Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help. Virus/malware removed my icons/start up files


  • Please log in to reply

#1
aznboi2o9

aznboi2o9

    Member

  • Member
  • PipPip
  • 64 posts
SYSTEM INFO:
Windows XP 32 bit, SP2
AMD athlon X3 435 2.90 GHz
3.25 gb of ram
4670 radeon hd


I was surfing the net yesterday night and all of a sudden my computer got hit with some malware. It turned my computer off so I turned it back on and my desktop was blue. My icons were gone/not visible and my start up list was all gone. I couldn't access anything. I couldn't even access the task manager. Luckily I created a ubcd4win and popped that sucker in. The superAntiSpyware only found 3 threats. Then i rebooted and started my computer normally. Now it lets me click the task manager but my programs are still missing. My radeon hd card wouldn't load too. I then click "new task" on the task manager and I opened my combofix and updated it. I ran it and it deleted some files I forgot. I rebooted again and now i can access my /c drive. I clicked the hidden files so I can see my programs and icons. Then I downloaded unhide.exe and it now shows my programs/icons on desktop and start up.

Now the only problem is that my radeon hd video card won't load. And I also want to double check to see if all of my malware are gone.

EDIT: Just rebooted, and my radeon hd card is working again. I went into safe mode but it automatically shuts down after a few minutes...And I keep seeing IEXPLORER popping up on my task manager even though I keep ending it. It'll be there again in a few minutes. So, I know thats a malware issue.



OTL log

OTL logfile created on: 11/15/2011 4:48:25 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Meng Lo\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 73.17% Memory free
5.09 Gb Paging File | 4.33 Gb Available in Paging File | 85.07% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 108.08 Gb Free Space | 84.45% Space Free | Partition Type: NTFS
Drive D: | 693.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MENG | User Name: Meng Lo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/15 16:47:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Meng Lo\My Documents\Downloads\OTL.com
PRC - [2011/11/15 13:33:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/11/15 13:33:47 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/11/09 06:14:00 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/03 17:07:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/15 16:39:53 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/11/15 00:01:47 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/11/15 00:01:47 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/11/15 00:01:47 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/11/11 19:36:48 | 003,313,752 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_dac4cfd.dll
MOD - [2011/11/09 06:14:01 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/10/11 11:33:10 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/02/26 12:02:55 | 012,509,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
MOD - [2011/02/26 12:02:11 | 001,011,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
MOD - [2011/02/26 12:00:27 | 000,027,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
MOD - [2011/02/26 10:27:45 | 005,771,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
MOD - [2011/02/26 10:27:41 | 013,193,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
MOD - [2011/02/26 10:27:33 | 001,667,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
MOD - [2011/02/26 10:26:43 | 008,265,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
MOD - [2011/02/26 10:26:37 | 011,722,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
MOD - [2011/02/26 10:23:57 | 000,299,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/01/18 17:17:34 | 000,895,488 | ---- | M] () -- C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll
MOD - [2010/09/10 21:21:04 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/03/16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/11/14 10:11:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2009/01/10 14:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2004/08/03 17:07:00 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Google Update Service (gupdatem)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - [2011/11/15 13:33:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/11/11 19:36:48 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_dac4cfd.dll -- (Akamai)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/01/07 14:56:12 | 000,044,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/09/10 18:19:16 | 005,417,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009/10/28 11:35:10 | 005,937,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/05/24 23:21:28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/04/14 17:25:06 | 003,732,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009/03/05 00:33:22 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2009/02/09 02:32:16 | 000,022,328 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/10/11 05:40:00 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdide.sys -- (amdide)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/13 18:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/13 18:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 15:50:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/11 11:49:32 | 000,000,000 | ---D | M]

[2010/02/19 05:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meng Lo\Application Data\Mozilla\Extensions
[2011/11/15 13:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meng Lo\Application Data\Mozilla\Firefox\Profiles\x083e7ey.default\extensions
[2011/08/29 12:03:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Meng Lo\Application Data\Mozilla\Firefox\Profiles\x083e7ey.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2011/05/09 16:39:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Meng Lo\Application Data\Mozilla\Firefox\Profiles\x083e7ey.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/11/15 13:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/24 16:39:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/04/13 18:31:54 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/03/07 14:28:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/02/19 05:55:54 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/10/26 10:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\WINDOWS\system32\npOGPPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Documents and Settings\Meng Lo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Meng Lo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2011/11/15 12:52:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] 1 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.micr...9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1266587760966 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A866D52-D671-48CB-8DD5-D1D694B87D9D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Meng Lo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Meng Lo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/19 00:38:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/11/02 16:05:00 | 000,000,046 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/15 16:32:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Meng Lo\Recent
[2011/11/15 16:09:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/15 15:13:12 | 001,997,288 | ---- | C] (CPUID) -- C:\Documents and Settings\Meng Lo\Desktop\cpuz.exe
[2011/11/15 15:12:49 | 017,351,304 | R--- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Meng Lo\Desktop\Skype.exe
[2011/11/15 15:07:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/11/15 00:36:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/15 00:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meng Lo\Application Data\SUPERAntiSpyware.com
[2011/11/15 00:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/11/15 00:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/11/14 23:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2011/11/14 22:31:11 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/11/14 22:28:08 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/14 22:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/14 18:04:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Meng Lo\Cookies
[2011/11/14 18:04:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/11/14 18:04:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cookies
[2011/11/14 18:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Cookies
[2011/11/14 18:04:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/11/14 18:04:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temporary Internet Files
[2011/11/14 18:03:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/11/14 18:03:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Recent
[2011/11/14 18:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Recent
[2011/11/14 18:03:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\History
[2011/11/14 12:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/11 11:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/11 11:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Quick ThreatScan
[2011/11/11 11:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meng Lo\Start Menu\Programs\Winamp Detector Plug-in
[2011/11/11 11:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011/11/11 11:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meng Lo\Local Settings\Application Data\OpenCandy
[2011/11/11 11:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meng Lo\Application Data\OpenCandy
[2011/11/11 11:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/11/11 11:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/03 18:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meng Lo\Local Settings\Application Data\Akamai

========== Files - Modified Within 30 Days ==========

[2011/11/15 16:42:40 | 000,308,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/15 16:42:40 | 000,041,304 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/15 16:38:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/15 16:36:41 | 000,000,251 | RHS- | M] () -- C:\boot.ini
[2011/11/15 15:20:39 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Meng Lo\Desktop\firefox.lnk
[2011/11/15 15:15:45 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Meng Lo\Desktop\DragonNest.lnk
[2011/11/15 15:07:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/11/15 15:03:40 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/11/15 14:34:50 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Meng Lo\Desktop\Mbam.lnk
[2011/11/15 14:01:40 | 000,002,229 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/11/15 12:52:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/15 12:04:42 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/14 23:13:12 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~MwSpah5bbVv1s6
[2011/11/14 23:13:12 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~MwSpah5bbVv1s6r
[2011/11/14 22:41:44 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MwSpah5bbVv1s6
[2011/11/14 12:17:14 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/11/13 02:51:54 | 000,636,942 | ---- | M] () -- C:\Documents and Settings\Meng Lo\Desktop\natsu-lightning.png
[2011/11/11 14:51:06 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\wavepadDowngrade.job
[2011/11/11 11:44:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/10 20:17:44 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\Meng Lo\jagex_cl_runescape_LIVE.dat
[2011/11/10 15:52:07 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\expressburnDowngrade.job
[2011/11/07 19:06:55 | 000,116,155 | ---- | M] () -- C:\Documents and Settings\Meng Lo\Desktop\DemonArt.png
[2011/11/06 12:24:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/04 10:23:21 | 000,099,544 | R--- | M] () -- C:\Documents and Settings\Meng Lo\My Documents\bebee_lo_2010.pdf
[2011/10/28 15:03:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/10/26 16:10:07 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/25 16:19:53 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Meng Lo\jagex_runescape_preferences2.dat
[2011/10/25 16:19:09 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Meng Lo\jagex_runescape_preferences.dat
[2011/10/19 23:08:10 | 000,103,461 | ---- | M] () -- C:\Documents and Settings\Meng Lo\Desktop\DemonArt1.png
[2011/10/19 22:07:24 | 000,106,349 | R--- | M] () -- C:\Documents and Settings\Meng Lo\Desktop\demonart3.png

========== Files Created - No Company Name ==========

[2011/11/15 15:20:39 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Meng Lo\Desktop\firefox.lnk
[2011/11/15 15:15:45 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Meng Lo\Desktop\DragonNest.lnk
[2011/11/15 14:34:50 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Meng Lo\Desktop\Mbam.lnk
[2011/11/15 14:18:10 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/11/15 14:18:10 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/15 14:18:10 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/15 14:01:40 | 000,002,229 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/11/14 22:41:37 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~MwSpah5bbVv1s6r
[2011/11/14 22:41:36 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~MwSpah5bbVv1s6
[2011/11/14 22:41:31 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MwSpah5bbVv1s6
[2011/11/13 02:51:54 | 000,636,942 | ---- | C] () -- C:\Documents and Settings\Meng Lo\Desktop\natsu-lightning.png
[2011/11/04 10:27:32 | 000,099,544 | R--- | C] () -- C:\Documents and Settings\Meng Lo\My Documents\bebee_lo_2010.pdf
[2011/10/25 16:18:53 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Meng Lo\jagex_cl_runescape_LIVE.dat
[2011/10/19 23:08:10 | 000,103,461 | ---- | C] () -- C:\Documents and Settings\Meng Lo\Desktop\DemonArt1.png
[2011/10/19 22:07:24 | 000,116,155 | ---- | C] () -- C:\Documents and Settings\Meng Lo\Desktop\DemonArt.png
[2011/10/19 22:07:24 | 000,106,349 | R--- | C] () -- C:\Documents and Settings\Meng Lo\Desktop\demonart3.png
[2011/04/08 19:29:04 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Meng Lo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/18 20:36:03 | 000,018,440 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/16 22:45:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/16 22:44:50 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/10/16 22:44:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/10/16 22:42:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/04 13:24:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/15 17:27:24 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/15 13:52:08 | 000,009,864 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\188FmQ8
[2010/04/07 03:24:02 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/24 14:14:48 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/03/24 14:14:48 | 000,224,342 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/03/24 14:14:48 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/03/02 16:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 16:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 16:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 16:00:00 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 16:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 16:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 16:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 16:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 16:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 16:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 16:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 16:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 16:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 16:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 16:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 16:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 16:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/25 18:30:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/19 17:52:21 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/19 15:08:40 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/02/19 14:48:35 | 000,103,193 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/02/19 14:48:35 | 000,004,445 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/02/19 14:48:29 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/02/19 08:25:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/19 08:24:13 | 000,118,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/19 05:50:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/19 00:53:16 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/02/19 00:41:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/19 00:32:28 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/14 10:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 10:33:40 | 000,357,888 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2009/11/14 10:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 10:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 10:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 10:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 10:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 10:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 10:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 10:11:36 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2009/11/14 10:11:36 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2009/11/14 10:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 10:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/08/11 13:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/06/07 08:24:04 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 14:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 08:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 01:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2004/08/03 17:07:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/03 17:07:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 17:07:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 17:07:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 17:07:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/03 17:07:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 17:07:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 17:07:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/03 17:07:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 17:07:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/03 17:07:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/01/07 07:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/05 11:35:22 | 000,308,072 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/11/05 11:35:22 | 000,041,304 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/11/05 11:35:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/11/15 00:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/11/11 11:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Quick ThreatScan
[2011/11/11 11:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/15 15:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/01/02 11:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/07/26 13:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/07/24 04:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/11/14 23:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2011/08/29 12:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2010/05/04 20:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/26 17:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\Audacity
[2010/09/25 13:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\Auslogics
[2010/11/22 14:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011/04/13 18:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\DDMSettings
[2010/02/19 05:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\Foxit
[2010/07/19 07:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\Foxit Software
[2010/08/22 09:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\ImTOO
[2011/03/30 00:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\Leadertech
[2010/10/06 08:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\Mael
[2010/09/25 15:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\NCH Swift Sound
[2011/11/11 11:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meng Lo\Application Data\OpenCandy
[2011/04/12 11:03:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job
[2011/11/10 15:52:07 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnDowngrade.job
[2011/10/04 15:50:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2011/02/04 15:42:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\mixpadShakeIcon.job
[2011/06/15 20:11:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2011/11/11 14:51:06 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadDowngrade.job
[2011/10/28 15:03:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



< End of report >

Edited by aznboi2o9, 15 November 2011 - 06:53 PM.

  • 0

Advertisements


#2
aznboi2o9

aznboi2o9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
BUMP

The rogue program called system fix got back in to my system again... It is doing the same thing again. I'm highly thinking about just re-formatting my hard drive.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP