Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection


  • This topic is locked This topic is locked
26 replies to this topic

#1 rochellerco

rochellerco

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 24 September 2010 - 03:36 PM

Comp specs: I7 920 cpu on DX58SO mobo, 6gb ram, 4870X2 gpu, air cooled system, no overclocking done to system
Windows Vista 64 bit SP1
problem: random audio files played at various times - doesn't seem to be linked to startup/shutdown of any programs.
Also, randow windows based pop-ups that say: (insert any program here.exe ) has stopped working - giving
you the icons to close program or search for solution and restart. Sometimes, when this happens I get a systray notification that states " Data execution Prevention has shut down (insert any program here)" this
notification will coincide with whatever program has just been shut down by windows.

DDS (Ver_10-03-17.01) - NTFSX64
Run by Chad at 14:46:17.38 on Fri 09/24/2010
Internet Explorer: 8.0.6001.18943
Microsoft« Windows VistaÖ Home Premium 6.0.6001.1.1252.1.1033.18.6132.4337 [GMT -5:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Norton Security Suite\Engine\4.0.0.127\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\uTorrent\uTorrent .exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Razer\Naga\NagaTray .exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Chad\Downloads\CoreTemp\Core Temp .exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chad\Desktop\dds.scr
C:\Windows\SysWOW64\wermgr.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.msn.com
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Core Temp] "c:\users\chad\downloads\coretemp\Core Temp.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CreativeTaskScheduler] "c:\program files (x86)\creative\shared files\CTSched.exe" /logon
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent .exe"
uRun: [Creative Software Update] "c:\program files (x86)\creative\shared files\software update\AutoUpdate.exe" /Silent
mRun: [Ad-Watch] "c:\program files (x86)\lavasoft\ad-aware\AAWTray.exe"
mRun: [VolPanel] "c:\program files (x86)\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [Razer Naga Driver] c:\program files (x86)\razer\naga\NagaTray.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files (x86)\ati\aticustomercare\ATICustomerCare.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
mRun-x64: [WPCUMI] c:\windows\system32\WpcUmi.exe

Note: multiple IFEO entries found. Please refer to Attach.txt

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============


============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-09-24 01:20:40 0 d-----w- c:\program files\Microsoft Fix it Center
2010-09-23 20:23:13 0 d-----w- c:\users\chad\appdata\roaming\Tific
2010-09-23 19:42:37 0 d-----w- c:\program files (x86)\common files\Symantec Shared
2010-09-23 19:40:18 0 d-----w- c:\program files\Symantec
2010-09-23 19:40:18 0 d-----w- c:\program files\common files\Symantec Shared
2010-09-23 19:39:51 0 d-----w- c:\program files (x86)\Norton Security Suite
2010-09-23 19:39:31 0 d-----w- c:\programdata\NortonInstaller
2010-09-23 19:39:31 0 d-----w- c:\program files (x86)\NortonInstaller
2010-09-23 19:37:37 0 d-----w- c:\programdata\Norton
2010-09-22 21:20:14 72706 ----a-w- c:\programdata\6QCtWn67.exe
2010-09-22 21:20:13 112 ----a-w- c:\programdata\bitBy6gO.dat

==================== Find3M ====================

2010-09-24 19:45:25 2883584 --sha-w- c:\users\chad\ntuser.dat
2010-09-24 19:44:33 607612 ----a-w- c:\windows\system32\perfh009.dat
2010-09-24 19:44:33 104994 ----a-w- c:\windows\system32\perfc009.dat
2010-09-24 19:37:11 67584 --s-a-w- c:\windows\bootstat.dat
2010-09-24 19:37:05 6744297472 --sha-w- C:\pagefile.sys
2010-09-24 18:12:08 112 ----a-w- c:\programdata\bitBy6gO.dat
2010-09-24 18:11:53 72706 ----a-w- c:\programdata\6QCtWn67.exe
2010-09-24 00:35:30 271728 ----a-w- c:\windows\system32\FNTCACHE.DAT
2010-09-24 00:30:29 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-24 00:30:29 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-24 00:30:29 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-24 00:28:47 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-24 00:28:47 413696 ----a-w- c:\windows\syswow64\wrap_oal.dll
2010-09-24 00:28:47 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-24 00:28:47 110592 ----a-w- c:\windows\syswow64\OpenAL32.dll
2010-09-24 00:10:11 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-09-23 19:40:18 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-09-23 19:40:18 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-09-23 19:40:18 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-09-16 08:01:11 37379528 ----a-w- c:\windows\system32\mrt.exe
2010-08-17 14:04:48 267776 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 08:06:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2010-07-26 16:55:26 11581440 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-26 15:31:05 12898304 ----a-w- c:\windows\system32\shell32.dll
2010-07-16 21:08:25 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2010-07-09 21:29:10 41 ----a-w- c:\users\chad\jagex_runescape_preferences.dat
2010-07-07 02:16:20 20118528 ----a-w- c:\windows\system32\atio6axx.dll
2010-07-07 01:55:08 15461888 ----a-w- c:\windows\syswow64\atioglxx.dll
2010-07-07 01:54:16 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-07-07 01:54:08 513024 ----a-w- c:\windows\syswow64\aticfx32.dll
2010-07-07 01:53:20 594432 ----a-w- c:\windows\system32\aticfx64.dll
2010-07-07 01:51:30 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51:26 462336 ----a-w- c:\windows\system32\atieclxx.exe
2010-07-07 01:50:54 203264 ----a-w- c:\windows\system32\atiesrxx.exe
2010-07-07 01:49:48 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-07-07 01:49:36 421376 ----a-w- c:\windows\system32\atipdl64.dll
2010-07-07 01:49:28 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2010-07-07 01:49:18 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll
2010-07-07 01:49:14 12288 ----a-w- c:\windows\system32\atimuixx.dll
2010-07-07 01:49:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-07-07 01:49:06 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2010-07-07 01:46:26 3826688 ----a-w- c:\windows\syswow64\atidxx32.dll
2010-07-07 01:37:36 4463616 ----a-w- c:\windows\system32\atidxx64.dll
2010-07-07 01:30:12 2785792 ----a-w- c:\windows\system32\atiumd6a.dll
2010-07-07 01:29:26 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-07-07 01:29:24 46080 ----a-w- c:\windows\syswow64\aticalrt.dll
2010-07-07 01:29:16 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-07-07 01:29:14 44032 ----a-w- c:\windows\syswow64\aticalcl.dll
2010-07-07 01:29:06 5378560 ----a-w- c:\windows\system32\aticaldd64.dll
2010-07-07 01:28:20 3975680 ----a-w- c:\windows\syswow64\atiumdag.dll
2010-07-07 01:27:58 4323840 ----a-w- c:\windows\syswow64\aticaldd.dll
2010-07-07 01:24:34 55296 ----a-w- c:\windows\system32\coinst.dll
2010-07-07 01:23:14 3058688 ----a-w- c:\windows\syswow64\atiumdva.dll
2010-07-07 01:22:26 5099008 ----a-w- c:\windows\system32\atiumd64.dll
2010-07-07 01:16:06 335872 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:16:02 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll
2010-07-07 01:15:54 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-07-07 01:15:50 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
2010-07-07 01:15:50 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-07-07 01:15:48 18432 ----a-w- c:\windows\system32\atig6txx.dll
2010-07-07 01:15:46 16896 ----a-w- c:\windows\syswow64\atigktxx.dll
2010-07-07 01:15:04 39424 ----a-w- c:\windows\system32\atiuxp64.dll
2010-07-07 01:14:58 30208 ----a-w- c:\windows\syswow64\atiuxpag.dll
2010-07-07 01:14:50 30208 ----a-w- c:\windows\system32\atiu9p64.dll
2010-07-07 01:14:44 22528 ----a-w- c:\windows\syswow64\atiu9pag.dll
2010-07-07 01:14:28 26112 ----a-w- c:\windows\system32\atitmp64.dll
2010-07-07 01:11:12 54272 ----a-w- c:\windows\system32\atimpc64.dll
2010-07-07 01:11:12 54272 ----a-w- c:\windows\system32\amdpcom64.dll
2010-07-07 01:11:06 52736 ----a-w- c:\windows\syswow64\atimpc32.dll
2010-07-07 01:11:06 52736 ----a-w- c:\windows\syswow64\amdpcom32.dll
2010-05-06 15:35:29 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe
2009-02-09 01:47:09 174 --sha-w- c:\program files (x86)\desktop.ini
2008-10-16 02:12:02 180 ----a-w- c:\program files\cpuz.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-02 03:36:59 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-07-02 03:36:59 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-07-02 03:36:59 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-03-08 22:35:10 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 14:51:43.91 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-24 15:25:47
Windows 6.0.6001 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0x25 0x60 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAC 0x04 0x40 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB5 0x6D 0x06 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0x25 0x60 0x89 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAC 0x04 0x40 0xF6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB5 0x6D 0x06 0x75 ...

---- EOF - GMER 1.0.15 ----

Problems with Gmer........ after install and run, there were no setup options. There was no window to allow them ever. Icons on the side of the Gmer window that were checked - Services, Registry, Files(c: only) and ADS. The other boxes were not available to check or uncheck. They were all unchecked.

I have run updated versions of Malwarebytes', Ad-Aware and Eset Nod32, online scans from Norton, McAfee and BitDefender. Anything that was removed has not returned. Any help would be greatly appreciated as I am at a loss as to what name to even call it. It seems to have small components of several different known viruses. At best I would rank myself Amatuer/Novice but have done my part to try nd figure it out. Thanks again in advance.

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:48 PM

Posted 30 September 2010 - 04:46 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 rochellerco

rochellerco
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 04 October 2010 - 01:00 AM

OTL logfile created on: 10/1/2010 1:24:44 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Chad\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 66.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.18 Gb Total Space | 348.49 Gb Free Space | 58.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAD-PC
Current User Name: Chad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/01 01:23:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
PRC - [2010/10/01 01:15:45 | 000,072,706 | ---- | M] () -- C:\ProgramData\6QCtWn67.exe
PRC - [2010/09/23 18:44:59 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent .exe
PRC - [2010/09/22 21:19:45 | 000,094,728 | ---- | M] () -- C:\Users\Chad\Downloads\CoreTemp\Core Temp.exe
PRC - [2010/01/02 10:10:02 | 001,631,616 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\NagaTray .exe
PRC - [2009/09/26 08:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2009/09/23 16:04:42 | 000,447,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/09/23 16:04:42 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/07/14 00:28:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2009/07/14 00:22:08 | 001,263,616 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009/03/02 11:24:13 | 000,319,504 | ---- | M] () -- C:\Users\Chad\Downloads\CoreTemp\Core Temp .exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/08/06 19:00:50 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/08/06 19:00:48 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/10/01 01:23:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2010/07/06 20:50:54 | 000,203,264 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 12:22:13 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/26 08:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2009/09/23 16:04:42 | 000,447,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/09/23 16:04:42 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/05/07 22:01:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/02/09 14:57:14 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2009/02/07 20:36:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/08/06 19:00:50 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2010/07/16 15:40:07 | 000,834,544 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/06 21:30:08 | 007,195,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/07/06 21:30:08 | 007,195,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/06 20:15:42 | 000,265,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/19 16:10:25 | 000,082,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/12/24 13:28:54 | 000,065,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2009/11/18 18:31:24 | 000,120,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/23 16:04:52 | 000,025,944 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/14 02:54:52 | 001,613,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2009/07/14 02:54:38 | 001,568,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2009/07/14 02:54:28 | 000,118,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009/07/14 02:54:18 | 000,213,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009/07/14 02:54:12 | 000,015,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009/07/14 02:54:04 | 000,179,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009/07/14 02:53:54 | 000,696,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009/07/14 02:53:46 | 000,580,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009/07/14 02:53:36 | 001,445,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2009/07/14 02:53:36 | 001,445,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2009/07/14 02:53:24 | 000,095,256 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2009/07/14 02:53:24 | 000,095,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2009/07/14 02:53:16 | 000,230,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2009/07/14 02:53:16 | 000,230,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2009/03/29 11:24:19 | 000,069,664 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/02/06 14:24:50 | 000,120,128 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/02/06 14:23:20 | 000,132,464 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/02/04 20:19:34 | 000,024,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2008/11/26 19:20:36 | 000,034,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2008/11/21 09:53:32 | 000,306,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2008/09/17 16:14:00 | 000,012,744 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/07/20 20:44:54 | 000,402,456 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:47:27 | 000,903,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2008/01/20 21:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2008/01/18 01:51:44 | 000,018,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2007/08/28 17:04:20 | 000,067,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2007/08/17 16:48:46 | 000,030,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2005/10/21 18:01:22 | 000,019,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbicp.sys -- (uisp)
DRV - [2009/09/23 16:04:42 | 000,261,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)
DRV - [2009/09/23 16:04:42 | 000,017,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)
DRV - [2009/09/23 16:04:38 | 000,712,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)
DRV - [2004/06/22 16:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

OTL Extras logfile created on: 10/1/2010 1:24:44 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Chad\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 66.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.18 Gb Total Space | 348.49 Gb Free Space | 58.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAD-PC
Current User Name: Chad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

try to run RKUnhookerLE and get this error "Error loading driver, NTSTATUS code: 0xC000036B" even tried to d/l again - ran as admin still wont work.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:48 PM

Posted 04 October 2010 - 03:23 AM

Hi, please run the following scan.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 rochellerco

rochellerco
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 05 October 2010 - 06:18 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Intel Corporation
BIOS Manufacturer: Intel Corp.
System Manufacturer:
System Product Name:
Logical Drives Mask: 0x0001000c

Kernel Drivers (total 160):
0x0260B000 \SystemRoot\system32\ntoskrnl.exe
0x02B23000 \SystemRoot\system32\hal.dll
0x0060B000 \SystemRoot\system32\kdcom.dll
0x00615000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00642000 \SystemRoot\system32\PSHED.dll
0x00656000 \SystemRoot\system32\CLFS.SYS
0x006B3000 \SystemRoot\system32\CI.dll
0x00808000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F0000 \SystemRoot\system32\drivers\acpi.sys
0x00946000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094F000 \SystemRoot\system32\drivers\msisadrv.sys
0x00959000 \SystemRoot\system32\drivers\pci.sys
0x00989000 \SystemRoot\System32\drivers\partmgr.sys
0x0099E000 \SystemRoot\system32\drivers\volmgr.sys
0x00765000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B2000 \SystemRoot\system32\drivers\pciide.sys
0x009B9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C9000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A0E000 \SystemRoot\system32\drivers\iastorv.sys
0x00AD5000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00BEF000 \SystemRoot\system32\drivers\atapi.sys
0x009DC000 \SystemRoot\system32\drivers\ataport.SYS
0x00C07000 \SystemRoot\system32\drivers\fltmgr.sys
0x00C4D000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C61000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x00C77000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E04000 \SystemRoot\system32\drivers\ndis.sys
0x00CFE000 \SystemRoot\system32\drivers\msrpc.sys
0x00D4E000 \SystemRoot\system32\drivers\NETIO.SYS
0x0100F000 \SystemRoot\System32\drivers\tcpip.sys
0x01183000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01201000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01385000 \SystemRoot\system32\drivers\volsnap.sys
0x013C9000 \SystemRoot\System32\Drivers\spldr.sys
0x013D1000 \SystemRoot\System32\Drivers\mup.sys
0x011AF000 \SystemRoot\System32\drivers\ecache.sys
0x013E3000 \SystemRoot\system32\drivers\disk.sys
0x00FC7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x011DB000 \SystemRoot\system32\drivers\crcdisk.sys
0x0271F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0272C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02735000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02748000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x02A0F000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0320F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x032EE000 \SystemRoot\System32\drivers\watchdog.sys
0x032FD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03310000 \SystemRoot\system32\DRIVERS\e1y60x64.sys
0x0335D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03369000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x033AF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0313E000 \SystemRoot\system32\drivers\ctaud2k.sys
0x033C0000 \SystemRoot\system32\drivers\portcls.sys
0x0278E000 \SystemRoot\system32\drivers\drmk.sys
0x027B1000 \SystemRoot\system32\drivers\ks.sys
0x00DA6000 \SystemRoot\system32\drivers\ctoss2k.sys
0x03200000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x03208000 \SystemRoot\system32\drivers\ksthunk.sys
0x031E7000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x027E5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x00DD7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0340B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03443000 \SystemRoot\system32\DRIVERS\storport.sys
0x034A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x034AD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x034D0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x034DC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0350D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0351D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0353B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03553000 \SystemRoot\System32\Drivers\pcouffin.sys
0x03568000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0357A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03588000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03594000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03596000 \SystemRoot\system32\DRIVERS\circlass.sys
0x035A7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x035B2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0380F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03856000 \SystemRoot\system32\drivers\ha20x22k.sys
0x0500B000 \SystemRoot\system32\drivers\emupia2k.sys
0x05055000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x0508D000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0x050A9000 \SystemRoot\System32\drivers\CT20XUT.SYS
0x050E6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05608000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0x0576C000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x0578E000 \SystemRoot\system32\drivers\HdAudio.sys
0x057D7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x057E1000 \SystemRoot\System32\Drivers\Null.SYS
0x050FA000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x057F4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0511C000 \SystemRoot\System32\drivers\vga.sys
0x0512A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x057EA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0514F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x05158000 \SystemRoot\System32\Drivers\Msfs.SYS
0x05163000 \SystemRoot\System32\Drivers\Npfs.SYS
0x05174000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0517D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0519A000 \SystemRoot\system32\DRIVERS\smb.sys
0x05807000 \SystemRoot\system32\drivers\afd.sys
0x05874000 \SystemRoot\System32\DRIVERS\netbt.sys
0x058B8000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x058C3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x058E1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x058F0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0590B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x05959000 \SystemRoot\system32\drivers\nsiproxy.sys
0x05965000 \SystemRoot\System32\Drivers\dfsc.sys
0x05982000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02600000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05990000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x059AC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x059AE000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x059B9000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x059C9000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x059F1000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x051B5000 \SystemRoot\System32\drivers\Dxapi.sys
0x051C1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x051CA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x051DC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x051E7000 \SystemRoot\system32\DRIVERS\RzSynapse.sys
0x05000000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x059FB000 \SystemRoot\system32\drivers\Lycosa.sys
0x039E3000 \SystemRoot\system32\DRIVERS\xusb21.sys
0x035C2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x035D5000 \SystemRoot\system32\drivers\luafv.sys
0x05600000 \??\C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftvollh.sys
0x00620000 \SystemRoot\System32\cdd.dll
0x08205000 \SystemRoot\system32\drivers\spsys.sys
0x0829F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x082B3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x082CB000 \SystemRoot\system32\drivers\HTTP.sys
0x0836A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08392000 \SystemRoot\system32\DRIVERS\bowser.sys
0x083B0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x083CA000 \SystemRoot\system32\drivers\mrxdav.sys
0x007CB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0840F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08458000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08477000 \SystemRoot\System32\DRIVERS\srv2.sys
0x084A9000 \SystemRoot\System32\DRIVERS\srv.sys
0x08540000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0854B000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x08C08000 \SystemRoot\system32\drivers\peauth.sys
0x08CBE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08CC9000 \??\C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftfslh.sys
0x08D7E000 \??\C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys
0x08DC9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08DD8000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x08DE3000 \SystemRoot\system32\drivers\tdtcp.sys
0x08DF0000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x0856B000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x085A7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x08C00000 \??\C:\Users\Chad\AppData\Local\Temp\ALSysIO64.sys
0x77450000 \Windows\System32\ntdll.dll

Processes (total 79):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
536 csrss.exe
608 C:\Windows\System32\wininit.exe
628 csrss.exe
664 C:\Windows\System32\services.exe
684 C:\Windows\System32\lsass.exe
692 C:\Windows\System32\lsm.exe
848 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\atiesrxx.exe
1012 C:\Windows\System32\winlogon.exe
284 C:\Windows\System32\svchost.exe
372 C:\Windows\System32\svchost.exe
384 C:\Windows\System32\svchost.exe
544 C:\Windows\System32\audiodg.exe
656 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
464 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\SLsvc.exe
1084 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\spoolsv.exe
1448 C:\Windows\System32\svchost.exe
1656 C:\Windows\System32\atieclxx.exe
1180 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1456 C:\Windows\System32\svchost.exe
2108 C:\Windows\SysWOW64\svchost.exe
2136 C:\Windows\System32\svchost.exe
2312 C:\Windows\System32\svchost.exe
2324 C:\Windows\System32\svchost.exe
2668 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
2692 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
2712 C:\Windows\System32\svchost.exe
2744 C:\Windows\System32\svchost.exe
2780 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2852 C:\Windows\System32\SearchIndexer.exe
2892 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2968 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2184 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3236 C:\Windows\System32\taskeng.exe
3276 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3040 C:\Windows\System32\taskeng.exe
296 C:\Windows\System32\dwm.exe
3488 C:\Windows\explorer.exe
3116 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3672 C:\Windows\System32\wpcumi.exe
3216 C:\Program Files\Windows Sidebar\sidebar.exe
3616 C:\Windows\ehome\ehtray.exe
1592 C:\Program Files (x86)\uTorrent\uTorrent .exe
4072 WmiPrvSE.exe
4000 C:\Users\Chad\Downloads\CoreTemp\Core Temp.exe
3876 C:\Windows\ehome\ehmsas.exe
2944 C:\Windows\SysWOW64\Ctxfihlp.exe
2704 C:\Windows\SysWOW64\CTxfispi.exe
3640 C:\Program Files\Windows Sidebar\sidebar.exe
4212 C:\Program Files\Windows Media Player\wmpnscfg.exe
4272 C:\Windows\System32\wbem\unsecapp.exe
4344 C:\Program Files\Windows Media Player\wmpnetwk.exe
4700 C:\Users\Chad\Downloads\CoreTemp\Core Temp .exe
4732 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
4752 C:\Program Files (x86)\Razer\Naga\NagaTray .exe
4868 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl .exe
4908 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM .exe
5076 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
812 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4004 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2376 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3100 C:\Windows\System32\svchost.exe
3828 C:\Windows\System32\mobsync.exe
872 C:\ProgramData\6QCtWn67.exe_
4324 C:\Windows\servicing\TrustedInstaller.exe
1100 C:\Windows\System32\wuauclt.exe
4884 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4144 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5084 C:\Windows\System32\SearchProtocolHost.exe
5048 C:\Windows\System32\SearchFilterHost.exe
5608 C:\Windows\System32\SearchProtocolHost.exe
5352 C:\Users\Chad\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: 4˙Ç  ł4˙Ç  ¸

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:48 PM

Posted 06 October 2010 - 06:54 AM

Can you please rerun an OTL quick scan and post me OTL.txt

Last time the log got cut off half way.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 rochellerco

rochellerco
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 06 October 2010 - 09:33 AM

at your request, a new OTL.TXT

OTL logfile created on: 10/6/2010 9:31:34 AM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Chad\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.18 Gb Total Space | 341.98 Gb Free Space | 57.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAD-PC
Current User Name: Chad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/01 01:23:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
PRC - [2010/09/23 18:44:59 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent .exe
PRC - [2010/09/22 21:19:45 | 000,094,728 | ---- | M] () -- C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
PRC - [2010/06/09 03:06:33 | 000,976,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM .exe
PRC - [2010/01/02 10:10:02 | 001,631,616 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\NagaTray .exe
PRC - [2009/09/26 08:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2009/09/23 16:04:42 | 000,447,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/09/23 16:04:42 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/07/14 00:28:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2009/07/14 00:22:08 | 001,263,616 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009/03/02 11:24:13 | 000,319,504 | ---- | M] () -- C:\Users\Chad\Downloads\CoreTemp\Core Temp .exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/08/06 19:00:50 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/08/06 19:00:48 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/10/01 01:23:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2010/07/06 20:50:54 | 000,203,264 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 12:22:13 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/26 08:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2009/09/23 16:04:42 | 000,447,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/09/23 16:04:42 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/05/07 22:01:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/02/09 14:57:14 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2009/02/07 20:36:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/08/06 19:00:50 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2010/07/16 15:40:07 | 000,834,544 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/06 21:30:08 | 007,195,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/07/06 21:30:08 | 007,195,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/06 20:15:42 | 000,265,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/19 16:10:25 | 000,082,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/12/24 13:28:54 | 000,065,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2009/11/18 18:31:24 | 000,120,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/23 16:04:52 | 000,025,944 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/14 02:54:52 | 001,613,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2009/07/14 02:54:38 | 001,568,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2009/07/14 02:54:28 | 000,118,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009/07/14 02:54:18 | 000,213,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009/07/14 02:54:12 | 000,015,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009/07/14 02:54:04 | 000,179,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009/07/14 02:53:54 | 000,696,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009/07/14 02:53:46 | 000,580,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009/07/14 02:53:36 | 001,445,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2009/07/14 02:53:36 | 001,445,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2009/07/14 02:53:24 | 000,095,256 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2009/07/14 02:53:24 | 000,095,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2009/07/14 02:53:16 | 000,230,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2009/07/14 02:53:16 | 000,230,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2009/03/29 11:24:19 | 000,069,664 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/02/06 14:24:50 | 000,120,128 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/02/06 14:23:20 | 000,132,464 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/02/04 20:19:34 | 000,024,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2008/11/26 19:20:36 | 000,034,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2008/11/21 09:53:32 | 000,306,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2008/09/17 16:14:00 | 000,012,744 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/07/20 20:44:54 | 000,402,456 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:47:27 | 000,903,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2008/01/20 21:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2008/01/18 01:51:44 | 000,018,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2007/08/28 17:04:20 | 000,067,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2007/08/17 16:48:46 | 000,030,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2005/10/21 18:01:22 | 000,019,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbicp.sys -- (uisp)
DRV - [2010/10/04 01:00:45 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2009/09/23 16:04:42 | 000,261,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)
DRV - [2009/09/23 16:04:42 | 000,017,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)
DRV - [2009/09/23 16:04:38 | 000,712,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)
DRV - [2004/06/22 16:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 40 70 F6 99 B2 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/03/26 23:06:48 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Mozilla\Extensions
[2010/03/26 23:06:48 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe File not found
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe ()
O4 - HKCU..\Run: [Core Temp] C:\Users\Chad\Downloads\CoreTemp\Core Temp.exe ()
O4 - HKCU..\Run: [Creative Software Update] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe File not found
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent .exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s...ri_4.1.55.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...114/mcfscan.cab (McFreeScan Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: F:\pictures\322b.jpg
O24 - Desktop BackupWallPaper: F:\pictures\322b.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a261e5ed-911a-11df-9aff-001cc094976e}\Shell - "" = AutoRun
O33 - MountPoints2\{a261e5ed-911a-11df-9aff-001cc094976e}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/01 01:23:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
[2010/09/27 22:39:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/27 16:18:39 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/23 20:20:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2010/09/23 20:20:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2010/09/23 15:23:13 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Tific
[2010/09/23 14:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/09/23 14:39:31 | 000,000,000 | ---D | C] -- C:\Users\Chad\Documents\Symantec
[2010/09/23 14:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/09/23 14:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/09/22 21:31:06 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/09/22 21:25:26 | 000,000,000 | ---D | C] -- C:\Windows\McAfee.com
[2010/09/13 21:36:05 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/13 15:19:36 | 000,000,000 | ---D | C] -- C:\Users\Chad\Desktop\to rename
[2010/09/12 00:37:01 | 000,000,000 | ---D | C] -- C:\Users\Chad\Desktop\to transfer
[2010/09/11 20:15:14 | 000,000,000 | ---D | C] -- C:\Users\Chad\Desktop\phone photos
[2010/08/19 04:25:17 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Uxybin
[2010/08/16 17:35:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/08/16 17:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010/08/10 18:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2010/08/10 18:28:24 | 000,000,000 | ---D | C] -- C:\Users\Chad\Documents\Vindictus
[2010/08/10 18:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2010/08/10 18:26:49 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/08/10 18:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/08/05 08:43:57 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Yknu
[2010/07/16 16:08:25 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/07/16 16:07:11 | 000,000,000 | ---D | C] -- C:\Users\Chad\Documents\BioWare
[2010/07/16 16:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010/07/16 16:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010/07/16 15:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect
[2010/07/16 15:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/07/16 15:39:15 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\DAEMON Tools Lite
[2010/07/16 15:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/07/16 14:14:16 | 000,000,000 | ---D | C] -- C:\Users\Chad\Desktop\games
[2010/07/09 16:16:38 | 000,000,000 | ---D | C] -- C:\Users\Chad\.crisisX_474
[2010/05/19 16:10:25 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Chad\AppData\Roaming\pcouffin.sys
[2010/05/06 10:35:17 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.46.exe
[2009/07/14 00:30:56 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[30 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/06 09:31:34 | 003,145,728 | -HS- | M] () -- C:\Users\Chad\ntuser.dat
[2010/10/06 09:29:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{11D40478-05FF-4A71-B4BA-6670566730C1}.job
[2010/10/06 09:29:21 | 000,708,258 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/06 09:29:21 | 000,607,612 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/06 09:29:21 | 000,104,994 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/06 09:23:09 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/06 09:23:01 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/06 09:23:01 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/06 09:22:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/06 09:22:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/06 09:06:12 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/10/06 09:06:12 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/10/06 09:06:12 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/10/06 09:05:51 | 000,524,288 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{c6c3bf54-c839-11df-9d52-001cc094976e}.TMContainer00000000000000000001.regtrans-ms
[2010/10/06 09:05:51 | 000,065,536 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{c6c3bf54-c839-11df-9d52-001cc094976e}.TM.blf
[2010/10/06 09:05:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/06 09:04:30 | 000,000,112 | ---- | M] () -- C:\ProgramData\bitBy6gO.dat
[2010/10/06 09:04:24 | 000,073,218 | ---- | M] () -- C:\ProgramData\6QCtWn67.exe
[2010/10/05 18:19:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/05 18:16:58 | 000,080,384 | ---- | M] () -- C:\Users\Chad\Desktop\MBRCheck.exe
[2010/10/04 03:58:16 | 001,832,292 | -H-- | M] () -- C:\Users\Chad\AppData\Local\IconCache.db
[2010/10/04 01:00:45 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/10/04 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At26.job
[2010/10/04 00:56:44 | 000,133,632 | ---- | M] () -- C:\Users\Chad\Desktop\RKUnhookerLE.EXE
[2010/10/04 00:42:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At25.job
[2010/10/03 15:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At40.job
[2010/10/02 20:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/10/02 20:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At45.job
[2010/10/02 19:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/10/02 19:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At44.job
[2010/10/02 17:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/10/02 17:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At42.job
[2010/10/02 12:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/10/02 12:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At37.job
[2010/10/02 11:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/10/02 11:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At36.job
[2010/10/01 22:09:59 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/10/01 22:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At47.job
[2010/10/01 21:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/10/01 21:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At46.job
[2010/10/01 14:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At39.job
[2010/10/01 02:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/10/01 02:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At27.job
[2010/10/01 01:23:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
[2010/09/28 16:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/09/27 23:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/09/27 23:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At48.job
[2010/09/27 22:39:28 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2010/09/27 21:39:33 | 000,196,608 | ---- | M] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 18:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/09/27 18:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At43.job
[2010/09/27 16:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At41.job
[2010/09/27 15:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/09/27 14:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/09/27 13:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/09/27 13:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At38.job
[2010/09/27 11:22:30 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/09/27 10:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/09/27 10:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At35.job
[2010/09/27 09:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/09/27 09:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At34.job
[2010/09/27 08:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/09/27 08:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At33.job
[2010/09/27 07:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/09/27 07:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At32.job
[2010/09/24 20:36:15 | 000,524,288 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{c6c3bf54-c839-11df-9d52-001cc094976e}.TMContainer00000000000000000002.regtrans-ms
[2010/09/24 19:14:57 | 000,271,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/24 19:11:42 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010/09/24 19:11:42 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2010/09/24 19:09:30 | 000,419,840 | ---- | M] () -- C:\Windows\SysNative\wrap_oal.dll
[2010/09/24 19:09:30 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/09/24 19:09:30 | 000,133,632 | ---- | M] () -- C:\Windows\SysNative\OpenAL32.dll
[2010/09/24 19:09:30 | 000,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/09/24 19:08:04 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/09/24 14:35:21 | 000,524,288 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{1e785499-c00a-11df-85f0-001cc094976e}.TMContainer00000000000000000001.regtrans-ms
[2010/09/24 14:35:21 | 000,065,536 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{1e785499-c00a-11df-85f0-001cc094976e}.TM.blf
[2010/09/24 14:35:01 | 000,000,188 | ---- | M] () -- C:\Users\Chad\defogger_reenable
[2010/09/24 06:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/09/24 06:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At31.job
[2010/09/24 05:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/09/24 05:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At30.job
[2010/09/24 04:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/09/24 04:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At29.job
[2010/09/24 03:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/09/24 03:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At28.job
[2010/09/24 01:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/09/24 00:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/09/23 20:19:24 | 003,735,552 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/09/23 20:19:23 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/09/23 20:19:23 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/09/23 20:19:20 | 003,866,624 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2010/09/23 20:19:20 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2010/09/23 20:19:20 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2010/09/23 16:18:21 | 000,002,583 | ---- | M] () -- C:\Users\Chad\Desktop\OneNote.lnk
[2010/09/20 12:30:44 | 000,000,998 | ---- | M] () -- C:\ProgramData\.wtav
[2010/09/16 02:17:30 | 000,524,288 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{1e785499-c00a-11df-85f0-001cc094976e}.TMContainer00000000000000000002.regtrans-ms
[2010/09/15 11:49:57 | 000,524,288 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{a183e7da-66ae-11de-ad62-001cc094976e}.TMContainer00000000000000000001.regtrans-ms
[2010/09/15 11:49:57 | 000,065,536 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{a183e7da-66ae-11de-ad62-001cc094976e}.TM.blf
[2010/08/22 11:03:43 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/22 11:00:13 | 000,000,846 | ---- | M] () -- C:\Users\Chad\Desktop\CCleaner.lnk
[2010/08/12 03:06:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01005.Wdf
[2010/08/10 18:27:50 | 000,000,207 | ---- | M] () -- C:\Users\Public\Desktop\Vindictus.url
[2010/07/29 16:16:08 | 000,000,171 | ---- | M] () -- C:\Users\Chad\Documents\TEST.rtf
[2010/07/16 16:08:25 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/07/16 15:40:08 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010/07/16 15:40:07 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/16 15:01:41 | 001,136,128 | -HS- | M] () -- C:\Users\Chad\ehthumbs_vista.db
[2010/07/16 15:01:40 | 000,710,144 | -HS- | M] () -- C:\Users\Chad\Desktop\ehthumbs_vista.db
[2010/07/09 16:29:10 | 000,000,041 | ---- | M] () -- C:\Users\Chad\jagex_runescape_preferences.dat
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[30 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/05 18:16:58 | 000,080,384 | ---- | C] () -- C:\Users\Chad\Desktop\MBRCheck.exe
[2010/10/01 01:38:59 | 000,133,632 | ---- | C] () -- C:\Users\Chad\Desktop\RKUnhookerLE.EXE
[2010/10/01 01:30:28 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/09/28 16:15:54 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/09/27 22:39:28 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2010/09/24 19:26:13 | 000,524,288 | -HS- | C] () -- C:\Users\Chad\ntuser.dat{c6c3bf54-c839-11df-9d52-001cc094976e}.TMContainer00000000000000000002.regtrans-ms
[2010/09/24 19:26:13 | 000,524,288 | -HS- | C] () -- C:\Users\Chad\ntuser.dat{c6c3bf54-c839-11df-9d52-001cc094976e}.TMContainer00000000000000000001.regtrans-ms
[2010/09/24 19:26:13 | 000,065,536 | -HS- | C] () -- C:\Users\Chad\ntuser.dat{c6c3bf54-c839-11df-9d52-001cc094976e}.TM.blf
[2010/09/24 19:11:42 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/09/24 19:11:42 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/09/24 19:11:42 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010/09/24 19:11:42 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2010/09/24 19:11:42 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/09/24 14:35:01 | 000,000,188 | ---- | C] () -- C:\Users\Chad\defogger_reenable
[2010/09/23 20:19:20 | 003,735,552 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/09/23 20:19:20 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/09/23 20:19:20 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/09/23 20:19:06 | 003,866,624 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2010/09/23 20:19:06 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2010/09/23 20:19:06 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2010/09/22 16:20:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At48.job
[2010/09/22 16:20:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At47.job
[2010/09/22 16:20:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At46.job
[2010/09/22 16:20:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At45.job
[2010/09/22 16:20:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At44.job
[2010/09/22 16:20:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At43.job
[2010/09/22 16:20:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At42.job
[2010/09/22 16:20:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At41.job
[2010/09/22 16:20:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At40.job
[2010/09/22 16:20:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At39.job
[2010/09/22 16:20:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At38.job
[2010/09/22 16:20:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At37.job
[2010/09/22 16:20:14 | 000,073,218 | ---- | C] () -- C:\ProgramData\6QCtWn67.exe
[2010/09/22 16:20:14 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At36.job
[2010/09/22 16:20:14 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At35.job
[2010/09/22 16:20:14 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At34.job
[2010/09/22 16:20:14 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At33.job
[2010/09/22 16:20:14 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At32.job
[2010/09/22 16:20:14 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At31.job
[2010/09/22 16:20:14 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At30.job
[2010/09/22 16:20:14 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At29.job
[2010/09/22 16:20:14 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At28.job
[2010/09/22 16:20:14 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At27.job
[2010/09/22 16:20:14 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At26.job
[2010/09/22 16:20:14 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At25.job
[2010/09/22 16:20:13 | 000,000,112 | ---- | C] () -- C:\ProgramData\bitBy6gO.dat
[2010/09/22 16:18:43 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010/09/22 16:18:43 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010/09/22 16:18:43 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010/09/22 16:18:43 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010/09/22 16:18:43 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010/09/22 16:18:43 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010/09/22 16:18:43 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010/09/22 16:18:43 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010/09/22 16:18:43 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010/09/22 16:18:43 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010/09/22 16:18:43 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010/09/22 16:18:43 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010/09/22 16:18:43 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010/09/22 16:18:42 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/09/22 16:18:42 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/09/22 16:18:42 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/09/22 16:18:42 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/09/22 16:18:42 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/09/22 16:18:42 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/09/22 16:18:42 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/09/22 16:18:42 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/09/22 16:18:42 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010/09/22 16:18:42 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/09/22 16:18:42 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/09/20 12:26:21 | 000,000,998 | ---- | C] () -- C:\ProgramData\.wtav
[2010/09/15 14:36:02 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/15 14:36:01 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/15 14:35:58 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/15 14:35:58 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/09/15 11:54:08 | 000,524,288 | -HS- | C] () -- C:\Users\Chad\ntuser.dat{1e785499-c00a-11df-85f0-001cc094976e}.TMContainer00000000000000000002.regtrans-ms
[2010/09/15 11:54:08 | 000,524,288 | -HS- | C] () -- C:\Users\Chad\ntuser.dat{1e785499-c00a-11df-85f0-001cc094976e}.TMContainer00000000000000000001.regtrans-ms
[2010/09/15 11:54:08 | 000,065,536 | -HS- | C] () -- C:\Users\Chad\ntuser.dat{1e785499-c00a-11df-85f0-001cc094976e}.TM.blf
[2010/08/22 11:03:43 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/12 03:06:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01005.Wdf
[2010/08/11 22:05:20 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/11 22:05:19 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/11 22:05:19 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/11 22:05:17 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/11 22:05:17 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 22:05:15 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 22:05:08 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/11 22:05:08 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/11 22:05:07 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 22:05:03 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/11 22:05:03 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/11 22:05:02 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 22:05:02 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/11 22:05:02 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 22:05:02 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/11 22:05:02 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 22:05:02 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/11 22:05:02 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/11 22:05:02 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 22:05:02 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/11 22:05:02 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/11 22:05:01 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/11 22:05:01 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 22:05:01 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 22:05:01 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 22:05:01 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 22:05:01 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/11 22:05:00 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/11 22:04:57 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/10 18:27:50 | 000,000,207 | ---- | C] () -- C:\Users\Public\Desktop\Vindictus.url
[2010/08/02 13:20:29 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/07/29 16:16:08 | 000,000,171 | ---- | C] () -- C:\Users\Chad\Documents\TEST.rtf
[2010/07/16 16:06:31 | 003,977,496 | ---- | C] () -- C:\Windows\SysNative\d3dx9_31.dll
[2010/07/16 16:06:31 | 000,364,824 | ---- | C] () -- C:\Windows\SysNative\xactengine2_4.dll
[2010/07/16 16:06:31 | 000,091,928 | ---- | C] () -- C:\Windows\SysNative\xinput1_3.dll
[2010/07/16 16:06:31 | 000,017,688 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/07/16 16:06:30 | 000,363,288 | ---- | C] () -- C:\Windows\SysNative\xactengine2_3.dll
[2010/07/16 16:06:29 | 000,354,072 | ---- | C] () -- C:\Windows\SysNative\xactengine2_2.dll
[2010/07/16 16:06:29 | 000,083,736 | ---- | C] () -- C:\Windows\SysNative\xinput1_2.dll
[2010/07/16 16:06:28 | 000,083,664 | ---- | C] () -- C:\Windows\SysNative\xinput1_1.dll
[2010/07/16 16:06:27 | 000,352,464 | ---- | C] () -- C:\Windows\SysNative\xactengine2_1.dll
[2010/07/16 16:06:13 | 003,927,248 | ---- | C] () -- C:\Windows\SysNative\d3dx9_30.dll
[2010/07/16 16:06:12 | 003,830,992 | ---- | C] () -- C:\Windows\SysNative\d3dx9_29.dll
[2010/07/16 16:06:12 | 000,355,536 | ---- | C] () -- C:\Windows\SysNative\xactengine2_0.dll
[2010/07/16 16:06:12 | 000,016,592 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/07/16 16:06:10 | 003,807,440 | ---- | C] () -- C:\Windows\SysNative\d3dx9_27.dll
[2010/07/16 16:06:09 | 003,823,312 | ---- | C] () -- C:\Windows\SysNative\d3dx9_25.dll
[2010/07/16 16:06:09 | 003,767,504 | ---- | C] () -- C:\Windows\SysNative\d3dx9_26.dll
[2010/07/16 16:06:08 | 003,544,272 | ---- | C] () -- C:\Windows\SysNative\d3dx9_24.dll
[2010/07/16 15:40:08 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010/07/16 15:40:07 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/16 15:00:18 | 000,710,144 | -HS- | C] () -- C:\Users\Chad\Desktop\ehthumbs_vista.db
[2010/07/16 15:00:03 | 001,136,128 | -HS- | C] () -- C:\Users\Chad\ehthumbs_vista.db
[2010/05/19 16:11:25 | 000,001,057 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\vso_ts_preview.xml
[2010/05/19 16:10:50 | 000,000,034 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\pcouffin.log
[2010/05/19 16:10:25 | 000,099,384 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\inst.exe
[2010/05/19 16:10:25 | 000,007,859 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\pcouffin.cat
[2010/05/19 16:10:25 | 000,001,167 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\pcouffin.inf
[2010/05/06 10:13:27 | 000,000,006 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\dm.ini
[2010/05/06 10:13:24 | 000,001,667 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\AdobeDLM.log
[2010/03/21 16:13:41 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2010/03/06 18:22:52 | 000,551,054 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_vcredistMSI4D4A.txt
[2010/03/06 18:22:49 | 000,014,300 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_vcredistUI4D4A.txt
[2009/08/31 19:13:03 | 000,712,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/31 00:49:20 | 000,218,034 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_ATL90SP1_KB973924MSI1DFE.txt
[2009/07/31 00:49:20 | 000,011,732 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_ATL90SP1_KB973924UI1DFE.txt
[2009/07/31 00:49:14 | 000,524,316 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_ATL80SP1_KB973923MSI1DE4.txt
[2009/07/31 00:49:12 | 000,011,780 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_ATL80SP1_KB973923UI1DE4.txt
[2009/07/31 00:49:02 | 000,523,584 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_ATL80SP1_KB973923MSI1DC3.txt
[2009/07/31 00:49:02 | 000,011,780 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_ATL80SP1_KB973923UI1DC3.txt
[2009/07/14 01:14:20 | 000,027,839 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/07/14 00:28:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/05/26 12:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/05/12 16:16:36 | 000,000,680 | ---- | C] () -- C:\Users\Chad\AppData\Local\d3d9caps.dat
[2009/05/12 16:10:20 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2009/04/29 10:07:12 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/04/10 15:37:43 | 000,000,799 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/03/02 12:24:27 | 008,548,352 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009/02/27 03:20:03 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/02/09 11:42:29 | 000,196,608 | ---- | C] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/07 22:12:52 | 000,000,732 | ---- | C] () -- C:\Users\Chad\AppData\Local\d3d9caps64.dat
[2009/02/07 20:38:43 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/02/07 20:38:43 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/02/07 20:38:27 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/10/15 21:12:02 | 000,000,180 | ---- | C] () -- C:\Program Files\cpuz.ini
[2008/02/05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Users\Chad\AppData\Local\setup.txt
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/02/08 21:28:14 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Acreon
[2009/02/10 20:19:39 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/16 16:07:29 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\DAEMON Tools Lite
[2010/09/27 22:44:44 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Geevyx
[2009/08/31 19:07:28 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\GetRightToGo
[2009/02/07 20:25:27 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\InterTrust
[2009/05/18 17:45:41 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\LEGO Company
[2010/10/01 13:51:36 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\LimeWire
[2009/09/19 00:33:25 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/09/27 15:09:27 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Nate
[2010/09/24 13:41:21 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Nuaksa
[2010/03/06 21:07:50 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\NVD
[2010/09/27 22:44:44 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Olzuu
[2010/03/21 16:13:42 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Shark007
[2010/09/24 14:19:02 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\SoftGrid Client
[2009/06/03 20:38:05 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Thinstall
[2010/09/23 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Tific
[2010/03/06 21:07:54 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\TP
[2010/10/06 09:23:10 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\uTorrent
[2010/09/24 11:45:44 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Uxybin
[2010/05/22 18:04:37 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Vso
[2010/09/27 14:33:24 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Yknu
[2010/09/27 11:22:30 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/09/24 00:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/09/27 09:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2010/09/27 10:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2010/10/02 11:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2010/10/02 12:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2010/09/27 13:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2010/09/27 14:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2010/09/27 15:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2010/09/28 16:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2010/10/02 17:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2010/09/27 18:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2010/09/24 01:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/10/02 19:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2010/10/02 20:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2010/10/01 21:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2010/10/01 22:09:59 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2010/09/27 23:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2010/10/04 00:42:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2010/10/04 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2010/10/01 02:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2010/09/24 03:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2010/09/24 04:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2010/10/01 02:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/09/24 05:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2010/09/24 06:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2010/09/27 07:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2010/09/27 08:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2010/09/27 09:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2010/09/27 10:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2010/10/02 11:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2010/10/02 12:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2010/09/27 13:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2010/10/01 14:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2010/09/24 03:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/10/03 15:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2010/09/27 16:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2010/10/02 17:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2010/09/27 18:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2010/10/02 19:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2010/10/02 20:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2010/10/01 21:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2010/10/01 22:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2010/09/27 23:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2010/09/24 04:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010/09/24 05:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2010/09/24 06:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2010/09/27 07:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2010/09/27 08:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2010/10/06 09:05:52 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/06 09:29:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{11D40478-05FF-4A71-B4BA-6670566730C1}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2008/01/20 21:49:46 | 000,137,728 | ---- | M] ()(C:\Windows\SysNative\us?rinit.exe) -- C:\Windows\SysNative\usеrinit.exe
[2008/01/20 21:49:46 | 000,137,728 | ---- | C] ()(C:\Windows\SysNative\us?rinit.exe) -- C:\Windows\SysNative\usеrinit.exe
< End of report >


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:48 PM

Posted 06 October 2010 - 11:31 AM

That shows some problems. smile.gif

OTL FIX
------------
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :otl
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

    :files
    c:\windows\tasks\at*.job

    :commands
    [emptytemp]


    Please let me know how things are running afterwards.
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 rochellerco

rochellerco
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 06 October 2010 - 03:28 PM

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
========== FILES ==========
File\Folder c:\windows\tasks\at*.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chad
->Temp folder emptied: 192293 bytes
->Temporary Internet Files folder emptied: 4477480 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1243 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: The boys
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 6547011 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 161617 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49554 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10062010_152255

Files\Folders moved on Reboot...

Did not fix the problem, random souns and "you've won" still playing


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:48 PM

Posted 06 October 2010 - 03:31 PM

Please run the following fix.
CODE
:otl
[2010/09/24 00:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/09/27 09:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2010/09/27 10:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2010/10/02 11:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2010/10/02 12:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2010/09/27 13:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2010/09/27 14:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2010/09/27 15:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2010/09/28 16:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2010/10/02 17:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2010/09/27 18:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2010/09/24 01:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/10/02 19:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2010/10/02 20:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2010/10/01 21:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2010/10/01 22:09:59 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2010/09/27 23:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2010/10/04 00:42:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2010/10/04 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2010/10/01 02:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2010/09/24 03:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2010/09/24 04:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2010/10/01 02:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/09/24 05:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2010/09/24 06:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2010/09/27 07:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2010/09/27 08:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2010/09/27 09:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2010/09/27 10:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2010/10/02 11:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2010/10/02 12:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2010/09/27 13:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2010/10/01 14:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2010/09/24 03:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/10/03 15:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2010/09/27 16:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2010/10/02 17:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2010/09/27 18:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2010/10/02 19:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2010/10/02 20:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2010/10/01 21:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2010/10/01 22:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2010/09/27 23:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2010/09/24 04:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010/09/24 05:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2010/09/24 06:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2010/09/27 07:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2010/09/27 08:10:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At9.job

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 rochellerco

rochellerco
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 06 October 2010 - 04:10 PM

========== OTL ==========
File C:\Windows\Tasks\At1.job not found.
File C:\Windows\Tasks\At10.job not found.
File C:\Windows\Tasks\At11.job not found.
File C:\Windows\Tasks\At12.job not found.
File C:\Windows\Tasks\At13.job not found.
File C:\Windows\Tasks\At14.job not found.
File C:\Windows\Tasks\At15.job not found.
File C:\Windows\Tasks\At16.job not found.
File C:\Windows\Tasks\At17.job not found.
File C:\Windows\Tasks\At18.job not found.
File C:\Windows\Tasks\At19.job not found.
File C:\Windows\Tasks\At2.job not found.
File C:\Windows\Tasks\At20.job not found.
File C:\Windows\Tasks\At21.job not found.
File C:\Windows\Tasks\At22.job not found.
File C:\Windows\Tasks\At23.job not found.
File C:\Windows\Tasks\At24.job not found.
File C:\Windows\Tasks\At25.job not found.
File C:\Windows\Tasks\At26.job not found.
File C:\Windows\Tasks\At27.job not found.
File C:\Windows\Tasks\At28.job not found.
File C:\Windows\Tasks\At29.job not found.
File C:\Windows\Tasks\At3.job not found.
File C:\Windows\Tasks\At30.job not found.
File C:\Windows\Tasks\At31.job not found.
File C:\Windows\Tasks\At32.job not found.
File C:\Windows\Tasks\At33.job not found.
File C:\Windows\Tasks\At34.job not found.
File C:\Windows\Tasks\At35.job not found.
File C:\Windows\Tasks\At36.job not found.
File C:\Windows\Tasks\At37.job not found.
File C:\Windows\Tasks\At38.job not found.
File C:\Windows\Tasks\At39.job not found.
File C:\Windows\Tasks\At4.job not found.
File C:\Windows\Tasks\At40.job not found.
File C:\Windows\Tasks\At41.job not found.
File C:\Windows\Tasks\At42.job not found.
File C:\Windows\Tasks\At43.job not found.
File C:\Windows\Tasks\At44.job not found.
File C:\Windows\Tasks\At45.job not found.
File C:\Windows\Tasks\At46.job not found.
File C:\Windows\Tasks\At47.job not found.
File C:\Windows\Tasks\At48.job not found.
File C:\Windows\Tasks\At5.job not found.
File C:\Windows\Tasks\At6.job not found.
File C:\Windows\Tasks\At7.job not found.
File C:\Windows\Tasks\At8.job not found.
File C:\Windows\Tasks\At9.job not found.

OTL by OldTimer - Version 3.2.14.1 log created on 10062010_160924
did not fix


#12 rochellerco

rochellerco
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 06 October 2010 - 04:14 PM

fresh log file.......

OTL logfile created on: 10/6/2010 4:12:07 PM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Chad\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 63.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.18 Gb Total Space | 342.58 Gb Free Space | 57.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAD-PC
Current User Name: Chad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/06 14:30:57 | 000,073,218 | ---- | M] () -- C:\ProgramData\6QCtWn67.exe
PRC - [2010/10/01 01:23:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
PRC - [2010/09/23 18:44:59 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent .exe
PRC - [2010/09/22 21:19:45 | 000,094,728 | ---- | M] () -- C:\Users\Chad\Downloads\CoreTemp\Core Temp.exe
PRC - [2010/06/09 03:06:33 | 000,976,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM .exe
PRC - [2010/01/02 10:10:02 | 001,631,616 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\NagaTray .exe
PRC - [2009/09/26 08:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2009/09/23 16:04:42 | 000,447,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/09/23 16:04:42 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/07/14 00:28:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2009/07/14 00:22:08 | 001,263,616 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009/03/02 11:24:13 | 000,319,504 | ---- | M] () -- C:\Users\Chad\Downloads\CoreTemp\Core Temp .exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/08/06 19:00:50 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/08/06 19:00:48 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/10/01 01:23:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2010/07/06 20:50:54 | 000,203,264 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 12:22:13 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/26 08:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2009/09/23 16:04:42 | 000,447,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/09/23 16:04:42 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/05/07 22:01:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/02/09 14:57:14 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2009/02/07 20:36:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/08/06 19:00:50 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2010/07/16 15:40:07 | 000,834,544 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/06 21:30:08 | 007,195,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/07/06 21:30:08 | 007,195,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/06 20:15:42 | 000,265,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/19 16:10:25 | 000,082,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/12/24 13:28:54 | 000,065,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2009/11/18 18:31:24 | 000,120,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/23 16:04:52 | 000,025,944 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/14 02:54:52 | 001,613,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2009/07/14 02:54:38 | 001,568,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2009/07/14 02:54:28 | 000,118,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009/07/14 02:54:18 | 000,213,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009/07/14 02:54:12 | 000,015,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009/07/14 02:54:04 | 000,179,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009/07/14 02:53:54 | 000,696,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009/07/14 02:53:46 | 000,580,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009/07/14 02:53:36 | 001,445,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2009/07/14 02:53:36 | 001,445,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2009/07/14 02:53:24 | 000,095,256 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2009/07/14 02:53:24 | 000,095,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2009/07/14 02:53:16 | 000,230,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2009/07/14 02:53:16 | 000,230,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2009/03/29 11:24:19 | 000,069,664 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/02/06 14:24:50 | 000,120,128 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/02/06 14:23:20 | 000,132,464 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/02/04 20:19:34 | 000,024,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2008/11/26 19:20:36 | 000,034,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2008/11/21 09:53:32 | 000,306,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2008/09/17 16:14:00 | 000,012,744 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/07/20 20:44:54 | 000,402,456 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:47:27 | 000,903,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2008/01/20 21:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2008/01/18 01:51:44 | 000,018,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2007/08/28 17:04:20 | 000,067,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2007/08/17 16:48:46 | 000,030,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2005/10/21 18:01:22 | 000,019,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbicp.sys -- (uisp)
DRV - [2010/10/04 01:00:45 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2009/09/23 16:04:42 | 000,261,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)
DRV - [2009/09/23 16:04:42 | 000,017,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)
DRV - [2009/09/23 16:04:38 | 000,712,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)
DRV - [2004/06/22 16:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 40 70 F6 99 B2 CA 01 [binary data]
IE - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/03/26 23:06:48 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Mozilla\Extensions
[2010/03/26 23:06:48 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe File not found
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000..\Run: [Core Temp] C:\Users\Chad\Downloads\CoreTemp\Core Temp.exe ()
O4 - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000..\Run: [Creative Software Update] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe File not found
O4 - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe ()
O4 - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent .exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isfem.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\muufod.exe ()
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isfem.exe ()
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\muufod.exe ()
O4 - Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\caada.exe ()
O4 - Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\peoxp.exe ()
O4 - Startup: C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\hyamd.exe ()
O4 - Startup: C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\yfpym.exe ()
O4 - Startup: C:\Users\The boys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bywe.exe ()
O4 - Startup: C:\Users\The boys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hehed.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1595810692-4043120186-2923253334-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s...ri_4.1.55.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...114/mcfscan.cab (McFreeScan Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (\hotfix.exe) - File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (\hotfix.exe) - File not found
O24 - Desktop WallPaper: F:\pictures\322b.jpg
O24 - Desktop BackupWallPaper: F:\pictures\322b.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a261e5ed-911a-11df-9aff-001cc094976e}\Shell - "" = AutoRun
O33 - MountPoints2\{a261e5ed-911a-11df-9aff-001cc094976e}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/06 14:33:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/01 01:23:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
[2010/09/27 22:39:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/27 16:18:39 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/23 20:20:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2010/09/23 20:20:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2010/09/23 15:23:13 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Tific
[2010/09/23 14:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/09/23 14:39:31 | 000,000,000 | ---D | C] -- C:\Users\Chad\Documents\Symantec
[2010/09/23 14:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/09/23 14:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/09/22 21:31:06 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/09/22 21:25:26 | 000,000,000 | ---D | C] -- C:\Windows\McAfee.com
[2010/09/13 21:36:05 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/13 15:19:36 | 000,000,000 | ---D | C] -- C:\Users\Chad\Desktop\to rename
[2010/09/12 00:37:01 | 000,000,000 | ---D | C] -- C:\Users\Chad\Desktop\to transfer
[2010/09/11 20:15:14 | 000,000,000 | ---D | C] -- C:\Users\Chad\Desktop\phone photos
[2010/08/19 04:25:17 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Uxybin
[2010/08/16 17:35:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/08/16 17:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010/08/10 18:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2010/08/10 18:28:24 | 000,000,000 | ---D | C] -- C:\Users\Chad\Documents\Vindictus
[2010/08/10 18:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2010/08/10 18:26:49 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/08/10 18:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/08/05 08:43:57 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Yknu
[2010/07/16 16:08:25 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/07/16 16:07:11 | 000,000,000 | ---D | C] -- C:\Users\Chad\Documents\BioWare
[2010/07/16 16:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010/07/16 16:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010/07/16 15:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect
[2010/07/16 15:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/07/16 15:39:15 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\DAEMON Tools Lite
[2010/07/16 15:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/07/16 14:14:16 | 000,000,000 | ---D | C] -- C:\Users\Chad\Desktop\games
[2010/07/09 16:16:38 | 000,000,000 | ---D | C] -- C:\Users\Chad\.crisisX_474
[2010/05/19 16:10:25 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Chad\AppData\Roaming\pcouffin.sys
[2010/05/06 10:35:17 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.46.exe
[2009/07/14 00:30:56 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[30 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/06 16:12:08 | 003,145,728 | -HS- | M] () -- C:\Users\Chad\ntuser.dat
[2010/10/06 16:09:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{11D40478-05FF-4A71-B4BA-6670566730C1}.job
[2010/10/06 15:31:29 | 000,708,258 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/06 15:31:29 | 000,607,612 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/06 15:31:29 | 000,104,994 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/06 15:25:24 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/06 15:25:08 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/06 15:25:08 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/06 15:25:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/06 15:25:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/06 15:23:56 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/10/06 15:23:56 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/10/06 15:23:56 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/10/06 15:23:36 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/06 15:23:35 | 000,524,288 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{c6c3bf54-c839-11df-9d52-001cc094976e}.TMContainer00000000000000000001.regtrans-ms
[2010/10/06 15:23:35 | 000,065,536 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{c6c3bf54-c839-11df-9d52-001cc094976e}.TM.blf
[2010/10/06 15:19:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/06 14:31:00 | 000,000,112 | ---- | M] () -- C:\ProgramData\bitBy6gO.dat
[2010/10/06 14:30:57 | 000,073,218 | ---- | M] () -- C:\ProgramData\6QCtWn67.exe
[2010/10/05 18:16:58 | 000,080,384 | ---- | M] () -- C:\Users\Chad\Desktop\MBRCheck.exe
[2010/10/04 03:58:16 | 001,832,292 | -H-- | M] () -- C:\Users\Chad\AppData\Local\IconCache.db
[2010/10/04 01:00:45 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/10/04 00:56:44 | 000,133,632 | ---- | M] () -- C:\Users\Chad\Desktop\RKUnhookerLE.EXE
[2010/10/01 01:23:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
[2010/09/27 22:39:28 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2010/09/27 21:39:33 | 000,196,608 | ---- | M] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 11:22:30 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/09/24 20:36:15 | 000,524,288 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{c6c3bf54-c839-11df-9d52-001cc094976e}.TMContainer00000000000000000002.regtrans-ms
[2010/09/24 19:14:57 | 000,271,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/24 19:11:42 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010/09/24 19:11:42 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2010/09/24 19:09:30 | 000,419,840 | ---- | M] () -- C:\Windows\SysNative\wrap_oal.dll
[2010/09/24 19:09:30 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/09/24 19:09:30 | 000,133,632 | ---- | M] () -- C:\Windows\SysNative\OpenAL32.dll
[2010/09/24 19:09:30 | 000,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/09/24 19:08:04 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/09/24 14:35:21 | 000,524,288 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{1e785499-c00a-11df-85f0-001cc094976e}.TMContainer00000000000000000001.regtrans-ms
[2010/09/24 14:35:21 | 000,065,536 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{1e785499-c00a-11df-85f0-001cc094976e}.TM.blf
[2010/09/24 14:35:01 | 000,000,188 | ---- | M] () -- C:\Users\Chad\defogger_reenable
[2010/09/23 20:19:24 | 003,735,552 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/09/23 20:19:23 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/09/23 20:19:23 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/09/23 20:19:20 | 003,866,624 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2010/09/23 20:19:20 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2010/09/23 20:19:20 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2010/09/23 16:18:21 | 000,002,583 | ---- | M] () -- C:\Users\Chad\Desktop\OneNote.lnk
[2010/09/20 12:30:44 | 000,000,998 | ---- | M] () -- C:\ProgramData\.wtav
[2010/09/16 02:17:30 | 000,524,288 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{1e785499-c00a-11df-85f0-001cc094976e}.TMContainer00000000000000000002.regtrans-ms
[2010/09/15 11:49:57 | 000,524,288 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{a183e7da-66ae-11de-ad62-001cc094976e}.TMContainer00000000000000000001.regtrans-ms
[2010/09/15 11:49:57 | 000,065,536 | -HS- | M] () -- C:\Users\Chad\ntuser.dat{a183e7da-66ae-11de-ad62-001cc094976e}.TM.blf
[2010/08/22 11:03:43 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/22 11:00:13 | 000,000,846 | ---- | M] () -- C:\Users\Chad\Desktop\CCleaner.lnk
[2010/08/12 03:06:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01005.Wdf
[2010/08/10 18:27:50 | 000,000,207 | ---- | M] () -- C:\Users\Public\Desktop\Vindictus.url
[2010/07/29 16:16:08 | 000,000,171 | ---- | M] () -- C:\Users\Chad\Documents\TEST.rtf
[2010/07/16 16:08:25 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010/07/16 15:40:08 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010/07/16 15:40:07 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/16 15:01:41 | 001,136,128 | -HS- | M] () -- C:\Users\Chad\ehthumbs_vista.db
[2010/07/16 15:01:40 | 000,710,144 | -HS- | M] () -- C:\Users\Chad\Desktop\ehthumbs_vista.db
[2010/07/09 16:29:10 | 000,000,041 | ---- | M] () -- C:\Users\Chad\jagex_runescape_preferences.dat
[30 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/05 18:16:58 | 000,080,384 | ---- | C] () -- C:\Users\Chad\Desktop\MBRCheck.exe
[2010/10/01 01:38:59 | 000,133,632 | ---- | C] () -- C:\Users\Chad\Desktop\RKUnhookerLE.EXE
[2010/10/01 01:30:28 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/09/28 16:15:54 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/09/27 22:39:28 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2010/09/24 19:26:13 | 000,524,288 | -HS- | C] () -- C:\Users\Chad\ntuser.dat{c6c3bf54-c839-11df-9d52-001cc094976e}.TMContainer00000000000000000002.regtrans-ms
[2010/09/24 19:26:13 | 000,524,288 | -HS- | C] () -- C:\Users\Chad\ntuser.dat{c6c3bf54-c839-11df-9d52-001cc094976e}.TMContainer00000000000000000001.regtrans-ms
[2010/09/24 19:26:13 | 000,065,536 | -HS- | C] () -- C:\Users\Chad\ntuser.dat{c6c3bf54-c839-11df-9d52-001cc094976e}.TM.blf
[2010/09/24 19:11:42 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/09/24 19:11:42 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/09/24 19:11:42 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010/09/24 19:11:42 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2010/09/24 19:11:42 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/09/24 14:35:01 | 000,000,188 | ---- | C] () -- C:\Users\Chad\defogger_reenable
[2010/09/23 20:19:20 | 003,735,552 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/09/23 20:19:20 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/09/23 20:19:20 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/09/23 20:19:06 | 003,866,624 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2010/09/23 20:19:06 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2010/09/23 20:19:06 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2010/09/22 16:20:14 | 000,073,218 | ---- | C] () -- C:\ProgramData\6QCtWn67.exe
[2010/09/22 16:20:13 | 000,000,112 | ---- | C] () -- C:\ProgramData\bitBy6gO.dat
[2010/09/20 12:26:21 | 000,000,998 | ---- | C] () -- C:\ProgramData\.wtav
[2010/09/15 14:36:02 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/15 14:36:01 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/15 14:35:58 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/15 14:35:58 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/09/15 11:54:08 | 000,524,288 | -HS- | C] () -- C:\Users\Chad\ntuser.dat{1e785499-c00a-11df-85f0-001cc094976e}.TMContainer00000000000000000002.regtrans-ms
[2010/09/15 11:54:08 | 000,524,288 | -HS- | C] () -- C:\Users\Chad\ntuser.dat{1e785499-c00a-11df-85f0-001cc094976e}.TMContainer00000000000000000001.regtrans-ms
[2010/09/15 11:54:08 | 000,065,536 | -HS- | C] () -- C:\Users\Chad\ntuser.dat{1e785499-c00a-11df-85f0-001cc094976e}.TM.blf
[2010/08/22 11:03:43 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/12 03:06:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01005.Wdf
[2010/08/11 22:05:20 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/11 22:05:19 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/11 22:05:19 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/11 22:05:17 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/11 22:05:17 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 22:05:15 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 22:05:08 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/11 22:05:08 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/11 22:05:07 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 22:05:03 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/11 22:05:03 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/11 22:05:02 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 22:05:02 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/11 22:05:02 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 22:05:02 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/11 22:05:02 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 22:05:02 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/11 22:05:02 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/11 22:05:02 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 22:05:02 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/11 22:05:02 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/11 22:05:01 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/11 22:05:01 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 22:05:01 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 22:05:01 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 22:05:01 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 22:05:01 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/11 22:05:00 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/11 22:04:57 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/10 18:27:50 | 000,000,207 | ---- | C] () -- C:\Users\Public\Desktop\Vindictus.url
[2010/08/02 13:20:29 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/07/29 16:16:08 | 000,000,171 | ---- | C] () -- C:\Users\Chad\Documents\TEST.rtf
[2010/07/16 16:06:31 | 003,977,496 | ---- | C] () -- C:\Windows\SysNative\d3dx9_31.dll
[2010/07/16 16:06:31 | 000,364,824 | ---- | C] () -- C:\Windows\SysNative\xactengine2_4.dll
[2010/07/16 16:06:31 | 000,091,928 | ---- | C] () -- C:\Windows\SysNative\xinput1_3.dll
[2010/07/16 16:06:31 | 000,017,688 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/07/16 16:06:30 | 000,363,288 | ---- | C] () -- C:\Windows\SysNative\xactengine2_3.dll
[2010/07/16 16:06:29 | 000,354,072 | ---- | C] () -- C:\Windows\SysNative\xactengine2_2.dll
[2010/07/16 16:06:29 | 000,083,736 | ---- | C] () -- C:\Windows\SysNative\xinput1_2.dll
[2010/07/16 16:06:28 | 000,083,664 | ---- | C] () -- C:\Windows\SysNative\xinput1_1.dll
[2010/07/16 16:06:27 | 000,352,464 | ---- | C] () -- C:\Windows\SysNative\xactengine2_1.dll
[2010/07/16 16:06:13 | 003,927,248 | ---- | C] () -- C:\Windows\SysNative\d3dx9_30.dll
[2010/07/16 16:06:12 | 003,830,992 | ---- | C] () -- C:\Windows\SysNative\d3dx9_29.dll
[2010/07/16 16:06:12 | 000,355,536 | ---- | C] () -- C:\Windows\SysNative\xactengine2_0.dll
[2010/07/16 16:06:12 | 000,016,592 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/07/16 16:06:10 | 003,807,440 | ---- | C] () -- C:\Windows\SysNative\d3dx9_27.dll
[2010/07/16 16:06:09 | 003,823,312 | ---- | C] () -- C:\Windows\SysNative\d3dx9_25.dll
[2010/07/16 16:06:09 | 003,767,504 | ---- | C] () -- C:\Windows\SysNative\d3dx9_26.dll
[2010/07/16 16:06:08 | 003,544,272 | ---- | C] () -- C:\Windows\SysNative\d3dx9_24.dll
[2010/07/16 15:40:08 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010/07/16 15:40:07 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/16 15:00:18 | 000,710,144 | -HS- | C] () -- C:\Users\Chad\Desktop\ehthumbs_vista.db
[2010/07/16 15:00:03 | 001,136,128 | -HS- | C] () -- C:\Users\Chad\ehthumbs_vista.db
[2010/05/19 16:11:25 | 000,001,057 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\vso_ts_preview.xml
[2010/05/19 16:10:50 | 000,000,034 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\pcouffin.log
[2010/05/19 16:10:25 | 000,099,384 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\inst.exe
[2010/05/19 16:10:25 | 000,007,859 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\pcouffin.cat
[2010/05/19 16:10:25 | 000,001,167 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\pcouffin.inf
[2010/05/06 10:13:27 | 000,000,006 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\dm.ini
[2010/05/06 10:13:24 | 000,001,667 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\AdobeDLM.log
[2010/03/21 16:13:41 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2010/03/06 18:22:52 | 000,551,054 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_vcredistMSI4D4A.txt
[2010/03/06 18:22:49 | 000,014,300 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_vcredistUI4D4A.txt
[2009/08/31 19:13:03 | 000,712,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/31 00:49:20 | 000,218,034 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_ATL90SP1_KB973924MSI1DFE.txt
[2009/07/31 00:49:20 | 000,011,732 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_ATL90SP1_KB973924UI1DFE.txt
[2009/07/31 00:49:14 | 000,524,316 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_ATL80SP1_KB973923MSI1DE4.txt
[2009/07/31 00:49:12 | 000,011,780 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_ATL80SP1_KB973923UI1DE4.txt
[2009/07/31 00:49:02 | 000,523,584 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_ATL80SP1_KB973923MSI1DC3.txt
[2009/07/31 00:49:02 | 000,011,780 | ---- | C] () -- C:\Users\Chad\AppData\Local\dd_ATL80SP1_KB973923UI1DC3.txt
[2009/07/14 01:14:20 | 000,027,839 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/07/14 00:28:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/05/26 12:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/05/12 16:16:36 | 000,000,680 | ---- | C] () -- C:\Users\Chad\AppData\Local\d3d9caps.dat
[2009/05/12 16:10:20 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2009/04/29 10:07:12 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/04/10 15:37:43 | 000,000,799 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/03/02 12:24:27 | 008,548,352 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009/02/27 03:20:03 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/02/09 11:42:29 | 000,196,608 | ---- | C] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/07 22:12:52 | 000,000,732 | ---- | C] () -- C:\Users\Chad\AppData\Local\d3d9caps64.dat
[2009/02/07 20:38:43 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/02/07 20:38:43 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/02/07 20:38:27 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/10/15 21:12:02 | 000,000,180 | ---- | C] () -- C:\Program Files\cpuz.ini
[2008/02/05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Users\Chad\AppData\Local\setup.txt
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/02/08 21:28:14 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Acreon
[2009/02/10 20:19:39 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/16 16:07:29 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\DAEMON Tools Lite
[2010/09/27 22:44:44 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Geevyx
[2009/08/31 19:07:28 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\GetRightToGo
[2009/02/07 20:25:27 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\InterTrust
[2009/05/18 17:45:41 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\LEGO Company
[2010/10/01 13:51:36 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\LimeWire
[2009/09/19 00:33:25 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/09/27 15:09:27 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Nate
[2010/09/24 13:41:21 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Nuaksa
[2010/03/06 21:07:50 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\NVD
[2010/09/27 22:44:44 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Olzuu
[2010/03/21 16:13:42 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Shark007
[2010/09/24 14:19:02 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\SoftGrid Client
[2009/06/03 20:38:05 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Thinstall
[2010/09/23 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Tific
[2010/03/06 21:07:54 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\TP
[2010/10/06 16:05:31 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\uTorrent
[2010/09/24 11:45:44 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Uxybin
[2010/05/22 18:04:37 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Vso
[2010/09/27 14:33:24 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Yknu
[2010/04/09 23:58:42 | 000,000,000 | ---D | M] -- C:\Users\The boys\AppData\Roaming\uTorrent
[2010/09/27 11:22:30 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/10/06 15:23:36 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/06 16:09:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{11D40478-05FF-4A71-B4BA-6670566730C1}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2008/01/20 21:49:46 | 000,137,728 | ---- | M] ()(C:\Windows\SysNative\us?rinit.exe) -- C:\Windows\SysNative\usеrinit.exe
[2008/01/20 21:49:46 | 000,137,728 | ---- | C] ()(C:\Windows\SysNative\us?rinit.exe) -- C:\Windows\SysNative\usеrinit.exe
< End of report >


#13 rochellerco

rochellerco
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 06 October 2010 - 06:10 PM

I don't know if it is openiong ports or left me vulnerable, I now have icons being added to my desktop for porn sites and some AnVi program that is spamming me to buy their software to remove malware.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:48 PM

Posted 07 October 2010 - 04:05 AM

Please let me know how things are after the following fix.

OTL FIX
------------
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :files
    C:\ProgramData\6QCtWn67.exe

    :otl
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isfem.exe ()
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\muufod.exe ()
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isfem.exe ()
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\muufod.exe ()
    O4 - Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\caada.exe ()
    O4 - Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\peoxp.exe ()
    O4 - Startup: C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\hyamd.exe ()
    O4 - Startup: C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\yfpym.exe ()
    O4 - Startup: C:\Users\The boys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bywe.exe ()
    O4 - Startup: C:\Users\The boys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hehed.exe ()

    :commands
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 rochellerco

rochellerco
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 07 October 2010 - 11:11 AM

Been playing around for over an hour now - no problems at all. Ran MBAM full scan and found a bunch of stuff that I removed. Seems to have done the trick. Thank you very much for your help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users