Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Ghost" Audio - c:\Windows\SysWOW64\user32.dll


  • This topic is locked This topic is locked

#1
Traeonna

Traeonna

    New Member

  • Member
  • Pip
  • 3 posts
_____SYMPTOMS_____

"Ghost" audio randomly plays when no programs have been opened by user. Sounds include commercials, music, random sounds, news broadcasts, etc.

AVG Resident Shield Alert pops up indicating a threat. When I click on more details, I have noticed the Process name (program running) changes each time.

AVG Resident Shield Alert pops up indicating a "Multiple threat detection" and indicates All items were resolved, although this list gets larger and larger by the minute. All entries are as follows.

FILE c:\Windows\SysWOW64\user32.dll
INFECTION Virus found Win32/Patched
RESULT Object is white-listed (critical/system file that should not be removed)


_____STEPS TAKEN TO DETECT/REMOVE_____

Before each program was used, a search for updates was done to ensure I had the newest version/update.

---

Program: AVG Anti-Virus Free Edition 2012
Used: Anti-Rootkit "whole computer" scan.

No threats found.

Used: Anti-Virus "whole computer" scan.

Infections
;"File";"Infection";"Result"
;"C:\Windows\SysWOW64\user32.dll";"Virus found Win32/Patched";"Object is white-listed (critical/system file that should not be removed)"
;"C:\Windows\SysWOW64\user32.dll";"Virus found Win32/Patched";"Object is white-listed (critical/system file that should not be removed)"
;"C:\Windows\SysWOW64\user32.dll";"Virus found Win32/Patched";"Object is white-listed (critical/system file that should not be removed)"
;"C:\Windows\SysWOW64\user32.dll";"Virus found Win32/Patched";"Object is white-listed (critical/system file that should not be removed)"
;"C:\Windows\SysWOW64\user32.dll";"Virus found Win32/Patched";"Object is white-listed (critical/system file that should not be removed)"
;"C:\Windows\SysWOW64\user32.dll";"Virus found Win32/Patched";"Object is white-listed (critical/system file that should not be removed)"
;"C:\Windows\SysWOW64\user32.dll";"Virus found Win32/Patched";"Object is white-listed (critical/system file that should not be removed)"
;"C:\Windows\SysWOW64\user32.dll";"Virus found Win32/Patched";"Object is white-listed (critical/system file that should not be removed)"
;"C:\Windows\SysWOW64\user32.dll";"Virus found Win32/Patched";"Object is white-listed (critical/system file that should not be removed)"
;"C:\Windows\SysWOW64\user32.dll";"Virus found Win32/Patched";"Object is white-listed (critical/system file that should not be removed)"
;"C:\Windows\PLFSetI.exe (4360)";"Virus found Win32/Patched";"Deleted"
;"C:\Users\Traeonna\AppData\Local\Temp\dpmzpj.exe (7500)";"Virus found Win32/Patched";"Deleted"
;"C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe (6908)";"Virus found Win32/Patched";"Deleted"
;"C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe (6084)";"Virus found Win32/Patched";"Deleted"
;"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (4216)";"Virus found Win32/Patched";"Deleted"
;"C:\Program Files (x86)\Launch Manager\LManager.exe (4776)";"Virus found Win32/Patched";"Deleted"
;"C:\Program Files (x86)\AVG\AVG2012\avgui.exe (4888)";"Virus found Win32/Patched";"Deleted"
;"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (4896)";"Virus found Win32/Patched";"Deleted"
;"C:\Program Files (x86)\AVG Secure Search\vprot.exe (4916)";"Virus found Win32/Patched";"Deleted"

---

Program: Malwarebytes Anti-Malware
Used: Scanner > Full Scan

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Files Detected: 1
C:\Users\Traeonna\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.

---

Program Used: Microsoft Windows Malicious Software Removal Tool
Used: Full Scan

---

Program: Spybot - Search & Destroy
Used: Scan

---

Program: Sophos Anti-Rootkit
Used: Scan (Windows Registry, Local Hard Drives)

---

Program: SUPERAntipSpyware Free Edition
Used: Complete Scan

---

Program: CCleaner
USed: Cleaner scan/delete
Used: Registry scan/fix

---

Program: Disk Cleanup
Used: Scan/Delete

_____OTL_____

OTL logfile created on: 1/14/2012 3:10:22 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Traeonna\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 33.38% Memory free
7.35 Gb Paging File | 4.58 Gb Available in Paging File | 62.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.30 Gb Total Space | 163.44 Gb Free Space | 57.29% Space Free | Partition Type: NTFS
Drive E: | 698.64 Gb Total Space | 554.18 Gb Free Space | 79.32% Space Free | Partition Type: NTFS

Computer Name: HEX | User Name: Traeonna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/14 03:08:26 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Temp\oiu0.9998182639360882.exe
PRC - [2012/01/13 19:43:18 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/01/13 19:43:16 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012/01/13 18:24:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Traeonna\Desktop\OTL.exe
PRC - [2012/01/11 16:14:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/23 07:12:10 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
PRC - [2011/12/07 18:40:41 | 000,855,904 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/07 18:40:37 | 000,827,232 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/14 16:52:46 | 000,178,528 | ---- | M] (RapidSolution Software AG) -- C:\Program Files (x86)\Audials Tunebite\VCDWriter\64\VCDAudioService.exe
PRC - [2010/12/21 13:46:46 | 000,045,056 | ---- | M] (Intuit) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/08/30 20:09:44 | 000,266,240 | ---- | M] () -- C:\Windows\SysWOW64\CSHelper.exe
PRC - [2009/11/20 14:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/11/01 18:40:52 | 001,100,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/07/13 20:14:35 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sdiagnhost.exe
PRC - [2009/07/13 20:14:25 | 000,983,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdt.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/11 16:14:00 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/07 18:40:37 | 000,827,232 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/20 14:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/17 17:53:49 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/11/14 21:56:59 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/10/02 17:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/09/30 13:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/03/27 21:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/01/13 19:43:16 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/12/14 18:03:45 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/12/07 18:40:41 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/26 09:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/03/14 16:52:46 | 000,178,528 | ---- | M] (RapidSolution Software AG) [Auto | Running] -- C:\Program Files (x86)\Audials Tunebite\VCDWriter\64\VCDAudioService.exe -- (Virtual CDAudio Service)
SRV - [2010/12/21 13:46:46 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/11/14 12:00:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/30 20:09:44 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2002/10/30 16:09:36 | 000,061,440 | ---- | M] (GEAR Software) [Auto | Stopped] -- C:\Windows\SysWOW64\gearsec.exe -- (GEARSecurity)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/23 07:12:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/10/07 05:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 05:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 05:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/11 00:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 00:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 00:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 00:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\90AF.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/14 16:52:46 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011/03/14 16:52:46 | 000,045,160 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rsvcdwdr.sys -- (rsvcdwdr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/14 21:23:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/30 09:56:34 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/10/26 15:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/03 02:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/21 14:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 23:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/29 13:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/29 13:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/08/13 14:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/08/06 07:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/07/22 17:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/02 06:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 22:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 22:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 22:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/08 09:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2012/01/13 19:43:32 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011/05/12 14:05:32 | 000,018,816 | ---- | M] (Sophos Group) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009/09/01 15:59:44 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/05/28 07:56:30] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2002/10/30 16:09:34 | 000,009,344 | ---- | M] (GEAR Software) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...f8z1l5t5881d51n
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...f8z1l5t5881d51n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Traeonna\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nexon.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 58 BB 01 47 4A 70 49 A8 01 4C 70 2D C7 1A 55 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52747

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=WLEM&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {e6c4c3ef-3d4d-42d6-8283-8da73c53a283}:2.5.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {3335F91D-2AEF-4097-B831-C96C60349822}:1.4.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.20101102
FF - prefs.js..extensions.enabledItems: [email protected]:1.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:7.008.031.001
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..keyword.URL: "https://www.mypoints...&fctb.dns=1&q="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@autodesk.com/DWF: c:\Program Files (x86)\Autodesk\Autodesk Design Review Firefox Add-on v1.1\npADRdwf.dll (Autodesk)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Traeonna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Traeonna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Traeonna\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Traeonna\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/12/22 15:20:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/12/07 18:40:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/11 15:43:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/11 16:14:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/29 07:30:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/11 15:43:25 | 000,000,000 | ---D | M]

[2010/04/16 21:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Traeonna\AppData\Roaming\Mozilla\Extensions
[2012/01/11 15:52:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Traeonna\AppData\Roaming\Mozilla\Firefox\Profiles\ez8p5mx8.default\extensions
[2011/06/05 08:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Traeonna\AppData\Roaming\Mozilla\Firefox\Profiles\ez8p5mx8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2010/04/16 21:57:16 | 000,000,000 | ---D | M] (Leet Key) -- C:\Users\Traeonna\AppData\Roaming\Mozilla\Firefox\Profiles\ez8p5mx8.default\extensions\{3335F91D-2AEF-4097-B831-C96C60349822}
[2010/04/16 21:57:16 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Traeonna\AppData\Roaming\Mozilla\Firefox\Profiles\ez8p5mx8.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2011/12/28 16:41:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Traeonna\AppData\Roaming\Mozilla\Firefox\Profiles\ez8p5mx8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/08 23:04:45 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Traeonna\AppData\Roaming\Mozilla\Firefox\Profiles\ez8p5mx8.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/07/26 18:14:16 | 000,000,000 | ---D | M] (Add to Amazon Wish List Button) -- C:\Users\Traeonna\AppData\Roaming\Mozilla\Firefox\Profiles\ez8p5mx8.default\extensions\[email protected]
[2011/11/27 12:19:34 | 000,004,772 | ---- | M] () -- C:\Users\Traeonna\AppData\Roaming\Mozilla\Firefox\Profiles\ez8p5mx8.default\searchplugins\web-search.xml
[2011/11/08 21:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/22 15:20:19 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/12/07 18:40:55 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\9.0.0.18
() (No name found) -- C:\USERS\TRAEONNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EZ8P5MX8.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\TRAEONNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EZ8P5MX8.DEFAULT\EXTENSIONS\{51EF49D2-624B-4194-8B97-1C468E9B0EFE}.XPI
() (No name found) -- C:\USERS\TRAEONNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EZ8P5MX8.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
() (No name found) -- C:\USERS\TRAEONNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EZ8P5MX8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\TRAEONNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EZ8P5MX8.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\TRAEONNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EZ8P5MX8.DEFAULT\EXTENSIONS\{E6C4C3EF-3D4D-42D6-8283-8DA73C53A283}.XPI
() (No name found) -- C:\USERS\TRAEONNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EZ8P5MX8.DEFAULT\EXTENSIONS\[email protected]
[2012/01/11 16:14:05 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/01/15 12:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope42.dll
[2009/02/02 00:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScopeDRM11.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/26 13:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/12/07 18:40:35 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/11 16:13:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/11 16:13:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/12 03:15:24 | 000,440,579 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 15146 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Copy to Semagic - C:\Program Files (x86)\Semagic\copy.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Traeonna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Traeonna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Semagic - C:\Program Files (x86)\Semagic\link.htm ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Copy to Semagic - C:\Program Files (x86)\Semagic\copy.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Traeonna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Traeonna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Semagic - C:\Program Files (x86)\Semagic\link.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: army.mil ([www.us] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{079E895E-A34A-44CA-AB30-B5385D4D0B79}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42A3034D-ED53-4FEE-94D7-211FBD26ED62}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/11 18:27:00 | 000,000,132 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/14 02:21:35 | 000,018,816 | ---- | C] (Sophos Group) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2012/01/13 19:43:35 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/01/13 19:33:13 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/01/13 19:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/01/13 19:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/01/13 19:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/01/13 19:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/01/13 19:20:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/01/13 18:51:37 | 000,000,000 | ---D | C] -- C:\Users\Traeonna\AppData\Roaming\Malwarebytes
[2012/01/13 18:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/13 18:51:24 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/13 18:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/13 18:24:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Traeonna\Desktop\OTL.exe
[2012/01/13 16:24:47 | 000,000,000 | ---D | C] -- C:\HPAppData
[2012/01/12 16:54:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/01/12 16:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhatsRunning
[2012/01/11 16:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/01/11 16:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/30 17:01:40 | 000,000,000 | ---D | C] -- C:\Users\Traeonna\Documents\Amazon MP3
[2011/12/30 17:01:40 | 000,000,000 | ---D | C] -- C:\Users\Traeonna\AppData\Roaming\Amazon
[2011/12/18 20:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/18 20:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[30 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[30 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/14 03:10:28 | 000,009,240 | ---- | M] () -- C:\ProgramData\c5280640
[2012/01/14 02:56:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3546417854-4227397326-731249830-1001UA.job
[2012/01/14 02:40:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/14 02:32:28 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 02:32:28 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 02:24:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/14 02:23:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/14 02:23:49 | 2960,523,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/13 19:43:33 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/01/13 19:43:29 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2012/01/13 19:34:50 | 000,222,730 | ---- | M] () -- C:\Users\Traeonna\Desktop\cc-reg-bkup_20120113_193359.reg
[2012/01/13 19:33:47 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/13 19:20:30 | 000,001,083 | ---- | M] () -- C:\Users\Traeonna\Desktop\SpywareBlaster.lnk
[2012/01/13 18:52:16 | 000,001,131 | ---- | M] () -- C:\Users\Traeonna\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/13 18:24:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Traeonna\Desktop\OTL.exe
[2012/01/13 18:13:40 | 086,694,424 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/01/13 17:57:41 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/13 17:57:41 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/13 17:57:41 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/13 17:56:06 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3546417854-4227397326-731249830-1001Core.job
[2012/01/12 16:54:03 | 000,002,125 | ---- | M] () -- C:\Users\Traeonna\Desktop\Sophos Anti-Rootkit.lnk
[2012/01/12 16:13:56 | 000,001,005 | ---- | M] () -- C:\Users\Traeonna\Desktop\What's Running.lnk
[2012/01/12 03:15:24 | 000,440,579 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/11 16:16:02 | 000,002,056 | ---- | M] () -- C:\Users\Traeonna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/11 16:04:00 | 000,001,280 | ---- | M] () -- C:\Users\Traeonna\Desktop\Spybot - Search & Destroy.lnk
[2012/01/11 08:21:13 | 000,001,444 | -HS- | M] () -- C:\ProgramData\122b86b38ebief1g4ggy8m
[2012/01/10 17:33:08 | 000,036,567 | ---- | M] () -- C:\Users\Traeonna\Desktop\384375_2923377251151_1462458860_32999433_371772047_n.jpg
[2012/01/10 17:21:05 | 000,037,849 | ---- | M] () -- C:\Users\Traeonna\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/01/06 18:32:41 | 000,716,185 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/01/05 17:12:51 | 000,037,856 | ---- | M] () -- C:\Users\Traeonna\AppData\Roaming\Comma Separated Values (DOS).ADR
[2011/12/28 16:41:20 | 000,007,602 | ---- | M] () -- C:\Users\Traeonna\AppData\Local\Resmon.ResmonCfg
[2011/12/23 07:12:12 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/12/18 21:40:31 | 000,001,787 | ---- | M] () -- C:\Users\Traeonna\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[29 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[29 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/14 03:08:28 | 000,009,240 | ---- | C] () -- C:\ProgramData\c5280640
[2012/01/14 02:10:08 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2012/01/13 19:34:40 | 000,222,730 | ---- | C] () -- C:\Users\Traeonna\Desktop\cc-reg-bkup_20120113_193359.reg
[2012/01/13 19:33:47 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/13 19:20:30 | 000,001,083 | ---- | C] () -- C:\Users\Traeonna\Desktop\SpywareBlaster.lnk
[2012/01/13 19:14:09 | 000,002,125 | ---- | C] () -- C:\Users\Traeonna\Desktop\Sophos Anti-Rootkit.lnk
[2012/01/13 19:14:09 | 000,001,925 | ---- | C] () -- C:\Users\Traeonna\Desktop\CCleaner.lnk
[2012/01/13 19:14:09 | 000,001,790 | ---- | C] () -- C:\Users\Traeonna\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/13 19:14:09 | 000,001,478 | ---- | C] () -- C:\Users\Traeonna\Desktop\HijackThis.lnk
[2012/01/13 19:14:09 | 000,001,280 | ---- | C] () -- C:\Users\Traeonna\Desktop\Spybot - Search & Destroy.lnk
[2012/01/13 19:14:09 | 000,001,252 | ---- | C] () -- C:\Users\Traeonna\Desktop\Disk Cleanup.lnk
[2012/01/13 19:14:09 | 000,001,131 | ---- | C] () -- C:\Users\Traeonna\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/13 19:14:09 | 000,001,005 | ---- | C] () -- C:\Users\Traeonna\Desktop\What's Running.lnk
[2012/01/13 19:14:09 | 000,000,987 | ---- | C] () -- C:\Users\Traeonna\Desktop\AVG User Interface.lnk
[2012/01/12 16:55:23 | 000,302,592 | ---- | C] () -- C:\Users\Traeonna\Desktop\gmer.exe
[2012/01/11 08:21:13 | 000,001,444 | -HS- | C] () -- C:\ProgramData\122b86b38ebief1g4ggy8m
[2012/01/10 17:33:08 | 000,036,567 | ---- | C] () -- C:\Users\Traeonna\Desktop\384375_2923377251151_1462458860_32999433_371772047_n.jpg
[2011/12/18 21:40:31 | 000,001,787 | ---- | C] () -- C:\Users\Traeonna\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/12/12 19:02:42 | 000,037,849 | ---- | C] () -- C:\Users\Traeonna\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/12/11 15:35:59 | 000,221,307 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/12/11 15:35:59 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/07/17 23:10:57 | 000,000,000 | ---- | C] () -- C:\Users\Traeonna\AppData\Local\{95F6755B-9AAF-4051-9FB9-769BF0729BCF}
[2011/07/04 17:34:58 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/07/01 02:58:49 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
[2011/04/23 10:56:07 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/03/22 15:30:42 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/12/08 23:57:18 | 005,681,896 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/12/08 23:57:18 | 000,015,406 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/11/14 12:13:38 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/11/14 12:13:38 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/09/29 19:36:43 | 000,000,706 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/09/29 14:26:51 | 000,255,212 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/12 12:26:38 | 000,037,856 | ---- | C] () -- C:\Users\Traeonna\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/08/30 20:09:44 | 000,266,240 | ---- | C] () -- C:\Windows\SysWow64\CSHelper.exe
[2010/08/25 19:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/08/10 18:14:41 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/27 19:57:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\CLDShowX.ini
[2010/04/16 21:30:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/16 18:59:12 | 000,007,602 | ---- | C] () -- C:\Users\Traeonna\AppData\Local\Resmon.ResmonCfg
[2010/04/15 01:23:04 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/04/15 01:23:04 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/04/15 01:22:44 | 000,001,597 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/04/14 21:42:04 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010/04/14 21:42:04 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/04/14 21:42:04 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/04/14 21:42:04 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009/11/04 19:21:23 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/11/04 19:21:23 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/11/04 19:21:23 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/04/15 16:57:49 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\Acer
[2011/12/30 17:01:40 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\Amazon
[2011/09/08 22:28:16 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\Audacity
[2010/05/30 17:18:22 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\Autodesk
[2011/09/27 14:36:23 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\AVG2012
[2010/11/14 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\DAEMON Tools Lite
[2011/07/30 10:00:32 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\Dropbox
[2011/03/28 16:30:15 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\DVDVideoSoft
[2011/03/06 13:25:23 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/11/17 16:54:21 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\FileZilla
[2010/06/29 10:38:31 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\Gizmo5
[2011/07/13 20:14:13 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\Gyyx
[2010/04/15 16:57:46 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\Leadertech
[2010/05/28 17:11:31 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\LEGO Company
[2011/12/30 17:12:27 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\Mp3tag
[2012/01/13 19:50:06 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\POPFile
[2010/08/10 18:01:21 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\Red Kawa
[2010/09/30 19:53:59 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\SSDir
[2011/04/06 20:08:39 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\TaxCut
[2010/04/17 14:37:26 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\Trillian
[2010/04/27 20:36:08 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/09/26 22:58:33 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\uTorrent
[2010/04/16 14:00:21 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\WildTangent
[2011/07/13 20:14:13 | 000,000,000 | ---D | M] -- C:\Users\Traeonna\AppData\Roaming\Xoybn
[2011/08/13 09:12:55 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 2560 bytes -> C:\ProgramData\CLDShowX.ini:Update.CL

< End of report >
  • 0

Advertisements


#2
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way. One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to - when you are using it the current malware infection could propagate further infections - forcing us to do a second or even third round of disinfection after the first. If you do have to use it please disconnect it from the Internet - that way the current malware cannot propagate further infections.
  • 0

#3
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi Traeonna. We will now begin the disinfection for your computer. First step is to run a quick clean using OTL. Please do the following:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    
    PRC - [2012/01/14 03:08:26 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Temp\oiu0.9998182639360882.exe
    O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
    [2012/01/14 03:10:28 | 000,009,240 | ---- | M] () -- C:\ProgramData\c5280640
    [2012/01/11 08:21:13 | 000,001,444 | -HS- | M] () -- C:\ProgramData\122b86b38ebief1g4ggy8m
    [2011/07/17 23:10:57 | 000,000,000 | ---- | C] () -- C:\Users\Traeonna\AppData\Local\{95F6755B-9AAF-4051-9FB9-769BF0729BCF}
    
    :Files
    
    C:\Windows\Temp\oiu0.9998182639360882.exe
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Then post the produced log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)
  • Open OTL again and click the Quick Scan button. Post the log it produces as in your next reply as well.


Also in your next post please include the contents of the extras.txt file from your desktop.


We will now run a quick scan for a nasty infection very prevalent these days.

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer no
    Posted Image
  • Click the Scan button to start scan
    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply


Finally we will run Combofix to address some aspects of your infection.

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

That's all for now. Let me know if you have any questions/problems. Good luck!
  • 0

#4
Traeonna

Traeonna

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you for taking the time to respond. As I have not checked my e-mail for several days, I missed that you had responded to my post. I am happy to report after several days of working aggressively on this (and with the help of my beloved), the infection seems to have been finally cleared. I want to thank you, however, for being so prompt in your reply and eagerness to help me with this issue. I am thankful that there are resources such as this that are available. Please continue the wonderful work you do.
  • 0

#5
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Did you solve it yourself or follow the instructions I gave you (just curious) ?
  • 0

#6
Traeonna

Traeonna

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
My husband finished where I left off and cleared the infection on his own not using your posted process as I had only just read your response today (after we were sure everything was back to normal). Wish I would have thought to document our process for the benefit of others, but we were a bit more focused on just getting stuff fixed. LOL
  • 0

#7
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
If you want we can continue with the procedures I gave you to make sure your computer is completely clean. If you are having no symptoms it could be clean it could not. There might be other infections present on the computer besides the ones you cleaned. If you want to proceed simply follow the previous instructions I gave you and also tell me exactly what your husband did.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP