Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't open any programs except photoshop not even OTL


  • Please log in to reply

#181
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
otl still doesn't work
  • 0

Advertisements


#182
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi neataznyam,

I'm here. Please give me a minute to see what have you done so far. I'll post my response soon.
  • 0

#183
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
thank you very much, take your time
  • 0

#184
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I'll try little different approach now that we have fixed some basic issues. Please try to burn OTLPE bootable disk again. Maybe there is something wrong with first OTLPE CD. OTLPE should give us more tools to run on your system. Try to burn and run it as you did with Dr.Web and I hope it should work now. Here is step again:

This time you can use standard ISO and burn it as you did Dr.Web. Then try to restart and boot it.

  • Download OTLPEStd.exe from one of the following links and save it to your Desktop: mirror1 or mirror2
  • Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
  • Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop
    Posted Image
    Posted Image
  • Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and find OTLPE_New_Std.iso.
  • Burn it as you did Dr.Web
  • Reboot your infected system using the boot CD you just created.
    Note: If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\\OTL.txt file in your reply.

  • 0

#185
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
well the reason why I was able to start dr.web was because it came as an iso I'm running another computer with a mac so I can't really open up exe files
  • 0

#186
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
is there a way to get it to turn into an iso from exe in mac?

Edited by neataznyam, 23 April 2012 - 02:10 AM.

  • 0

#187
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I did not used MAC what so ever so I can't tell. Please try to find another PC with Windows. Do you have any friend(s) with Windows? You can try on their PC. They will help you. Please let me know.
  • 0

#188
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You can try this too.

Rename OTLPEStd.exe to OTLPEStd.zip and try to extract it on MAC. You should have OTLPE_New_Std.iso after this.
  • 0

#189
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
well it was a very clever idea however it did not work, I will try to find someone with a working pc for this tactic tomorrow
  • 0

#190
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
sorry guys but I think I'm tossing in the towel, I found a windows xp disc and I think I might try to run that, or if I can get a windows 7 one in time, well I don't even know if I'm doing this right

Edited by neataznyam, 23 April 2012 - 04:28 PM.

  • 0

Advertisements


#191
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
OTL logfile created on: 4/23/2012 6:15:32 PM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\henry ong\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 50.64% Memory free
6.00 Gb Paging File | 4.31 Gb Available in Paging File | 71.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 222.88 Gb Free Space | 47.86% Space Free | Partition Type: NTFS
Drive D: | 2.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: FAPMACHINE | User Name: henry ong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/23 18:14:02 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\henry ong\Downloads\OTL.exe
PRC - [2012/04/23 17:41:24 | 008,156,256 | ---- | M] (ArenaNet) -- C:\Program Files\Guild Wars\Gw.exe
PRC - [2012/04/23 16:27:44 | 003,089,488 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2012/04/23 16:22:31 | 000,142,336 | ---- | M] () -- C:\Program Files\Adobe Download Assistant\Adobe Download Assistant.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/12 21:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/09 01:08:28 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012/03/08 22:10:54 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/03/08 22:10:06 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/03/07 22:04:18 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2011/09/19 15:41:04 | 002,592,768 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
PRC - [2011/05/11 00:02:04 | 000,808,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\henry ong\CS5.5 Master Collection\Adobe CS5_5\Set-up.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/23 17:56:13 | 000,495,616 | ---- | M] () -- C:\Users\henry ong\AppData\Local\Temp\GwADD74.tmp
MOD - [2012/04/23 16:27:44 | 003,089,488 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2012/04/23 16:22:44 | 004,771,200 | ---- | M] () -- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2012/04/23 16:22:31 | 000,142,336 | ---- | M] () -- C:\Program Files\Adobe Download Assistant\Adobe Download Assistant.exe
MOD - [2012/03/12 21:39:07 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/09 01:36:36 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/03/09 01:08:38 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2012/03/07 22:04:18 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011/09/19 15:41:04 | 002,592,768 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
MOD - [2009/07/13 21:55:43 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\de8525cc2e6327337e1c6917352bfe16\WindowsFormsIntegration.ni.dll
MOD - [2009/07/13 21:43:48 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll
MOD - [2009/07/13 21:43:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39f5a71b5185d267b0f55cd4cea26d6b\PresentationFramework.Aero.ni.dll
MOD - [2009/07/13 21:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009/07/13 21:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009/07/13 21:43:20 | 014,318,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68e5eeb3c6ef18ba2dc1ad70eb74aeee\PresentationFramework.ni.dll
MOD - [2009/07/13 21:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/13 21:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/13 21:42:56 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\7ce9d463a5d343fe74d6f181f9226cab\UIAutomationProvider.ni.dll
MOD - [2009/07/13 21:42:55 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b459c5815af8123e4bf30d4e05bba65\PresentationCore.ni.dll
MOD - [2009/07/13 21:42:45 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll
MOD - [2009/07/13 21:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/13 21:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/13 21:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/13 21:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/09 01:08:28 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012/03/08 22:10:06 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/08 23:26:40 | 009,183,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/03/08 20:57:34 | 000,265,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/02/01 15:18:10 | 000,046,720 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)
DRV - [2011/12/05 12:47:16 | 000,086,032 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 15:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 DB 40 EA A5 21 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/23 16:09:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/04/23 16:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\henry ong\AppData\Roaming\Mozilla\Extensions
[2012/04/23 16:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/12 21:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/12 21:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/12 21:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.14.0.8 76.14.0.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37D74671-4FB3-4A28-A6BE-6570A1FAC4DA}: DhcpNameServer = 76.14.0.8 76.14.0.9
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/13 12:17:31 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{c6cdc5a7-8d94-11e1-9dff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c6cdc5a7-8d94-11e1-9dff-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2006/09/16 09:06:40 | 000,252,024 | R--- | M] (ArenaNet)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 18:08:41 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\Malwarebytes
[2012/04/23 18:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/23 18:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/23 18:08:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/23 18:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/23 17:41:24 | 000,000,000 | ---D | C] -- C:\Users\henry ong\Documents\Guild Wars
[2012/04/23 17:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars
[2012/04/23 17:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Guild Wars
[2012/04/23 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/04/23 17:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/04/23 17:20:15 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/04/23 16:37:45 | 000,000,000 | ---D | C] -- C:\Users\henry ong\Desktop\LeagueOfLegends
[2012/04/23 16:35:46 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/04/23 16:27:47 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\PMB Files
[2012/04/23 16:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/04/23 16:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2012/04/23 16:26:08 | 000,000,000 | ---D | C] -- C:\Windows.old
[2012/04/23 16:24:32 | 000,000,000 | ---D | C] -- C:\Users\henry ong\CS5.5 Master Collection
[2012/04/23 16:23:58 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/04/23 16:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/04/23 16:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2012/04/23 16:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/04/23 16:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/04/23 16:22:44 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\Macromedia
[2012/04/23 16:22:44 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\Adobe
[2012/04/23 16:22:31 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\Adobe
[2012/04/23 16:19:30 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\AMD
[2012/04/23 16:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/04/23 16:19:17 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\ATI
[2012/04/23 16:19:17 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\ATI
[2012/04/23 16:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT
[2012/04/23 16:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/04/23 16:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/04/23 16:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/04/23 16:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/04/23 16:14:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/04/23 16:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/04/23 16:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/04/23 16:09:56 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\Mozilla
[2012/04/23 16:09:56 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\Mozilla
[2012/04/23 16:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/04/23 16:04:46 | 000,000,000 | R--D | C] -- C:\Users\henry ong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/23 16:04:46 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Searches
[2012/04/23 16:04:46 | 000,000,000 | R--D | C] -- C:\Users\henry ong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/04/23 16:04:45 | 000,000,000 | -H-D | C] -- C:\Users\henry ong\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/04/23 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\Identities
[2012/04/23 16:04:34 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Contacts
[2012/04/23 16:04:29 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\VirtualStore
[2012/04/23 16:04:26 | 000,000,000 | --SD | C] -- C:\Users\henry ong\AppData\Roaming\Microsoft
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Videos
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Saved Games
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Pictures
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Music
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Links
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Favorites
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Downloads
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Documents
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Desktop
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\AppData\Local\Temporary Internet Files
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Templates
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Start Menu
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\SendTo
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Recent
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\PrintHood
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\NetHood
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Documents\My Videos
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Documents\My Pictures
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Documents\My Music
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\My Documents
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Local Settings
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\AppData\Local\History
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Cookies
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Application Data
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\AppData\Local\Application Data
[2012/04/23 16:04:26 | 000,000,000 | -H-D | C] -- C:\Users\henry ong\AppData
[2012/04/23 16:04:26 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\Temp
[2012/04/23 16:04:26 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\Microsoft
[2012/04/23 16:04:26 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\Media Center Programs
[2012/04/23 15:39:39 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/04/23 15:37:27 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/04/03 02:03:09 | 004,453,973 | ---- | C] (Swearware) -- C:\ComboFix.com.exe
[2012/04/03 01:35:32 | 000,000,000 | ---D | C] -- C:\FRST

========== Files - Modified Within 30 Days ==========

[2012/04/23 18:08:30 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/23 17:49:43 | 000,013,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/23 17:49:43 | 000,013,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/23 17:41:01 | 000,000,887 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars.lnk
[2012/04/23 17:24:32 | 000,000,355 | ---- | M] () -- C:\Users\henry ong\Desktop\Computer - Shortcut.lnk
[2012/04/23 17:23:31 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/04/23 16:23:56 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/04/23 16:21:41 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/23 16:21:41 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/23 16:17:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/23 16:17:18 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/04/23 16:17:07 | 2415,308,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/23 16:09:03 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/23 16:07:51 | 000,001,407 | ---- | M] () -- C:\Users\henry ong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/23 15:59:12 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/23 15:41:28 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/04/13 15:23:33 | 000,000,000 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/03 13:45:24 | 004,453,973 | ---- | M] (Swearware) -- C:\ComboFix.com.exe
[2012/04/03 12:23:24 | 001,385,843 | ---- | M] () -- C:\FRST64.exe

========== Files Created - No Company Name ==========

[2012/04/23 18:08:30 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/23 17:41:01 | 000,000,887 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars.lnk
[2012/04/23 17:24:32 | 000,000,355 | ---- | C] () -- C:\Users\henry ong\Desktop\Computer - Shortcut.lnk
[2012/04/23 17:23:31 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/04/23 16:23:56 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/04/23 16:23:56 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/04/23 16:17:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/23 16:09:03 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/23 16:09:03 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/23 16:07:51 | 000,001,407 | ---- | C] () -- C:\Users\henry ong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/23 16:05:30 | 000,001,413 | ---- | C] () -- C:\Users\henry ong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/04/23 16:04:26 | 000,000,290 | ---- | C] () -- C:\Users\henry ong\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/04/23 16:04:26 | 000,000,272 | ---- | C] () -- C:\Users\henry ong\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/04/23 15:41:11 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/04/23 15:41:01 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/04/12 07:50:23 | 000,000,000 | ---- | C] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2012/04/09 14:45:35 | 001,385,843 | ---- | C] () -- C:\FRST64.exe
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2012/03/08 21:22:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/03/08 21:22:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/01/10 14:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

========== LOP Check ==========

[2012/04/23 16:23:58 | 000,000,000 | ---D | M] -- C:\Users\henry ong\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/07/13 21:53:46 | 000,001,114 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#192
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
here's the new otl just incase it doesn't look right

OTL logfile created on: 4/23/2012 6:15:32 PM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\henry ong\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 50.64% Memory free
6.00 Gb Paging File | 4.31 Gb Available in Paging File | 71.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 222.88 Gb Free Space | 47.86% Space Free | Partition Type: NTFS
Drive D: | 2.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: FAPMACHINE | User Name: henry ong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/23 18:14:02 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\henry ong\Downloads\OTL.exe
PRC - [2012/04/23 17:41:24 | 008,156,256 | ---- | M] (ArenaNet) -- C:\Program Files\Guild Wars\Gw.exe
PRC - [2012/04/23 16:27:44 | 003,089,488 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2012/04/23 16:22:31 | 000,142,336 | ---- | M] () -- C:\Program Files\Adobe Download Assistant\Adobe Download Assistant.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/12 21:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/09 01:08:28 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012/03/08 22:10:54 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/03/08 22:10:06 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/03/07 22:04:18 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2011/09/19 15:41:04 | 002,592,768 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
PRC - [2011/05/11 00:02:04 | 000,808,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\henry ong\CS5.5 Master Collection\Adobe CS5_5\Set-up.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/23 17:56:13 | 000,495,616 | ---- | M] () -- C:\Users\henry ong\AppData\Local\Temp\GwADD74.tmp
MOD - [2012/04/23 16:27:44 | 003,089,488 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2012/04/23 16:22:44 | 004,771,200 | ---- | M] () -- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2012/04/23 16:22:31 | 000,142,336 | ---- | M] () -- C:\Program Files\Adobe Download Assistant\Adobe Download Assistant.exe
MOD - [2012/03/12 21:39:07 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/09 01:36:36 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/03/09 01:08:38 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2012/03/07 22:04:18 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011/09/19 15:41:04 | 002,592,768 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
MOD - [2009/07/13 21:55:43 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\de8525cc2e6327337e1c6917352bfe16\WindowsFormsIntegration.ni.dll
MOD - [2009/07/13 21:43:48 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll
MOD - [2009/07/13 21:43:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39f5a71b5185d267b0f55cd4cea26d6b\PresentationFramework.Aero.ni.dll
MOD - [2009/07/13 21:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009/07/13 21:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009/07/13 21:43:20 | 014,318,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68e5eeb3c6ef18ba2dc1ad70eb74aeee\PresentationFramework.ni.dll
MOD - [2009/07/13 21:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/13 21:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/13 21:42:56 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\7ce9d463a5d343fe74d6f181f9226cab\UIAutomationProvider.ni.dll
MOD - [2009/07/13 21:42:55 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b459c5815af8123e4bf30d4e05bba65\PresentationCore.ni.dll
MOD - [2009/07/13 21:42:45 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll
MOD - [2009/07/13 21:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/13 21:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/13 21:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/13 21:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/09 01:08:28 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012/03/08 22:10:06 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/08 23:26:40 | 009,183,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/03/08 20:57:34 | 000,265,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/02/01 15:18:10 | 000,046,720 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)
DRV - [2011/12/05 12:47:16 | 000,086,032 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 15:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 DB 40 EA A5 21 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/23 16:09:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/04/23 16:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\henry ong\AppData\Roaming\Mozilla\Extensions
[2012/04/23 16:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/12 21:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/12 21:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/12 21:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.14.0.8 76.14.0.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37D74671-4FB3-4A28-A6BE-6570A1FAC4DA}: DhcpNameServer = 76.14.0.8 76.14.0.9
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/13 12:17:31 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{c6cdc5a7-8d94-11e1-9dff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c6cdc5a7-8d94-11e1-9dff-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2006/09/16 09:06:40 | 000,252,024 | R--- | M] (ArenaNet)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 18:08:41 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\Malwarebytes
[2012/04/23 18:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/23 18:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/23 18:08:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/23 18:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/23 17:41:24 | 000,000,000 | ---D | C] -- C:\Users\henry ong\Documents\Guild Wars
[2012/04/23 17:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars
[2012/04/23 17:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Guild Wars
[2012/04/23 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/04/23 17:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/04/23 17:20:15 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/04/23 16:37:45 | 000,000,000 | ---D | C] -- C:\Users\henry ong\Desktop\LeagueOfLegends
[2012/04/23 16:35:46 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/04/23 16:27:47 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\PMB Files
[2012/04/23 16:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/04/23 16:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2012/04/23 16:26:08 | 000,000,000 | ---D | C] -- C:\Windows.old
[2012/04/23 16:24:32 | 000,000,000 | ---D | C] -- C:\Users\henry ong\CS5.5 Master Collection
[2012/04/23 16:23:58 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/04/23 16:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/04/23 16:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2012/04/23 16:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/04/23 16:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/04/23 16:22:44 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\Macromedia
[2012/04/23 16:22:44 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\Adobe
[2012/04/23 16:22:31 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\Adobe
[2012/04/23 16:19:30 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\AMD
[2012/04/23 16:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/04/23 16:19:17 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\ATI
[2012/04/23 16:19:17 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\ATI
[2012/04/23 16:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT
[2012/04/23 16:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/04/23 16:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/04/23 16:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/04/23 16:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/04/23 16:14:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/04/23 16:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/04/23 16:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/04/23 16:09:56 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\Mozilla
[2012/04/23 16:09:56 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\Mozilla
[2012/04/23 16:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/04/23 16:04:46 | 000,000,000 | R--D | C] -- C:\Users\henry ong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/23 16:04:46 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Searches
[2012/04/23 16:04:46 | 000,000,000 | R--D | C] -- C:\Users\henry ong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/04/23 16:04:45 | 000,000,000 | -H-D | C] -- C:\Users\henry ong\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/04/23 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\Identities
[2012/04/23 16:04:34 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Contacts
[2012/04/23 16:04:29 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\VirtualStore
[2012/04/23 16:04:26 | 000,000,000 | --SD | C] -- C:\Users\henry ong\AppData\Roaming\Microsoft
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Videos
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Saved Games
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Pictures
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Music
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Links
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Favorites
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Downloads
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Documents
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\Desktop
[2012/04/23 16:04:26 | 000,000,000 | R--D | C] -- C:\Users\henry ong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\AppData\Local\Temporary Internet Files
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Templates
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Start Menu
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\SendTo
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Recent
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\PrintHood
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\NetHood
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Documents\My Videos
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Documents\My Pictures
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Documents\My Music
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\My Documents
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Local Settings
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\AppData\Local\History
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Cookies
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\Application Data
[2012/04/23 16:04:26 | 000,000,000 | -HSD | C] -- C:\Users\henry ong\AppData\Local\Application Data
[2012/04/23 16:04:26 | 000,000,000 | -H-D | C] -- C:\Users\henry ong\AppData
[2012/04/23 16:04:26 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\Temp
[2012/04/23 16:04:26 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Local\Microsoft
[2012/04/23 16:04:26 | 000,000,000 | ---D | C] -- C:\Users\henry ong\AppData\Roaming\Media Center Programs
[2012/04/23 15:39:39 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/04/23 15:37:27 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/04/03 02:03:09 | 004,453,973 | ---- | C] (Swearware) -- C:\ComboFix.com.exe
[2012/04/03 01:35:32 | 000,000,000 | ---D | C] -- C:\FRST

========== Files - Modified Within 30 Days ==========

[2012/04/23 18:08:30 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/23 17:49:43 | 000,013,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/23 17:49:43 | 000,013,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/23 17:41:01 | 000,000,887 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars.lnk
[2012/04/23 17:24:32 | 000,000,355 | ---- | M] () -- C:\Users\henry ong\Desktop\Computer - Shortcut.lnk
[2012/04/23 17:23:31 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/04/23 16:23:56 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/04/23 16:21:41 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/23 16:21:41 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/23 16:17:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/23 16:17:18 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/04/23 16:17:07 | 2415,308,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/23 16:09:03 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/23 16:07:51 | 000,001,407 | ---- | M] () -- C:\Users\henry ong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/23 15:59:12 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/23 15:41:28 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/04/13 15:23:33 | 000,000,000 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/03 13:45:24 | 004,453,973 | ---- | M] (Swearware) -- C:\ComboFix.com.exe
[2012/04/03 12:23:24 | 001,385,843 | ---- | M] () -- C:\FRST64.exe

========== Files Created - No Company Name ==========

[2012/04/23 18:08:30 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/23 17:41:01 | 000,000,887 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars.lnk
[2012/04/23 17:24:32 | 000,000,355 | ---- | C] () -- C:\Users\henry ong\Desktop\Computer - Shortcut.lnk
[2012/04/23 17:23:31 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/04/23 16:23:56 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/04/23 16:23:56 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/04/23 16:17:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/23 16:09:03 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/23 16:09:03 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/23 16:07:51 | 000,001,407 | ---- | C] () -- C:\Users\henry ong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/23 16:05:30 | 000,001,413 | ---- | C] () -- C:\Users\henry ong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/04/23 16:04:26 | 000,000,290 | ---- | C] () -- C:\Users\henry ong\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/04/23 16:04:26 | 000,000,272 | ---- | C] () -- C:\Users\henry ong\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/04/23 15:41:11 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/04/23 15:41:01 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/04/12 07:50:23 | 000,000,000 | ---- | C] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2012/04/09 14:45:35 | 001,385,843 | ---- | C] () -- C:\FRST64.exe
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2012/03/08 21:22:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/03/08 21:22:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/01/10 14:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

========== LOP Check ==========

[2012/04/23 16:23:58 | 000,000,000 | ---D | M] -- C:\Users\henry ong\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/07/13 21:53:46 | 000,001,114 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#193
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I see this is OTL.exe and not OTLPE CD. Did you manage to run exe files now? That would be great.

Can you try to download new Combofix and try to run it? Please note that you didn't actually renamed Combofix last time because there are two extensions et the end C:\ComboFix.com.exe. If you can't run it as EXE make sure to rename it as ComboFix.com or abc.com without .exe at the end.
  • 0

#194
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
k combofix is running right now
  • 0

#195
neataznyam

neataznyam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
ComboFix 12-04-23.03 - henry ong 04/23/2012 23:12:50.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.1666 [GMT -7:00]
Running from: c:\users\henry ong\Downloads\ComboFix.exe.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\readme.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 06:21 . 2012-04-24 06:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 05:18 . 2012-04-24 05:18 -------- d-----w- C:\Riot Games
2012-04-24 05:10 . 2012-04-24 05:10 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-24 04:20 . 2012-04-24 04:20 -------- d-----w- c:\program files\Microsoft.NET
2012-04-24 04:19 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-04-24 04:19 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-04-24 04:19 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-04-24 04:19 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-04-24 04:19 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-04-24 04:07 . 2012-04-24 04:07 -------- d-----w- c:\programdata\DeviceVm
2012-04-24 04:07 . 2012-04-24 04:07 -------- d--h--w- c:\program files\DeviceVM
2012-04-24 04:06 . 2012-04-24 06:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-24 04:05 . 2012-04-24 06:10 -------- d-----w- c:\program files\Norton Internet Security
2012-04-24 04:05 . 2012-04-24 04:06 -------- d-----w- c:\programdata\Norton
2012-04-24 04:03 . 2012-04-24 04:03 -------- d-----w- c:\program files\NortonInstaller
2012-04-24 04:03 . 2008-01-04 20:34 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2012-04-24 04:03 . 2008-01-04 20:34 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2012-04-24 03:53 . 2010-05-15 11:11 886688 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2012-04-24 03:53 . 2010-05-15 11:11 73120 ----a-w- c:\windows\system32\ViaMicArrayPropPageExt.dll
2012-04-24 03:53 . 2010-05-15 11:11 510368 ----a-w- c:\windows\system32\VIASysFx.dll
2012-04-24 03:53 . 2010-05-15 11:11 80288 ----a-w- c:\windows\system32\Dts2PropPageExt.dll
2012-04-24 03:53 . 2010-05-15 11:11 215968 ----a-w- c:\windows\system32\Dts2APO.dll
2012-04-24 03:53 . 2010-05-15 11:11 185248 ----a-w- c:\windows\system32\ViaMicArrayAPO.dll
2012-04-24 03:53 . 2010-05-15 11:11 1150880 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2012-04-24 03:53 . 2007-12-04 03:28 76288 ----a-w- c:\windows\system32\nQPropPageExt.dll
2012-04-24 03:53 . 2007-12-04 03:28 71680 ----a-w- c:\windows\system32\nQAPO.dll
2012-04-24 03:51 . 2012-04-24 04:02 -------- d-----w- c:\program files\Common Files\InstallShield
2012-04-24 03:46 . 2004-02-17 07:00 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2012-04-24 03:46 . 2004-02-27 07:00 962612 ----a-w- c:\windows\system32\mfc42d.dll
2012-04-24 03:46 . 2009-09-30 03:33 24576 ----a-r- c:\windows\system32\AsIO.dll
2012-04-24 03:46 . 2009-08-04 02:28 11296 ----a-r- c:\windows\system32\drivers\AsIO.sys
2012-04-24 03:46 . 2012-04-24 04:03 -------- d-----w- c:\program files\ASUS
2012-04-24 03:31 . 2012-04-24 03:31 -------- d-----w- c:\windows\system32\Wat
2012-04-24 03:27 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2012-04-24 03:13 . 2012-04-24 03:13 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-04-24 03:05 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2012-04-24 03:04 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-24 03:04 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-24 03:03 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2012-04-24 02:51 . 2012-04-24 05:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-04-24 02:20 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2012-04-24 02:20 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-24 02:20 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2012-04-24 02:20 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-04-24 02:18 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-04-24 02:05 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-24 02:05 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-04-24 02:05 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2012-04-24 01:58 . 2012-04-24 01:58 -------- d-----w- c:\programdata\ALM
2012-04-24 01:56 . 2012-04-24 01:56 -------- d-----w- c:\programdata\McAfee
2012-04-24 01:56 . 2012-04-24 01:56 -------- d-----w- c:\programdata\McAfee Security Scan
2012-04-24 01:56 . 2012-04-24 01:56 -------- d-----w- c:\program files\McAfee Security Scan
2012-04-24 01:33 . 2012-04-24 01:33 -------- d-----w- c:\program files\My Company Name
2012-04-24 01:33 . 2012-04-24 01:33 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2012-04-24 01:24 . 2012-04-24 01:24 -------- d-----w- c:\windows\system32\Macromed
2012-04-24 01:19 . 2012-04-24 01:58 -------- d-----w- c:\program files\Common Files\Adobe
2012-04-24 01:08 . 2012-04-24 01:08 -------- d-----w- c:\programdata\Malwarebytes
2012-04-24 01:08 . 2012-04-24 01:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-24 01:08 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-24 00:41 . 2012-04-24 00:41 -------- d-----w- c:\program files\Guild Wars
2012-04-24 00:23 . 2008-07-31 17:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2012-04-24 00:23 . 2008-07-31 17:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2012-04-24 00:23 . 2008-07-12 15:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-04-24 00:23 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-04-24 00:23 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-04-23 23:35 . 2012-04-23 23:04 -------- d-----w- c:\windows\Panther
2012-04-23 23:35 . 2012-04-18 10:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{759EE162-FEF2-4DCB-B542-6CEBA2221B95}\mpengine.dll
2012-04-23 23:35 . 2012-02-23 17:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-23 23:27 . 2012-04-24 05:17 -------- d-----w- c:\programdata\PMB Files
2012-04-23 23:27 . 2012-04-23 23:27 -------- d-----w- c:\program files\Pando Networks
2012-04-23 23:26 . 2012-04-23 23:26 -------- d-----w- C:\Windows.old
2012-04-23 23:23 . 2012-04-23 23:23 -------- d-----w- c:\program files\Adobe Download Assistant
2012-04-23 23:23 . 2012-04-23 23:23 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-04-23 23:19 . 2012-04-23 23:19 -------- d-----w- c:\programdata\ATI
2012-04-23 23:17 . 2012-04-23 23:17 0 ----a-w- c:\windows\ativpsrm.bin
2012-04-23 23:15 . 2012-04-23 23:15 -------- d-----w- c:\program files\AMD AVT
2012-04-23 23:15 . 2012-04-23 23:15 -------- d-----w- c:\program files\AMD APP
2012-04-23 23:15 . 2012-04-23 23:15 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-04-23 23:14 . 2012-04-23 23:15 -------- d-----w- c:\programdata\AMD
2012-04-23 23:14 . 2010-02-18 16:18 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2012-04-23 23:14 . 2012-04-24 06:09 -------- d-sh--w- c:\windows\Installer
2012-04-23 23:14 . 2012-04-23 23:15 -------- d-----w- c:\program files\ATI Technologies
2012-04-23 23:14 . 2012-04-23 23:14 -------- d-----w- c:\program files\ATI
2012-04-23 23:09 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-23 23:09 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 23:09 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-23 23:09 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-23 23:09 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-23 23:09 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-23 23:09 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2012-04-23 23:06 . 2012-04-24 06:02 -------- d-----w- c:\windows\system32\wbem\Performance
2012-04-23 23:04 . 2012-04-24 01:48 -------- d-----w- c:\users\henry ong
2012-04-03 08:35 . 2012-04-03 11:03 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 08:26 . 2012-03-09 08:26 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-03-09 08:26 . 2012-03-09 08:26 54784 ----a-w- c:\windows\system32\OVDecode.dll
2012-03-09 08:25 . 2012-03-09 08:25 13238272 ----a-w- c:\windows\system32\amdocl.dll
2012-03-09 08:24 . 2012-03-09 08:24 48128 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 06:26 . 2012-03-09 06:26 9183232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2012-03-09 05:16 791552 ----a-w- c:\windows\system32\aticfx32.dll
2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:10 . 2012-03-09 05:10 405504 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-03-09 05:07 . 2012-03-09 05:07 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\system32\atidxx32.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\system32\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\system32\atiumdva.dll
2012-03-09 04:23 . 2012-03-09 04:23 5954048 ----a-w- c:\windows\system32\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\system32\aticaldd.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-03-09 03:57 . 2012-03-09 03:57 265216 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2012-03-09 03:56 . 2012-03-09 03:56 30208 ----a-w- c:\windows\system32\atiu9pag.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2011-04-20 08:27 51200 ----a-w- c:\windows\system32\coinst.dll
2012-01-31 14:00 . 2012-01-31 14:00 16896 ----a-w- c:\windows\system32\kdbsdk32.dll
2012-03-13 04:39 . 2012-04-23 23:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 1683360]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 163328]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-09 291840]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-02-01 46720]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 9183232]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 265216]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-12-05 86032]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S4 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20091105.001\IDSVix86.sys [x]
S4 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1105000.07F\SYMDS.SYS [x]
S4 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1105000.07F\SYMEFA.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - EECTRL
*NewlyCreated* - ERASERUTILDRV11122
*NewlyCreated* - FASTFAT
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WUDFPF
*Deregistered* - BHDrvx86
*Deregistered* - ccHP
*Deregistered* - EraserUtilDrv11122
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SRTSPX
*Deregistered* - SymEvent
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 76.14.0.8 76.14.0.9
FF - ProfilePath - c:\users\henry ong\AppData\Roaming\Mozilla\Firefox\Profiles\2yhwfed1.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-23 23:24:16
ComboFix-quarantined-files.txt 2012-04-24 06:24
.
Pre-Run: 229,235,466,240 bytes free
Post-Run: 229,341,888,512 bytes free
.
- - End Of File - - 85103E5DFD84CD464E6D13E877F96F30
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP