Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Evil Website is sabotaging my computer - help/feedback needed [Closed]


  • This topic is locked This topic is locked

#1
touchedbyevil

touchedbyevil

    New Member

  • Member
  • Pip
  • 3 posts
Hi,

I have a pretty serious problem that I'm hoping you guys could help me with. For security reasons, I'm reluctant to post this problem publicly - although I'm not sure if private-messaging would be any more secure. (I've had strong suspicions that my Internet activity and Internet communications - even presumably private communications like emails - are being spied upon.)

First - let me start by saying that I have an electromagnetic sensitivity to many modern electronics - examples of devices to which I'm sensitive include computers (especially laptops and some tablets), cellphones (especially smartphones), wireless routers - even many of the LCD TVs out there can give me problems. These electronic devices can cause me symptoms such as: a burning/stinging sensation of my skin (particularly my face and hands - as the skin on these parts of the body is more sensitive, and/or more exposed); burning/prickling pains in my chest, abdomen, and head; heart palpitations; negative cognitive effects; and just an overall, very tangible feeling that the radiation is penetrating my body (yes, I can literally "feel" the radiation). Because of this sensitivity, I've had to be very careful about which electronics I buy (for ex. - though I've had longings to own a smartphone, I've avoided buying one) - and I have to adjust the settings of these electronics to those that provoke my symptoms the least.

I realize that my electrosensitivity puts me in a pretty small minority; it seems that in the grand scheme of things, only a small percentage of people out there suffer these problems (at least to the extent that they are able to identify the problem). It is a tough minority group to belong to; many of the lucky majority question the validity of electromagnetic sensitivity.

Anyway - this unfortunate electrosensitivity I have makes what is currently happening to me an even more urgent (and infuriating) situation.

I'll try to be concise about the situation that's been thrust upon me. There is this website (a vast messageboard with a large membership - that is quite similar in format to this one) that I've frequented for years. At a certain point, I started noticing things that made me suspect that this website's administration was committing some rather sinister, unethical deeds. Among the sinister things I've noticed is that - on at least a few occasions - whoever is running this site has seemed to "infect" my computer with some sort of malware. I have no strong proof that this has happened, but I'm practically convinced that this has occurred because the electromagnetic radiation of the computer seemed to suddenly increase to a level that was much less tolerable. Remember - I can "feel" radiation in many instances; I can feel when it increases, and I can feel when it decreases. That may sound strange to you guys - but I've had enough experiences to be convinced of my sensitivity's realness and validity.

Also - it's rather "coincidental" that these malware infections have seemed to always occur after I wrote something that may have been threatening to the messageboard's administration, or wrote something that "they" may not have liked. For example - shortly after I posted speculations that cast the board's "admin" in an unflattering light, my computer seemed to become infected with something. My laptop's fans would turn on more frequently and were noisier - and my head nearly "exploded" from the increased radiation. This "infection" and a subsequent infection seemed to eventually be resolved by doing a System Restore (I'm using a Windows 7 computer).

I realize that I should have avoided that website after these egregious violations - but against my better judgment, I continued to visit the site. Eventually, however - my suspicions about this website's nasty corruption reached a point where I vowed to not visit this site again using my main computer. I was/am disturbed and angered by this website's intrusions upon my privacy and property. I wondered if there were other people who had similar perceptions about this site; finally, I found a blog in which another disgruntled member discussed some of this site's offenses. (This blog - which is hosted by Wordpress - seems to have no affiliation with the offending website.) I wanted to commiserate with this person in private, via email - and days ago, I posted a comment underneath her blog expressing my desire to talk to her in private. Suddenly, shortly after I posted this comment - it happened again. My computer's radiation level seemed to increase ten-fold; my usually innocuous computer seemed to become "radioactive". I became sick and incapacitated by my computer's increased electromagnetic emissions - my computer no longer seemed safe for me to use.

One reason why this latest incident is so upsetting is that - by avoiding the website - I assumed that I was safe. Yet, it seems that the evil beings associated with this website somehow were able to access my computer despite my avoidance of the site. And it's reasonable to assume that the offending website has something to do with my latest infection - since it happened very shortly after I posted comments on that blog that made clear my negative views of that website. The timing of the infection seems to be consistent with what happened those previous two times when I posted comments on the website that ticked the administrator(s) off. If you have any other ideas about who or what could be behind these attacks on my computer, please let me know. (In the shadowy world of the Internet, things can get complicated, I guess.)

This time - the infection that has increased my computer's radiation output seems to be considerably more persistent that the previous infections. (By the way, these infections don't seem to negatively impact the performance of my computer - it just drastically increases its heat and radiation output.) When two standard System Restores failed to take care of the problem - I did the more extensive advanced recovery that supposedly wipes clean the harddrive and resets the operating system to "factory condition". This didn't seem to help much - something still seems to be sabotaging my computer. The fans turn on much more than usual; my face, hands, arms burn from simple use; my head seems to be fried - it's been a nightmare.

I installed and ran the free edition of MalwareBytes - nothing was found. I also installed and ran Security Task Manager - nothing threatening seemed to be detected. I defragmented my harddrive - no dice.

I just want to return my computer to the less harmful state it was in before the wicked saboteurs got to it (yet again). It angers me that some unseen, unknown people can affect my health with a few keystrokes. And it angers and baffles me that my computer seems to be "open season" for them.

Please - does anyone have any ideas about how to return my computer to normal? Also - I sorely need advice on how to "seal" my computer against such threats - to make it much less vulnerable. I admit that I have mostly refrained from using anti-virus/anti-malware programs because 1.) I'm not convinced that they are all that effective against several types of attacks (whenever I've run MalwareBytes - it didn't find anything) and, 2.) From my experience, "real-time-protection" of these programs can increase my computer's electromagnetic radiation to bothersome levels. (And I like to minimize the radiation as much as possible.) I've also avoided "add-on" features to Mozilla Firefox and Google Chrome because they also seem to increase computer-radiation - but I now realize more than ever that they may be a necessary evil. That is - if these add-ons would even be effective (I have my doubts).

I would appreciate any light you can shed on this issue. I mean, though I'm convinced that something untoward has happened to me - everything remains an indefinite mystery to me. Who is it, exactly? (I have a good idea - but I can't be 100% sure.) Would a mere "website" have the power to do this - or is a more powerful entity behind this? Exactly how are they accomplishing this? I'd appreciate any feedback that can help me understand the details surrounding this attack.

Thank you, and sorry so long. (And this is still only part of the story of my victimization - I allude to the other part of my victimization at the beginning of this post...it's why I'm reluctant to post this message on the public board).

P.S. - if "they" have been snooping on my Internet activity - as I strongly suspect that they've been doing - it's quite possible that they know about my electromagnetic sensitivity. I've Googled the issue, visited webpages dedicated to the issue - and have posted to electrosensitivity forums. Could this be a deliberate malicious attack designed to exploit my condition, and harm me? It seems to be a distinct, disgusting possibility.

P.S.S. - I'm very uncomfortable posting all of this log information. This is an uncomfortably-extensive amount of information that this program generated - and we're asked to post all of it here?

OTL logfile created on: 9/28/2013 4:18:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kristi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 36.36% Memory free
5.86 Gb Paging File | 3.80 Gb Available in Paging File | 64.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.78 Gb Total Space | 189.04 Gb Free Space | 85.62% Space Free | Partition Type: NTFS

Computer Name: KRISTI-PC | User Name: Kristi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/28 16:17:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kristi\Downloads\OTL.exe
PRC - [2013/09/27 23:02:04 | 002,404,376 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/09/27 23:02:04 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe
PRC - [2013/09/27 23:02:04 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\loggingserver.exe
PRC - [2013/09/16 23:21:30 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2009/11/05 14:16:08 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
PRC - [2009/11/05 14:15:45 | 000,985,824 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.7.0.30\InstStub.exe
PRC - [2009/10/13 15:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
PRC - [2009/08/18 05:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/27 23:02:04 | 002,404,376 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/09/27 23:02:04 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\log4cplusU.dll
MOD - [2013/09/27 23:02:04 | 000,142,360 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\SiteSafety.dll
MOD - [2013/09/25 13:50:30 | 004,591,616 | ---- | M] () -- C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll
MOD - [2013/09/25 13:50:30 | 000,112,128 | ---- | M] () -- C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll
MOD - [2013/09/16 23:21:27 | 000,410,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppgooglenaclpluginchrome.dll
MOD - [2013/09/16 23:21:26 | 013,611,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
MOD - [2013/09/16 23:21:25 | 004,053,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
MOD - [2013/09/16 23:20:31 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/09/30 18:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2013/09/27 23:02:04 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe -- (vToolbarUpdater17.0.1)
SRV - [2013/08/29 23:34:12 | 000,206,624 | ---- | M] (lucky leap) [Auto | Running] -- C:\Program Files (x86)\lucky leap\updateluckyleap.exe -- (Update lucky leap)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2009/11/05 14:16:08 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/11/05 14:10:35 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/10/13 15:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/27 23:02:04 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/05 14:16:09 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/11/05 14:16:09 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/10/13 15:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/01 21:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/21 05:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/27 03:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/10/05 05:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091005.003\ex64.sys -- (NAVEX15)
DRV - [2009/10/05 05:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091005.003\eng64.sys -- (NAVENG)
DRV - [2009/09/01 21:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/25 23:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...24z165r44m20267
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...24z165r44m20267
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...24z165r44m20267
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...24z165r44m20267
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...24z165r44m20267
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...24z165r44m20267
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACEW_enUS555
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2013-09-26 21:35:26&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.9 [2013/09/27 23:02:13 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_0\
CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.0.9_0\
CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\Kristi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.0.9\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (lucky leap) - {d77aa852-def3-43cb-a3f5-bd679de72f32} - C:\Program Files (x86)\lucky leap\luckyleapBHO.dll (luckyleap)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.0.9\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F121418-9627-43B4-89F2-7E246C69BD2B}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/27 23:50:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/09/27 23:49:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/09/27 19:30:36 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013/09/27 19:29:53 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013/09/26 22:18:09 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Adobe
[2013/09/26 21:35:37 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\AVG SafeGuard toolbar
[2013/09/26 21:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013/09/26 21:35:24 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/09/26 21:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013/09/26 21:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013/09/26 21:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/09/26 21:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/09/26 21:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/09/26 21:35:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/26 21:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lucky leap
[2013/09/26 20:54:31 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Malwarebytes
[2013/09/26 20:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/26 20:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/26 20:54:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/26 20:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/26 20:53:09 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Programs
[2013/09/26 16:21:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/09/26 16:21:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/09/26 01:07:08 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/09/26 01:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/09/26 01:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/09/26 01:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/09/25 02:34:15 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2013/09/25 01:38:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2013/09/25 01:38:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2013/09/25 01:36:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/09/24 23:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/24 23:28:31 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Deployment
[2013/09/24 23:28:31 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Apps
[2013/09/24 23:26:06 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Adobe
[2013/09/24 23:26:01 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Google
[2013/09/24 23:26:00 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Google
[2013/09/24 23:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2013/09/24 23:07:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013/09/24 23:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/09/24 23:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/09/24 23:03:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2013/09/24 22:48:36 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Macromedia
[2013/09/24 22:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines Documentation
[2013/09/24 22:48:32 | 000,000,000 | ---D | C] -- C:\book
[2013/09/24 22:48:00 | 000,000,000 | R--D | C] -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/09/24 22:48:00 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Searches
[2013/09/24 22:48:00 | 000,000,000 | R--D | C] -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/09/24 22:48:00 | 000,000,000 | -H-D | C] -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/09/24 22:47:49 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Identities
[2013/09/24 22:47:45 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Contacts
[2013/09/24 22:47:42 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\VirtualStore
[2013/09/24 22:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2013/09/24 22:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D
[2013/09/24 22:44:40 | 000,000,000 | --SD | C] -- C:\Users\Kristi\AppData\Roaming\Microsoft
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Videos
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Saved Games
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Pictures
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Music
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Links
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Favorites
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Downloads
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Documents
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\Desktop
[2013/09/24 22:44:40 | 000,000,000 | R--D | C] -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\AppData\Local\Temporary Internet Files
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Templates
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Start Menu
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\SendTo
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Recent
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\PrintHood
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\NetHood
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Documents\My Videos
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Documents\My Pictures
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Documents\My Music
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\My Documents
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Local Settings
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\AppData\Local\History
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Cookies
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\Application Data
[2013/09/24 22:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Kristi\AppData\Local\Application Data
[2013/09/24 22:44:40 | 000,000,000 | -H-D | C] -- C:\Users\Kristi\AppData
[2013/09/24 22:44:40 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Temp
[2013/09/24 22:44:40 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Microsoft
[2013/09/24 22:44:40 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Media Center Programs
[2013/09/24 22:44:30 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/09/24 22:43:58 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2013/09/28 16:16:00 | 000,003,103 | ---- | M] () -- C:\Users\Kristi\Documents\usernames.rtf
[2013/09/28 16:00:01 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\eMachines Registration Reminder.job
[2013/09/28 15:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/28 13:44:51 | 000,009,570 | ---- | M] () -- C:\Users\Kristi\Documents\computersecuritypost.rtf
[2013/09/28 13:05:28 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/28 13:05:28 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/28 13:05:28 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/28 12:14:45 | 000,001,448 | ---- | M] () -- C:\Users\Kristi\Documents\techguysendlist.rtf
[2013/09/28 11:31:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/28 11:31:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/28 11:26:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/28 11:24:17 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/28 11:23:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/28 11:23:15 | 2360,848,384 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/27 23:02:04 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/09/26 22:22:58 | 000,007,609 | ---- | M] () -- C:\Users\Kristi\AppData\Local\Resmon.ResmonCfg
[2013/09/26 20:54:16 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/26 16:26:38 | 000,001,446 | ---- | M] () -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/26 01:25:04 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/09/26 01:25:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/09/26 01:17:36 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2013/09/25 17:25:20 | 000,003,328 | ---- | M] () -- C:\Users\Kristi\Documents\lsatruthangelresponse.rtf
[2013/09/25 14:57:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/09/25 02:34:15 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2013/09/25 01:42:28 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/09/25 01:42:28 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/09/25 01:39:32 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2013/09/24 23:37:45 | 000,002,288 | ---- | M] () -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/24 23:29:37 | 000,002,264 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/24 23:04:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/09/24 22:45:29 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/09/24 22:45:15 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/09/24 22:45:01 | 000,015,318 | ---- | M] () -- C:\Windows\SysNative\results.xml

========== Files Created - No Company Name ==========

[2013/09/28 13:05:00 | 000,000,233 | ---- | C] () -- C:\Users\Kristi\Documents\usernamescontd.rtf
[2013/09/28 13:04:30 | 000,003,103 | ---- | C] () -- C:\Users\Kristi\Documents\usernames.rtf
[2013/09/28 12:14:45 | 000,001,448 | ---- | C] () -- C:\Users\Kristi\Documents\techguysendlist.rtf
[2013/09/27 19:31:56 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013/09/27 19:29:24 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013/09/27 19:29:05 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013/09/27 19:29:05 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013/09/27 19:28:38 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013/09/27 17:06:40 | 000,009,570 | ---- | C] () -- C:\Users\Kristi\Documents\computersecuritypost.rtf
[2013/09/26 22:22:58 | 000,007,609 | ---- | C] () -- C:\Users\Kristi\AppData\Local\Resmon.ResmonCfg
[2013/09/26 20:54:16 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/26 01:25:04 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/09/26 01:25:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/09/26 01:17:36 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2013/09/25 14:57:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/09/25 14:53:11 | 000,003,328 | ---- | C] () -- C:\Users\Kristi\Documents\lsatruthangelresponse.rtf
[2013/09/25 02:35:26 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2013/09/25 01:37:51 | 000,681,508 | ---- | C] () -- C:\Windows\SysNative\oem6.inf
[2013/09/25 01:36:41 | 2360,848,384 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/24 23:38:08 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\eMachines Registration Reminder.job
[2013/09/24 23:29:37 | 000,002,288 | ---- | C] () -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/24 23:29:37 | 000,002,264 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/24 23:28:54 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/24 23:28:53 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/24 23:25:31 | 000,001,446 | ---- | C] () -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/24 23:11:08 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2013/09/24 23:10:46 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2013/09/24 23:04:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/09/24 22:48:10 | 000,001,418 | ---- | C] () -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/09/24 22:48:02 | 000,001,452 | ---- | C] () -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/09/24 22:45:29 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/09/24 22:45:15 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/09/24 22:45:01 | 000,015,318 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/09/24 22:44:40 | 000,000,290 | ---- | C] () -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/09/24 22:44:40 | 000,000,272 | ---- | C] () -- C:\Users\Kristi\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, touchedbyevil and welcome to GeeksToGo!

You can call me Phel and this time I will try to help you with your trouble.

Please, spend some time to read these instructions carefully before we start. They contain very useful information.

  • Please, stay with us until the end. I know, Malware Removal isn't very fast procedure, it usually has multiple steps, but you should stay here till your computer will be absolutely clean from malware. If your main problem is solved, that doesn't mean that another malware isn't left in your computer. Your patience will be rewarded with absolutely clean computer. :)
  • Please, let me know, if you don't understand something. It is really important to understand every instruction. If you are in doubt, how to follow one or another instruction - feel free to ask me, how to do that. I am always glad to help you with that.
  • Please, don't fix anything by yourself. Please, don't run any tools unless they are required. Trying multiple tools in hope that one of them will help can lead to unrecoverable consequences. Sometimes malware removal tools, used without supervision, can harm your computer more than malware itself.
  • Please, feel free to notify me about changes in your PC's behavior. It's really interesting for me to know, how your computer is running after each portion of fixes.
  • Finally, enjoy the fight! ;)
Okay, before we start, let's discuss some things.

Would a mere "website" have the power to do this - or is a more powerful entity behind this?

I see only one infection on your computer - adware (software, which diplays ads without your permission). It is usually spread bundeled with legitimate programs. I haven't seen that adware is spread via vulnerabilities into websites. So, I think that it was just a fortuity and you catched up this stuff while installing legitimate programs. ;)

This is an uncomfortably-extensive amount of information that this program generated - and we're asked to post all of it here?

Yes. Without that I can't analyse current state of your computer and help you. Don't be afraid, there aren't any confidential info in your log.

Please, don't be so paranoid. We are here to help, not to harm.

Okay, let's start. First of all, I'd like to see another OTL log, called Extras.txt. It should be located in C:\Users\Kristi\Downloads folder. Please, post it's contents in your next message.
  • 0

#3
touchedbyevil

touchedbyevil

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi Phel - thanks for your help and attention to this matter. First of all - you wanted me to let you know when there are changes in my computer's behavior....well, strangely-enough - when I turned on my computer yesterday, the radiation didn't seem to be as bothersome. There seemed to be an overnight change in the nature of the radiation - a change that is very welcome and needed! However, I sense that it is still not quite to the "relatively gentle" level that it was before this nightmare started; I can still feel burning sensations in my face and hands (albeit at a slightly reduced level). The extremely-troublesome tangible sensations that the radiation is penetrating my head/brain seem to be greatly reduced - though this may also need to be further improved.

The fans still turn on more than usual, and are noisier than usual - though perhaps they are not quite as active as they were on Saturday.

Why the sudden, spontaneous change? I can think of two possibilities. The first possibility - something that I did not mention in my previous post - is that the automatic Microsoft Updates may have helped to improve the problem. As you probably know, Microsoft frequently (or occasionally) installs updates to Windows 7 - updates that are supposedly highly-recommended. I have my computer set to install only the critical (or "important") updates on an automatic basis. Well - whenever I do the more extensive system recovery and reset my computer to factory-condition - there are a slew of updates that need to be re-installed. The system needs to catch up from its early-2010 condition (the approximate time when these particular computers were put on the market) to its current, late-2013 condition. So - for the first several days after my computer is reset, Microsoft is busy re-installing all of these updates. On several nights - my computer has remained on while a large batch of updates are installed.

It seems that have noticed in the past that - whenever a batch of updates is imminent - my computer is a little noisier than usual...the fans work more than usual. I have considered the possibility that the issues I'm having may partly be attributed to the fact that Microsoft is readying my computer for all of these updates to be installed upon shutdown. However - I have gone through this process before (two or three times) - and during those times, I don't remember the computer being anywhere near as electromagnetically-bothersome as it has been these past several days. So my belief is that - if the Microsoft updating process is contributing to the issue at all - it is only contributing a small amount to the problem.

Also - these troubling issues started before I did the extensive system recovery; it is why I did the recovery in the first place. The problems I've had after the system recovery was done seem to be a continuation of the problems that presented themselves before system recovery. And - while the fans may be a little more active whenever updates are imminent - I don't think they are normally as active as they have recently been.

So, this leads me to the other possibility - one that is even more speculative in nature. It could be that "they" are watching - and decided to reach into my computer on their own and reduce whatever it is that has turned my computer into an illness-inducing weapon. If so, how nice of them.

I see only one infection on your computer - adware (software, which diplays ads without your permission). It is usually spread bundeled with legitimate programs. I haven't seen that adware is spread via vulnerabilities into websites. So, I think that it was just a fortuity and you catched up this stuff while installing legitimate programs. ;)


Well, I've been at least vaguely aware for a long time that some forms of malware may never be detected. So even if you only see one infection on my computer - this certainly doesn't mean that my computer is otherwise free of sabotaging elements. (But I'm probably not saying anything that you don't already know.) These people may be devious and skilled enough to harm my computer in ways that escape detection by even the most skilled people/programs.

In the time just before the infection, I didn't download any applications/programs (except maybe Amazon Kindle for PC) - the only thing I may have done is save a few photos that I encountered on Internet to my computer. Since doing the system recovery - I've downloaded Google Chrome, MalwareBytes, Security Task Manager - and the various applications that you guys have asked me to install in order to help you diagnose my issues. Could one of the programs recommended by you guys ironically have adware?

Another thing - on the website that I strongly suspect is responsible for this attack on my computer - I remember there being a lot of discussion at one point about the website giving people viruses. It seems that several members' computers were infected with some sort of "virus" - and the administrator(s)/moderators somehow determined that the culprits were the ads that were displayed on the website. The administrator(s) made it seem like they were somehow victimized too - by the ads - or the web advertising companies - that were corrupting the website via the ads. Things reached a point where the moderators and some of the members were recommending that we install ad-blocking extensions on our browsers (i.e. Ad-Block-Plus). The other recommendation was that we buy a Mac - several of the Mac users weighed in saying that their computers were unaffected by the virus-contaminated ads. I remember all of this happening in late-2011 and/or early-2012; if there have been widescale virus-outbreaks on that website since then, I am not aware of them.

But if that website has recently had any trouble with virus-contaminated-ads - it shouldn't have affected my computer. Since I bought my new computer at the end of July (the old one was stolen in a burglary) - I have not visited that website at all. Yet, these problems have somehow arisen - and, as I stated in my original post - I suspect that entities associated with that website have somehow accessed my computer. How in the h*ll this is being done, is what I want to know.

Finally, here is the additional log you requested:


OTL Extras logfile created on: 9/28/2013 4:18:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kristi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 36.36% Memory free
5.86 Gb Paging File | 3.80 Gb Available in Paging File | 64.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.78 Gb Total Space | 189.04 Gb Free Space | 85.62% Space Free | Partition Type: NTFS

Computer Name: KRISTI-PC | User Name: Kristi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0215AB4B-9DB3-4FAA-8707-98C57D9ED59B}" = rport=139 | protocol=6 | dir=out | app=system |
"{0D82AE1C-3B11-4F04-9449-C2C1CEAC9C05}" = rport=10243 | protocol=6 | dir=out | app=system |
"{183935A0-1635-4DFD-ABB3-83ACCEE2620A}" = lport=137 | protocol=17 | dir=in | app=system |
"{2B6054F9-A9B4-4D13-BB1C-5AFF38235CCC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{438B9CE4-3663-4B78-91D9-667E719C38A9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4CD2D13F-394C-4E4A-B47D-26D9F336C606}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F244741-877C-4A9D-9A74-FC5F22B85FCE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64A63BAF-4C45-4AA4-8B64-AADB9614D456}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6FA6CE0C-6CC9-40E2-B5C6-6E7F22F1829A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8CD79DF8-9824-4163-BD57-133057121126}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2AFC9A9-9F84-46E9-900C-4D3AAFB80E9D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7751344-890D-4694-B812-8D5B5A57CCE8}" = rport=138 | protocol=17 | dir=out | app=system |
"{B1098866-0010-4675-AC90-55956949F76A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BA909455-328C-41EF-AD24-1B2DFAE0FEEC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB7937EE-2A38-4354-A25D-29B748B22B8E}" = lport=445 | protocol=6 | dir=in | app=system |
"{C248CABD-D7CF-4621-BB22-FA5E7EE40FBC}" = lport=138 | protocol=17 | dir=in | app=system |
"{CAFAC156-3448-45F5-9C05-61E7C4E45D90}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CBBF8B1C-35BF-4B2E-B273-02CF44E8C8DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD91A68D-EE89-4287-85FF-178F6142DC34}" = rport=137 | protocol=17 | dir=out | app=system |
"{DCEC1F78-6188-4FDA-9EC4-FB03CA3D9B5D}" = rport=445 | protocol=6 | dir=out | app=system |
"{F03F07EE-89C8-42DF-A715-D729A5D5CA09}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1180E3C5-7E9D-4241-8F9A-A34DA9C51912}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{141E76F3-2C7E-430B-B3D2-4A3F746DED53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1CBC3728-28F8-45EF-92FC-99D1DC7EB90D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2179B8A9-7BC7-449A-ADD7-AE4EBCD2E3A4}" = protocol=6 | dir=out | app=system |
"{3EA69D31-1FA2-482A-A8DC-6705B63BB3B9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4D352ACA-4098-4049-957E-22181E2D95DC}" = protocol=58 | dir=in | [email protected],-28545 |
"{63DCF040-3379-4A89-9288-2831D96D0FCC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AFBD30E-E908-4481-A73B-27376985E546}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9DD1C9FB-5133-4F41-BDB4-E296FD08677D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A31D73A1-91A9-4BF1-963B-04EA61BBEF0C}" = protocol=58 | dir=out | [email protected],-28546 |
"{A8C3EEA4-22DA-45C5-B96F-5AF3F8EDF6B2}" = protocol=1 | dir=out | [email protected],-28544 |
"{B0783104-5F55-4CB2-A358-72979106822B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4D6F268-67AF-46EC-97F1-0B7AB4855A35}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CC29F425-2D2D-40CF-A3B8-FB60CA2F407C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DEBC0BAC-7C36-4CBB-9E18-C438C31AC614}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1D195D2-097A-440C-87BE-0D4036C4F542}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF5F9F51-032B-4501-A68E-967BDBB0FFFE}" = protocol=1 | dir=in | [email protected],-28543 |
"{F0BBF2C5-D5FF-44BE-B157-0BAC8711141A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F276DCB2-48A0-4AF8-A36C-6D5D528AD550}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"HDMI" = Intel® Graphics Media Accelerator Driver
"lucky leap" = lucky leap 3.0.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NIS" = Norton Internet Security
"Security Task Manager" = Security Task Manager 1.8g
"WildTangent emachines Master Uninstall" = eMachines Games

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/25/2013 4:52:41 PM | Computer Name = Kristi-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 9/25/2013 4:54:28 PM | Computer Name = Kristi-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/25/2013 4:54:28 PM | Computer Name = Kristi-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/25/2013 4:54:29 PM | Computer Name = Kristi-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/25/2013 4:54:29 PM | Computer Name = Kristi-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 9/25/2013 2:57:22 PM | Computer Name = Kristi-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/25/2013 2:57:22 PM | Computer Name = Kristi-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/25/2013 2:57:23 PM | Computer Name = Kristi-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/26/2013 4:23:13 PM | Computer Name = Kristi-PC | Source = Service Control Manager | ID = 7034
Description = The GRegService service terminated unexpectedly. It has done this
1 time(s).

Error - 9/26/2013 4:23:17 PM | Computer Name = Kristi-PC | Source = Service Control Manager | ID = 7031
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 9/26/2013 4:23:19 PM | Computer Name = Kristi-PC | Source = Service Control Manager | ID = 7034
Description = The NTI Backup Now 5 Scheduler Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/26/2013 4:23:20 PM | Computer Name = Kristi-PC | Source = Service Control Manager | ID = 7034
Description = The Updater Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/26/2013 4:23:21 PM | Computer Name = Kristi-PC | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/26/2013 4:25:55 PM | Computer Name = Kristi-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405

Error - 9/26/2013 9:43:24 PM | Computer Name = Kristi-PC | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.


< End of report >

Edited by touchedbyevil, 30 September 2013 - 01:48 PM.

  • 0

#4
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

First of all - you wanted me to let you know when there are changes in my computer's behavior....well, strangely-enough - when I turned on my computer yesterday, the radiation didn't seem to be as bothersome.

That's nice. :)

These people may be devious and skilled enough to harm my computer in ways that escape detection by even the most skilled people/programs.

Yes, I understand that you are afraid now, but I think it couldn't be so. The aim of the most technologically developed malware is to infect as much computers as it's possible. I don't really think that these people would develop undetectable malware to victimize only one person.

Could one of the programs recommended by you guys ironically have adware?

I can't say precisely, but it could be installer of Malwarebytes Anti-Malware. All depends where you have downloaded it.

Okay, let's start adware removal now.

Are you using Google Chrome browser?

Have you installed Google Toolbar and Partner application by yourself?

Step 1. Uninstalling programs.

  • Open Start menu.
  • Click on Control Panel.
  • Click on Programs and Features. New window should appear.
  • Uninstall these programs one by one, selecting each program and clicking Uninstall button.
Programs to uninstall:

  • lucky leap 3.0.0
Step 2. OTL fix.

  • Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
    [CREATERESTOREPOINT]
    
    :Processes
    KILLALLPROCESSES
    
    :OTL
    SRV - [2013/08/29 23:34:12 | 000,206,624 | ---- | M] (lucky leap) [Auto | Running] -- C:\Program Files (x86)\lucky leap\updateluckyleap.exe -- (Update lucky leap)
    O2 - BHO: (lucky leap) - {d77aa852-def3-43cb-a3f5-bd679de72f32} - C:\Program Files (x86)\lucky leap\luckyleapBHO.dll (luckyleap)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    [2013/09/26 21:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lucky leap
    
    :Commands
    [REBOOT]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
Step 3. AdwCleaner scan.

  • Please, download AdwCleaner from here to your Desktop.
  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on Scan button. Scan could take some time to proceed.
  • Click on the Clean button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.
Step 4. OTL scan.

  • Run OTL.
  • Click on Scan All Users checkbox, which is located near Quick Scan button.
  • Find in the OTL window Extra Registry section and change radiobutton there to the Use SafeList.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    BASESERVICES
    set /c
  • Then click the Run Scan button at the top.
  • Let the program run unhindered.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
So, please, don't forget to post in your next message:

  • AdwCleaner's log
  • OTL.txt
  • Extras.txt

  • 0

#5
touchedbyevil

touchedbyevil

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi Phel - I appreciate the further assistance, but can you give me two or three days to tackle this? I will try to get around to this by the weekend, if that is o.k. with you. Thanks. :)
  • 0

#6
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
That's OK, reply to this topic when you will be able to continue. :)
  • 0

#7
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP