I have a pretty serious problem that I'm hoping you guys could help me with. For security reasons, I'm reluctant to post this problem publicly - although I'm not sure if private-messaging would be any more secure. (I've had strong suspicions that my Internet activity and Internet communications - even presumably private communications like emails - are being spied upon.)
First - let me start by saying that I have an electromagnetic sensitivity to many modern electronics - examples of devices to which I'm sensitive include computers (especially laptops and some tablets), cellphones (especially smartphones), wireless routers - even many of the LCD TVs out there can give me problems. These electronic devices can cause me symptoms such as: a burning/stinging sensation of my skin (particularly my face and hands - as the skin on these parts of the body is more sensitive, and/or more exposed); burning/prickling pains in my chest, abdomen, and head; heart palpitations; negative cognitive effects; and just an overall, very tangible feeling that the radiation is penetrating my body (yes, I can literally "feel" the radiation). Because of this sensitivity, I've had to be very careful about which electronics I buy (for ex. - though I've had longings to own a smartphone, I've avoided buying one) - and I have to adjust the settings of these electronics to those that provoke my symptoms the least.
I realize that my electrosensitivity puts me in a pretty small minority; it seems that in the grand scheme of things, only a small percentage of people out there suffer these problems (at least to the extent that they are able to identify the problem). It is a tough minority group to belong to; many of the lucky majority question the validity of electromagnetic sensitivity.
Anyway - this unfortunate electrosensitivity I have makes what is currently happening to me an even more urgent (and infuriating) situation.
I'll try to be concise about the situation that's been thrust upon me. There is this website (a vast messageboard with a large membership - that is quite similar in format to this one) that I've frequented for years. At a certain point, I started noticing things that made me suspect that this website's administration was committing some rather sinister, unethical deeds. Among the sinister things I've noticed is that - on at least a few occasions - whoever is running this site has seemed to "infect" my computer with some sort of malware. I have no strong proof that this has happened, but I'm practically convinced that this has occurred because the electromagnetic radiation of the computer seemed to suddenly increase to a level that was much less tolerable. Remember - I can "feel" radiation in many instances; I can feel when it increases, and I can feel when it decreases. That may sound strange to you guys - but I've had enough experiences to be convinced of my sensitivity's realness and validity.
Also - it's rather "coincidental" that these malware infections have seemed to always occur after I wrote something that may have been threatening to the messageboard's administration, or wrote something that "they" may not have liked. For example - shortly after I posted speculations that cast the board's "admin" in an unflattering light, my computer seemed to become infected with something. My laptop's fans would turn on more frequently and were noisier - and my head nearly "exploded" from the increased radiation. This "infection" and a subsequent infection seemed to eventually be resolved by doing a System Restore (I'm using a Windows 7 computer).
I realize that I should have avoided that website after these egregious violations - but against my better judgment, I continued to visit the site. Eventually, however - my suspicions about this website's nasty corruption reached a point where I vowed to not visit this site again using my main computer. I was/am disturbed and angered by this website's intrusions upon my privacy and property. I wondered if there were other people who had similar perceptions about this site; finally, I found a blog in which another disgruntled member discussed some of this site's offenses. (This blog - which is hosted by Wordpress - seems to have no affiliation with the offending website.) I wanted to commiserate with this person in private, via email - and days ago, I posted a comment underneath her blog expressing my desire to talk to her in private. Suddenly, shortly after I posted this comment - it happened again. My computer's radiation level seemed to increase ten-fold; my usually innocuous computer seemed to become "radioactive". I became sick and incapacitated by my computer's increased electromagnetic emissions - my computer no longer seemed safe for me to use.
One reason why this latest incident is so upsetting is that - by avoiding the website - I assumed that I was safe. Yet, it seems that the evil beings associated with this website somehow were able to access my computer despite my avoidance of the site. And it's reasonable to assume that the offending website has something to do with my latest infection - since it happened very shortly after I posted comments on that blog that made clear my negative views of that website. The timing of the infection seems to be consistent with what happened those previous two times when I posted comments on the website that ticked the administrator(s) off. If you have any other ideas about who or what could be behind these attacks on my computer, please let me know. (In the shadowy world of the Internet, things can get complicated, I guess.)
This time - the infection that has increased my computer's radiation output seems to be considerably more persistent that the previous infections. (By the way, these infections don't seem to negatively impact the performance of my computer - it just drastically increases its heat and radiation output.) When two standard System Restores failed to take care of the problem - I did the more extensive advanced recovery that supposedly wipes clean the harddrive and resets the operating system to "factory condition". This didn't seem to help much - something still seems to be sabotaging my computer. The fans turn on much more than usual; my face, hands, arms burn from simple use; my head seems to be fried - it's been a nightmare.
I installed and ran the free edition of MalwareBytes - nothing was found. I also installed and ran Security Task Manager - nothing threatening seemed to be detected. I defragmented my harddrive - no dice.
I just want to return my computer to the less harmful state it was in before the wicked saboteurs got to it (yet again). It angers me that some unseen, unknown people can affect my health with a few keystrokes. And it angers and baffles me that my computer seems to be "open season" for them.
Please - does anyone have any ideas about how to return my computer to normal? Also - I sorely need advice on how to "seal" my computer against such threats - to make it much less vulnerable. I admit that I have mostly refrained from using anti-virus/anti-malware programs because 1.) I'm not convinced that they are all that effective against several types of attacks (whenever I've run MalwareBytes - it didn't find anything) and, 2.) From my experience, "real-time-protection" of these programs can increase my computer's electromagnetic radiation to bothersome levels. (And I like to minimize the radiation as much as possible.) I've also avoided "add-on" features to Mozilla Firefox and Google Chrome because they also seem to increase computer-radiation - but I now realize more than ever that they may be a necessary evil. That is - if these add-ons would even be effective (I have my doubts).
I would appreciate any light you can shed on this issue. I mean, though I'm convinced that something untoward has happened to me - everything remains an indefinite mystery to me. Who is it, exactly? (I have a good idea - but I can't be 100% sure.) Would a mere "website" have the power to do this - or is a more powerful entity behind this? Exactly how are they accomplishing this? I'd appreciate any feedback that can help me understand the details surrounding this attack.
Thank you, and sorry so long. (And this is still only part of the story of my victimization - I allude to the other part of my victimization at the beginning of this post...it's why I'm reluctant to post this message on the public board).
P.S. - if "they" have been snooping on my Internet activity - as I strongly suspect that they've been doing - it's quite possible that they know about my electromagnetic sensitivity. I've Googled the issue, visited webpages dedicated to the issue - and have posted to electrosensitivity forums. Could this be a deliberate malicious attack designed to exploit my condition, and harm me? It seems to be a distinct, disgusting possibility.
P.S.S. - I'm very uncomfortable posting all of this log information. This is an uncomfortably-extensive amount of information that this program generated - and we're asked to post all of it here?
OTL logfile created on: 9/28/2013 4:18:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kristi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.93 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 36.36% Memory free
5.86 Gb Paging File | 3.80 Gb Available in Paging File | 64.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.78 Gb Total Space | 189.04 Gb Free Space | 85.62% Space Free | Partition Type: NTFS
Computer Name: KRISTI-PC | User Name: Kristi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/09/28 16:17:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kristi\Downloads\OTL.exe
PRC - [2013/09/27 23:02:04 | 002,404,376 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/09/27 23:02:04 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe
PRC - [2013/09/27 23:02:04 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\loggingserver.exe
PRC - [2013/09/16 23:21:30 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2009/11/05 14:16:08 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
PRC - [2009/11/05 14:15:45 | 000,985,824 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.7.0.30\InstStub.exe
PRC - [2009/10/13 15:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
PRC - [2009/08/18 05:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
========== Modules (No Company Name) ==========
MOD - [2013/09/27 23:02:04 | 002,404,376 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/09/27 23:02:04 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\log4cplusU.dll
MOD - [2013/09/27 23:02:04 | 000,142,360 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\SiteSafety.dll
MOD - [2013/09/25 13:50:30 | 004,591,616 | ---- | M] () -- C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll
MOD - [2013/09/25 13:50:30 | 000,112,128 | ---- | M] () -- C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll
MOD - [2013/09/16 23:21:27 | 000,410,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppgooglenaclpluginchrome.dll
MOD - [2013/09/16 23:21:26 | 013,611,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
MOD - [2013/09/16 23:21:25 | 004,053,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
MOD - [2013/09/16 23:20:31 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009/09/30 18:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2013/09/27 23:02:04 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe -- (vToolbarUpdater17.0.1)
SRV - [2013/08/29 23:34:12 | 000,206,624 | ---- | M] (lucky leap) [Auto | Running] -- C:\Program Files (x86)\lucky leap\updateluckyleap.exe -- (Update lucky leap)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2009/11/05 14:16:08 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/11/05 14:10:35 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/10/13 15:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/09/27 23:02:04 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/05 14:16:09 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/11/05 14:16:09 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/10/13 15:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/01 21:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/21 05:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/27 03:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/10/05 05:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091005.003\ex64.sys -- (NAVEX15)
DRV - [2009/10/05 05:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091005.003\eng64.sys -- (NAVENG)
DRV - [2009/09/01 21:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/25 23:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...24z165r44m20267
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...24z165r44m20267
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...24z165r44m20267
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...24z165r44m20267
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...24z165r44m20267
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...24z165r44m20267
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACEW_enUS555
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2013-09-26 21:35:26&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.9 [2013/09/27 23:02:13 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_0\
CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.0.9_0\
CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.0.9\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (lucky leap) - {d77aa852-def3-43cb-a3f5-bd679de72f32} - C:\Program Files (x86)\lucky leap\luckyleapBHO.dll (luckyleap)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.0.9\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F121418-9627-43B4-89F2-7E246C69BD2B}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/09/27 23:50:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/09/27 23:49:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/09/27 19:30:36 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013/09/27 19:29:53 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013/09/26 22:18:09 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Adobe
[2013/09/26 21:35:37 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\AVG SafeGuard toolbar
[2013/09/26 21:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013/09/26 21:35:24 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/09/26 21:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013/09/26 21:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013/09/26 21:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/09/26 21:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/09/26 21:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/09/26 21:35:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/26 21:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lucky leap
[2013/09/26 20:54:31 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Malwarebytes
[2013/09/26 20:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/26 20:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/26 20:54:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/26 20:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/26 20:53:09 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Programs
[2013/09/26 16:21:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/09/26 16:21:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/09/26 01:07:08 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/09/26 01:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/09/26 01:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/09/26 01:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/09/25 02:34:15 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2013/09/25 01:38:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2013/09/25 01:38:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2013/09/25 01:36:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/09/24 23:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/24 23:28:31 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Deployment
[2013/09/24 23:28:31 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Apps
[2013/09/24 23:26:06 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Adobe
[2013/09/24 23:26:01 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Google
[2013/09/24 23:26:00 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Google
[2013/09/24 23:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2013/09/24 23:07:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013/09/24 23:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/09/24 23:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/09/24 23:03:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2013/09/24 22:48:36 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Macromedia
[2013/09/24 22:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines Documentation
[2013/09/24 22:48:32 | 000,000,000 | ---D | C] -- C:\book
[2013/09/24 22:48:00 | 000,000,000 | R--D | C] -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/09/24 22:48:00 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Searches
[2013/09/24 22:48:00 | 000,000,000 | R--D | C] -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/09/24 22:48:00 | 000,000,000 | -H-D | C] -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/09/24 22:47:49 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Identities
[2013/09/24 22:47:45 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Contacts
[2013/09/24 22:47:42 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\VirtualStore
[2013/09/24 22:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2013/09/24 22:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D
[2013/09/24 22:44:40 | 000,000,000 | --SD | C] -- C:\Users\Kristi\AppData\Roaming\Microsoft
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Videos
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Saved Games
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Pictures
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Music
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Links
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Favorites
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Downloads
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Documents
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Desktop
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\AppData\Local\Temporary Internet Files
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Templates
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Start Menu
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\SendTo
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Recent
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\PrintHood
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\NetHood
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Documents\My Videos
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Documents\My Pictures
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Documents\My Music
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\My Documents
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Local Settings
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\AppData\Local\History
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Cookies
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Application Data
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\AppData\Local\Application Data
[2013/09/24 22:44:40 | 000,000,000 | -H-D | C] -- C:\Users\Kristi\AppData
[2013/09/24 22:44:40 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Temp
[2013/09/24 22:44:40 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Microsoft
[2013/09/24 22:44:40 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Media Center Programs
[2013/09/24 22:44:30 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/09/24 22:43:58 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
========== Files - Modified Within 30 Days ==========
[2013/09/28 16:16:00 | 000,003,103 | ---- | M] () -- C:\Users\Kristi\Documents\usernames.rtf
[2013/09/28 16:00:01 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\eMachines Registration Reminder.job
[2013/09/28 15:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/28 13:44:51 | 000,009,570 | ---- | M] () -- C:\Users\Kristi\Documents\computersecuritypost.rtf
[2013/09/28 13:05:28 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/28 13:05:28 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/28 13:05:28 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/28 12:14:45 | 000,001,448 | ---- | M] () -- C:\Users\Kristi\Documents\techguysendlist.rtf
[2013/09/28 11:31:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/28 11:31:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/28 11:26:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/28 11:24:17 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/28 11:23:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/28 11:23:15 | 2360,848,384 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/27 23:02:04 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/09/26 22:22:58 | 000,007,609 | ---- | M] () -- C:\Users\Kristi\AppData\Local\Resmon.ResmonCfg
[2013/09/26 20:54:16 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/26 16:26:38 | 000,001,446 | ---- | M] () -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/26 01:25:04 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/09/26 01:25:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/09/26 01:17:36 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2013/09/25 17:25:20 | 000,003,328 | ---- | M] () -- C:\Users\Kristi\Documents\lsatruthangelresponse.rtf
[2013/09/25 14:57:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/09/25 02:34:15 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2013/09/25 01:42:28 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/09/25 01:42:28 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/09/25 01:39:32 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2013/09/24 23:37:45 | 000,002,288 | ---- | M] () -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/24 23:29:37 | 000,002,264 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/24 23:04:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/09/24 22:45:29 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/09/24 22:45:15 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/09/24 22:45:01 | 000,015,318 | ---- | M] () -- C:\Windows\SysNative\results.xml
========== Files Created - No Company Name ==========
[2013/09/28 13:05:00 | 000,000,233 | ---- | C] () -- C:\Users\Kristi\Documents\usernamescontd.rtf
[2013/09/28 13:04:30 | 000,003,103 | ---- | C] () -- C:\Users\Kristi\Documents\usernames.rtf
[2013/09/28 12:14:45 | 000,001,448 | ---- | C] () -- C:\Users\Kristi\Documents\techguysendlist.rtf
[2013/09/27 19:31:56 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013/09/27 19:29:24 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013/09/27 19:29:05 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013/09/27 19:29:05 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013/09/27 19:28:38 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013/09/27 17:06:40 | 000,009,570 | ---- | C] () -- C:\Users\Kristi\Documents\computersecuritypost.rtf
[2013/09/26 22:22:58 | 000,007,609 | ---- | C] () -- C:\Users\Kristi\AppData\Local\Resmon.ResmonCfg
[2013/09/26 20:54:16 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/26 01:25:04 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/09/26 01:25:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/09/26 01:17:36 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2013/09/25 14:57:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/09/25 14:53:11 | 000,003,328 | ---- | C] () -- C:\Users\Kristi\Documents\lsatruthangelresponse.rtf
[2013/09/25 02:35:26 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2013/09/25 01:37:51 | 000,681,508 | ---- | C] () -- C:\Windows\SysNative\oem6.inf
[2013/09/25 01:36:41 | 2360,848,384 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/24 23:38:08 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\eMachines Registration Reminder.job
[2013/09/24 23:29:37 | 000,002,288 | ---- | C] () -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/24 23:29:37 | 000,002,264 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/24 23:28:54 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/24 23:28:53 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/24 23:25:31 | 000,001,446 | ---- | C] () -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/24 23:11:08 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2013/09/24 23:10:46 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2013/09/24 23:04:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/09/24 22:48:10 | 000,001,418 | ---- | C] () -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/09/24 22:48:02 | 000,001,452 | ---- | C] () -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/09/24 22:45:29 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/09/24 22:45:15 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/09/24 22:45:01 | 000,015,318 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/09/24 22:44:40 | 000,000,290 | ---- | C] () -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/09/24 22:44:40 | 000,000,272 | ---- | C] () -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
========== Purity Check ==========
< End of report >