Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible infection and/or deleted something important [Closed] [Solved

Started by cherinacherine , Apr 12 2013 08:58 PM

  • This topic is locked This topic is locked

#1
cherinacherine
Posted 12 April 2013 - 08:58 PM

cherinacherine

    Member

  • Member
  • PipPip
  • 49 posts
I'm not sure if I have malware, or if I accidentally wrecked my computer myself.

A couple of weeks ago my computer drastically slowed down, started freezing up, and when I ran MalwareBytes it showed some kind of virus, which I tried to remove. Instead, I seem to have made it worse. It locked up my browser (Opera), and kept restarting my computer. I couldn't access the internet so I (tried to) go back to a previous restore point (I think that's what it's called).
It seemed to work, and while my computer was a little slower then usual my browser was working again and my computer stopped freezing up.

In the last week my computer has slowed down even more, and it's taking a long time for anything to load, if it loads at all. I'm leery about trying to figure out the problem myself in case I make it worse.

I hope this is the correct forum, and if not, I'm really sorry.



------










OTL logfile created on: 4/12/2013 10:40:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gwei\Documents
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 44.19% Memory free
8.15 Gb Paging File | 5.89 Gb Available in Paging File | 72.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.16 Gb Total Space | 40.22 Gb Free Space | 18.52% Space Free | Partition Type: NTFS
Drive D: | 15.72 Gb Total Space | 8.03 Gb Free Space | 51.07% Space Free | Partition Type: NTFS

Computer Name: GWEI-PC | User Name: Gwei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/12 22:36:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gwei\Documents\OTL.exe
PRC - [2013/03/20 22:02:03 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2011/11/28 02:53:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_22\bin\java.exe
PRC - [2011/11/28 02:53:47 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2launcher.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/11/06 18:19:57 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Gwei\Program Files (x86)\DNA\btdna.exe
PRC - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 18:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/27 19:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 04:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Gwei\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 04:57:06 | 013,130,704 | ---- | M] () -- C:\Users\Gwei\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 04:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Gwei\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 04:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Gwei\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/03/20 22:02:55 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2013/03/20 22:02:54 | 000,312,832 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2013/03/20 22:02:54 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2013/03/20 22:02:54 | 000,101,888 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2013/03/20 22:02:54 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2013/03/20 22:02:54 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2013/03/20 22:02:54 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2013/03/20 22:02:54 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2013/03/20 22:02:54 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2013/03/20 22:02:54 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2013/03/20 22:02:54 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2013/03/20 22:02:53 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MOD - [2013/03/19 13:08:47 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2011/11/28 02:57:16 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/11/28 02:53:47 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2native.dll
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/09/27 19:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe


========== Services (SafeList) ==========

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/01/30 00:24:38 | 000,410,624 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/29 13:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/07/27 13:49:46 | 000,119,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files (x86)\IDT\WDM\stacsv64.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/01/25 21:46:52 | 000,150,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 22:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:47:27 | 000,214,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 22:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/03 23:57:26 | 000,062,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/01/01 20:53:08 | 007,172,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/10/31 15:44:38 | 003,197,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64)
DRV:64bit: - [2007/09/30 02:03:32 | 000,384,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/07/27 13:50:24 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/07/26 06:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/05/23 20:47:28 | 000,020,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/01/30 00:24:06 | 000,009,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/12/22 00:33:28 | 001,511,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2006/12/22 00:30:50 | 000,300,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2006/12/22 00:29:48 | 000,731,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/11/17 18:22:06 | 000,297,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/10/06 22:13:22 | 000,550,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2006/06/19 02:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...ys=PTB&M=T-6836
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=T-6836
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=PTB&M=T-6836
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sanriotow...dex.php?lang=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {DDFA09EE-903F-4255-959C-08D4CF23F436}
IE - HKCU\..\SearchScopes\{DDFA09EE-903F-4255-959C-08D4CF23F436}: "URL" = http://www.google.co...ie7&rlz=1I7GWYE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Gwei\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Gwei\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Gwei\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Gwei\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Gwei\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gwei\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gwei\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.facebook.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Gwei\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gwei\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gwei\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Gwei\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Gwei\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Candy = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiejadjmcgacmocgeegodfhligbpecdg\1.0\
CHR - Extension: Gmail = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/04 10:21:23 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Gwei\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Sanriotown email alert] C:\Program Files (x86)\Sanriotown\E-mail Alert\MAClient -auto File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8B10F2C-1906-4432-BCE6-D5DCA0184B3C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Gwei\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gwei\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/12 22:36:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gwei\Documents\OTL.exe
[2013/04/12 06:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/31 06:52:20 | 000,000,000 | ---D | C] -- C:\Users\Gwei\AppData\Roaming\Mozilla
[2013/03/20 22:30:05 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Gwei\Documents\TFC.exe
[2013/03/19 13:08:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

========== Files - Modified Within 30 Days ==========

[2013/04/12 22:36:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gwei\Documents\OTL.exe
[2013/04/12 21:57:39 | 000,003,216 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/12 21:57:39 | 000,003,216 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/12 21:52:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1935358621-21101508-4254277831-1000UA.job
[2013/04/12 20:52:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1935358621-21101508-4254277831-1000Core.job
[2013/04/12 19:57:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/12 06:35:10 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/12 06:35:10 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/12 06:35:10 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/12 06:27:56 | 4284,932,096 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/12 03:34:21 | 000,192,678 | ---- | M] () -- C:\Users\Gwei\Documents\Photo-0196.jpg
[2013/04/11 00:53:25 | 000,002,050 | ---- | M] () -- C:\Users\Gwei\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/03 13:28:26 | 000,040,231 | ---- | M] () -- C:\Users\Gwei\Documents\the water wars.jpg
[2013/03/22 21:32:56 | 000,002,854 | ---- | M] () -- C:\Users\Gwei\.recently-used.xbel
[2013/03/20 22:30:06 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Gwei\Documents\TFC.exe
[2013/03/19 13:23:53 | 000,230,912 | ---- | M] () -- C:\Users\Gwei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2013/04/12 03:33:38 | 000,192,678 | ---- | C] () -- C:\Users\Gwei\Documents\Photo-0196.jpg
[2013/04/03 13:28:26 | 000,040,231 | ---- | C] () -- C:\Users\Gwei\Documents\the water wars.jpg
[2013/03/22 21:32:56 | 000,002,854 | ---- | C] () -- C:\Users\Gwei\.recently-used.xbel
[2012/11/05 15:19:10 | 000,690,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/05 10:12:47 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-GWEI-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2012/06/25 12:19:53 | 022,444,502 | ---- | C] () -- C:\Users\Gwei\TheVelveteenRabbit-noisereduction.mp3
[2012/06/25 11:40:39 | 022,418,560 | ---- | C] () -- C:\Users\Gwei\VelveteenRabbit.mp3
[2012/06/25 11:38:33 | 000,081,580 | ---- | C] () -- C:\Users\Gwei\Rabbitaudacity.aup
[2012/06/22 13:28:22 | 003,581,519 | ---- | C] () -- C:\Users\Gwei\bloodyjack.mp3
[2010/03/16 01:16:45 | 000,000,745 | ---- | C] () -- C:\Users\Gwei\AppData\Roaming\AtomicAlarmClock.ini
[2009/05/13 01:57:59 | 000,005,972 | ---- | C] () -- C:\Users\Gwei\AppData\Local\d3d9caps.dat
[2008/09/17 04:18:19 | 000,230,912 | ---- | C] () -- C:\Users\Gwei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2008/11/06 09:32:58 | 012,897,792 | ---- | M] ()
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 09:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/03/03 00:53:36 | 000,891,392 | ---- | M] ()
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/03/03 00:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2013/01/18 20:43:01 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\Audacity
[2009/12/18 01:53:15 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\BitTorrent
[2013/04/12 22:37:59 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\DNA
[2013/03/25 00:32:54 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\gtk-2.0
[2012/09/28 08:30:23 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\hellomoto
[2011/03/16 06:59:11 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\Oberon Media
[2012/09/28 09:17:54 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\Octoshape
[2011/11/28 02:59:30 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\OpenOffice.org
[2012/11/04 08:37:43 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\Opera
[2012/01/15 08:03:39 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\OverDrive
[2011/03/16 07:00:01 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\Pogo
[2009/10/04 02:28:05 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Gwei\Documents\[TV] arashi ni shiyagare 20111015 - kame part (11m)(1280x720)(KAL)..avi:TOC.WMV
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F3AB0B43

< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 26 April 2013 - 03:38 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello cherinacherine,

Sorry for the delay.

If you still have that Malwarebytes scan which found something please post it back.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

For now

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next

Please download Security Check by screen317 from here .

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
So when you return please post
  • MBAM log
  • JRT.txt
  • checkup.txt
  • 0

#3
emeraldnzl
Posted 18 May 2013 - 01:32 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
emeraldnzl
Posted 26 May 2013 - 02:41 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Topic re-opened at users request.
  • 0

#5
cherinacherine
Posted 27 May 2013 - 02:41 AM

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi, thank you for reopening this topic!

I looked in the logs section of Malwarebytes like you said, and all of my previous scans except for my most recent is there. I'm not sure why it's not showing up.

Also, before contacting you yesterday I'd run a ESET antivirus scan (the free one) on my computer, and one of the viruses it couldn't delete.
Should I continue with your previous instructions (with the Junkware Removal Tool), or does this new virus change what I'd need?

---

C:\Users\Gwei\2547356.exe a variant of Win32/Kryptik.BBZD trojan cleaned by deleting - quarantined
C:\Users\Gwei\AppData\Local\temp\msimg32.dll a variant of Win32/Kryptik.BBZD trojan cleaned by deleting - quarantined
C:\Users\Gwei\Downloads\downloadmanager_Setup.exe a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
C:\Users\Gwei\Downloads\XvidSetup.exe a variant of Win32/Adware.LIImpact.A application cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.FV trojan
  • 0

#6
cherinacherine
Posted 27 May 2013 - 04:28 AM

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
This error message just randomly popped up. I'm not sure if it's anything.


Posted Image
  • 0

#7
emeraldnzl
Posted 27 May 2013 - 01:40 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

does this new virus change what I'd need?


Yes we can save the junkware one until later, for now, let's do this:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. For your machine that will be the 64bit version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • 0

#8
cherinacherine
Posted 27 May 2013 - 01:57 PM

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-05-2013
Ran by Gwei (administrator) on 27-05-2013 15:50:11
Running from C:\Users\Gwei\Documents
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Intel Corporation) C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(IDT, Inc.) C:\Program Files (x86)\IDT\WDM\STacSV64.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(IDT, Inc.) C:\Windows\sttray64.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(BitTorrent, Inc.) C:\Users\Gwei\Program Files (x86)\DNA\btdna.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Users\Gwei\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gwei\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gwei\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Google Inc.) C:\Users\Gwei\AppData\Local\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Farbar) C:\Users\Gwei\Documents\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] "C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] sttray64.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [963584 2006-11-17] (Synaptics, Inc.)
HKLM-x32\...\Runonce: [Launcher] %WINDIR%\SMINST\launcher.exe [x]
HKCU\...\Run: [BitTorrent DNA] "C:\Users\Gwei\Program Files (x86)\DNA\btdna.exe" [323392 2009-11-06] (BitTorrent, Inc.)
HKCU\...\Run: [Sanriotown email alert] C:\Program Files (x86)\Sanriotown\E-mail Alert\MAClient -auto [x]
HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2969496 2010-09-22] ()
HKCU\...\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5244216 2010-03-03] (Yahoo! Inc.)
HKCU\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update] "C:\Users\Gwei\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-05-22] (Google Inc.)
HKCU\...\Run: [Octoshape Streaming Services] "C:\Users\Gwei\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun [107800 2011-03-24] (Octoshape ApS)
HKLM-x32\...\Runonce: [Launcher] %WINDIR%\SMINST\launcher.exe [x]
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1935358621-21101508-4254277831-1000\$5f0c4a3a0699eed6fd9fa7077de679d4\n. ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe" [638976 2007-09-13] (Chicony)
HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [1312080 2009-09-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-09-24] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\BigFix.lnk
ShortcutTarget: BigFix.lnk -> C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
Startup: C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sanriotow...dex.php?lang=us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=T-6836
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...ys=PTB&M=T-6836
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
HKLM-x32 SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll No File
PDF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [19968] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======
CHR HomePage: hxxp://www.facebook.com/
CHR RestoreOnStartup: "hxxp://www.facebook.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U23) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DNA Plug-in) - C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Gwei\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Move Streaming Media Player) - C:\Users\Gwei\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Candy) - C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiejadjmcgacmocgeegodfhligbpecdg\1.0
CHR Extension: (Gmail) - C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 STacSV; C:\Program Files (x86)\IDT\WDM\STacSV64.exe [119296 2007-07-27] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

S1 Beep; No ImagePath
R3 GEARAspiWDM; System32\Drivers\GEARAspiWDM.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-27 15:49 - 2013-05-27 15:49 - 00000000 ____D C:\FRST
2013-05-27 15:47 - 2013-05-27 15:47 - 01915616 ____A (Farbar) C:\Users\Gwei\Documents\FRST64.exe
2013-05-27 15:44 - 2013-05-27 15:45 - 00001436 ____A C:\Windows\SysWOW64\FSS.txt
2013-05-26 07:09 - 2013-05-26 08:32 - 00001794 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-05-26 07:09 - 2013-05-26 08:30 - 00000000 ____D C:\Users\Gwei\AppData\Roaming\vlc
2013-05-16 15:54 - 2013-05-16 15:54 - 00000000 ____D C:\Users\Gwei\AppData\Local\Octoshape
2013-05-15 22:00 - 2013-05-15 22:01 - 00000248 ____A C:\Users\Gwei\Documents\taco bell food list.txt
2013-05-13 22:52 - 2013-05-13 22:52 - 00000000 ____D C:\Users\Gwei\AppData\Roaming\Mozilla
2013-04-27 14:02 - 2013-04-29 16:38 - 00000000 ____D C:\Users\Gwei\Documents\Evil Neighbors

==================== One Month Modified Files and Folders =======

2013-05-27 15:49 - 2013-05-27 15:49 - 00000000 ____D C:\FRST
2013-05-27 15:47 - 2013-05-27 15:47 - 01915616 ____A (Farbar) C:\Users\Gwei\Documents\FRST64.exe
2013-05-27 15:47 - 2008-10-29 16:06 - 00000000 ____D C:\Users\Gwei\AppData\Roaming\DNA
2013-05-27 15:45 - 2013-05-27 15:44 - 00001436 ____A C:\Windows\SysWOW64\FSS.txt
2013-05-27 15:45 - 2012-09-28 10:48 - 00000000 ____D C:\Users\Gwei\Downloads\Antivirus
2013-05-27 15:43 - 2011-04-23 11:08 - 00000000 ____D C:\Users\Gwei\Documents\Mixmatch
2013-05-27 15:15 - 2013-01-18 17:37 - 00000000 ____D C:\Users\Gwei\AppData\Roaming\Skype
2013-05-27 14:57 - 2010-05-22 16:28 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935358621-21101508-4254277831-1000UA.job
2013-05-27 14:57 - 2010-05-22 16:28 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935358621-21101508-4254277831-1000Core.job
2013-05-27 13:55 - 2011-01-15 05:06 - 00048868 ____A C:\Users\Gwei\Desktop\Medication Schedual.txt
2013-05-27 13:55 - 2006-11-02 11:22 - 00003216 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-27 13:55 - 2006-11-02 11:22 - 00003216 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-27 04:09 - 2008-09-17 02:53 - 01723501 ____A C:\Windows\WindowsUpdate.log
2013-05-26 15:25 - 2008-09-17 04:05 - 00000000 ____D C:\users\Gwei
2013-05-26 13:21 - 2010-09-22 18:35 - 00000000 ____D C:\Users\Gwei\AppData\Local\PMB Files
2013-05-26 12:53 - 2009-11-10 06:08 - 00000000 ____D C:\Program Files (x86)\Opera
2013-05-26 12:51 - 2013-01-18 17:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-26 12:51 - 2013-01-18 17:37 - 00000000 ____D C:\ProgramData\Skype
2013-05-26 12:51 - 2009-09-24 12:01 - 00000000 ____D C:\Users\Gwei\Tracing
2013-05-26 08:32 - 2013-05-26 07:09 - 00001794 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-05-26 08:30 - 2013-05-26 07:09 - 00000000 ____D C:\Users\Gwei\AppData\Roaming\vlc
2013-05-26 04:23 - 2011-08-10 22:03 - 00000000 ____D C:\Users\Gwei\Documents\My Kindle Content
2013-05-16 15:54 - 2013-05-16 15:54 - 00000000 ____D C:\Users\Gwei\AppData\Local\Octoshape
2013-05-16 15:54 - 2012-05-26 18:16 - 00000000 ____D C:\Users\Gwei\AppData\Roaming\Octoshape
2013-05-15 22:01 - 2013-05-15 22:00 - 00000248 ____A C:\Users\Gwei\Documents\taco bell food list.txt
2013-05-14 11:35 - 2008-09-17 03:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-05-13 22:52 - 2013-05-13 22:52 - 00000000 ____D C:\Users\Gwei\AppData\Roaming\Mozilla
2013-04-30 17:31 - 2011-11-28 12:10 - 00000000 ____D C:\Users\Gwei\Documents\College Prep
2013-04-29 16:38 - 2013-04-27 14:02 - 00000000 ____D C:\Users\Gwei\Documents\Evil Neighbors

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1935358621-21101508-4254277831-1000\$5f0c4a3a0699eed6fd9fa7077de679d4

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-04-12 06:33

==================== End Of Log ============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2013
Ran by Gwei at 2013-05-27 15:50:53 Run:
Running from C:\Users\Gwei\Documents
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
AC3Filter (remove only)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Digital Editions
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Flash Player 9 ActiveX (Version: 9.0.115.0)
Adobe Reader 9.5.4 (Version: 9.5.4)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
ALTools Update
ALZip (Version: v8.12)
Amazon Kindle
Apple Application Support (Version: 1.3.2)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (Version: 2.1.3.127)
Audacity 2.0
AudibleManager (Version: 476417994.-2.2007378960.2007167672)
AutoUpdate (Version: 1.1)
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BigFix (Version: 2.2.0.04)
BitTorrent
Bonjour (Version: 2.0.3.0)
Camera Assistant Software for Gateway (Version: 1.7.049.0927)
Compatibility Pack for the 2007 Office system (Version: 12.0.6215.1000)
CyberLink Power2Go (Version: 5.0.3925)
DivX Codec (Version: 6.8.4)
DivX Converter (Version: 6.6.1)
DivX Player (Version: 6.8.2)
DivX Web Player (Version: 1.5.0)
DNA (Version: 2.2.4 (16502))
dotoo
DVDStyler v1.7.1
ERUNT 1.1j
ESET Online Scanner v3
Gateway Games (Version: 1.0.0.71)
Gateway Recovery Center Installer (Version: 1.01.044)
GearDrvs (Version: 1.00.0000)
GIMP 2.6.8
Google Chrome (Version: 27.0.1453.94)
Google Talk Plugin (Version: 3.19.1.13088)
HDAUDIO Soft Data Fax Modem with SmartCP
Hello Kitty® Online Downloader
Hello Kitty® Online North America
Hiragana
IDT Audio (Version: 5.10.5303.0)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 10.0.1.22)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
KeyHoleTV
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Money Essentials (Version: 16)
Microsoft Money Shared Libraries (Version: 16.0.0.705)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6215.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6215.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6215.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Suite Activation Assistant (Version: 2.7)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Silverlight (Version: 3.0.40818.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 9.7.0621)
Move Media Player
MPC-HC 1.6.4.6052 (64-bit) (Version: 1.6.4.6052)
MSVCRT (Version: 14.0.1468.721)
Napster (Version: 4.1.0.4)
Napster Burn Engine (Version: 3.5.0000)
Nidesoft Video Converter v2.3
Octoshape Streaming Services
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 12.15 (Version: 12.15.1748)
OverDrive Media Console (Version: 3.2.10)
Pando Media Booster (Version: 2.3.4.3)
Pandora : Opera Widget
QuickTime (Version: 7.68.75.0)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek USB 2.0 Card Reader (Version: )
Rhapsody
Skype™ 6.3 (Version: 6.3.107)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Synaptics Pointing Device Driver (Version: 9.1.3.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VLC media player 2.0.6 (Version: 2.0.6)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Yahoo! Messenger

==================== Restore Points =========================

25-03-2013 04:27:59 Restore Operation
09-04-2013 00:47:04 Scheduled Checkpoint
11-04-2013 12:10:43 Scheduled Checkpoint
13-04-2013 06:01:27 Scheduled Checkpoint
22-04-2013 00:03:25 Scheduled Checkpoint
26-04-2013 20:26:19 Scheduled Checkpoint
27-04-2013 18:58:49 Scheduled Checkpoint
29-04-2013 12:50:41 Scheduled Checkpoint
30-04-2013 08:54:40 Scheduled Checkpoint
25-05-2013 14:45:26 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2013 03:55:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 42793648

Error: (05/27/2013 03:55:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 42793648

Error: (05/27/2013 03:55:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2013 04:02:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3806

Error: (05/26/2013 04:02:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3806

Error: (05/26/2013 04:02:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2013 01:29:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error: (05/26/2013 00:51:48 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/26/2013 00:51:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/26/2013 00:50:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (05/27/2013 03:55:54 AM) (Source: Service Control Manager) (User: )
Description: 30000Wlansvc

Error: (04/12/2013 06:30:02 AM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (04/12/2013 06:28:03 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (04/11/2013 06:01:45 PM) (Source: Service Control Manager) (User: )
Description: 30000STacSV

Error: (03/25/2013 00:35:48 AM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (03/25/2013 00:34:15 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (03/23/2013 05:47:00 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (03/23/2013 05:45:16 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (03/21/2013 00:56:46 AM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (03/21/2013 00:55:02 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-05-27 15:50:31.187
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-27 15:50:31.151
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-27 15:50:31.121
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-27 15:50:31.091
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-27 15:50:31.051
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-27 15:50:31.021
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-27 15:50:30.981
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-27 15:50:30.951
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-27 15:45:00.838
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-27 15:45:00.792
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 66%
Total physical RAM: 4085.5 MB
Available physical RAM: 1369.05 MB
Total Pagefile: 8372.32 MB
Available Pagefile: 5300.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Partition_1) (Fixed) (Total:217.16 GB) (Free:41.75 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:15.72 GB) (Free:8.03 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows Vista) (Size: 233 GB) (Disk ID: B318EAC5)
Partition 1: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=217 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#9
emeraldnzl
Posted 27 May 2013 - 02:12 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello cherinacherine,

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Download and run the Junkware Remover one in my first posting.

When you return please post
  • Fixlog.txt
  • JRT.txt
  • 0

#10
cherinacherine
Posted 27 May 2013 - 02:44 PM

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Okay! I hope these are the ones you wanted. I'm kind of a tech-klutz, so I really appreciate the careful instructions.



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-05-2013
Ran by Gwei at 2013-05-27 16:20:21 Run:1
Running from C:\Users\Gwei\Documents
Boot Mode: Normal
==============================================

HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32\\Default => Value was restored successfully.

"C:\$Recycle.Bin\S-1-5-21-1935358621-21101508-4254277831-1000\$5f0c4a3a0699eed6fd9fa7077de679d4" directory move:

C:\$Recycle.Bin\S-1-5-21-1935358621-21101508-4254277831-1000\$5f0c4a3a0699eed6fd9fa7077de679d4\@ => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-1935358621-21101508-4254277831-1000\$5f0c4a3a0699eed6fd9fa7077de679d4\n => Moved successfully.
Could not move "C:\$Recycle.Bin\S-1-5-21-1935358621-21101508-4254277831-1000\$5f0c4a3a0699eed6fd9fa7077de679d4" directory. => Scheduled to move on reboot.


=========== Result of Scheduled Files to move ===========
C:\$Recycle.Bin\S-1-5-21-1935358621-21101508-4254277831-1000\$5f0c4a3a0699eed6fd9fa7077de679d4 => Moved successfully.

==== End of Fixlog ====









~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by Gwei on Mon 05/27/2013 at 16:30:01.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/27/2013 at 16:34:10.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

Advertisements

#11
emeraldnzl
Posted 27 May 2013 - 02:50 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Okay! I hope these are the ones you wanted.


Yep. :thumbsup:

Now let's have another look at things

Please run OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    dir C:\ /S /A:L /C

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.

    o When the scan completes, it will open a notepad window. OTL.Txt . This is saved in the same location as OTL.
    o Please copy (Edit->Select All, Edit->Copy) the contents and post back here.

  • 0

#12
cherinacherine
Posted 27 May 2013 - 03:02 PM

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
OTL logfile created on: 5/27/2013 4:51:42 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Gwei\Documents
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 61.21% Memory free
8.15 Gb Paging File | 6.60 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.16 Gb Total Space | 41.82 Gb Free Space | 19.26% Space Free | Partition Type: NTFS
Drive D: | 15.72 Gb Total Space | 8.03 Gb Free Space | 51.07% Space Free | Partition Type: NTFS

Computer Name: GWEI-PC | User Name: Gwei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/26 12:53:12 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2013/04/12 22:36:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\Gwei\Documents\OTL.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/22 18:35:29 | 002,969,496 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2009/11/06 18:19:57 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Gwei\Program Files (x86)\DNA\btdna.exe
PRC - [2008/01/20 22:49:12 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 18:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/27 19:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/19 13:08:47 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2011/11/28 02:57:16 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/09/22 18:35:29 | 002,969,496 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/09/27 19:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe


========== Services (SafeList) ==========

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/01/30 00:24:38 | 000,410,624 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/29 13:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/07/27 13:49:46 | 000,119,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files (x86)\IDT\WDM\stacsv64.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/01/25 21:46:52 | 000,150,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 22:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:47:27 | 000,214,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 22:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/03 23:57:26 | 000,062,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/01/01 20:53:08 | 007,172,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/10/31 15:44:38 | 003,197,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64)
DRV:64bit: - [2007/09/30 02:03:32 | 000,384,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/07/27 13:50:24 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/07/26 06:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/05/23 20:47:28 | 000,020,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/01/30 00:24:06 | 000,009,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/12/22 00:33:28 | 001,511,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2006/12/22 00:30:50 | 000,300,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2006/12/22 00:29:48 | 000,731,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/11/17 18:22:06 | 000,297,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/10/06 22:13:22 | 000,550,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2006/06/19 02:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...ys=PTB&M=T-6836
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=T-6836
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=PTB&M=T-6836
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sanriotow...dex.php?lang=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {DDFA09EE-903F-4255-959C-08D4CF23F436}
IE - HKCU\..\SearchScopes\{DDFA09EE-903F-4255-959C-08D4CF23F436}: "URL" = http://www.google.co...ie7&rlz=1I7GWYE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Gwei\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Gwei\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Gwei\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Gwei\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Gwei\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Gwei\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gwei\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gwei\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.facebook.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Gwei\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Gwei\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Candy = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiejadjmcgacmocgeegodfhligbpecdg\1.0\
CHR - Extension: Gmail = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/04 10:21:23 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Gwei\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Gwei\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Sanriotown email alert] C:\Program Files (x86)\Sanriotown\E-mail Alert\MAClient -auto File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8B10F2C-1906-4432-BCE6-D5DCA0184B3C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Gwei\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gwei\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/27 16:29:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/27 16:28:49 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/27 16:28:41 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Gwei\Documents\JRT.exe
[2013/05/27 15:49:46 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/27 15:47:04 | 001,915,616 | ---- | C] (Farbar) -- C:\Users\Gwei\Documents\FRST64.exe
[2013/05/26 07:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/05/26 07:09:06 | 000,000,000 | ---D | C] -- C:\Users\Gwei\AppData\Roaming\vlc
[2013/05/16 15:54:02 | 000,000,000 | ---D | C] -- C:\Users\Gwei\AppData\Local\Octoshape
[2013/05/13 22:52:32 | 000,000,000 | ---D | C] -- C:\Users\Gwei\AppData\Roaming\Mozilla
[2013/05/13 22:52:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2013/05/27 16:29:19 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/27 16:29:19 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/27 16:29:19 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/27 16:28:41 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Gwei\Documents\JRT.exe
[2013/05/27 16:22:27 | 000,003,216 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 16:22:27 | 000,003,216 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 16:22:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/27 16:22:17 | 4284,932,096 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/27 15:57:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1935358621-21101508-4254277831-1000UA.job
[2013/05/27 15:47:04 | 001,915,616 | ---- | M] (Farbar) -- C:\Users\Gwei\Documents\FRST64.exe
[2013/05/27 14:57:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1935358621-21101508-4254277831-1000Core.job
[2013/05/26 08:32:09 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/24 04:58:22 | 000,002,050 | ---- | M] () -- C:\Users\Gwei\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/10 12:12:53 | 000,021,605 | ---- | M] () -- C:\Users\Gwei\Documents\A657_BYO_8.gif
[2013/05/10 11:37:13 | 000,072,816 | ---- | M] () -- C:\Users\Gwei\Documents\Medicalert Card.JPG
[2013/05/10 11:23:22 | 000,015,363 | ---- | M] () -- C:\Users\Gwei\Documents\ADVRecordSummaryEMIRMedicalert.pdf
[2013/05/10 11:15:59 | 000,205,891 | ---- | M] () -- C:\Users\Gwei\Documents\Eating-Out-Allergy-Card.pdf
[2013/05/01 08:49:40 | 000,096,475 | ---- | M] () -- C:\Users\Gwei\Documents\2013 Credit Report 3.JPG
[2013/05/01 08:47:50 | 000,100,708 | ---- | M] () -- C:\Users\Gwei\Documents\2013 Credit report 2.JPG
[2013/05/01 08:47:15 | 000,122,561 | ---- | M] () -- C:\Users\Gwei\Documents\2013 Credit report 1.JPG

========== Files Created - No Company Name ==========

[2013/05/26 07:09:34 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/10 12:12:53 | 000,021,605 | ---- | C] () -- C:\Users\Gwei\Documents\A657_BYO_8.gif
[2013/05/10 11:37:11 | 000,072,816 | ---- | C] () -- C:\Users\Gwei\Documents\Medicalert Card.JPG
[2013/05/10 11:15:59 | 000,205,891 | ---- | C] () -- C:\Users\Gwei\Documents\Eating-Out-Allergy-Card.pdf
[2013/05/09 14:15:47 | 000,015,363 | ---- | C] () -- C:\Users\Gwei\Documents\ADVRecordSummaryEMIRMedicalert.pdf
[2013/05/01 08:49:38 | 000,096,475 | ---- | C] () -- C:\Users\Gwei\Documents\2013 Credit Report 3.JPG
[2013/05/01 08:47:48 | 000,100,708 | ---- | C] () -- C:\Users\Gwei\Documents\2013 Credit report 2.JPG
[2013/05/01 08:47:12 | 000,122,561 | ---- | C] () -- C:\Users\Gwei\Documents\2013 Credit report 1.JPG
[2013/04/18 15:57:43 | 000,006,639 | ---- | C] () -- C:\Users\Gwei\.recently-used.xbel
[2012/11/05 15:19:10 | 000,690,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/05 10:12:47 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-GWEI-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2012/06/25 12:19:53 | 022,444,502 | ---- | C] () -- C:\Users\Gwei\TheVelveteenRabbit-noisereduction.mp3
[2012/06/25 11:40:39 | 022,418,560 | ---- | C] () -- C:\Users\Gwei\VelveteenRabbit.mp3
[2012/06/25 11:38:33 | 000,081,580 | ---- | C] () -- C:\Users\Gwei\Rabbitaudacity.aup
[2012/06/22 13:28:22 | 003,581,519 | ---- | C] () -- C:\Users\Gwei\bloodyjack.mp3
[2010/03/16 01:16:45 | 000,000,745 | ---- | C] () -- C:\Users\Gwei\AppData\Roaming\AtomicAlarmClock.ini
[2009/05/13 01:57:59 | 000,005,972 | ---- | C] () -- C:\Users\Gwei\AppData\Local\d3d9caps.dat
[2008/09/17 04:18:19 | 000,230,912 | ---- | C] () -- C:\Users\Gwei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2008/11/06 09:32:58 | 012,897,792 | ---- | M] ()

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2008/11/06 09:32:58 | 012,897,792 | ---- | M] ()

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2008/11/06 09:32:58 | 012,897,792 | ---- | M] ()
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 09:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/03/03 00:53:36 | 000,891,392 | ---- | M] ()
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/03/03 00:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== Custom Scans ==========

< dir C:\ /S /A:L /C >
Volume in drive C is Partition_1
Volume Serial Number is E29F-DF04
Directory of C:\
09/17/2008 04:01 AM <JUNCTION> Documents and Settings [..]
0 File(s) 0 bytes
Directory of C:\BACKUP\08-09-16 1109PM\Users\Default
08/16/2008 07:30 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
08/16/2008 07:30 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
08/16/2008 07:30 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
08/16/2008 07:30 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
08/16/2008 07:30 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/16/2008 07:30 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/16/2008 07:30 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
08/16/2008 07:30 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
08/16/2008 07:30 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
08/16/2008 07:30 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\BACKUP\08-09-16 1109PM\Users\Default\AppData\Local
08/16/2008 07:30 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
08/16/2008 07:30 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
08/16/2008 07:30 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\BACKUP\08-09-16 1109PM\Users\Default\Documents
08/16/2008 07:30 PM <JUNCTION> My Music [C:\Users\Default\Music]
08/16/2008 07:30 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
08/16/2008 07:30 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\BACKUP\08-09-16 1109PM\Users\Public\Documents
08/16/2008 07:30 PM <JUNCTION> My Music [C:\Users\Public\Music]
08/16/2008 07:30 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
08/16/2008 07:30 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData
09/17/2008 04:01 AM <JUNCTION> Application Data [..]
09/17/2008 04:01 AM <JUNCTION> Desktop [..]
09/17/2008 04:01 AM <JUNCTION> Documents [..]
09/17/2008 04:01 AM <JUNCTION> Favorites [..]
09/17/2008 04:01 AM <JUNCTION> Start Menu [..]
09/17/2008 04:01 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users
09/17/2008 04:01 AM <SYMLINKD> All Users [C:\ProgramData]
09/17/2008 04:01 AM <JUNCTION> Default User [..]
0 File(s) 0 bytes
Directory of C:\Users\All Users
09/17/2008 04:01 AM <JUNCTION> Application Data [..]
09/17/2008 04:01 AM <JUNCTION> Desktop [..]
09/17/2008 04:01 AM <JUNCTION> Documents [..]
09/17/2008 04:01 AM <JUNCTION> Favorites [..]
09/17/2008 04:01 AM <JUNCTION> Start Menu [..]
09/17/2008 04:01 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Default
09/17/2008 04:01 AM <JUNCTION> Application Data [..]
09/17/2008 04:01 AM <JUNCTION> Local Settings [..]
09/17/2008 04:01 AM <JUNCTION> My Documents [..]
09/17/2008 04:01 AM <JUNCTION> NetHood [..]
09/17/2008 04:01 AM <JUNCTION> PrintHood [..]
09/17/2008 04:01 AM <JUNCTION> Recent [..]
09/17/2008 04:01 AM <JUNCTION> SendTo [..]
09/17/2008 04:01 AM <JUNCTION> Start Menu [..]
09/17/2008 04:01 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
09/17/2008 04:01 AM <JUNCTION> Application Data [..]
09/17/2008 04:01 AM <JUNCTION> History [..]
09/17/2008 04:01 AM <JUNCTION> Temporary Internet Files [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
09/17/2008 04:01 AM <JUNCTION> My Music [..]
09/17/2008 04:01 AM <JUNCTION> My Pictures [..]
09/17/2008 04:01 AM <JUNCTION> My Videos [..]
0 File(s) 0 bytes
Directory of C:\Users\Gwei
09/17/2008 04:05 AM <JUNCTION> Application Data [C:\Users\Gwei\AppData\Roaming]
09/17/2008 04:05 AM <JUNCTION> Cookies [C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Cookies]
09/17/2008 04:05 AM <JUNCTION> Local Settings [C:\Users\Gwei\AppData\Local]
09/17/2008 04:05 AM <JUNCTION> My Documents [C:\Users\Gwei\Documents]
09/17/2008 04:05 AM <JUNCTION> NetHood [C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/17/2008 04:05 AM <JUNCTION> PrintHood [C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/17/2008 04:05 AM <JUNCTION> Recent [C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Recent]
09/17/2008 04:05 AM <JUNCTION> SendTo [C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\SendTo]
09/17/2008 04:05 AM <JUNCTION> Start Menu [C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Start Menu]
09/17/2008 04:05 AM <JUNCTION> Templates [C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Gwei\AppData\Local
09/17/2008 04:05 AM <JUNCTION> Application Data [C:\Users\Gwei\AppData\Local]
09/17/2008 04:05 AM <JUNCTION> History [C:\Users\Gwei\AppData\Local\Microsoft\Windows\History]
09/17/2008 04:05 AM <JUNCTION> Temporary Internet Files [C:\Users\Gwei\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Gwei\Documents
09/17/2008 04:05 AM <JUNCTION> My Music [C:\Users\Gwei\Music]
09/17/2008 04:05 AM <JUNCTION> My Pictures [C:\Users\Gwei\Pictures]
09/17/2008 04:05 AM <JUNCTION> My Videos [C:\Users\Gwei\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
09/17/2008 04:01 AM <JUNCTION> My Music [C:\Users\Public\Music]
09/17/2008 04:01 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
09/17/2008 04:01 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
68 Dir(s) 44,902,903,808 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Gwei\Documents\[TV] arashi ni shiyagare 20111015 - kame part (11m)(1280x720)(KAL)..avi:TOC.WMV
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F3AB0B43

< End of report >
  • 0

#13
emeraldnzl
Posted 27 May 2013 - 03:18 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello cherinacherine,

Bit to do in this one. :)

Now

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:


    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
After that

Please download ESET's Service Repair Tool.

  • Save it to your desktop
  • Right click on it an run it as Administrator
Next

Please download Farbar Service Scanner and run.

  • Make sure the following options are checked:


  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Other Services

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]Finally in this post

Please download Security Check by screen317 from here .

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
So when you return please post
  • OTL.txt
  • FSS.txt
  • checkup.txt
  • 0

#14
cherinacherine
Posted 27 May 2013 - 03:48 PM

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi, besides the OTL.txt, another text file popped up at the same time. It's called 05272013_172048.txt Do you want it too?




OTL logfile created on: 5/27/2013 4:51:42 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Gwei\Documents
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 61.21% Memory free
8.15 Gb Paging File | 6.60 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.16 Gb Total Space | 41.82 Gb Free Space | 19.26% Space Free | Partition Type: NTFS
Drive D: | 15.72 Gb Total Space | 8.03 Gb Free Space | 51.07% Space Free | Partition Type: NTFS

Computer Name: GWEI-PC | User Name: Gwei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/26 12:53:12 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2013/04/12 22:36:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\Gwei\Documents\OTL.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/22 18:35:29 | 002,969,496 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2009/11/06 18:19:57 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Gwei\Program Files (x86)\DNA\btdna.exe
PRC - [2008/01/20 22:49:12 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 18:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/27 19:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/19 13:08:47 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2011/11/28 02:57:16 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/09/22 18:35:29 | 002,969,496 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/09/27 19:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe


========== Services (SafeList) ==========

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/01/30 00:24:38 | 000,410,624 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/29 13:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/07/27 13:49:46 | 000,119,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files (x86)\IDT\WDM\stacsv64.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/01/25 21:46:52 | 000,150,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 22:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:47:27 | 000,214,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 22:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/03 23:57:26 | 000,062,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/01/01 20:53:08 | 007,172,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/10/31 15:44:38 | 003,197,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64)
DRV:64bit: - [2007/09/30 02:03:32 | 000,384,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/07/27 13:50:24 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/07/26 06:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/05/23 20:47:28 | 000,020,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/01/30 00:24:06 | 000,009,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/12/22 00:33:28 | 001,511,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2006/12/22 00:30:50 | 000,300,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2006/12/22 00:29:48 | 000,731,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/11/17 18:22:06 | 000,297,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/10/06 22:13:22 | 000,550,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2006/06/19 02:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...ys=PTB&M=T-6836
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=T-6836
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=PTB&M=T-6836
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sanriotow...dex.php?lang=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {DDFA09EE-903F-4255-959C-08D4CF23F436}
IE - HKCU\..\SearchScopes\{DDFA09EE-903F-4255-959C-08D4CF23F436}: "URL" = http://www.google.co...ie7&rlz=1I7GWYE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Gwei\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Gwei\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Gwei\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Gwei\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Gwei\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Gwei\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gwei\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gwei\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.facebook.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Gwei\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Gwei\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Candy = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiejadjmcgacmocgeegodfhligbpecdg\1.0\
CHR - Extension: Gmail = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/04 10:21:23 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Gwei\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Gwei\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Sanriotown email alert] C:\Program Files (x86)\Sanriotown\E-mail Alert\MAClient -auto File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8B10F2C-1906-4432-BCE6-D5DCA0184B3C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Gwei\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gwei\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/27 16:29:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/27 16:28:49 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/27 16:28:41 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Gwei\Documents\JRT.exe
[2013/05/27 15:49:46 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/27 15:47:04 | 001,915,616 | ---- | C] (Farbar) -- C:\Users\Gwei\Documents\FRST64.exe
[2013/05/26 07:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/05/26 07:09:06 | 000,000,000 | ---D | C] -- C:\Users\Gwei\AppData\Roaming\vlc
[2013/05/16 15:54:02 | 000,000,000 | ---D | C] -- C:\Users\Gwei\AppData\Local\Octoshape
[2013/05/13 22:52:32 | 000,000,000 | ---D | C] -- C:\Users\Gwei\AppData\Roaming\Mozilla
[2013/05/13 22:52:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2013/05/27 16:29:19 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/27 16:29:19 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/27 16:29:19 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/27 16:28:41 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Gwei\Documents\JRT.exe
[2013/05/27 16:22:27 | 000,003,216 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 16:22:27 | 000,003,216 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 16:22:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/27 16:22:17 | 4284,932,096 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/27 15:57:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1935358621-21101508-4254277831-1000UA.job
[2013/05/27 15:47:04 | 001,915,616 | ---- | M] (Farbar) -- C:\Users\Gwei\Documents\FRST64.exe
[2013/05/27 14:57:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1935358621-21101508-4254277831-1000Core.job
[2013/05/26 08:32:09 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/24 04:58:22 | 000,002,050 | ---- | M] () -- C:\Users\Gwei\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/10 12:12:53 | 000,021,605 | ---- | M] () -- C:\Users\Gwei\Documents\A657_BYO_8.gif
[2013/05/10 11:37:13 | 000,072,816 | ---- | M] () -- C:\Users\Gwei\Documents\Medicalert Card.JPG
[2013/05/10 11:23:22 | 000,015,363 | ---- | M] () -- C:\Users\Gwei\Documents\ADVRecordSummaryEMIRMedicalert.pdf
[2013/05/10 11:15:59 | 000,205,891 | ---- | M] () -- C:\Users\Gwei\Documents\Eating-Out-Allergy-Card.pdf
[2013/05/01 08:49:40 | 000,096,475 | ---- | M] () -- C:\Users\Gwei\Documents\2013 Credit Report 3.JPG
[2013/05/01 08:47:50 | 000,100,708 | ---- | M] () -- C:\Users\Gwei\Documents\2013 Credit report 2.JPG
[2013/05/01 08:47:15 | 000,122,561 | ---- | M] () -- C:\Users\Gwei\Documents\2013 Credit report 1.JPG

========== Files Created - No Company Name ==========

[2013/05/26 07:09:34 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/10 12:12:53 | 000,021,605 | ---- | C] () -- C:\Users\Gwei\Documents\A657_BYO_8.gif
[2013/05/10 11:37:11 | 000,072,816 | ---- | C] () -- C:\Users\Gwei\Documents\Medicalert Card.JPG
[2013/05/10 11:15:59 | 000,205,891 | ---- | C] () -- C:\Users\Gwei\Documents\Eating-Out-Allergy-Card.pdf
[2013/05/09 14:15:47 | 000,015,363 | ---- | C] () -- C:\Users\Gwei\Documents\ADVRecordSummaryEMIRMedicalert.pdf
[2013/05/01 08:49:38 | 000,096,475 | ---- | C] () -- C:\Users\Gwei\Documents\2013 Credit Report 3.JPG
[2013/05/01 08:47:48 | 000,100,708 | ---- | C] () -- C:\Users\Gwei\Documents\2013 Credit report 2.JPG
[2013/05/01 08:47:12 | 000,122,561 | ---- | C] () -- C:\Users\Gwei\Documents\2013 Credit report 1.JPG
[2013/04/18 15:57:43 | 000,006,639 | ---- | C] () -- C:\Users\Gwei\.recently-used.xbel
[2012/11/05 15:19:10 | 000,690,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/05 10:12:47 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-GWEI-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2012/06/25 12:19:53 | 022,444,502 | ---- | C] () -- C:\Users\Gwei\TheVelveteenRabbit-noisereduction.mp3
[2012/06/25 11:40:39 | 022,418,560 | ---- | C] () -- C:\Users\Gwei\VelveteenRabbit.mp3
[2012/06/25 11:38:33 | 000,081,580 | ---- | C] () -- C:\Users\Gwei\Rabbitaudacity.aup
[2012/06/22 13:28:22 | 003,581,519 | ---- | C] () -- C:\Users\Gwei\bloodyjack.mp3
[2010/03/16 01:16:45 | 000,000,745 | ---- | C] () -- C:\Users\Gwei\AppData\Roaming\AtomicAlarmClock.ini
[2009/05/13 01:57:59 | 000,005,972 | ---- | C] () -- C:\Users\Gwei\AppData\Local\d3d9caps.dat
[2008/09/17 04:18:19 | 000,230,912 | ---- | C] () -- C:\Users\Gwei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2008/11/06 09:32:58 | 012,897,792 | ---- | M] ()

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2008/11/06 09:32:58 | 012,897,792 | ---- | M] ()

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2008/11/06 09:32:58 | 012,897,792 | ---- | M] ()
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 09:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/03/03 00:53:36 | 000,891,392 | ---- | M] ()
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/03/03 00:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== Custom Scans ==========

< dir C:\ /S /A:L /C >
Volume in drive C is Partition_1
Volume Serial Number is E29F-DF04
Directory of C:\
09/17/2008 04:01 AM <JUNCTION> Documents and Settings [..]
0 File(s) 0 bytes
Directory of C:\BACKUP\08-09-16 1109PM\Users\Default
08/16/2008 07:30 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
08/16/2008 07:30 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
08/16/2008 07:30 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
08/16/2008 07:30 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
08/16/2008 07:30 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/16/2008 07:30 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/16/2008 07:30 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
08/16/2008 07:30 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
08/16/2008 07:30 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
08/16/2008 07:30 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\BACKUP\08-09-16 1109PM\Users\Default\AppData\Local
08/16/2008 07:30 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
08/16/2008 07:30 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
08/16/2008 07:30 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\BACKUP\08-09-16 1109PM\Users\Default\Documents
08/16/2008 07:30 PM <JUNCTION> My Music [C:\Users\Default\Music]
08/16/2008 07:30 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
08/16/2008 07:30 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\BACKUP\08-09-16 1109PM\Users\Public\Documents
08/16/2008 07:30 PM <JUNCTION> My Music [C:\Users\Public\Music]
08/16/2008 07:30 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
08/16/2008 07:30 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData
09/17/2008 04:01 AM <JUNCTION> Application Data [..]
09/17/2008 04:01 AM <JUNCTION> Desktop [..]
09/17/2008 04:01 AM <JUNCTION> Documents [..]
09/17/2008 04:01 AM <JUNCTION> Favorites [..]
09/17/2008 04:01 AM <JUNCTION> Start Menu [..]
09/17/2008 04:01 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users
09/17/2008 04:01 AM <SYMLINKD> All Users [C:\ProgramData]
09/17/2008 04:01 AM <JUNCTION> Default User [..]
0 File(s) 0 bytes
Directory of C:\Users\All Users
09/17/2008 04:01 AM <JUNCTION> Application Data [..]
09/17/2008 04:01 AM <JUNCTION> Desktop [..]
09/17/2008 04:01 AM <JUNCTION> Documents [..]
09/17/2008 04:01 AM <JUNCTION> Favorites [..]
09/17/2008 04:01 AM <JUNCTION> Start Menu [..]
09/17/2008 04:01 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Default
09/17/2008 04:01 AM <JUNCTION> Application Data [..]
09/17/2008 04:01 AM <JUNCTION> Local Settings [..]
09/17/2008 04:01 AM <JUNCTION> My Documents [..]
09/17/2008 04:01 AM <JUNCTION> NetHood [..]
09/17/2008 04:01 AM <JUNCTION> PrintHood [..]
09/17/2008 04:01 AM <JUNCTION> Recent [..]
09/17/2008 04:01 AM <JUNCTION> SendTo [..]
09/17/2008 04:01 AM <JUNCTION> Start Menu [..]
09/17/2008 04:01 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
09/17/2008 04:01 AM <JUNCTION> Application Data [..]
09/17/2008 04:01 AM <JUNCTION> History [..]
09/17/2008 04:01 AM <JUNCTION> Temporary Internet Files [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
09/17/2008 04:01 AM <JUNCTION> My Music [..]
09/17/2008 04:01 AM <JUNCTION> My Pictures [..]
09/17/2008 04:01 AM <JUNCTION> My Videos [..]
0 File(s) 0 bytes
Directory of C:\Users\Gwei
09/17/2008 04:05 AM <JUNCTION> Application Data [C:\Users\Gwei\AppData\Roaming]
09/17/2008 04:05 AM <JUNCTION> Cookies [C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Cookies]
09/17/2008 04:05 AM <JUNCTION> Local Settings [C:\Users\Gwei\AppData\Local]
09/17/2008 04:05 AM <JUNCTION> My Documents [C:\Users\Gwei\Documents]
09/17/2008 04:05 AM <JUNCTION> NetHood [C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/17/2008 04:05 AM <JUNCTION> PrintHood [C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/17/2008 04:05 AM <JUNCTION> Recent [C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Recent]
09/17/2008 04:05 AM <JUNCTION> SendTo [C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\SendTo]
09/17/2008 04:05 AM <JUNCTION> Start Menu [C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Start Menu]
09/17/2008 04:05 AM <JUNCTION> Templates [C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Gwei\AppData\Local
09/17/2008 04:05 AM <JUNCTION> Application Data [C:\Users\Gwei\AppData\Local]
09/17/2008 04:05 AM <JUNCTION> History [C:\Users\Gwei\AppData\Local\Microsoft\Windows\History]
09/17/2008 04:05 AM <JUNCTION> Temporary Internet Files [C:\Users\Gwei\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Gwei\Documents
09/17/2008 04:05 AM <JUNCTION> My Music [C:\Users\Gwei\Music]
09/17/2008 04:05 AM <JUNCTION> My Pictures [C:\Users\Gwei\Pictures]
09/17/2008 04:05 AM <JUNCTION> My Videos [C:\Users\Gwei\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
09/17/2008 04:01 AM <JUNCTION> My Music [C:\Users\Public\Music]
09/17/2008 04:01 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
09/17/2008 04:01 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
68 Dir(s) 44,902,903,808 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Gwei\Documents\[TV] arashi ni shiyagare 20111015 - kame part (11m)(1280x720)(KAL)..avi:TOC.WMV
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F3AB0B43

< End of report >






















Farbar Service Scanner Version: 04-11-2012
Ran by Gwei (administrator) on 27-05-2013 at 17:36:31
Running from "C:\Users\Gwei\Downloads\Antivirus"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2008-01-20 22:48] - [2008-01-20 22:48] - 0408064 ____A (Microsoft Corporation) DB37041AB857ABC7E179E856D8E1582C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-10-31 02:24] - [2009-08-14 14:05] - 1418840 ____A (Microsoft Corporation) 3BCD46BE9988B09D3510A0EF54F0D65B

C:\Windows\System32\dnsrslvr.dll
[2008-01-20 22:48] - [2008-01-20 22:48] - 0117760 ____A (Microsoft Corporation) 93CE26DBED3182634F18DD2FE10E41BE

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-10-02 22:23] - [2009-08-06 22:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


























Results of screen317's Security Check version 0.99.64
Windows Vista Service Pack 1 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 22
Java™ 6 Update 5
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 9 Flash Player out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 26.0.1410.64
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 22 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#15
emeraldnzl
Posted 27 May 2013 - 03:56 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello cherinacherine,

That OTL one didn't work. I think you may have pressed Run Scan instead of Run Fix.

Please try that one again.

It's called 05272013_172048.txt Do you want it too?


Yes post that back along with the OTL.txt when it's done.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP