Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with Virus Removal [Closed]


  • This topic is locked This topic is locked

#1
shannon1923

shannon1923

    New Member

  • Member
  • Pip
  • 1 posts
Hi, I have been dealing with a Virus problem. I completely wiped my hard drive and re-installed Windows 7 64 bit about 2 weeks ago. I had a hard time right away downloading Antivirus software (Comodo Dragon). My computer would crash every time I tried to install. Finally it (Comodo AV) installed and I also installed Malwarebytes, and Super AntiSpyware without any problem. About 24hrs after the re-install The Microsoft Windows Malicious software removal tool popped up saying it found the virus WIN64/Alureon.gen!A. The tool said it "partially removed" it but manual steps were needed to remove it completely. I ran Malwarebytes that found 4 things and I removed those. I also ran Super AntiSpyware and cleaned with that. After restart All 3 found nothing on scan. About 5 days later, the Windows Malicious software removal tool popped up again saying it found the same Alureon virus. I tried looking around the internet for solutions, as I am not very computer savvy, so I found something called Kaspersky TDSS cleaner, so I downloaded and ran that. Now today I ran the Windows Malicious software removal tool again and it came up with 4 things (DOS/Alureon, Win32/Alureon, Win64/Alureon, and WinNT/Alureon. It says again that these 4 things were "partially removed, but manual steps are required to complete removal". I just ran a scan with my Comodo AV again and it found 1 thing that said it was (Malware@#apqt724llo24), i chose the "clean" option.
So I have come here for help as I do not know what else to do. I downloaded the OTL and below I am pasting the logs for you. Please help.
----------------------------------
OTL logfile created on: 2/18/2014 8:54:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shannon\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 32.94% Memory free
7.90 Gb Paging File | 4.92 Gb Available in Paging File | 62.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 352.74 Gb Free Space | 75.73% Space Free | Partition Type: NTFS

Computer Name: SHANNON-PC | User Name: Shannon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/18 20:54:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shannon\Downloads\OTL.exe
PRC - [2014/02/18 19:42:22 | 000,444,840 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
PRC - [2014/02/18 19:42:22 | 000,297,384 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
PRC - [2014/02/01 15:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/28 06:35:50 | 002,135,232 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2014/01/20 13:15:18 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
PRC - [2014/01/20 12:15:26 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
PRC - [2013/12/13 04:12:00 | 000,525,480 | ---- | M] (AdTrustMedia) -- C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe
PRC - [2013/10/27 09:12:26 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/03/08 16:07:36 | 000,506,864 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
PRC - [2013/02/20 11:47:14 | 000,161,264 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
PRC - [2011/09/20 09:17:44 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/18 19:42:23 | 000,272,808 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
MOD - [2014/02/18 19:42:23 | 000,072,104 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
MOD - [2014/02/18 19:42:22 | 000,133,544 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
MOD - [2014/02/18 19:42:22 | 000,080,296 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll
MOD - [2014/02/18 19:42:22 | 000,033,128 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll
MOD - [2014/02/01 15:42:37 | 013,616,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
MOD - [2014/02/01 15:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/01 15:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/01 15:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2013/10/01 15:02:02 | 000,108,888 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\PMC.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/20 01:23:22 | 006,254,152 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2013/10/10 14:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/09/24 10:53:32 | 000,164,056 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/05/04 15:40:36 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2014/02/18 20:14:57 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/28 06:35:50 | 002,135,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2014/01/20 13:15:18 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
SRV - [2014/01/20 12:15:26 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2013/10/27 09:12:26 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/02/20 11:47:14 | 000,161,264 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/27 09:12:42 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/10/06 21:17:38 | 000,014,888 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hmd.sys -- (HMD)
DRV:64bit: - [2013/09/24 10:54:12 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2013/05/06 23:00:18 | 000,037,976 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\SysNative\drivers\CFRMD.sys -- (CFRMD)
DRV:64bit: - [2013/04/09 19:09:24 | 000,849,992 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/08/27 19:51:00 | 000,230,280 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2012/08/27 19:50:58 | 000,114,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/13 14:31:16 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/28 12:50:38 | 000,044,672 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/10/25 19:45:52 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 00 EA 8C 47 25 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Docs = C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: PrivDog = C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.8.0.18_0\
CHR - Extension: Google Search = C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: BrandMyMail - Email Signatures for GMail = C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndekeigclpmnhmggjakhfmklhhibiokp\0.29.11_0\
CHR - Extension: Cath Kidston = C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm\3_0\
CHR - Extension: Google Wallet = C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
O2:64bit: - BHO: (PrivDog Extension) - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PrivDog Extension) - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ComodoFSChrome] "C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c File not found
O4 - HKLM..\Run: [PrivDogService] C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe (AdTrustMedia)
O4 - HKLM..\Run: [RUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
O9 - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{263C0EA8-9FAB-4719-9782-060F3D9D66E0}: DhcpNameServer = 192.168.0.1 205.171.2.25
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/18 20:39:38 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\Macromedia
[2014/02/18 20:04:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2014/02/18 20:04:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014/02/18 20:03:20 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Local\Adobe
[2014/02/18 19:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Photo Notifier and Animation Creator
[2014/02/18 19:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photo Notifier and Animation Creator
[2014/02/18 19:42:57 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Local\IM
[2014/02/18 19:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
[2014/02/18 19:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\IncrediMail
[2014/02/18 19:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IncrediMail
[2014/02/18 19:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\IM
[2014/02/18 15:54:27 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\Adobe
[2014/02/17 02:09:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2014/02/17 02:07:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2014/02/17 01:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2014/02/17 01:38:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/02/17 01:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/02/17 01:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/02/16 15:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/02/16 15:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2014/02/16 15:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/02/16 15:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2014/02/11 20:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2014/02/10 07:10:55 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\LibreOffice
[2014/02/10 07:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX310 series
[2014/02/10 04:16:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2014/02/10 04:16:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2014/02/09 23:50:59 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\SUPERAntiSpyware.com
[2014/02/09 23:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/02/09 23:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/02/09 23:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/02/09 23:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/02/09 23:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/09 22:30:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COMODO
[2014/02/09 21:23:54 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Local\AMD
[2014/02/09 21:23:37 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\ATI
[2014/02/09 21:23:37 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Local\ATI
[2014/02/09 21:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/02/09 19:54:39 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\Malwarebytes
[2014/02/09 19:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/09 19:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/09 19:53:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/09 19:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/09 19:52:48 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Local\Programs
[2014/02/09 16:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/02/09 16:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/02/09 16:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/02/09 14:24:11 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2014/02/09 14:23:52 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2014/02/09 03:02:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/02/08 23:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
[2014/02/08 23:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4
[2014/02/08 22:59:23 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2014/02/08 22:59:03 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2014/02/08 22:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/08 22:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/02/08 22:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/08 22:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/08 22:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/02/08 21:47:24 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Local\AdTrustMedia
