Jump to content

elaineh

Honorary Members
  • Posts

    26
  • Joined

  • Last visited

Reputation

0 Neutral
  1. All AVG did was to refer me to their regular "uninstall" page: http://kb.avg.com/articles/en_US/How_to/How-to-uninstall-AVG-Toolbar-homepage-and-Secure-Search-from-your-browser I had tried all of this things before, and I tried them again. They STILL don't work. In my opinion, AVG Safe Search is malware, and I'm not the only one who thinks so-- https://support.mozilla.org/en-US/questions/877518#answer-345057 http://wfredk.com/info/avg-secure-search-is-malware.php I'm going away again til May 8th. Maybe you could give this problem a little more thought? Maybe Malwarebytes should flag AVG Safe Search as malware? Many thanks for all your help. AVG CustomerCare.email2014.04.23.doc
  2. I did these searches, and found a lot of possibilities, but I'm afraid to use them because I don't know the websites: https://www.google.com/search?q=What+is+AVG+secure+search%3F&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb https://www.google.com/search?q=AVG+Secire+searcj&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb#channel=sb&q=avg+security+toolbar+disable&revid=549134102&rls=org.mozilla:en-US:official I also phoned AVG this morning to complain about their malware. They want me to download a link that will find links in my computer, but I'm not sure I want them in my computer any more. Attached is the content of their email to me. Any advice as to which path I should take? BTW, a friend came over yesterday, and he did something to make the AVG secure search disappear. But it came back again in a few hours. AVGCustomerCare.email2014.04.17.doc
  3. I tried this, but AVG does appear in the search engine list. I removed Yahoo, because the "AVG secure search page" says it's "provided by Yahoo search," but that didn't help.
  4. I reset the Firefox browser, rebooted the computer, and there's no change with the AVG search.
  5. Still getting the AVG hijack of my search. It's called "AVG SECURE SEARCH", and it says "provided by YAHOO! search". I just did a search, and AVG Secure Search is quarantined in Adware Cleaner. There are currently 226 files that include AVG (only 15-20% of them are in quarantine).
  6. All processes killed ========== OTL ========== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! C:\Program Files\u9idat252zx.bin moved successfully. C:\Program Files\u9ichjw4qt.bin moved successfully. C:\Program Files\u9ifw57en.bin moved successfully. C:\Program Files\x8all279kj.bin moved successfully. C:\Program Files\w9all733vq.bin moved successfully. C:\Program Files\u9iavi2697mh.bin moved successfully. C:\Program Files\u7avi18567.bin moved successfully. C:\Documents and Settings\All Users\Application Data\AVG2012\fet folder moved successfully. C:\Documents and Settings\All Users\Application Data\AVG2012 folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\System Information folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\Rescue\Tweak Manager folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\Rescue\PC Tuneup 2011 folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\Rescue folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\PC Tuneup 2011\User Reports folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\PC Tuneup 2011\Logs folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\PC Tuneup 2011\Disk Doctor\User Reports folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\PC Tuneup 2011\Disk Doctor\Logs folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\PC Tuneup 2011\Disk Doctor folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\PC Tuneup 2011 folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG2012\cfgall folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG2012 folder moved successfully. C:\Documents and Settings\Elaine\Application Data\Uniblue folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Elaine\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Elaine\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Elaine ->Temp folder emptied: 31486544 bytes ->Temporary Internet Files folder emptied: 27927082 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 426630729 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 67842 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 825707 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 11440816 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 87333556 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 559.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 04022014_072527 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  7. OTL scan: OTL logfile created on: 4/1/2014 8:06:45 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Elaine\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 66.73% Memory free 5.09 Gb Paging File | 4.06 Gb Available in Paging File | 79.83% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 455.94 Gb Total Space | 419.62 Gb Free Space | 92.03% Space Free | Partition Type: NTFS Drive D: | 298.08 Gb Total Space | 142.84 Gb Free Space | 47.92% Space Free | Partition Type: NTFS Drive K: | 29.49 Gb Total Space | 7.36 Gb Free Space | 24.95% Space Free | Partition Type: FAT32 Computer Name: MANHATTAN | User Name: Elaine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/03/05 09:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2014/03/05 09:24:46 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2014/03/05 09:24:40 | 007,430,968 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe PRC - [2013/12/29 17:04:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine\Desktop\OTL.exe PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013/12/17 12:50:38 | 000,031,744 | ---- | M] (Digital Market Research Apps Pty Ltd) -- C:\Program Files\MR APP\MRAPP.Event.Service.exe PRC - [2013/12/17 12:50:36 | 000,082,944 | ---- | M] (Microsoft) -- C:\Program Files\MR APP\MRAPP.UI.exe PRC - [2013/12/17 12:49:58 | 000,031,232 | ---- | M] (Digital Market Research Apps Pty Ltd) -- C:\Program Files\MR APP\MRAPP.Transfer.Service.exe PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2013/09/04 22:09:20 | 000,441,408 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe PRC - [2013/09/02 10:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012/06/26 21:51:50 | 000,230,576 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe PRC - [2009/04/02 17:33:16 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/05 15:48:06 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files\Multimedia Card Reader(6337)\ShwiconX.exe PRC - [2008/12/11 11:12:00 | 000,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe PRC - [2008/12/11 11:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe PRC - [2008/07/13 21:21:46 | 000,565,248 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/01/15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe PRC - [2008/01/03 17:57:52 | 000,184,864 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe PRC - [2005/11/14 11:25:02 | 000,057,344 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe PRC - [2001/10/25 10:55:01 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe PRC - [2001/10/25 10:55:00 | 000,311,296 | R--- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon03.exe PRC - [2001/10/25 10:54:58 | 000,077,824 | ---- | M] (HP) -- C:\WINDOWS\system32\hphipm09.exe PRC - [2000/08/03 16:52:22 | 000,294,912 | ---- | M] (Calibre Inc.) -- C:\Program Files\Calibre Inc\xConnect\IrButler.exe PRC - [2000/07/28 11:47:18 | 001,593,344 | ---- | M] (Calibre Inc.) -- C:\Program Files\Calibre Inc\xConnect\xConnect.exe ========== Modules (No Company Name) ========== MOD - [2014/02/13 04:18:53 | 001,142,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b1c2fed4762d90f6c2033afeb1a72b9d\System.ServiceModel.Discovery.ni.dll MOD - [2014/02/13 04:17:55 | 000,194,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\7a541b67aaa6873c7b67dcae753b22ba\System.ComponentModel.DataAnnotations.ni.dll MOD - [2014/02/13 04:17:03 | 000,626,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Messaging\4f3b7d49ef16360d5f3a1895f43b09d9\System.Messaging.ni.dll MOD - [2014/02/13 04:17:03 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll MOD - [2014/02/13 04:17:00 | 018,109,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dd733c6f1f9f50f3517d48da5bea80d2\System.ServiceModel.ni.dll MOD - [2014/02/13 04:15:41 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d116eda30a35c490e59221b0ebac6fcd\System.Xaml.ni.dll MOD - [2014/02/13 04:15:40 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\05be173cbacba4b7604a67a267acdfe4\System.Xml.Linq.ni.dll MOD - [2014/02/13 04:15:39 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\469dd20488c4a9606abe21189a3c1ab9\System.Runtime.DurableInstancing.ni.dll MOD - [2014/02/13 04:15:39 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\27bdc6196968e44234654e30e1028750\SMDiagnostics.ni.dll MOD - [2014/02/13 04:15:38 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fa954900a6cf3a095efadfa4c683a32c\System.Runtime.Serialization.ni.dll MOD - [2014/02/13 04:15:36 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\7612d2ecdf9c6beedc264e9390e97b0f\System.Management.ni.dll MOD - [2014/02/13 04:15:18 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\fc7255cccb69c45a808b3d7e6abf55c5\System.Transactions.ni.dll MOD - [2014/02/13 04:12:04 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9aafa1869d136f77bc483f25d0795229\PresentationFramework.ni.dll MOD - [2014/02/13 04:11:51 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\b5f67ff59d386021c43b1ee400c00feb\System.Data.ni.dll MOD - [2014/02/13 04:11:49 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\67939f4c3d18712bacf74bfc8c75ab40\PresentationFramework.Luna.ni.dll MOD - [2014/02/13 04:11:41 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll MOD - [2014/02/13 04:11:40 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a4b5a1a06d2d7f77258943c8c228a5e0\System.Core.ni.dll MOD - [2014/02/13 04:11:38 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll MOD - [2014/02/13 04:11:37 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\b307821c69c09ed0a2ee47122fdcdd4d\PresentationCore.ni.dll MOD - [2014/02/13 04:11:34 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll MOD - [2014/02/13 04:11:26 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\49605239a73cd565e3a08048a31b442e\WindowsBase.ni.dll MOD - [2014/02/13 04:11:25 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll MOD - [2014/02/13 04:11:20 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll MOD - [2014/02/13 04:11:14 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll MOD - [2013/07/15 13:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll MOD - [2012/10/11 22:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/10/11 22:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006/12/01 17:13:46 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\RAW Thumbnail Viewer\RawExtend.dll MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0) SRV - [2014/03/05 09:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2014/03/05 09:24:46 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/12/22 18:55:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/12/20 09:35:54 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013/12/17 12:50:38 | 000,031,744 | ---- | M] (Digital Market Research Apps Pty Ltd) [Auto | Running] -- C:\Program Files\MR APP\MRAPP.Event.Service.exe -- (EventService) SRV - [2013/12/17 12:49:58 | 000,031,232 | ---- | M] (Digital Market Research Apps Pty Ltd) [Auto | Running] -- C:\Program Files\MR APP\MRAPP.Transfer.Service.exe -- (TransferService) SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013/09/02 10:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2008/12/11 11:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2008/10/02 16:40:42 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008/01/15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2001/10/25 10:54:58 | 000,077,824 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Elaine\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2014/03/31 23:59:45 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV - [2014/03/05 09:26:02 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013/12/26 20:23:54 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp) DRV - [2008/10/12 17:48:03 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2008/08/18 15:45:00 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2008/07/13 21:10:44 | 000,101,120 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus) DRV - [2008/04/14 08:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/04/14 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2008/04/14 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2008/02/11 10:44:08 | 000,128,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2008/02/11 10:44:08 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts) DRV - [2008/01/15 14:34:04 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev) DRV - [2008/01/14 23:20:12 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008/01/14 23:20:10 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008/01/14 23:10:30 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2001/10/25 10:54:58 | 000,050,704 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09) DRV - [2001/10/25 10:54:58 | 000,050,179 | R--- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) DRV - [2001/10/25 10:54:58 | 000,018,864 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09) DRV - [2001/10/25 10:54:58 | 000,015,984 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.elainehudsonphotography.com IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS_enUS296 IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes\{F913E42D-E0F1-489E-9E56-C4154E35CDD5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;;www.surveywriter.net;core.insightexpressai.com;static.ak.connect.facebook.com IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110; ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://elainehudsonphotography.com/" FF - prefs.js..extensions.enabledAddons: %7Bb2509cd4-17cd-45ed-8146-a82af038f493%7D:2.02 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Elaine\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Elaine\Application Data\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/26 19:49:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/24 15:25:38 | 000,000,000 | ---D | M] [2008/10/27 21:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Extensions [2013/12/28 01:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions [2010/08/24 11:45:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/06/18 18:57:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/01/29 12:44:17 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2011/12/13 12:03:26 | 000,038,752 | ---- | M] () (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}.xpi [2011/02/04 09:57:18 | 000,002,452 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\definr-dictionary-search.xml [2008/12/27 11:27:52 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\delicious-tag.xml [2011/11/15 11:54:25 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\dictionary.xml [2011/11/15 11:54:41 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\googletranslate.xml [2008/12/27 11:28:35 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\technorati.xml [2011/11/15 11:55:21 | 000,001,539 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\thesaurus---referencecom.xml [2011/02/04 09:57:54 | 000,001,238 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\thsrs.xml [2013/12/20 09:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/12/20 09:35:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/12/20 09:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/12/20 09:35:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/12/20 09:35:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2014/02/27 03:30:43 | 000,450,852 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 15478 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [shwiconXP6377] C:\Program Files\Multimedia Card Reader(6337)\ShwiconX.exe (Alcor Micro Corp.) O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [sFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE (Verizon Internet Solutions) O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKLM..\RunServicesOnce: [xSendReg] C:\Program Files\Calibre Inc\PrintConnect\xSendReg.exe (Calibre Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.2 HD Edition.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.3 PE.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) O4 - Startup: C:\Documents and Settings\Elaine\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O4 - Startup: C:\Documents and Settings\Elaine\Start Menu\Programs\Startup\xConnect.lnk = C:\Program Files\Calibre Inc\xConnect\xConnect.exe (Calibre Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..Trusted Domains: kodakgallery.com ([www] https in Trusted sites) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CF34D27-48AA-4BDD-B5E8-C29E7A83F7A6}: DhcpNameServer = 209.18.47.61 209.18.47.62 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{81038542-3245-11e2-b389-001ec95c2dee}\Shell - "" = AutoRun O33 - MountPoints2\{81038542-3245-11e2-b389-001ec95c2dee}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{81038542-3245-11e2-b389-001ec95c2dee}\Shell\AutoRun\command - "" = H:\setup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014/03/31 07:21:42 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014/03/31 07:21:15 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2014/03/31 07:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware [2014/03/31 07:13:59 | 017,523,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-2.0.0.1000.exe [2014/03/30 15:08:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Elaine\Desktop\HijackThis.exe [2014/03/30 10:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java [2014/03/13 12:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\My Documents\Ali.storage [2014/03/13 09:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Skype [2014/03/13 09:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2014/03/13 09:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2014/03/11 16:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\My Documents\ModelShootRebecca.Franz [2014/03/09 15:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\My Documents\ModelShoot.RebeccaLawrence.2014.03.06 [2014/03/09 14:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\My Documents\ModelShoot.Jadore.2014.03.08 [2013/12/25 14:03:48 | 000,688,992 | R--- | C] (Swearware) -- C:\Program Files\dds.com [2013/12/23 18:06:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe [2013/07/30 21:09:32 | 000,072,008 | ---- | C] (Azureus Software, Inc.) -- C:\Program Files\VuzeBittorrentClientInstaller.exe [2013/07/04 17:39:59 | 000,280,136 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup Stub 22.0.exe [2013/05/04 17:58:00 | 002,138,776 | ---- | C] (Solid State Networks) -- C:\Program Files\install_flashplayer11x32au_mssa_aih.exe [2013/04/04 16:50:42 | 003,403,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955704-x86-ENU.exe [2013/03/26 19:50:01 | 000,774,616 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthPluginSetup.exe [2012/12/07 08:13:43 | 003,461,001 | ---- | C] (ArcSoft ) -- C:\Program Files\raw_thumbnail_viewer.exe [2011/07/16 08:51:25 | 001,346,560 | ---- | C] (Matsushita Electric Industrial Co., Ltd. ) -- C:\Program Files\sdfv2003.exe [2010/12/25 18:45:15 | 007,466,152 | ---- | C] (Opera Software ASA) -- C:\Program Files\Opera_1100_en_Setup.exe [2010/09/10 12:12:24 | 000,567,640 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleVoiceAndVideoSetup.exe [2010/09/04 11:57:04 | 007,493,632 | ---- | C] (Login Recovery) -- C:\Program Files\Login-Recovery.exe [2010/04/04 20:29:17 | 000,835,712 | ---- | C] (WinRecovery Software ) -- C:\Program Files\cardrecovery_setup.exe [2009/08/12 18:43:47 | 000,913,832 | ---- | C] (Oracle Corporation) -- C:\Program Files\jxpiinstall.exe [2009/03/31 23:04:49 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe [2008/10/12 17:38:25 | 000,126,976 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\asneu.dll [2008/10/11 07:22:26 | 004,540,161 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\PS_41.exe [2008/10/10 17:00:24 | 003,085,984 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe [2 C:\Documents and Settings\Elaine\My Documents\*.tmp files -> C:\Documents and Settings\Elaine\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/04/01 08:05:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2236806547-4188195164-2715391781-1005UA.job [2014/04/01 08:03:42 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0CA4540B-AFD1-4736-94F5-0CD014FD7E13}.job [2014/04/01 07:18:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2014/03/31 23:59:45 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014/03/31 21:18:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2014/03/31 16:05:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2236806547-4188195164-2715391781-1005Core.job [2014/03/31 07:21:22 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2014/03/31 07:13:59 | 017,523,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-2.0.0.1000.exe [2014/03/30 15:08:48 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Elaine\Desktop\HijackThis.exe [2014/03/30 11:50:43 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\SystemLook.exe [2014/03/30 11:40:13 | 000,486,246 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2014/03/30 11:40:13 | 000,081,464 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2014/03/30 11:39:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2014/03/30 11:38:54 | 000,187,174 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2014/03/30 11:38:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014/03/30 11:38:05 | 3487,006,720 | -HS- | M] () -- C:\hiberfil.sys [2014/03/28 16:15:11 | 002,411,220 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\markman-report.technologystocks.pdf [2014/03/26 22:14:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2014/03/13 09:19:33 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2014/03/13 09:18:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2014/03/13 03:18:51 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2014/03/13 03:01:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2014/03/05 10:27:57 | 000,456,078 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\ohad_b4_after.jpg [2014/03/05 09:26:10 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2014/03/05 09:26:02 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2 C:\Documents and Settings\Elaine\My Documents\*.tmp files -> C:\Documents and Settings\Elaine\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/03/30 11:50:43 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\SystemLook.exe [2014/03/28 16:15:08 | 002,411,220 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\markman-report.technologystocks.pdf [2014/03/13 09:19:33 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2014/03/05 10:27:34 | 000,456,078 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\ohad_b4_after.jpg [2013/12/27 09:33:58 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\Elaine\Application Data\mbam.context.scan [2013/12/25 14:32:51 | 000,891,200 | ---- | C] () -- C:\Program Files\SecurityCheck.exe [2013/06/25 12:52:16 | 011,492,440 | ---- | C] () -- C:\Program Files\eri_setup_109037324566.exe [2013/05/15 03:21:58 | 000,913,186 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2236806547-4188195164-2715391781-1005-0.dat [2013/05/15 03:21:58 | 000,316,962 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2013/03/11 20:07:53 | 000,130,030 | ---- | C] () -- C:\Documents and Settings\Elaine\ASUS.Franz.2013.registration [2013/03/06 14:47:20 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat [2013/02/18 21:33:11 | 000,202,764 | ---- | C] () -- C:\Program Files\tweets.zip [2013/01/21 12:46:41 | 000,058,132 | ---- | C] () -- C:\Documents and Settings\Elaine\TD Ameritrade [2013/01/17 22:56:50 | 000,168,306 | ---- | C] () -- C:\Documents and Settings\Elaine\KrisFlyerMembershipCard [2012/12/05 14:18:05 | 006,104,576 | ---- | C] () -- C:\Program Files\MicrosoftCodecPack_x86.msi [2012/04/01 11:50:25 | 000,143,350 | ---- | C] () -- C:\Documents and Settings\Elaine\NYU - Stringer NYT 3-29-2012.tif [2012/04/01 11:46:31 | 000,141,814 | ---- | C] () -- C:\Documents and Settings\Elaine\NYU - Stringer NYT 3-29-2012 [2012/03/31 08:50:41 | 004,137,128 | ---- | C] () -- C:\Documents and Settings\Elaine\GlobeSt.com - MAS debate NYU2031 3-28-2012.tif [2012/03/31 08:44:27 | 000,228,574 | ---- | C] () -- C:\Documents and Settings\Elaine\GlobeSt.com - MAS debate NYU2031 3-28-2012 [2012/03/24 20:38:36 | 1842,465,194 | ---- | C] () -- C:\Program Files\photoshopcs6_p1_win_032112.zip [2012/03/12 17:58:27 | 001,606,064 | ---- | C] () -- C:\Program Files\googletalk-setup.exe [2012/03/10 22:09:11 | 007,615,784 | ---- | C] () -- C:\Program Files\PenTablet_510-4.exe [2012/01/19 16:03:15 | 001,793,028 | ---- | C] () -- C:\Documents and Settings\Elaine\OfficeDepotWorklifeRewards.tif [2012/01/19 16:02:50 | 000,166,800 | ---- | C] () -- C:\Documents and Settings\Elaine\OfficeDepotWorklifeRewards [2012/01/13 17:09:41 | 000,859,176 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2012.01.13.tif [2012/01/13 17:09:20 | 000,062,898 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2012.01.13 [2011/12/29 10:02:21 | 000,570,340 | ---- | C] () -- C:\Documents and Settings\Elaine\ChaseTransfer.2011.12.29.tif [2011/12/29 10:01:02 | 000,010,790 | ---- | C] () -- C:\Documents and Settings\Elaine\ChaseTransfer.2011.12.28 [2011/12/13 10:33:31 | 000,571,846 | ---- | C] () -- C:\Documents and Settings\Elaine\AOL.account.info.tif [2011/12/13 10:32:33 | 000,009,114 | ---- | C] () -- C:\Documents and Settings\Elaine\AOL.account.info [2011/05/31 12:40:50 | 002,940,886 | ---- | C] () -- C:\Documents and Settings\Elaine\K-YCoupon.tif [2011/05/31 12:40:20 | 000,629,098 | ---- | C] () -- C:\Documents and Settings\Elaine\K-Y [2010/12/21 17:29:44 | 000,630,232 | ---- | C] () -- C:\Documents and Settings\Elaine\BankAmerica.MC.payment.2010.12.21.tif [2010/12/21 17:29:05 | 000,036,594 | ---- | C] () -- C:\Documents and Settings\Elaine\BankAmericaMCpayment.2010.12.21 [2010/12/19 17:37:22 | 000,769,332 | ---- | C] () -- C:\Documents and Settings\Elaine\UnionPlusPayment.2010.12.19.tif [2010/12/19 17:37:05 | 000,058,852 | ---- | C] () -- C:\Documents and Settings\Elaine\UnionPlusPayment.2010.12.19 [2010/12/19 02:40:13 | 001,237,728 | ---- | C] () -- C:\Documents and Settings\Elaine\HomeInsuranceQuotes.2010.12.19.tif [2010/12/19 02:39:32 | 000,069,784 | ---- | C] () -- C:\Documents and Settings\Elaine\HomeInsuranceQuotes.2010.12.19 [2010/12/01 13:48:31 | 001,364,522 | ---- | C] () -- C:\Program Files\wrar393.exe [2010/10/19 20:57:22 | 000,630,612 | ---- | C] () -- C:\Documents and Settings\Elaine\BankofAmer.MC.payment.2010.10.21.tif [2010/10/19 20:56:55 | 000,037,190 | ---- | C] () -- C:\Documents and Settings\Elaine\BankofAmer.MC.payment.2010.10.21 [2010/10/15 15:09:58 | 009,422,848 | ---- | C] () -- C:\Program Files\VzInHomeAgentInstaller.msi [2010/10/15 14:58:59 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\Elaine\GoToAssistDownloadHelper.exe [2010/10/04 14:55:27 | 000,873,500 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2010.10.tif [2010/10/04 14:55:02 | 000,019,242 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2010.10.04 [2010/09/28 14:58:57 | 001,885,928 | ---- | C] () -- C:\Documents and Settings\Elaine\UnitedShanghai2010.tif [2010/09/28 14:57:05 | 000,062,352 | ---- | C] () -- C:\Documents and Settings\Elaine\UnitedShanghai2010 [2010/02/19 11:27:39 | 002,006,621 | ---- | C] () -- C:\Program Files\u9idat252zx.bin [2010/02/19 11:27:23 | 000,113,488 | ---- | C] () -- C:\Program Files\u9ichjw4qt.bin [2010/02/19 11:27:03 | 000,567,456 | ---- | C] () -- C:\Program Files\u9ifw57en.bin [2010/02/19 11:26:28 | 002,489,378 | ---- | C] () -- C:\Program Files\x8all279kj.bin [2010/02/19 10:55:58 | 064,213,381 | ---- | C] () -- C:\Program Files\w9all733vq.bin [2010/02/19 10:26:53 | 056,173,018 | ---- | C] () -- C:\Program Files\u9iavi2697mh.bin [2010/02/19 10:25:36 | 006,685,013 | ---- | C] () -- C:\Program Files\u7avi18567.bin [2009/09/24 14:20:58 | 000,117,844 | ---- | C] () -- C:\Documents and Settings\Elaine\DeltaLauren [2009/09/24 14:19:13 | 000,321,663 | ---- | C] () -- C:\Documents and Settings\Elaine\DeltaLaurenSkyMilesCard [2008/10/19 21:14:19 | 008,844,185 | ---- | C] () -- C:\Program Files\homesite3_dw.exe [2008/10/19 00:54:37 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/12 17:40:49 | 319,815,680 | ---- | C] () -- C:\Program Files\Adobe Photoshop Lightroom 1.0 Aio.iso [2000/10/26 01:55:56 | 000,000,388 | ---- | C] () -- C:\Program Files\file_id.diz [2000/10/12 11:39:02 | 001,023,143 | ---- | C] () -- C:\Program Files\fo-ec4.exe ========== ZeroAccess Check ========== [2008/04/25 17:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/06/26 04:15:29 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/11/28 10:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/09/08 14:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics [2012/01/27 15:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2013/12/26 20:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CDB [2010/10/24 07:30:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2008/10/12 17:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro [2013/09/08 16:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate [2012/01/27 15:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2013/12/30 01:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MR APP [2008/10/10 18:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2013/07/04 17:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache [2013/05/06 03:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic [2009/07/05 20:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2013/12/29 07:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2012/01/27 05:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/10/02 16:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2013/12/27 02:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\0D0S1L2Z1P1B [2012/01/27 05:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\AVG [2012/01/27 05:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\AVG2012 [2009/06/30 10:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1 [2009/07/14 12:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\com.Spreadtweet2007.AirApp.84144EB30E332DDF53A5B500088B55A66190F3BE.1 [2013/09/08 14:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\CoreFTP [2008/10/12 17:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\DAEMON Tools Pro [2013/12/27 03:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\DigitalSites [2008/11/01 23:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\install_5849_MHw0MXwwfHx8fHx8fHw_[1] [2008/10/09 17:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Nikon [2013/09/08 16:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\OpenOffice [2008/10/11 05:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Opera [2012/06/03 23:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Oracle [2008/10/13 11:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Panasonic [2013/09/08 17:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\TeamViewer [2012/01/27 15:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Tific [2013/12/27 03:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Uniblue [2013/09/08 16:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\WinPatrol [2008/11/01 23:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\_5849_fHx8fDQ2Mnw0fHw_ ========== Purity Check ========== ========== Files - Unicode (All) ========== [2011/07/30 18:47:28 | 000,316,061 | ---- | M] ()(C:\Documents and Settings\Elaine\My Documents\01??????????.JPG) -- C:\Documents and Settings\Elaine\My Documents\01皖歙县许国大学士牌坊.JPG [2011/07/30 18:47:27 | 000,316,061 | ---- | C] ()(C:\Documents and Settings\Elaine\My Documents\01??????????.JPG) -- C:\Documents and Settings\Elaine\My Documents\01皖歙县许国大学士牌坊.JPG ========== Alternate Data Streams ========== @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 < End of report >
  8. Am I missing something? I looked at the screenshot, and typed the same info into my SystemLook window. Here's what I got when I clicked "Look" this time. SystemLook 30.07.11 by jpshortstuff Log created at 12:40 on 30/03/2014 by Elaine Administrator - Elevation successful No Context: paste my script right here and click "Look" button -= EOF =-
  9. I tried to use SystemLook, and when I hit "LOOK" I get an error message "script required". I updated my java, restarted my computer, and can play music and videos, so I'm not sure what's wrong. I downloaded System Look a second time, and the same error message appeared.
  10. Yesterday, I did a search of all files (including hidden folders) containing "AVG" and there were 230. Today I did the same search, and now there are 282 files containing "AVG". Some are in quarantine. That's totally weird.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.