,272,128 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/03/11 07:53:05 | 000,085,588 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/03/11 07:53:05 | 000,028,626 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/03/11 07:53:04 | 013,107,200 | ---- | C] () -- C:\Windows\System32\oembios.bin
[2009/03/11 07:53:04 | 000,004,524 | ---- | C] () -- C:\Windows\System32\oembios.dat
[2009/03/11 07:53:04 | 000,000,741 | ---- | C] () -- C:\Windows\System32\noise.dat
[2009/03/11 07:53:02 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/03/11 07:53:02 | 000,046,258 | ---- | C] () -- C:\Windows\System32\mib.bin
[2009/03/11 07:52:59 | 000,218,003 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/03/11 07:52:57 | 000,001,804 | ---- | C] () -- C:\Windows\System32\Dcache.bin

========== LOP Check ==========

[2009/07/26 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2012/01/09 15:50:34 | 000,000,000 | ---D | M] -- \minint
[2012/01/09 15:52:52 | 000,000,000 | ---D | M] -- \OTLPEStd
[2012/01/09 15:57:54 | 000,000,000 | ---D | M] -- \PROGRAMS
[2012/01/09 15:58:44 | 000,000,000 | ---D | M] -- \SFX
[2012/01/09 15:58:46 | 000,000,000 | ---D | M] -- \[BOOT]
[2012/01/06 01:46:48 | 000,000,408 | -H-- | M] () -- C:\Windows\Tasks\MP Scheduled Scan.job
[2012/01/06 01:41:43 | 000,000,296 | ---- | M] () -- C:\Windows\Tasks\xhxygufv.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Windows\System32\rundll32.exe.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Windows\System32\RUNDLL32.EX_:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Windows\System32\locarate.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Windows\System32\Copy of rundll32.exe.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Program Files\wpp.exe:SummaryInformation
@Alternate Data Stream - 768 bytes -> C:\Windows\System32\drivers\teuncohm.sys:changelist
@Alternate Data Stream - 768 bytes -> C:\Windows\System32\drivers\puymlpgc.sys:changelist
@Alternate Data Stream - 610 bytes -> C:\Windows\System32\drivers\qskgltym.sys:changelist
@Alternate Data Stream - 610 bytes -> C:\Windows\System32\drivers\hefwrycu.sys:changelist
@Alternate Data Stream - 522 bytes -> C:\Windows\System32\drivers\uxtiqeky.sys:changelist
@Alternate Data Stream - 384 bytes -> C:\Windows\System32\drivers\ikupexvg.sys:changelist
@Alternate Data Stream - 1110 bytes -> C:\Windows\System32\drivers\cpgpihny.sys:changelist
< End of report >

Broni · Jan 9, 2012

We have very serious issues there.

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL
SRV - File not found [Auto] -- -- (TuneUp.UtilitiesSvc)
DRV - File not found [Kernel | System] -- -- (xuszjihl)
DRV - File not found [Kernel | System] -- -- (MpKslc9e848df)
DRV - File not found [Kernel | System] -- -- (MpKsl84553c1f)
DRV - File not found [Kernel | System] -- -- (MpKsl53c1ce70)
DRV - File not found [Kernel | System] -- -- (MpKsl22c8c8c2)
O36 - AppCertDlls: mounsol - (C:\WINDOWS\system32\locarate.dll) - C:\WINDOWS\system32\locarate.dll ()
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2012/01/06 01:41:43 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\xhxygufv.job
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\Windows\System32\fehuwifa
@Alternate Data Stream - 88 bytes -> C:\Windows\System32\rundll32.exe.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Windows\System32\RUNDLL32.EX_:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Windows\System32\locarate.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Windows\System32\Copy of rundll32.exe.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Program Files\wpp.exe:SummaryInformation
@Alternate Data Stream - 768 bytes -> C:\Windows\System32\drivers\teuncohm.sys:changelist
@Alternate Data Stream - 768 bytes -> C:\Windows\System32\drivers\puymlpgc.sys:changelist
@Alternate Data Stream - 610 bytes -> C:\Windows\System32\drivers\qskgltym.sys:changelist
@Alternate Data Stream - 610 bytes -> C:\Windows\System32\drivers\hefwrycu.sys:changelist
@Alternate Data Stream - 522 bytes -> C:\Windows\System32\drivers\uxtiqeky.sys:changelist
@Alternate Data Stream - 384 bytes -> C:\Windows\System32\drivers\ikupexvg.sys:changelist
@Alternate Data Stream - 1110 bytes -> C:\Windows\System32\drivers\cpgpihny.sys:changelist

:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"userinit"="C:\Windows\system32\userinit.exe,"


:Files

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Attempt to reboot normally into Windows.

trucksales · Jan 9, 2012

FIX LOG ( Would Not Start in Normal Windows)

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TuneUp.UtilitiesSvc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\xuszjihl deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MpKslc9e848df deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MpKsl84553c1f deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MpKsl53c1ce70 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MpKsl22c8c8c2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Session Manager\AppCertDlls\\mounsol deleted successfully.
C:\WINDOWS\system32\locarate.dll moved successfully.
C:\Windows\System32\CONFIG.TMP deleted successfully.
C:\Windows\System32\SETB3.tmp deleted successfully.
C:\Windows\System32\SETB7.tmp deleted successfully.
C:\Windows\System32\SETB8.tmp deleted successfully.
C:\Windows\System32\SETBF.tmp deleted successfully.
C:\Windows\DUMP663b.tmp deleted successfully.
C:\Windows\tasks\xhxygufv.job moved successfully.
C:\WINDOWS\system32\fehuwifa moved successfully.
ADS C:\Windows\System32\rundll32.exe.exe:SummaryInformation deleted successfully.
ADS C:\Windows\System32\RUNDLL32.EX_:SummaryInformation deleted successfully.
Unable to delete ADS C:\Windows\System32\locarate.dll:SummaryInformation .
ADS C:\Windows\System32\Copy of rundll32.exe.exe:SummaryInformation deleted successfully.
ADS C:\Program Files\wpp.exe:SummaryInformation deleted successfully.
ADS C:\Windows\System32\drivers\teuncohm.sys:changelist deleted successfully.
ADS C:\Windows\System32\drivers\puymlpgc.sys:changelist deleted successfully.
ADS C:\Windows\System32\drivers\qskgltym.sys:changelist deleted successfully.
ADS C:\Windows\System32\drivers\hefwrycu.sys:changelist deleted successfully.
ADS C:\Windows\System32\drivers\uxtiqeky.sys:changelist deleted successfully.
ADS C:\Windows\System32\drivers\ikupexvg.sys:changelist deleted successfully.
ADS C:\Windows\System32\drivers\cpgpihny.sys:changelist deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"Explorer.exe" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"userinit"|"C:\Windows\system32\userinit.exe," /E : value set successfully!
========== FILES ==========
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 01092012_211636

Broni · Jan 9, 2012

Attempt to reboot normally into Windows.

....

trucksales · Jan 9, 2012

No Luck. Still Coming up to a black screen

Broni · Jan 9, 2012

Try safe mode.

If same issue boot again to OTLPE, double click on OTL and....
Under the Custom Scan box paste this in:

/md5start
explorer.exe
winlogon.exe
userinit.exe
svchost.exe
/md5stop

Press Run Scan to start the scan.
Post new log.

trucksales · Jan 9, 2012

OTL logfile created on: 1/9/2012 10:02:24 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
(Version = .) - Type =
Internet Explorer (Version = )
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 292.00 Mb Available Physical Memory | 58.00% Memory free
454.00 Mb Paging File | 316.00 Mb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 99.37 Gb Free Space | 69.95% Space Free | Partition Type: NTFS
Drive D: | 3.76 Gb Total Space | 3.75 Gb Free Space | 99.88% Space Free | Partition Type: FAT32
Drive X: | 3.77 Gb Total Space | 2.34 Gb Free Space | 62.10% Space Free | Partition Type: FAT

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2010/10/27 19:21:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/07/18 11:50:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/25 22:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/02/05 10:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)
DRV - File not found [Kernel | On_Demand] -- -- (TuneUpUtilitiesDrv)
DRV - File not found [Kernel | System] -- -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand] -- -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (NPF)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (int15.sys)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz132)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/01/06 01:41:46 | 000,028,752 | -H-- | M] (Microsoft Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4636AC13-2939-4A29-BC07-61924591E111}\MpKsl51c7c1a4.sys -- (MpKsl51c7c1a4)
DRV - [2010/02/17 19:25:50 | 000,012,872 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Documents and Settings\Chad\Local Settings\Temp\HBCD\SuperAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/23 14:07:40 | 000,006,528 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jumi.sys -- (jumi)
DRV - [2009/06/15 16:21:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/06/03 11:01:28 | 000,341,504 | ---- | M] (Novatel Wireless, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NWVNdis.sys -- (NWVNDIS)
DRV - [2009/06/03 11:01:28 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/03/02 00:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/25 22:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/24 03:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/03 01:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/01/02 20:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/11/02 08:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/04/21 16:10:30 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)
DRV - [2005/01/13 11:06:48 | 000,035,107 | ---- | M] (Winternals) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VDiskBus.sys -- (vdiskbus)
DRV - [2002/12/16 19:11:02 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2002/12/16 19:11:02 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 01:06:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 01:05:53 | 000,000,000 | ---D | M]

[2011/12/30 22:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/06 09:46:58 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2009/10/07 16:59:43 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Program Files\Mozilla Firefox\extensions\plugin@yontoo.com

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - ftp Prefix: missing
O13 - gopher Prefix: missing
O13 - home Prefix: missing
O13 - mosaic Prefix: missing
O13 - www Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/12 00:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 01:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/09 21:16:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/09 15:58:44 | 000,000,000 | ---D | C] -- \[BOOT]
[2012/01/09 15:58:42 | 000,000,000 | ---D | C] -- \SFX
[2012/01/09 15:57:52 | 000,000,000 | ---D | C] -- \PROGRAMS
[2012/01/09 15:52:51 | 000,000,000 | ---D | C] -- \OTLPEStd
[2012/01/09 15:50:33 | 000,000,000 | ---D | C] -- \minint
[2012/01/05 17:08:40 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RNDISMPK.sys
[2012/01/05 17:08:40 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usb8023k.sys
[2012/01/05 17:08:39 | 000,013,335 | ---- | C] (Microsystems Corp) -- C:\Windows\System32\usbcm.sys
[2012/01/05 17:08:39 | 000,013,335 | ---- | C] (Microsystems Corp) -- C:\Windows\System32\drivers\usbcm.sys
[2012/01/05 17:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ubee
[2011/12/30 21:36:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smierrsm.dll
[2011/12/30 21:36:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smimsgif.dll
[2011/12/30 21:36:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smierrsy.dll
[2011/12/30 21:36:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpstup.dll
[2011/12/30 21:35:59 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\smi2smir.exe
[2011/12/30 21:35:58 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpincl.dll
[2011/12/30 21:35:58 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpsmir.dll
[2011/12/30 21:35:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpthrd.dll
[2011/12/30 21:35:57 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpcl.dll
[2011/12/30 21:35:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evntwin.exe
[2011/12/30 21:35:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\evntwin.exe
[2011/12/30 21:35:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmp.exe
[2011/12/30 21:35:56 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmptrap.exe
[2011/12/30 21:35:55 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evntcmd.exe
[2011/12/30 21:35:55 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\evntcmd.exe
[2011/12/30 21:35:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evntagnt.dll
[2011/12/30 21:35:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\evntagnt.dll
[2011/12/30 21:35:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hostmib.dll
[2011/12/30 21:35:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\hostmib.dll
[2011/12/30 21:35:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\snmpmib.dll
[2011/12/30 21:35:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\snmpmib.dll
[2011/12/30 21:35:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lmmib2.dll
[2011/12/30 21:35:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\lmmib2.dll
[2009/03/11 07:53:14 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2012/01/09 22:41:24 | 000,002,048 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/09 13:45:53 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/01/06 01:46:48 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\MP Scheduled Scan.job
[2012/01/06 01:46:40 | 000,495,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/06 01:46:40 | 000,085,588 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/30 13:23:01 | 000,001,158 | ---- | M] () -- C:\Windows\System32\wpa.dbl
[2011/12/22 13:47:57 | 000,001,393 | ---- | M] () -- C:\Windows\imsins.BAK
[2011/12/19 10:05:02 | 000,251,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/01/09 15:58:44 | 000,000,000 | ---- | C] () -- \WIN51IP.SP2
[2012/01/09 15:58:44 | 000,000,000 | ---- | C] () -- \WIN51IP
[2012/01/09 15:58:42 | 000,240,128 | ---- | C] () -- \reatogoMenu.exe
[2012/01/09 15:58:42 | 000,001,052 | ---- | C] () -- \reatogoMenu.ini
[2012/01/09 15:57:26 | 297,922,560 | ---- | C] () -- \OTLPE_New_Std.iso
[2012/01/09 15:57:10 | 098,077,435 | ---- | C] () -- \OTLPEStd.exe
[2012/01/09 15:50:33 | 000,260,272 | ---- | C] () -- \ntldr
[2012/01/09 15:50:33 | 000,047,564 | ---- | C] () -- \ntdetect.com
[2012/01/09 15:50:33 | 000,000,167 | ---- | C] () -- \winbom.ini
[2012/01/09 15:50:33 | 000,000,053 | ---- | C] () -- \AUTORUN.INF
[2012/01/05 17:08:40 | 000,012,063 | ---- | C] () -- C:\Windows\System32\netusbcm.inf
[2012/01/05 17:08:39 | 000,011,044 | ---- | C] () -- C:\Windows\System32\usbcm.cat
[2012/01/05 17:08:39 | 000,003,626 | ---- | C] () -- C:\Windows\System32\usbcm.inf
[2011/12/30 21:36:02 | 000,049,275 | ---- | C] () -- C:\Windows\System32\wfospf.mib
[2011/12/30 21:36:02 | 000,026,236 | ---- | C] () -- C:\Windows\System32\wins.mib
[2011/12/30 21:36:02 | 000,004,332 | ---- | C] () -- C:\Windows\System32\smi.mib
[2011/12/30 21:36:01 | 000,038,608 | ---- | C] () -- C:\Windows\System32\nipx.mib
[2011/12/30 21:36:01 | 000,034,317 | ---- | C] () -- C:\Windows\System32\msiprip2.mib
[2011/12/30 21:36:01 | 000,021,386 | ---- | C] () -- C:\Windows\System32\mipx.mib
[2011/12/30 21:36:01 | 000,013,767 | ---- | C] () -- C:\Windows\System32\msipbtp.mib
[2011/12/30 21:36:01 | 000,010,313 | ---- | C] () -- C:\Windows\System32\mripsap.mib
[2011/12/30 21:36:01 | 000,000,581 | ---- | C] () -- C:\Windows\System32\msft.mib
[2011/12/30 21:36:00 | 000,107,882 | ---- | C] () -- C:\Windows\System32\mib_ii.mib
[2011/12/30 21:36:00 | 000,048,593 | ---- | C] () -- C:\Windows\System32\hostmib.mib
[2011/12/30 21:36:00 | 000,030,448 | ---- | C] () -- C:\Windows\System32\mcastmib.mib
[2011/12/30 21:36:00 | 000,026,100 | ---- | C] () -- C:\Windows\System32\lmmib2.mib
[2011/12/30 21:36:00 | 000,015,799 | ---- | C] () -- C:\Windows\System32\ipforwd.mib
[2011/12/30 21:35:59 | 000,016,617 | ---- | C] () -- C:\Windows\System32\authserv.mib
[2011/12/30 21:35:59 | 000,015,597 | ---- | C] () -- C:\Windows\System32\accserv.mib
[2011/12/30 21:35:59 | 000,004,597 | ---- | C] () -- C:\Windows\System32\dhcp.mib
[2011/10/06 15:39:19 | 000,042,376 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2010/12/23 18:53:58 | 000,055,732 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/12/10 01:06:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/06/27 21:14:19 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/23 21:58:16 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2010/02/20 04:24:36 | 000,002,855 | ---- | C] () -- C:\Program Files\wpp.PIF
[2010/02/20 03:41:43 | 000,000,008 | ---- | C] () -- C:\Program Files\wpp.exe
[2010/02/19 19:58:04 | 000,001,324 | ---- | C] () -- C:\Windows\System32\d3d9caps.dat
[2009/09/17 19:45:37 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/09/17 19:45:36 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/09/17 19:45:36 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/09/17 19:45:36 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/09/17 19:45:36 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/09/17 19:45:36 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/09/17 19:45:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/09/17 19:45:36 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/09/17 19:45:36 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/09/17 19:45:36 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/09/17 19:45:36 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/09/17 19:45:36 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/09/17 19:45:36 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/09/17 19:45:35 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/09/17 19:45:35 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/09/17 19:45:35 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/05/08 01:11:12 | 000,233,472 | ---- | C] () -- C:\Windows\System32\M3000DIF.dll
[2009/05/08 01:11:12 | 000,145,408 | ---- | C] () -- C:\Windows\System32\drivers\M3000KNT.sys
[2009/05/08 01:11:12 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/05/08 01:11:09 | 000,040,960 | ---- | C] () -- C:\Windows\AutosetFrequency.exe
[2009/05/08 01:11:09 | 000,000,639 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2009/03/12 01:47:07 | 000,000,061 | ---- | C] () -- C:\Windows\smscfg.ini
[2009/03/12 00:56:32 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2009/03/12 00:56:32 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009/03/12 00:56:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009/03/12 00:56:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/03/12 00:56:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/03/12 00:56:32 | 000,000,164 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/03/12 00:56:32 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/03/12 00:55:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4926.dll
[2009/03/12 00:10:15 | 000,032,768 | ---- | C] () -- C:\Windows\AMove.exe
[2009/03/12 00:10:15 | 000,006,782 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
[2009/03/12 00:09:26 | 000,002,048 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/03/12 00:06:10 | 000,021,640 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/03/12 00:05:25 | 000,001,793 | ---- | C] () -- C:\Windows\System32\fxsperf.ini
[2009/03/11 16:03:29 | 000,004,161 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/03/11 16:02:48 | 000,251,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/03/11 07:56:14 | 000,312,344 | ---- | C] () -- C:\Windows\System32\drivers\iaStor.sys
[2009/03/11 07:53:14 | 000,020,480 | ---- | C] () -- C:\Windows\LauncheRyDiscCalc.exe
[2009/03/11 07:53:06 | 000,004,569 | ---- | C] () -- C:\Windows\System32\secupd.dat
[2009/03/11 07:53:05 | 000,495,880 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/03/11 07:53:05 | 000,272,128 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/03/11 07:53:05 | 000,085,588 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/03/11 07:53:05 | 000,028,626 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/03/11 07:53:04 | 013,107,200 | ---- | C] () -- C:\Windows\System32\oembios.bin
[2009/03/11 07:53:04 | 000,004,524 | ---- | C] () -- C:\Windows\System32\oembios.dat
[2009/03/11 07:53:04 | 000,000,741 | ---- | C] () -- C:\Windows\System32\noise.dat
[2009/03/11 07:53:02 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/03/11 07:53:02 | 000,046,258 | ---- | C] () -- C:\Windows\System32\mib.bin
[2009/03/11 07:52:59 | 000,218,003 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/03/11 07:52:57 | 000,001,804 | ---- | C] () -- C:\Windows\System32\Dcache.bin

========== LOP Check ==========

[2009/07/26 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2012/01/09 15:50:34 | 000,000,000 | ---D | M] -- \minint
[2012/01/09 15:52:52 | 000,000,000 | ---D | M] -- \OTLPEStd
[2012/01/09 15:57:54 | 000,000,000 | ---D | M] -- \PROGRAMS
[2012/01/09 15:58:44 | 000,000,000 | ---D | M] -- \SFX
[2012/01/09 15:58:46 | 000,000,000 | ---D | M] -- \[BOOT]
[2012/01/06 01:46:48 | 000,000,408 | -H-- | M] () -- C:\Windows\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< End of report >

Broni · Jan 9, 2012

From what I can see your Windows installation is seriously damaged.

OTLPE can't even read Windows version.

Is it Windows XP?
Do you have Windows disk?

trucksales · Jan 9, 2012

It is XP and I don't have the disk but can probably find one. Would you suggest copying all of my pictures and documents off the C drive before we try and reload windows

Broni · Jan 9, 2012

Yes. You can actually use OTLPE to do so.

When you have Windows disk we can try repair installation but in my opinion your best option would be fresh installation.

trucksales · Jan 9, 2012

I appreciate all your help!!!!

Broni · Jan 9, 2012

You're very welcome

TechSpot

[Inactive] System Check virus help needed

trucksales Newcomer, in training

Broni Malware Annihilator

trucksales Newcomer, in training

Broni Malware Annihilator

trucksales Newcomer, in training

Broni Malware Annihilator

trucksales Newcomer, in training

Broni Malware Annihilator

trucksales Newcomer, in training

Broni Malware Annihilator

trucksales Newcomer, in training

Broni Malware Annihilator

trucksales Newcomer, in training

Broni Malware Annihilator

trucksales Newcomer, in training

Broni Malware Annihilator