Windows XP 32 bit, SP2
AMD athlon X3 435 2.90 GHz
3.25 gb of ram
4670 radeon hd
I was surfing the net yesterday night and all of a sudden my computer got hit with some malware. It turned my computer off so I turned it back on and my desktop was blue. My icons were gone/not visible and my start up list was all gone. I couldn't access anything. I couldn't even access the task manager. Luckily I created a ubcd4win and popped that sucker in. The superAntiSpyware only found 3 threats. Then i rebooted and started my computer normally. Now it lets me click the task manager but my programs are still missing. My radeon hd card wouldn't load too. I then click "new task" on the task manager and I opened my combofix and updated it. I ran it and it deleted some files I forgot. I rebooted again and now i can access my /c drive. I clicked the hidden files so I can see my programs and icons. Then I downloaded unhide.exe and it now shows my programs/icons on desktop and start up.
Now the only problem is that my radeon hd video card won't load. And I also want to double check to see if all of my malware are gone.
EDIT: Just rebooted, and my radeon hd card is working again. I went into safe mode but it automatically shuts down after a few minutes...And I keep seeing IEXPLORER popping up on my task manager even though I keep ending it. It'll be there again in a few minutes. So, I know thats a malware issue.
OTL log
OTL logfile created on: 11/15/2011 4:48:25 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Meng Lo\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 73.17% Memory free
5.09 Gb Paging File | 4.33 Gb Available in Paging File | 85.07% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 108.08 Gb Free Space | 84.45% Space Free | Partition Type: NTFS
Drive D: | 693.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: MENG | User Name: Meng Lo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/15 16:47:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Meng Lo\My Documents\Downloads\OTL.com
PRC - [2011/11/15 13:33:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/11/15 13:33:47 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/11/09 06:14:00 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/03 17:07:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/15 16:39:53 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/11/15 00:01:47 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/11/15 00:01:47 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/11/15 00:01:47 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/11/11 19:36:48 | 003,313,752 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_dac4cfd.dll
MOD - [2011/11/09 06:14:01 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/10/11 11:33:10 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/02/26 12:02:55 | 012,509,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
MOD - [2011/02/26 12:02:11 | 001,011,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
MOD - [2011/02/26 12:00:27 | 000,027,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
MOD - [2011/02/26 10:27:45 | 005,771,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
MOD - [2011/02/26 10:27:41 | 013,193,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
MOD - [2011/02/26 10:27:33 | 001,667,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
MOD - [2011/02/26 10:26:43 | 008,265,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
MOD - [2011/02/26 10:26:37 | 011,722,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
MOD - [2011/02/26 10:23:57 | 000,299,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/01/18 17:17:34 | 000,895,488 | ---- | M] () -- C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll
MOD - [2010/09/10 21:21:04 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/03/16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/11/14 10:11:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2009/01/10 14:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2004/08/03 17:07:00 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Google Update Service (gupdatem)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - [2011/11/15 13:33:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/11/11 19:36:48 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_dac4cfd.dll -- (Akamai)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/01/07 14:56:12 | 000,044,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/09/10 18:19:16 | 005,417,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009/10/28 11:35:10 | 005,937,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/05/24 23:21:28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/04/14 17:25:06 | 003,732,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009/03/05 00:33:22 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2009/02/09 02:32:16 | 000,022,328 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/10/11 05:40:00 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdide.sys -- (amdide)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/13 18:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/13 18:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 15:50:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/11 11:49:32 | 000,000,000 | ---D | M]
[2010/02/19 05:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meng Lo\Application Data\Mozilla\Extensions
[2011/11/15 13:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meng Lo\Application Data\Mozilla\Firefox\Profiles\x083e7ey.default\extensions
[2011/08/29 12:03:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Meng Lo\Application Data\Mozilla\Firefox\Profiles\x083e7ey.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2011/05/09 16:39:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Meng Lo\Application Data\Mozilla\Firefox\Profiles\x083e7ey.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/11/15 13:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/24 16:39:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/04/13 18:31:54 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/03/07 14:28:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/02/19 05:55:54 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/10/26 10:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\WINDOWS\system32\npOGPPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Documents and Settings\Meng Lo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Meng Lo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
O1 HOSTS File: ([2011/11/15 12:52:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] 1 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.micr...9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1266587760966 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A866D52-D671-48CB-8DD5-D1D694B87D9D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Meng Lo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Meng Lo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/19 00:38:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/11/02 16:05:00 | 000,000,046 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2011/11/15 16:32:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Meng Lo\Recent