[2014/02/08 21:47:07 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2014/02/08 21:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Adtrustmedia
[2014/02/08 21:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\AdTrustMedia
[2014/02/08 21:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AdTrustMedia
[2014/02/08 21:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2014/02/08 21:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2014/02/08 21:46:40 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Local\Comodo
[2014/02/08 21:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2014/02/08 21:46:38 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2014/02/08 21:46:38 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2014/02/08 21:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2014/02/08 21:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2014/02/08 20:12:50 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/02/08 19:32:37 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\Google
[2014/02/08 19:23:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/02/08 19:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2014/02/08 19:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2014/02/08 19:18:27 | 000,000,000 | ---D | C] -- C:\winki
[2014/02/08 19:18:20 | 000,000,000 | -H-D | C] -- C:\SuperChargerProfile
[2014/02/08 19:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
[2014/02/08 19:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404
[2014/02/08 19:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401
[2014/02/08 19:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2014/02/08 19:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2014/02/08 19:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/02/08 19:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/02/08 19:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/02/08 19:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/02/08 19:13:26 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Local\Google
[2014/02/08 19:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/02/08 19:12:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/02/08 19:12:36 | 000,791,808 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2014/02/08 19:12:36 | 000,633,088 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2014/02/08 19:12:36 | 000,521,472 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2014/02/08 19:12:36 | 000,213,760 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
[2014/02/08 19:12:19 | 002,103,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2014/02/08 19:12:18 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/02/08 19:12:18 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/02/08 19:12:18 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/02/08 19:12:18 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/02/08 19:12:17 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2014/02/08 19:12:17 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2014/02/08 19:12:17 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2014/02/08 19:12:17 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/02/08 19:12:13 | 004,810,008 | ---- | C] (ASUSTeKcomputer.Inc) -- C:\Windows\SysNative\RTKSMlfx.dll
[2014/02/08 19:12:12 | 000,758,104 | ---- | C] (A-Volute) -- C:\Windows\SysNative\RTKSMSettingsIPC.dll
[2014/02/08 19:12:12 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/02/08 19:12:12 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/02/08 19:12:12 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/02/08 19:12:12 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/02/08 19:12:12 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/02/08 19:12:12 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/02/08 19:12:06 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/02/08 19:12:05 | 000,849,992 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/02/08 19:12:05 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/02/08 19:12:05 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/02/08 19:12:04 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/02/08 19:12:04 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/02/08 19:12:03 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/02/08 19:12:02 | 000,547,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2014/02/08 19:11:51 | 003,138,304 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnN64.dll
[2014/02/08 19:11:48 | 009,123,608 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2014/02/08 19:11:45 | 014,035,712 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2014/02/08 19:11:44 | 001,903,872 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2014/02/08 19:11:43 | 002,032,896 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2014/02/08 19:11:43 | 000,920,320 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2014/02/08 19:11:42 | 000,722,688 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2014/02/08 19:11:42 | 000,612,728 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
[2014/02/08 19:11:42 | 000,395,208 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/02/08 19:11:41 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/02/08 19:11:40 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2014/02/08 19:11:29 | 002,736,160 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/02/08 19:11:29 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/02/08 19:11:29 | 000,415,688 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2014/02/08 19:11:28 | 000,501,192 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2014/02/08 19:11:28 | 000,487,368 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2014/02/08 19:11:26 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/02/08 19:11:26 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/02/08 19:11:26 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/02/08 19:11:26 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/02/08 19:11:26 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/02/08 19:11:26 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/02/08 19:11:25 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/02/08 19:11:25 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/02/08 19:11:25 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/02/08 19:11:25 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/02/08 19:11:25 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/02/08 19:11:25 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/02/08 19:11:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2014/02/08 19:11:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/02/08 19:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2014/02/08 19:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014/02/08 19:11:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2014/02/08 19:10:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2014/02/08 19:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2014/02/08 19:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2014/02/08 19:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014/02/08 19:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2014/02/08 19:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2014/02/08 19:10:04 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2014/02/08 18:58:46 | 000,000,000 | R--D | C] -- C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/02/08 18:58:46 | 000,000,000 | R--D | C] -- C:\Users\Shannon\Searches
[2014/02/08 18:58:46 | 000,000,000 | R--D | C] -- C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/02/08 18:58:46 | 000,000,000 | -H-D | C] -- C:\Users\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/02/08 18:58:37 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\Identities
[2014/02/08 18:58:34 | 000,000,000 | R--D | C] -- C:\Users\Shannon\Contacts
[2014/02/08 18:58:33 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Local\VirtualStore
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\AppData\Local\Temporary Internet Files
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\Templates
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\Start Menu
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\SendTo
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\Recent
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\PrintHood
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\NetHood
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\Documents\My Videos
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\Documents\My Pictures
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\Documents\My Music
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\My Documents
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\Local Settings
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\AppData\Local\History
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\Cookies
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\Application Data
[2014/02/08 18:58:20 | 000,000,000 | -HSD | C] -- C:\Users\Shannon\AppData\Local\Application Data
[2014/02/08 18:58:19 | 000,000,000 | --SD | C] -- C:\Users\Shannon\AppData\Roaming\Microsoft
[2014/02/08 18:58:19 | 000,000,000 | R--D | C] -- C:\Users\Shannon\Videos
[2014/02/08 18:58:19 | 000,000,000 | R--D | C] -- C:\Users\Shannon\Saved Games
[2014/02/08 18:58:19 | 000,000,000 | R--D | C] -- C:\Users\Shannon\Pictures
[2014/02/08 18:58:19 | 000,000,000 | R--D | C] -- C:\Users\Shannon\Music
[2014/02/08 18:58:19 | 000,000,000 | R--D | C] -- C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/02/08 18:58:19 | 000,000,000 | R--D | C] -- C:\Users\Shannon\Links
[2014/02/08 18:58:19 | 000,000,000 | R--D | C] -- C:\Users\Shannon\Favorites
[2014/02/08 18:58:19 | 000,000,000 | R--D | C] -- C:\Users\Shannon\Downloads
[2014/02/08 18:58:19 | 000,000,000 | R--D | C] -- C:\Users\Shannon\Documents
[2014/02/08 18:58:19 | 000,000,000 | R--D | C] -- C:\Users\Shannon\Desktop
[2014/02/08 18:58:19 | 000,000,000 | R--D | C] -- C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/02/08 18:58:19 | 000,000,000 | -H-D | C] -- C:\Users\Shannon\AppData
[2014/02/08 18:58:19 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Local\Temp
[2014/02/08 18:58:19 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Local\Microsoft
[2014/02/08 18:58:19 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\Media Center Programs
[2014/02/08 18:50:22 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/02/08 18:48:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2014/02/08 18:48:13 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014/02/08 18:45:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2014/02/08 18:37:53 | 000,000,000 | ---D | C] -- C:\Windows.old.000
[2014/02/08 18:22:43 | 000,000,000 | ---D | C] -- C:\Windows.old
[2014/01/28 20:32:26 | 000,000,000 | ---D | C] -- C:\0877585de09a7ced21
[2014/01/19 21:02:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/18 20:55:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/18 20:52:33 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2014/02/18 20:30:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/18 19:42:50 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Secure passwords.lnk
[2014/02/18 19:42:50 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2014/02/18 19:42:50 | 000,002,005 | ---- | M] () -- C:\Users\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
[2014/02/18 18:31:51 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/18 18:31:51 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/18 18:28:59 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/18 18:28:59 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/18 18:28:59 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/18 18:23:21 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/18 18:22:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/18 18:22:35 | 3180,380,160 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/18 04:30:00 | 000,323,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/18 03:33:37 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/18 03:33:32 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/17 23:57:05 | 000,046,666 | ---- | M] () -- C:\Users\Shannon\Documents\raina pics for hunter.odt
[2014/02/17 03:18:45 | 000,087,312 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2014/02/09 23:50:17 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/02/09 23:39:10 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/09 22:30:52 | 000,002,013 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2014/02/09 22:30:52 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2014/02/09 19:54:01 | 000,001,137 | ---- | M] () -- C:\Users\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/02/09 19:54:01 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/08 23:08:02 | 000,001,500 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.2.lnk
[2014/02/08 22:04:38 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2014/02/08 22:04:38 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2014/02/08 21:47:21 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
[2014/02/08 21:47:21 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk
[2014/02/08 21:47:20 | 000,000,593 | ---- | M] () -- C:\Users\Public\Desktop\Shared Space.lnk
[2014/02/08 21:46:40 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2014/02/08 19:32:46 | 000,002,283 | ---- | M] () -- C:\Users\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/08 19:26:23 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/08 19:06:04 | 000,001,441 | ---- | M] () -- C:\Users\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/08 18:52:18 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/02/08 18:52:18 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/02/08 18:45:46 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2014/01/20 17:22:58 | 000,000,184 | ---- | M] () -- C:\Users\Shannon\Documents\Jesus Resume 2014.gdoc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/18 20:04:18 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/18 19:42:50 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Secure passwords.lnk
[2014/02/18 19:42:50 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail.lnk
[2014/02/18 19:42:50 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2014/02/18 19:42:50 | 000,002,005 | ---- | C] () -- C:\Users\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
[2014/02/18 03:33:37 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/18 03:33:32 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/17 23:57:03 | 000,046,666 | ---- | C] () -- C:\Users\Shannon\Documents\raina pics for hunter.odt
[2014/02/17 02:21:41 | 000,087,312 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2014/02/16 15:55:22 | 003,426,956 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2014/02/10 03:26:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/02/10 03:10:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/02/09 23:50:17 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/02/09 23:39:10 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/09 22:30:52 | 000,002,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2014/02/09 22:30:52 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2014/02/09 19:54:01 | 000,001,137 | ---- | C] () -- C:\Users\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/02/09 19:54:01 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/09 14:24:49 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2014/02/09 14:23:38 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2014/02/09 14:23:27 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2014/02/09 14:23:27 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2014/02/09 14:23:20 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2014/02/08 23:08:02 | 000,001,500 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.2.lnk
[2014/02/08 21:47:21 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
[2014/02/08 21:47:21 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk
[2014/02/08 21:47:20 | 000,000,593 | ---- | C] () -- C:\Users\Public\Desktop\Shared Space.lnk
[2014/02/08 21:47:16 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2014/02/08 21:46:40 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2014/02/08 19:53:12 | 000,000,184 | ---- | C] () -- C:\Users\Shannon\Documents\Jesus Resume 2014.gdoc
[2014/02/08 19:15:10 | 000,002,283 | ---- | C] () -- C:\Users\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/08 19:15:10 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/08 19:13:34 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/08 19:13:33 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/08 19:12:35 | 005,448,460 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2014/02/08 19:12:12 | 000,615,249 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/02/08 19:11:23 | 000,109,848 | ---- | C] () -- C:\Windows\SysNative\AcpiServiceVnA64.dll
[2014/02/08 19:06:04 | 000,001,441 | ---- | C] () -- C:\Users\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/08 18:58:48 | 000,001,417 | ---- | C] () -- C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/02/08 18:58:19 | 000,000,290 | ---- | C] () -- C:\Users\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/02/08 18:58:19 | 000,000,272 | ---- | C] () -- C:\Users\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/02/08 18:52:07 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2014/02/08 18:52:01 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/05/04 15:37:46 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/10 07:10:55 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\LibreOffice

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Welcome to GeeksToGo, shannon1923

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

I ran Malwarebytes that found 4 things and I removed those


  • Right click on MBAM icon and select Run as Administrator
  • Go to the Logs tab and select the logfile which shows the infections
  • Post the content of that file into your next reply

Kaspersky TDSS cleaner, so I downloaded and ran that


A report has been created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

Please provide me with more information (in your case the logs) in the next post. If you have any question to the steps above please ask.
  • 0

#3
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Any problems with the instructions above?
  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP