Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible infection and/or deleted something important [Closed] [Solved


  • This topic is locked This topic is locked

#16
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I did exactly what you said, and I definitely clicked Run Fix this time, but I didn't get an OTL.txt log. The only one I can find (after going to the start menu and searching "OTL") is the same one I posted previously.

After I clicked Run Fix, my computer rebooted. Instead of the OTL file, another numbered text document popped up when my computer restarted. I;m posting the previous one I mentioned, and the new one. Previous one first.

I'm really sorry about this, I'm not sure what I'm doing wrong!






All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
c:\Users\Gwei\Documents\cmd.bat deleted successfully.
c:\Users\Gwei\Documents\cmd.txt deleted successfully.
File\Folder :Commands not found.
File\Folder [resethosts] not found.
File\Folder [emptytemp] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 05272013_172048

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...









The newest numbered file:


All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Gwei\Documents\Virus scan\cmd.bat deleted successfully.
C:\Users\Gwei\Documents\Virus scan\cmd.txt deleted successfully.
File\Folder :Commands not found.
File\Folder [resethosts] not found.
File\Folder [emptytemp] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 05272013_175951

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements


#17
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I'm really sorry about this, I'm not sure what I'm doing wrong!


You are not doing anything wrong. It seems your machine is reporting differently, that's all. Sometimes because of a quirk of the operating system that happens.

Just good to know it all worked okay. :)

Now

SecurityCheck shows some things need attending to:

Firstly

Click on Start > Accessories > Tools > System Tools > Disk Defragmenter and click on the defragmenter button.

If you haven't done this before it may take a very long time to complete its task.

Secondly

Your Java is out of date. Older versions are vunerable to attack.

Please follow these steps:

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Thirdly

Your Flashplayer is out of date. Older versions are vunerable to attack.

Go here to download the latest Adobe Flash Player

Make sure you untick the box "Yes install Chrome as default browser and Google Toolbar for Internet Explorer" (or McAfee) option before downloading.

Fourthly

Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to update.

Note: Before you download ensure you uncheck the "Yes install Chrome as default browser and Google Toolbar for Internet Explorer" option. That is foistware.

http://www.adobe.com.../readstep2.html

and lastly

I don't see an Anti-Virus program on your machine.

Here are three good antivirus free for personal use:Microsoft Security Essentials together with Windows Firewall (which comes with Windows) is probably a good choice for the run of the mill user. This because it is light on resources, it is unobtrusive (it works away in the background without interrupting) and you don't have to be an expert. Firewalls have a habit of flagging suspicious files and asking the user to decide whether to accept the file or not. Often the run of the mill user has no idea about what a particular file does and just says no to everything... down the track they wonder why programs they use regularly suddenly stop working or maybe they try and download something they frequently downloaded in the past but now find they can't.

Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.


Please choose one, download, install and update it. After that run a full scan and tell me if the scan found anything.
  • 0

#18
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I just wanted to let you know the disk defragmenting will probably take a looong time. It says I haven't ran the program since 2008!
I probably won't post again until tomorrow.

I did have one question about the antivirus programs?
I took a look at the websites, and I'll probably be downloading Avast (when I complete all the earlier steps of course!). But I already have Malwarebytes on my computer, does that count as an antivirus or firewall that could cause conflict between the programs? Or can I keep it on my computer?


Thanks, and sorry this is taking so long.
  • 0

#19
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I just wanted to let you know the disk defragmenting will probably take a looong time.


Yes it's best not to use your computer while it is running, otherwise it can return to the beginning and start over. It will likely do that anyway quite a bit.

But I already have Malwarebytes on my computer, does that count as an antivirus or firewall that could cause conflict between the programs?


Malwarebytes is an anti-malware program rather than a specifically anti-virus program. The paid for version has been known to conflict with some AV's in the past but I think that doesn't happen so much now. It can be configured to allow another program see here.

Thanks, and sorry this is taking so long.


No problem. Look forward to hearing from you when it's all done. :)
  • 0

#20
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
How long is the Disk Defragmenter going to run? It's been going for 19 hours now, and I'm wondering if that's normal, or if something is wrong.

Thank you!
  • 0

#21
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

How long is the Disk Defragmenter going to run? It's been going for 19 hours now, and I'm wondering if that's normal, or if something is wrong.


It will take a long time especially in your system's case. It was 22% fragmented. Having said that it can get into a sort of a loop, not making progress because it is being interrupted. In that case we will take another approach. Can you see what it is doing? It should show you what percentage progress it has made. Tell me what you see.
  • 0

#22
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi! This is exactly what I've seen since I started the scan.

Posted Image
  • 0

#23
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okay, I overlooked that your machine is Vista.

For some reason Microsoft didn't include the graphical progress monitor in Vista. It returned in Win 7.

Also, it's my understanding the defrag runs much slower in Vista.

Let's do this:

Press the cancel button on Defragmentation.

After that download Auslogics Disk Defrag and save it to your Desktop.

Double click and follow the prompts to install it.

Note: only install the defrag utility. Some versions come with Askbar toolbars... do not install those. Make sure any check boxes that indicate installation of other programs/utilities are unticked.

Once installed, run the defrag utility.

At the end the utility may tell you that it has found Junk Files and recommend that you run a scan to remove. Disregard that suggestion, it is a promotion of a tool you don't need. All we are interested in here is the defrag. process.

Note: Do not download Windows Registry Cleaner which is promoted at the same site.

Come back and tell me when it's finished. :)
  • 0

#24
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Okay! Wow, that was super fast! The scan is finished.
  • 0

#25
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Before we remove the tools we have been using I would like to have a last check.

Please run a quick scan with OTL and post the log back here.

Also

I assume you have installed your new Anti-Virus. If so please update it and run a full scan of your machine. If it produces a log please post it back here. If it doesn't then just tell me if it found anything.

If you are using AVAST then with Win 7 the logs are here:

C:\ProgramData\AVAST Software\Avast\log

hopefully that will be the same with Vista.
  • 0

Advertisements


#26
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I ran both scans, but for the Avast scan there wasn't a txt document, so I took a screenshot of the threats, I hope that's okay.


Posted Image






OTL logfile created on: 5/28/2013 6:36:25 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gwei\Documents\Virus scan
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 25.81% Memory free
8.18 Gb Paging File | 5.45 Gb Available in Paging File | 66.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.16 Gb Total Space | 59.43 Gb Free Space | 27.37% Space Free | Partition Type: NTFS
Drive D: | 15.72 Gb Total Space | 8.03 Gb Free Space | 51.07% Space Free | Partition Type: NTFS

Computer Name: GWEI-PC | User Name: Gwei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/28 18:35:22 | 006,583,664 | ---- | M] (AVAST Software) -- C:\Users\Gwei\AppData\Local\temp\_av_sfx.tm~85c34f9d-49a3-4676-ba06-e322ea550c8e\avast.setup
PRC - [2013/05/28 18:35:12 | 117,478,104 | ---- | M] () -- C:\Users\Gwei\AppData\Local\Opera\Opera\temporary_downloads\avast_free_antivirus_setup.exe
PRC - [2013/05/26 12:53:12 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2013/05/06 16:15:36 | 000,079,384 | ---- | M] (Google) -- C:\Users\Gwei\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/04/12 22:36:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gwei\Documents\Virus scan\OTL.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/11/06 18:19:57 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Gwei\Program Files (x86)\DNA\btdna.exe
PRC - [2008/01/20 22:49:12 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 18:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/28 18:35:12 | 117,478,104 | ---- | M] () -- C:\Users\Gwei\AppData\Local\Opera\Opera\temporary_downloads\avast_free_antivirus_setup.exe
MOD - [2013/05/27 19:30:56 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013/05/26 12:53:22 | 000,312,832 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2013/05/26 12:53:22 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2013/05/26 12:53:22 | 000,101,888 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2013/05/26 12:53:22 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2013/05/26 12:53:22 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2013/05/26 12:53:22 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2013/05/26 12:53:22 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2013/05/26 12:53:21 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MOD - [2013/05/26 12:53:21 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2013/05/26 12:53:21 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2013/05/26 12:53:21 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2013/05/26 12:53:21 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2013/05/23 01:44:07 | 000,393,168 | ---- | M] () -- C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 01:44:06 | 013,136,336 | ---- | M] () -- C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013/05/23 01:43:59 | 004,051,408 | ---- | M] () -- C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 01:43:03 | 001,597,392 | ---- | M] () -- C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2011/11/28 02:57:16 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