[2011/11/15 16:09:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/15 15:13:12 | 001,997,288 | ---- | C] (CPUID) -- C:\Documents and Settings\Meng Lo\Desktop\cpuz.exe
[2011/11/15 15:12:49 | 017,351,304 | R--- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Meng Lo\Desktop\Skype.exe
[2011/11/15 15:07:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/11/15 00:36:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/15 00:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meng Lo\Application Data\SUPERAntiSpyware.com
[2011/11/15 00:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/11/15 00:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/11/14 23:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2011/11/14 22:31:11 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/11/14 22:28:08 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/14 22:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/14 18:04:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Meng Lo\Cookies
[2011/11/14 18:04:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/11/14 18:04:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cookies
[2011/11/14 18:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Cookies
[2011/11/14 18:04:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/11/14 18:04:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temporary Internet Files
[2011/11/14 18:03:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/11/14 18:03:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Recent
[2011/11/14 18:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Recent
[2011/11/14 18:03:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\History
[2011/11/14 12:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/11 11:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/11 11:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Quick ThreatScan
[2011/11/11 11:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meng Lo\Start Menu\Programs\Winamp Detector Plug-in
[2011/11/11 11:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011/11/11 11:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meng Lo\Local Settings\Application Data\OpenCandy
[2011/11/11 11:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meng Lo\Application Data\OpenCandy
[2011/11/11 11:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/11/11 11:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/03 18:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meng Lo\Local Settings\Application Data\Akamai
========== Files - Modified Within 30 Days ==========
[2011/11/15 16:42:40 | 000,308,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/15 16:42:40 | 000,041,304 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/15 16:38:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/15 16:36:41 | 000,000,251 | RHS- | M] () -- C:\boot.ini
[2011/11/15 15:20:39 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Meng Lo\Desktop\firefox.lnk
[2011/11/15 15:15:45 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Meng Lo\Desktop\DragonNest.lnk
[2011/11/15 15:07:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/11/15 15:03:40 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/11/15 14:34:50 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Meng Lo\Desktop\Mbam.lnk
[2011/11/15 14:01:40 | 000,002,229 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/11/15 12:52:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/15 12:04:42 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/14 23:13:12 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~MwSpah5bbVv1s6
[2011/11/14 23:13:12 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~MwSpah5bbVv1s6r
[2011/11/14 22:41:44 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MwSpah5bbVv1s6
[2011/11/14 12:17:14 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/11/13 02:51:54 | 000,636,942 | ---- | M] () -- C:\Documents and Settings\Meng Lo\Desktop\natsu-lightning.png
[2011/11/11 14:51:06 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\wavepadDowngrade.job
[2011/11/11 11:44:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/10 20:17:44 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\Meng Lo\jagex_cl_runescape_LIVE.dat
[2011/11/10 15:52:07 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\expressburnDowngrade.job
[2011/11/07 19:06:55 | 000,116,155 | ---- | M] () -- C:\Documents and Settings\Meng Lo\Desktop\DemonArt.png
[2011/11/06 12:24:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/04 10:23:21 | 000,099,544 | R--- | M] () -- C:\Documents and Settings\Meng Lo\My Documents\bebee_lo_2010.pdf
[2011/10/28 15:03:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/10/26 16:10:07 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/25 16:19:53 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Meng Lo\jagex_runescape_preferences2.dat
[2011/10/25 16:19:09 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Meng Lo\jagex_runescape_preferences.dat
[2011/10/19 23:08:10 | 000,103,461 | ---- | M] () -- C:\Documents and Settings\Meng Lo\Desktop\DemonArt1.png
[2011/10/19 22:07:24 | 000,106,349 | R--- | M] () -- C:\Documents and Settings\Meng Lo\Desktop\demonart3.png
========== Files Created - No Company Name ==========
[2011/11/15 15:20:39 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Meng Lo\Desktop\firefox.lnk
[2011/11/15 15:15:45 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Meng Lo\Desktop\DragonNest.lnk
[2011/11/15 14:34:50 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Meng Lo\Desktop\Mbam.lnk
[2011/11/15 14:18:10 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/11/15 14:18:10 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/15 14:18:10 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/15 14:01:40 | 000,002,229 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/11/14 22:41:37 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~MwSpah5bbVv1s6r
[2011/11/14 22:41:36 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~MwSpah5bbVv1s6
[2011/11/14 22:41:31 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MwSpah5bbVv1s6
[2011/11/13 02:51:54 | 000,636,942 | ---- | C] () -- C:\Documents and Settings\Meng Lo\Desktop\natsu-lightning.png
[2011/11/04 10:27:32 | 000,099,544 | R--- | C] () -- C:\Documents and Settings\Meng Lo\My Documents\bebee_lo_2010.pdf
[2011/10/25 16:18:53 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Meng Lo\jagex_cl_runescape_LIVE.dat
[2011/10/19 23:08:10 | 000,103,461 | ---- | C] () -- C:\Documents and Settings\Meng Lo\Desktop\DemonArt1.png
[2011/10/19 22:07:24 | 000,116,155 | ---- | C] () -- C:\Documents and Settings\Meng Lo\Desktop\DemonArt.png
[2011/10/19 22:07:24 | 000,106,349 | R--- | C] () -- C:\Documents and Settings\Meng Lo\Desktop\demonart3.png
[2011/04/08 19:29:04 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Meng Lo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/18 20:36:03 | 000,018,440 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/16 22:45:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/16 22:44:50 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/10/16 22:44:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/10/16 22:42:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/04 13:24:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/15 17:27:24 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/15 13:52:08 | 000,009,864 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\188FmQ8
[2010/04/07 03:24:02 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/24 14:14:48 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/03/24 14:14:48 | 000,224,342 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/03/24 14:14:48 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/03/02 16:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 16:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 16:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 16:00:00 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 16:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 16:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 16:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 16:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 16:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 16:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 16:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 16:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 16:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 16:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 16:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 16:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 16:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/25 18:30:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/19 17:52:21 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/19 15:08:40 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/02/19 14:48:35 | 000,103,193 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/02/19 14:48:35 | 000,004,445 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/02/19 14:48:29 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/02/19 08:25:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/19 08:24:13 | 000,118,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/19 05:50:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/19 00:53:16 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/02/19 00:41:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/19 00:32:28 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/14 10:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 10:33:40 | 000,357,888 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2009/11/14 10:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 10:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 10:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 10:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 10:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 10:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 10:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 10:11:36 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2009/11/14 10:11:36 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2009/11/14 10:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 10:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/08/11 13:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/06/07 08:24:04 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 14:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 08:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 01:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2004/08/03 17:07:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/03 17:07:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 17:07:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 17:07:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 17:07:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/03 17:07:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 17:07:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 17:07:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/03 17:07:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 17:07:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/03 17:07:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/01/07 07:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/05 11:35:22 | 000,308,072 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/11/05 11:35:22 | 000,041,304 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/11/05 11:35:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2011/11/15 00:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/11/11 11:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Quick ThreatScan
[2011/11/11 11:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/15 15:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/01/02 11:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/07/26 13:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/07/24 04:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/11/14 23:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2011/08/29 12:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2010/05/04 20:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/26 17:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\Audacity
[2010/09/25 13:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\Auslogics
[2010/11/22 14:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011/04/13 18:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\DDMSettings
[2010/02/19 05:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\Foxit
[2010/07/19 07:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\Foxit Software
[2010/08/22 09:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\ImTOO
[2011/03/30 00:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\Leadertech
[2010/10/06 08:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\Mael
[2010/09/25 15:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\NCH Swift Sound
[2011/11/11 11:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\OpenCandy
[2011/04/12 11:03:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job
[2011/11/10 15:52:07 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnDowngrade.job
[2011/10/04 15:50:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2011/02/04 15:42:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\mixpadShakeIcon.job
[2011/06/15 20:11:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2011/11/11 14:51:06 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadDowngrade.job
[2011/10/28 15:03:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job
========== Purity Check ==========
< End of report >
Edited by aznboi2o9, 15 November 2011 - 06:53 PM.