========== Services (SafeList) ==========

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/01/30 00:24:38 | 000,410,624 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/12/06 00:42:11 | 000,376,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/29 13:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/07/27 13:49:46 | 000,119,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files (x86)\IDT\WDM\stacsv64.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/01/25 21:46:52 | 000,150,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 22:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:47:27 | 000,214,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 22:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/03 23:57:26 | 000,062,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/01/01 20:53:08 | 007,172,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/10/31 15:44:38 | 003,197,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64)
DRV:64bit: - [2007/09/30 02:03:32 | 000,384,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/07/27 13:50:24 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/07/26 06:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/05/23 20:47:28 | 000,020,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/01/30 00:24:06 | 000,009,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/12/22 00:33:28 | 001,511,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2006/12/22 00:30:50 | 000,300,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2006/12/22 00:29:48 | 000,731,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/11/17 18:22:06 | 000,297,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/10/06 22:13:22 | 000,550,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2006/06/19 02:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...ys=PTB&M=T-6836
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=T-6836
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=PTB&M=T-6836
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sanriotow...dex.php?lang=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {DDFA09EE-903F-4255-959C-08D4CF23F436}
IE - HKCU\..\SearchScopes\{DDFA09EE-903F-4255-959C-08D4CF23F436}: "URL" = http://www.google.co...ie7&rlz=1I7GWYE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Gwei\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Gwei\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Gwei\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Gwei\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Gwei\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Gwei\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gwei\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gwei\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.facebook.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gwei\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Gwei\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Gwei\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Candy = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiejadjmcgacmocgeegodfhligbpecdg\1.0\
CHR - Extension: Gmail = C:\Users\Gwei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/04 10:21:23 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Gwei\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Gwei\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Sanriotown email alert] C:\Program Files (x86)\Sanriotown\E-mail Alert\MAClient -auto File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Gwei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8B10F2C-1906-4432-BCE6-D5DCA0184B3C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Gwei\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gwei\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/28 18:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/05/28 18:36:43 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/28 18:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/05/28 18:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/05/28 17:36:23 | 000,000,000 | ---D | C] -- C:\Users\Gwei\AppData\Roaming\Auslogics
[2013/05/28 17:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013/05/28 17:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2013/05/28 07:26:36 | 000,000,000 | ---D | C] -- C:\Users\Gwei\AppData\Roaming\Oracle
[2013/05/27 17:29:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2013/05/27 17:20:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/27 17:19:14 | 000,000,000 | ---D | C] -- C:\Users\Gwei\Documents\Virus scan
[2013/05/27 16:29:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/27 16:28:49 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/27 15:49:46 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/26 07:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/05/26 07:09:06 | 000,000,000 | ---D | C] -- C:\Users\Gwei\AppData\Roaming\vlc
[2013/05/16 15:54:02 | 000,000,000 | ---D | C] -- C:\Users\Gwei\AppData\Local\Octoshape
[2013/05/13 22:52:32 | 000,000,000 | ---D | C] -- C:\Users\Gwei\AppData\Roaming\Mozilla
[2013/05/13 22:52:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2013/05/28 18:40:08 | 000,003,216 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/28 18:40:08 | 000,003,216 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/28 18:37:49 | 000,001,796 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/28 18:37:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/05/28 17:57:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1935358621-21101508-4254277831-1000UA.job
[2013/05/28 17:36:22 | 000,001,092 | ---- | M] () -- C:\Users\Gwei\Desktop\Auslogics Disk Defrag.lnk
[2013/05/28 16:46:09 | 000,044,633 | ---- | M] () -- C:\Users\Gwei\Documents\diskdefragmenting.JPG
[2013/05/28 14:57:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1935358621-21101508-4254277831-1000Core.job
[2013/05/28 06:54:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/27 18:07:38 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/27 18:07:38 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/27 18:07:38 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/27 18:00:42 | 4284,932,096 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/26 08:32:09 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/24 04:58:22 | 000,002,050 | ---- | M] () -- C:\Users\Gwei\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/10 12:12:53 | 000,021,605 | ---- | M] () -- C:\Users\Gwei\Documents\A657_BYO_8.gif
[2013/05/10 11:37:13 | 000,072,816 | ---- | M] () -- C:\Users\Gwei\Documents\Medicalert Card.JPG
[2013/05/10 11:23:22 | 000,015,363 | ---- | M] () -- C:\Users\Gwei\Documents\ADVRecordSummaryEMIRMedicalert.pdf
[2013/05/10 11:15:59 | 000,205,891 | ---- | M] () -- C:\Users\Gwei\Documents\Eating-Out-Allergy-Card.pdf
[2013/05/09 04:59:07 | 001,025,808 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/09 04:59:07 | 000,378,432 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/09 04:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/09 04:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/09 04:59:07 | 000,064,288 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/09 04:59:07 | 000,059,144 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2013/05/09 04:59:06 | 000,080,816 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/09 04:59:06 | 000,033,400 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/09 04:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/09 04:58:11 | 000,287,840 | ---- | M] () -- C:\Windows\SysNative\aswBoot.exe
[2013/05/01 08:49:40 | 000,096,475 | ---- | M] () -- C:\Users\Gwei\Documents\2013 Credit Report 3.JPG
[2013/05/01 08:47:50 | 000,100,708 | ---- | M] () -- C:\Users\Gwei\Documents\2013 Credit report 2.JPG
[2013/05/01 08:47:15 | 000,122,561 | ---- | M] () -- C:\Users\Gwei\Documents\2013 Credit report 1.JPG

========== Files Created - No Company Name ==========

[2013/05/28 18:37:49 | 000,378,432 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/28 18:37:49 | 000,064,288 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/28 18:37:49 | 000,059,144 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2013/05/28 18:37:49 | 000,033,400 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/28 18:37:49 | 000,001,796 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/28 18:37:48 | 001,025,808 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/28 18:37:48 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/28 18:37:48 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/28 18:37:47 | 000,287,840 | ---- | C] () -- C:\Windows\SysNative\aswBoot.exe
[2013/05/28 18:37:47 | 000,080,816 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/28 18:37:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/05/28 17:36:22 | 000,001,092 | ---- | C] () -- C:\Users\Gwei\Desktop\Auslogics Disk Defrag.lnk
[2013/05/28 16:46:07 | 000,044,633 | ---- | C] () -- C:\Users\Gwei\Documents\diskdefragmenting.JPG
[2013/05/27 19:25:55 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/05/26 07:09:34 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/10 12:12:53 | 000,021,605 | ---- | C] () -- C:\Users\Gwei\Documents\A657_BYO_8.gif
[2013/05/10 11:37:11 | 000,072,816 | ---- | C] () -- C:\Users\Gwei\Documents\Medicalert Card.JPG
[2013/05/10 11:15:59 | 000,205,891 | ---- | C] () -- C:\Users\Gwei\Documents\Eating-Out-Allergy-Card.pdf
[2013/05/09 14:15:47 | 000,015,363 | ---- | C] () -- C:\Users\Gwei\Documents\ADVRecordSummaryEMIRMedicalert.pdf
[2013/05/01 08:49:38 | 000,096,475 | ---- | C] () -- C:\Users\Gwei\Documents\2013 Credit Report 3.JPG
[2013/05/01 08:47:48 | 000,100,708 | ---- | C] () -- C:\Users\Gwei\Documents\2013 Credit report 2.JPG
[2013/05/01 08:47:12 | 000,122,561 | ---- | C] () -- C:\Users\Gwei\Documents\2013 Credit report 1.JPG
[2013/04/18 15:57:43 | 000,006,639 | ---- | C] () -- C:\Users\Gwei\.recently-used.xbel
[2012/11/05 15:19:10 | 000,690,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/05 10:12:47 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-GWEI-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2012/06/25 12:19:53 | 022,444,502 | ---- | C] () -- C:\Users\Gwei\TheVelveteenRabbit-noisereduction.mp3
[2012/06/25 11:40:39 | 022,418,560 | ---- | C] () -- C:\Users\Gwei\VelveteenRabbit.mp3
[2012/06/25 11:38:33 | 000,081,580 | ---- | C] () -- C:\Users\Gwei\Rabbitaudacity.aup
[2012/06/22 13:28:22 | 003,581,519 | ---- | C] () -- C:\Users\Gwei\bloodyjack.mp3
[2010/03/16 01:16:45 | 000,000,745 | ---- | C] () -- C:\Users\Gwei\AppData\Roaming\AtomicAlarmClock.ini
[2009/05/13 01:57:59 | 000,005,972 | ---- | C] () -- C:\Users\Gwei\AppData\Local\d3d9caps.dat
[2008/09/17 04:18:19 | 000,230,912 | ---- | C] () -- C:\Users\Gwei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2008/11/06 09:32:58 | 012,897,792 | ---- | M] ()

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2008/11/06 09:32:58 | 012,897,792 | ---- | M] ()

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2008/11/06 09:32:58 | 012,897,792 | ---- | M] ()
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 09:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/03/03 00:53:36 | 000,891,392 | ---- | M] ()
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/03/03 00:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2013/04/21 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\Audacity
[2013/05/28 17:36:23 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\Auslogics
[2009/12/18 01:53:15 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\BitTorrent
[2013/05/28 18:46:07 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\DNA
[2013/04/18 15:57:43 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\gtk-2.0
[2012/09/28 08:30:23 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\hellomoto
[2011/03/16 06:59:11 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\Oberon Media
[2013/05/16 15:54:02 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\Octoshape
[2011/11/28 02:59:30 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\OpenOffice.org
[2012/11/04 08:37:43 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\Opera
[2013/05/28 07:26:36 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\Oracle
[2012/01/15 08:03:39 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\OverDrive
[2011/03/16 07:00:01 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\Pogo
[2009/10/04 02:28:05 | 000,000,000 | ---D | M] -- C:\Users\Gwei\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Gwei\Documents\[TV] arashi ni shiyagare 20111015 - kame part (11m)(1280x720)(KAL)..avi:TOC.WMV
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F3AB0B43

< End of report >
  • 0

#27
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Oh and a question if that's okay:

Can Windows Defender and Avast run at the same time? How about Windows Firewall and Avast?

Thank you~
  • 0

#28
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
When AVAST installed it would have turned off those elements of Windows it didn't want conflicting with it. As it happens, I believe AVAST uses elements of Windows Firewall so it likely won't be turned off.

How is your machine now?
  • 0

#29
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Oh okay, thanks for the info!

My computer is actually running slower then before, and it's still kind of overworking? The fan is running constantly and hot.

Umn, I'm sure this is very obvious, but what do I do with the viruses found by Avast? It gives 4 options: Repair, Move to Chest, Delete, Do Nothing. I'm not exactly sure what they all mean.
  • 0

#30
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I'm sure this is very obvious, but what do I do with the viruses found by Avast?


Delete them.

The ones FRST found are already quarantined and may as well be deleted. The others that AVAST found can also just be deleted.

My computer is actually running slower then before


AVAST may be slowing it a bit. Did it slow after install?

Is your Malwarebytes real time? That is, is it the paid for version? It's not showing in that last log as running but just to make sure...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP