BullGuard
Close
00: 00: 00: 00
Days Hours Minutes Seconds
Close
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
[ << Previous Thread | Next Thread >> ]

Plshlp
New Member


Date Joined Jan 2014
Total Posts : 12
 
   Posted 1/11/2014 3:57 PM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
I have been having an issue where any webpage I attempt to visit results in my being redirected to somewhere with the URL ending in "tursted.net" (SIC). It typically takes 3-5 tries to reach the intended domain, and once there, attempts to work within the domain site (upload photos, etc.) will continue to result in redirection. I have also seen flash in the URL: "click.cpvdr.com/redirect." Additionally, we have recently found strange programs on the computer (weather bug, for example, which we uninstalled - I think). Finally, we are being slammed with pop-ups. If we have a virus, it appears to be preventing us from installing anti-malaware programs (including renaming anti-malaware software, as various forums have suggested, or installing "chameleon" versions).

I can find very little information online regarding tursted.net - only one other post that I am not sure has been resolved. The PC is running Windows Vista 64 bit. The anti-virus software currently on the system is AVG. I have access to a clean PC for file download/transfer. If anyone it would be very much appreciated. I am not terribly savvy with computers (just a heads-up).
Back to Top
 

Dickens
Trusted Member


Date Joined Mar 2005
Total Posts : 290
 
   Posted 1/11/2014 5:14 PM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
You could try installing the free version of Malwarebytes Anti-Malware from www.malwarebytes.org.

You may need to do several full scans on the affected computer before any malware shows up.
Back to Top
 

Plshlp
New Member


Date Joined Jan 2014
Total Posts : 12
 
   Posted 1/11/2014 8:18 PM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
Appreciate your reply, thank you. Prior to posting on this forum I tried installing Malwarebytes Anti-Malware - multiple times - (including renaming the file and downloading their chameleon versions) and I am unable to install. I always get an immediate error message that the files are corrupted, so based on what I have read, the virus may be interfering with my ability to install the program.
Back to Top
 

Plshlp
New Member


Date Joined Jan 2014
Total Posts : 12
 
   Posted 1/11/2014 9:44 PM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
Based on advice by the forum moderator (Touch) to fsmhelpus regarding the same/similar issue, I followed the same instructions (not in safe mode) and downloaded/ran AdWCleaner and Farbar Recovery Scan Tool.  The logs are posted below in the event someone who knows what they mean can read/comment/advise.  Please note I had run the latter once before, so the Addition.txt log is from a different day. 
 
AdWCleaner:
 
# AdwCleaner v3.016 - Report created 11/01/2014 at 10:17:52
# Updated 23/12/2013 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : Gina - GINA-PC
# Running from : C:\Users\Gina\Desktop\Downloads per Forum\adwcleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
[!] Folder Deleted : C:\ProgramData\apn
[!] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
[!] Folder Deleted : C:\ProgramData\BitGuard
[!] Folder Deleted : C:\ProgramData\boost_interprocess
[!] Folder Deleted : C:\ProgramData\Browser Manager
[!] Folder Deleted : C:\ProgramData\BrowserProtect
[!] Folder Deleted : C:\ProgramData\PC Optimizer Pro
[!] Folder Deleted : C:\ProgramData\TubeDimmer
[!] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Program Files (x86)\TidyNetwork
[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Program Files\PC Optimizer Pro
[!] Folder Deleted : C:\Users\Gina\AppData\Local\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\Gina\AppData\Local\Conduit
[!] Folder Deleted : C:\Users\Gina\AppData\Local\TidyNetwork
[!] Folder Deleted : C:\Users\Gina\AppData\Local\Temp\apn
[!] Folder Deleted : C:\Users\Gina\AppData\LocalLow\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\Gina\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\Gina\AppData\LocalLow\searchresultstb
[!] Folder Deleted : C:\Users\Gina\AppData\Roaming\iWin
[!] Folder Deleted : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\imeshmusicboxtoolbarha
[!] Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[!] Folder Deleted : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\Extensions\tidynetwork@tidynetwork
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\.autoreg
File Deleted : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\searchplugins\safesearch.xml
***** [ Shortcuts ] *****

***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559434
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16526

-\\ Mozilla Firefox v20.0.1 (en-US)
[ File : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Hoyle Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559434&SearchSource=3&q={searchTerms}");
*************************
AdwCleaner[R0].txt - [14723 octets] - [11/01/2014 10:04:40]
AdwCleaner[S0].txt - [13513 octets] - [11/01/2014 10:17:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13574 octets] ##########
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 05
Ran by Gina (administrator) on GINA-PC on 11-01-2014 10:25:15
Running from C:\Users\Gina\Desktop\Downloads per Forum
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
() C:\ProgramData\GorillaPrice\WatGorp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Dropbox, Inc.) C:\Users\Gina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PCM4Everio\EverioService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-11-03] (Intel Corporation)
HKLM-x32\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [KBD] - C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [HP Health Check Scheduler] - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\Cyberlink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - C:\Program Files (x86)\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-12-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-15] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [TVAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [206120 2009-04-22] (CyberLink Corp.)
HKLM-x32\...\Run: [EverioService] - C:\Program Files (x86)\Cyberlink\PCM4Everio\EverioService.exe [151552 2007-11-01] (CyberLink Corp.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [HPAdvisor] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17093512 2011-06-15] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKCU\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [41984 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-02-11] (Google Inc.)
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater)
MountPoints2: {33d56465-43c3-11de-9ce6-00248c6d050d} - K:\LaunchU3.exe -a
MountPoints2: {e685d84c-3562-11df-b835-00248c6d050d} - "K:\WD SmartWare.exe" autoplay=true
MountPoints2: {f57af4e6-4ef4-11de-aa1d-00248c6d050d} - Q:\LaunchU3.exe -a
MountPoints2: {fe011fc8-3e9c-11de-811b-00248c6d050d} - F:\LaunchU3.exe -a
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
AppInit_DLLs:     [ ] ()
AppInit_DLLs-x32:     [ ] ()
Startup: C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
URLSearchHook: HKCU - (No Name) - {64b507cd-5eb6-4217-aef4-c88b4fcfb77b} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {DBCE9E38-7A69-483D-98C9-53252C19C3C2} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {DBCE9E38-7A69-483D-98C9-53252C19C3C2} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {0A85C0D6-CE20-4409-8103-4E6E8CB6A9CA} URL = http://www.search.ask.com/web?p2=%5EADM%5EOSJ000%5EYY%5EUS&gct=&itbv=12.6.0.11&o=APN10614&tpid=ORJ-V7&apn_uid=88BADF18-C07C-4A42-BF12-F386BBCC51F3&apn_ptnrs=ADM&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16514&doi=2013-11-14&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {5BE26BA0-629F-4AA9-BA7F-56A3617CCC81} URL = http://www.google.com/search?hl=en&q={searchTerms}&aq=f&oq=&rlz=1I7GGHP_enUS366
BHO: TidyNetwork - {039F08A7-B14C-34A3-EABC-CEB96038A1A4} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: TidyNetwork - {039F08A7-B14C-34A3-EABC-CEB96038A1A4} - C:\Program Files (x86)\TidyNetwork\petn.dll No File
BHO-x32: MyWordTool - {45470599-8237-486D-87B5-E89CD6AED154} - C:\Users\Gina\AppData\Roaming\MyWordTool\temp.dat ()
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: HKLM-x32 {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: MyWordTool - C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\Extensions\emily@wilford.biz [2013-12-11]
FF Extension: Tube Dimmer - C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\Extensions\support@tubedimmerapp.com [2013-12-11]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-03-01]
FF Extension: MyWordTool - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\emily@wilford.biz [2013-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-16]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-05-09]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-16]
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 GorillaPrice; C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe [625152 2013-11-11] ()
S3 ICDSPTSV; C:\Windows\SysWOW64\IcdSptSv.exe [99688 2009-08-06] (Sony Corporation)
R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [40448 2013-12-05] ()
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [247152 2008-12-03] ()
R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2009-04-22] ()
R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116104 2009-04-22] ()
R2 WatGorp; C:\ProgramData\GorillaPrice\WatGorp.exe [70144 2013-11-05] ()
S2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-21] (AVG Technologies)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-01-11 10:21 - 2014-01-11 10:21 - 00013663 _____ C:\Users\Gina\Desktop\AdwCleaner[S0].txt
2014-01-11 10:20 - 2014-01-11 10:20 - 00000000 ____D C:\ProgramData\TubeDimmer
2014-01-11 10:19 - 2014-01-11 10:19 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-01-11 10:04 - 2014-01-11 10:18 - 00000000 ____D C:\AdwCleaner
2014-01-11 09:56 - 2014-01-11 10:25 - 00000000 ____D C:\Users\Gina\Desktop\Downloads per Forum
2014-01-07 15:25 - 2014-01-07 15:25 - 09355359 _____ (SUPERAntiSpyware) C:\Users\Gina\Downloads\SUPERAntiSpyware (2).exe
2014-01-07 15:24 - 2014-01-11 10:00 - 00002048 _____ C:\Uninstall.dat
2014-01-07 15:24 - 2014-01-07 15:24 - 09793359 _____ (SUPERAntiSpyware) C:\Users\Gina\Downloads\SUPERAntiSpyware (1).exe
2014-01-07 15:12 - 2014-01-11 09:57 - 00000000 ____D C:\Users\Gina\Desktop\FRST-OlderVersion
2014-01-07 15:06 - 2014-01-11 09:57 - 00000000 ____D C:\FRST
2014-01-06 12:34 - 2014-01-06 12:34 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Gina\Desktop\mbam-clean-1.60.2.0003.exe
2014-01-06 12:20 - 2014-01-06 12:21 - 09998080 _____ (Malwarebytes Corporation                                    ) C:\Users\Gina\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-25 09:59 - 2013-12-25 09:59 - 00000000 ____D C:\ProgramData\InternetUpdater
2013-12-23 09:00 - 2014-01-09 16:02 - 00000000 ____D C:\Users\Gina\AppData\Local\Adobe
2013-12-16 18:44 - 2013-12-16 18:44 - 00000000 ____D C:\Users\Gina\AppData\Local\Apple
2013-12-14 14:18 - 2013-12-14 14:18 - 00000000 ____D C:\Users\Gina\AppData\Local\Apple Computer
2013-12-13 18:22 - 2014-01-11 10:01 - 00000000 ____D C:\Users\Gina\Desktop\Prostvac
2013-12-13 15:06 - 2013-11-14 18:09 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 15:06 - 2013-11-14 17:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 15:06 - 2013-11-14 17:37 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 15:06 - 2013-11-14 17:29 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 15:06 - 2013-11-14 17:29 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 15:06 - 2013-11-14 17:28 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 15:06 - 2013-11-14 17:28 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-13 15:06 - 2013-11-14 17:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 15:06 - 2013-11-14 17:22 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 15:06 - 2013-11-14 17:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-13 15:06 - 2013-11-14 17:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-13 15:06 - 2013-11-14 17:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 15:06 - 2013-11-14 17:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-13 15:06 - 2013-11-14 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 15:06 - 2013-11-14 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-13 15:06 - 2013-11-14 17:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 15:06 - 2013-11-14 15:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 15:06 - 2013-11-14 14:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 15:06 - 2013-11-14 14:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-13 15:06 - 2013-11-14 14:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-13 15:06 - 2013-11-14 14:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 15:06 - 2013-11-14 14:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 15:06 - 2013-11-14 14:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-13 15:06 - 2013-11-14 14:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 15:06 - 2013-11-14 14:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-13 15:06 - 2013-11-14 14:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-13 15:06 - 2013-11-14 14:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-13 15:06 - 2013-11-14 14:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-13 15:06 - 2013-11-14 14:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 15:06 - 2013-11-14 14:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-13 15:06 - 2013-11-14 14:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 15:06 - 2013-11-14 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
==================== One Month Modified Files and Folders =======
2014-01-11 10:25 - 2014-01-11 09:56 - 00000000 ____D C:\Users\Gina\Desktop\Downloads per Forum
2014-01-11 10:24 - 2009-04-09 12:23 - 01313252 _____ C:\Windows\WindowsUpdate.log
2014-01-11 10:23 - 2009-03-07 12:03 - 00003576 _____ C:\Windows\System32\Tasks\HP Health Check
2014-01-11 10:21 - 2014-01-11 10:21 - 00013663 _____ C:\Users\Gina\Desktop\AdwCleaner[S0].txt
2014-01-11 10:21 - 2013-10-10 17:09 - 00000000 ____D C:\Users\Gina\AppData\Roaming\Dropbox
2014-01-11 10:21 - 2010-02-11 08:06 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-11 10:20 - 2014-01-11 10:20 - 00000000 ____D C:\ProgramData\TubeDimmer
2014-01-11 10:19 - 2014-01-11 10:19 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-01-11 10:19 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-11 10:19 - 2006-11-02 07:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-11 10:19 - 2006-11-02 07:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-11 10:18 - 2014-01-11 10:04 - 00000000 ____D C:\AdwCleaner
2014-01-11 10:18 - 2006-11-02 07:42 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-11 10:11 - 2012-04-16 20:32 - 00000336 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-01-11 10:01 - 2013-12-13 18:22 - 00000000 ____D C:\Users\Gina\Desktop\Prostvac
2014-01-11 10:01 - 2009-12-24 07:50 - 00000000 ____D C:\Users\Gina\Documents\Madison's folder
2014-01-11 10:00 - 2014-01-07 15:24 - 00002048 _____ C:\Uninstall.dat
2014-01-11 09:59 - 2013-06-12 15:48 - 00000000 ____D C:\ProgramData\MFAData
2014-01-11 09:57 - 2014-01-07 15:12 - 00000000 ____D C:\Users\Gina\Desktop\FRST-OlderVersion
2014-01-11 09:57 - 2014-01-07 15:06 - 00000000 ____D C:\FRST
2014-01-11 09:56 - 2010-02-11 08:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-10 20:36 - 2012-04-17 13:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-10 15:53 - 2010-04-29 20:35 - 00000000 ____D C:\Users\Gina\AppData\Local\CrashDumps
2014-01-10 15:04 - 2011-04-28 09:19 - 00003678 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D548582C-251D-416E-9C64-2B58D24D054B}
2014-01-10 11:56 - 2013-10-10 17:12 - 00000000 ___RD C:\Users\Gina\Dropbox
2014-01-10 09:08 - 2013-11-10 14:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-09 20:16 - 2012-09-16 10:48 - 00000000 ____D C:\Users\Gina\AppData\Roaming\.minecraft
2014-01-09 16:02 - 2013-12-23 09:00 - 00000000 ____D C:\Users\Gina\AppData\Local\Adobe
2014-01-07 15:25 - 2014-01-07 15:25 - 09355359 _____ (SUPERAntiSpyware) C:\Users\Gina\Downloads\SUPERAntiSpyware (2).exe
2014-01-07 15:24 - 2014-01-07 15:24 - 09793359 _____ (SUPERAntiSpyware) C:\Users\Gina\Downloads\SUPERAntiSpyware (1).exe
2014-01-06 12:50 - 2013-06-28 16:39 - 00630318 _____ C:\Windows\PFRO.log
2014-01-06 12:34 - 2014-01-06 12:34 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Gina\Desktop\mbam-clean-1.60.2.0003.exe
2014-01-06 12:21 - 2014-01-06 12:20 - 09998080 _____ (Malwarebytes Corporation                                    ) C:\Users\Gina\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-06 12:20 - 2006-11-02 04:46 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-06 10:54 - 2012-03-18 21:27 - 00000000 ____D C:\Users\Gina\Xander
2014-01-06 10:34 - 2011-09-18 04:38 - 00000000 ____D C:\Users\Gina\AppData\Roaming\HpUpdate
2013-12-30 13:27 - 2011-06-20 19:12 - 00000000 ____D C:\Users\Gina\AppData\Roaming\Skype
2013-12-27 09:55 - 2013-11-21 03:01 - 00000000 ____D C:\Program Files (x86)\PasswordBox
2013-12-25 12:49 - 2013-06-28 15:51 - 00007155 _____ C:\Windows\setupact.log
2013-12-25 09:59 - 2013-12-25 09:59 - 00000000 ____D C:\ProgramData\InternetUpdater
2013-12-19 12:44 - 2013-10-10 17:10 - 00000000 ____D C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-19 12:44 - 2009-05-11 16:41 - 00000000 ___RD C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-16 18:44 - 2013-12-16 18:44 - 00000000 ____D C:\Users\Gina\AppData\Local\Apple
2013-12-15 21:31 - 2013-07-18 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 21:27 - 2006-11-02 04:35 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-15 21:17 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-14 14:18 - 2013-12-14 14:18 - 00000000 ____D C:\Users\Gina\AppData\Local\Apple Computer
2013-12-13 15:43 - 2006-11-02 07:21 - 00357984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-13 15:40 - 2009-03-07 11:13 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-13 15:08 - 2009-08-28 16:07 - 00000000 ____D C:\ProgramData\Microsoft Help
Files to move or delete:
====================
C:\Users\Gina\PSE7_WIN_TB_WWE.exe
C:\Users\Gina\PSE7_WIN_WWE.exe

Some content of TEMP:
====================
C:\Users\Gina\AppData\Local\Temp\APNSetup.exe
C:\Users\Gina\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Gina\AppData\Local\Temp\Delta.exe
C:\Users\Gina\AppData\Local\Temp\DeltaTB.exe
C:\Users\Gina\AppData\Local\Temp\lowproc.exe
C:\Users\Gina\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Gina\AppData\Local\Temp\Quarantine.exe
C:\Users\Gina\AppData\Local\Temp\stubhelper.dll
C:\Users\Gina\AppData\Local\Temp\WSSetup.exe

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-11 10:25
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014
Ran by Gina at 2014-01-07 15:07:06
Running from C:\Users\Gina\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (x32 Version: 2.0.0.0 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (x32 Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3650 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0.0.3 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (x32 Version: 2.61 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (Version: 14.0.3658 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
AVG SafeGuard toolbar (x32 Version: 17.1.3.3 - AVG Technologies)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C309a (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
C4600 (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
Cisco Connect (x32 Version: 1.2.10260.0 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (x32 Version: 5.0.0.0 - Coupons.com Incorporated)
Cricut DesignStudio (x32 Version:  - )
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2326 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2326 - CyberLink Corp.) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Digital Photo Navigator 1.5 (x32 Version:  - )
Digital Voice Editor 3 (x32 Version: 3.3.00.05270 - Sony Corporation)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)
Enhanced Multimedia Keyboard Solution (x32 Version: 1.0.9.2 - Hewlett-Packard)
Fax (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hardware Diagnostic Tools (Version: 5.1.5048.14 - PC-Doctor, Inc.)
HP Active Support Library (x32 Version: 3.1.10.1 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 5.7.0.2875 - Hewlett-Packard)
HP Customer Participation Program 14.0 (Version: 14.0 - HP)
HP Demo (x32 Version: 1.00.0000 - Hewlett-Packard)
HP Games (x32 Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP MediaSmart DVD (x32 Version: 2.1.2717 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.1.2717 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2415 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2415 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (Version: 2.1.7 - Hewlett-Packard)
HP MediaSmart TV (x32 Version: 2.2.1622 - Hewlett-Packard)
HP MediaSmart TV (x32 Version: 2.2.1622 - Hewlett-Packard) Hidden
HP Odometer (x32 Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (x32 Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Photo Creations (x32 Version: 1.0.0.11942 - HP)
HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5 (Version: 12.0 - HP)
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5 (Version: 14.0 - HP)
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Picasso Media Center Add-In (x32 Version: 9.1.7.0 - Hewlett-Packard Development Company, L.P.) Hidden
HP RC Mirror Driver (x32 Version: 2.0.0.1 - Hewlett-Packard) Hidden
HP Recovery Manager RSS (x32 Version: 92.0.0.9 - Hewlet Packard Company) Hidden
HP Smart Web Printing 4.60 (Version: 4.60 - HP)
HP Solution Center 14.0 (Version: 14.0 - HP)
HP Support Information (x32 Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Advisor (x32 Version: 2.4.6171.2860 - Hewlett-Packard)
HP Total Care Setup (x32 Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (x32 Version: 5.003.003.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (x32 Version: 12.3.4.0 - HP)
Intel(R) Graphics Media Accelerator Driver (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
Internet Updater (x32 Version: 2.6.52 - Parallel Lines Development, LLC) <==== ATTENTION
IrfanView (remove only) (x32 Version: 4.32 - Irfan Skiljan)
iTunes (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (x32 Version: 6.0.290 - Sun Microsystems, Inc.)
LabelPrint (x32 Version: 2.5.1103 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1103 - CyberLink Corp.) Hidden
LightScribe System Software (x32 Version: 1.18.3.2 - LightScribe)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (x32 Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 60 day trial (Version:  - )
Microsoft Office Labs Search Commands (x32 Version: 1.5.0.6 - Microsoft Office Labs)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (x32 Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 20.0.1 (x86 en-US) (x32 Version: 20.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 20.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (x32 Version: 7.0.35.7918 - muvee Technologies Pte Ltd)
MyWordTool (HKCU Version: 1 - http://www.mywordtool.com)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (Version: 14.0 - HP)
Open Downloader Manager (x32 Version:  - )
PhotoshopdotcomInspirationBrowser (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
PictureMover (x32 Version: 3.3.1.11 - Hewlett-Packard Company)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden
PowerCinema NE for Everio (x32 Version:  - )
PowerDirector (x32 Version: 7.0.2417 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2417 - CyberLink Corp.) Hidden
PowerDirector Express (x32 Version:  - )
PowerProducer (x32 Version: 074511a(3.7)_Vista_JVC - CyberLink Corp.)
PS_AIO_05_C309_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
PS_AIO_05_C4600_Software_Min (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
Python 2.6.1 (x32 Version: 2.6.1150 - Python Software Foundation)
QuickTime (x32 Version: 7.72.80.56 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Scholastic's I SPY Fantasy (x32 Version:  - )
Scholastic's I SPY Mystery (x32 Version:  - )
Scholastic's I SPY Spooky Mansion Deluxe (x32 Version:  - )
Scholastic's I SPY Treasure Hunt (x32 Version: 1.0 - Scholastic Inc.)
Shop for HP Supplies (Version: 14.0 - HP)
Skype™ 5.3 (x32 Version: 5.3.120 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
TidyNetwork (HKCU Version:  - TidyNetwork)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Tube Dimmer (x32 Version: 2.6.43 - Creative Island Media, LLC)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Updater (x32 Version: 2.6.43 - Creative Island Media, LLC)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.14 - WildTangent)
Windows Speech Recognition Macros (x32 Version: 1.0.6862.19 - Microsoft Corporation)
WinRAR 4.10 beta 5 (32-bit) (x32 Version: 4.10.5 - win.rar GmbH)
Your Uninstaller! 7 (x32 Version: 7.5.2013.2 - URSoft, Inc.)
==================== Restore Points  =========================
21-12-2013 18:34:42 Windows Update
23-12-2013 00:34:54 Windows Update
23-12-2013 15:40:29 Windows Update
25-12-2013 17:54:46 Windows Update
26-12-2013 17:58:57 Windows Update
27-12-2013 16:54:34 Windows Update
28-12-2013 18:51:30 Windows Update
30-12-2013 16:58:20 Windows Update
01-01-2014 04:30:46 Windows Update
01-01-2014 20:34:08 Windows Update
06-01-2014 18:31:38 Windows Update
07-01-2014 17:58:08 Windows Update
==================== Hosts content: ==========================
2006-11-02 04:34 - 2006-09-18 13:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {20775073-5623-493F-AA21-AAED7EC0ACA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11] (Google Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {3FFEF1B7-70BC-4461-99F2-55F23DC32AF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11] (Google Inc.)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8355B68F-0C9F-4CE9-9608-A227D17A0D54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {8E8A672F-EF45-42E9-95F8-ADB50ED1A6ED} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {960ADB34-7009-4A97-9DE9-F0A91BE6D3DF} - System32\Tasks\HP Health Check => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {98934872-56BF-4CB1-8C7B-B03C6B921992} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {99FD2E75-4984-40AC-A6F3-778C65036A02} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-07-09] ()
Task: {C36BBC40-ADC2-4800-9FE8-C89BE45CF455} - System32\Tasks\hpUrlLauncher.exe_{992CCDE3-DA97-4038-AB96-62A2886F997D} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F4263AC2-73BE-46BC-BF60-B0699E5D91E6} - System32\Tasks\TidyNetwork Update => C:\Users\Gina\AppData\Local\TidyNetwork\petnupdate.exe [2013-12-11] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
==================== Loaded Modules (whitelisted) =============
2011-12-25 16:16 - 2011-12-15 12:38 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2009-04-22 21:52 - 2009-04-22 21:52 - 00074536 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus64.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Windows\SysWOW64\CN2AIB4G7Z05KD:NW
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51
==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============
Name: HP Photosmart C309a
Description: HP Photosmart C309a
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart C309a series
Description: Photosmart C309a series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart 7510 series
Description: Photosmart 7510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================
Application errors:
==================
Error: (01/07/2014 09:54:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/06/2014 08:50:41 PM) (Source: Application Error) (User: )
Description: Faulting application GorillaPrice.exe, version 0.0.0.0, time stamp 0x5280f6d4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0x14ec, application start time 0xGorillaPrice.exe0.
Error: (01/06/2014 00:51:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/06/2014 00:44:51 PM) (Source: Application Hang) (User: )
Description: The program HPAdvisor.exe version 2.4.6171.2860 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1110
Start Time: 01cf0b1fd071b7e9
Termination Time: 34
Error: (01/06/2014 00:42:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/06/2014 10:28:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/01/2014 00:32:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/31/2013 08:28:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/30/2013 08:55:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/28/2013 00:32:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234498

System errors:
=============
Error: (01/07/2014 10:01:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070490Hewlett-Packard  - Imaging, Other hardware - Null Print - HP Photosmart 7520 series{DD63C015-E52B-4739-858A-7CC7DD8F65F9}101
Error: (01/07/2014 09:55:33 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (01/06/2014 00:51:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (01/06/2014 00:43:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (01/06/2014 10:37:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070490Hewlett-Packard  - Imaging, Other hardware - Null Print - HP Photosmart 7520 series{DD63C015-E52B-4739-858A-7CC7DD8F65F9}101
Error: (01/06/2014 10:32:23 AM) (Source: Service Control Manager) (User: )
Description: Volume Shadow Copy%%1053
Error: (01/06/2014 10:32:23 AM) (Source: Service Control Manager) (User: )
Description: 30000Volume Shadow Copy
Error: (01/06/2014 10:32:22 AM) (Source: DCOM) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (01/06/2014 10:28:37 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (01/01/2014 00:39:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070490Hewlett-Packard  - Imaging, Other hardware - Null Print - HP Photosmart 7520 series{DD63C015-E52B-4739-858A-7CC7DD8F65F9}101

Microsoft Office Sessions:
=========================
Error: (06/22/2012 05:06:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 120688 seconds with 25680 seconds of active time.  This session ended with a crash.
Error: (04/26/2012 04:43:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 30091 seconds with 12120 seconds of active time.  This session ended with a crash.
Error: (04/25/2012 07:03:07 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 75214 seconds with 11160 seconds of active time.  This session ended with a crash.
Error: (03/07/2012 08:24:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 41 seconds with 0 seconds of active time.  This session ended with a crash.
Error: (02/09/2012 01:22:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16085 seconds with 5220 seconds of active time.  This session ended with a crash.
Error: (12/02/2011 08:29:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 39 seconds with 0 seconds of active time.  This session ended with a crash.
Error: (11/10/2011 09:42:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 93030 seconds with 16680 seconds of active time.  This session ended with a crash.
Error: (06/09/2011 04:36:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24012 seconds with 15600 seconds of active time.  This session ended with a crash.
Error: (06/08/2011 11:03:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 72551 seconds with 11520 seconds of active time.  This session ended with a crash.
Error: (06/07/2011 09:15:04 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1410 seconds with 900 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-01-07 15:06:33.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.
  Date: 2014-01-07 15:06:33.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.
  Date: 2014-01-07 15:06:32.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.
  Date: 2014-01-07 15:06:32.470
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.
  Date: 2013-11-26 11:12:10.349
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SETF7C6.tmp because the set of per-page image hashes could not be found on the system.
  Date: 2013-11-26 11:12:09.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SETF7C6.tmp because the set of per-page image hashes could not be found on the system.
  Date: 2013-11-26 11:12:09.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SETF7C6.tmp because the set of per-page image hashes could not be found on the system.
  Date: 2013-11-26 11:12:08.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SETF7C6.tmp because the set of per-page image hashes could not be found on the system.
  Date: 2013-11-26 11:12:08.124
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SETEF1D.tmp because the set of per-page image hashes could not be found on the system.
  Date: 2013-11-26 11:12:07.603
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SETEF1D.tmp because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 8181.33 MB
Available physical RAM: 5142.35 MB
Total Pagefile: 16413.68 MB
Available Pagefile: 13462.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:583.32 GB) (Free:311.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.85 GB) (Free:1.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=583 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12969
 
   Posted 1/12/2014 9:35 AM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.


start
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [HPAdvisor] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17093512 2011-06-15] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-02-11] (Google Inc.)
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater)
C:\ProgramData\Updater
URLSearchHook: HKCU - (No Name) - {64b507cd-5eb6-4217-aef4-c88b4fcfb77b} - No File
SearchScopes: HKLM - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {DBCE9E38-7A69-483D-98C9-53252C19C3C2} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {DBCE9E38-7A69-483D-98C9-53252C19C3C2} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {0A85C0D6-CE20-4409-8103-4E6E8CB6A9CA} URL = http://www.search.ask.com/web?p2=%5EADM%5EOSJ000%5EYY%5EUS&gct=&itbv=12.6.0.11&o=APN10614&tpid=ORJ-V7&apn_uid=88BADF18-C07C-4A42-BF12-F386BBCC51F3&apn_ptnrs=ADM&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16514&doi=2013-11-14&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {5BE26BA0-629F-4AA9-BA7F-56A3617CCC81} URL = http://www.google.com/search?hl=en&q={searchTerms}&aq=f&oq=&rlz=1I7GGHP_enUS366
BHO: TidyNetwork - {039F08A7-B14C-34A3-EABC-CEB96038A1A4} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File
Toolbar: HKCU - No Name - {64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]
C:\Users\Gina\PSE7_WIN_TB_WWE.exe
C:\Users\Gina\PSE7_WIN_WWE.exe
C:\Users\Gina\AppData\Local\Temp\APNSetup.exe
C:\Users\Gina\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Gina\AppData\Local\Temp\Delta.exe
C:\Users\Gina\AppData\Local\Temp\DeltaTB.exe
C:\Users\Gina\AppData\Local\Temp\lowproc.exe
C:\Users\Gina\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Gina\AppData\Local\Temp\Quarantine.exe
C:\Users\Gina\AppData\Local\Temp\stubhelper.dll
C:\Users\Gina\AppData\Local\Temp\WSSetup.exe
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {20775073-5623-493F-AA21-AAED7EC0ACA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11] (Google Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {3FFEF1B7-70BC-4461-99F2-55F23DC32AF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11] (Google Inc.)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8355B68F-0C9F-4CE9-9608-A227D17A0D54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {8E8A672F-EF45-42E9-95F8-ADB50ED1A6ED} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {960ADB34-7009-4A97-9DE9-F0A91BE6D3DF} - System32\Tasks\HP Health Check => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {98934872-56BF-4CB1-8C7B-B03C6B921992} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {99FD2E75-4984-40AC-A6F3-778C65036A02} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-07-09] ()
Task: {C36BBC40-ADC2-4800-9FE8-C89BE45CF455} - System32\Tasks\hpUrlLauncher.exe_{992CCDE3-DA97-4038-AB96-62A2886F997D} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F4263AC2-73BE-46BC-BF60-B0699E5D91E6} - System32\Tasks\TidyNetwork Update => C:\Users\Gina\AppData\Local\TidyNetwork\petnupdate.exe [2013-12-11] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
AlternateDataStreams: C:\Windows\SysWOW64\CN2AIB4G7Z05KD:NW
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51
end




NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to the operating system


Save notepad as fixlist.txt
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.


Please download Combofix from:
download.bleepingcomputer.com/sUBs/ComboFix.exe
And save to the desktop.

After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:
Exit all windows that are currently open on your computer.
To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.

 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall.
In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Plshlp
New Member


Date Joined Jan 2014
Total Posts : 12
 
   Posted 1/12/2014 7:51 PM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
Thank you very much. I would like to ask a question first, given your warnings (which I appreciate):

Before your post came through, I spent many hours trying to succeed in accomplishing the previous contributor's suggestion (Dickens), and finally was able to run Malawarebytes anti-malware. It only found 1 item in safe mode, but when I ran it in normal mode, it found a ton of stuff. Anything it found, I told it to remove (I believe it is all logged under the "quarantined" tab). There was so much that listed Firefox, we just uninstalled Firefox since I rarely used it. And due to a script error message that kept popping up from disabling then re-enabling internet (add-ons?) (the only other advice I could find online about trusted.net), I reset the internet in the control panel to default settings (which solved that problem). We then booted up on a Windows Defender CD, but it found nothing. Now,fast and full scans by Malawarebytes find nothing.

Given the removal of what Malawarebytes found, firefox, and resetting the internet to defaults, is it still okay to run your code? I thought it would be smart to ask first. I would very much like to be sure I have a clean machine so I can set a restore point in the event this happens again. However, if you advise otherwise, I will leave things be and mark this as resolved for now.

Thank you.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12969
 
   Posted 1/13/2014 11:30 AM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
Given the removal of what Malawarebytes found, firefox, and resetting the internet to defaults, is it still okay to run your code? 
I thought it would be smart to ask first. I would very much like to be sure I have a clean machine so I can set a restore point in the event this happens again. 
However, if you advise otherwise, I will leave things be and mark this as resolved for now.






There are other infections there need to be removed, I´ll therfore suggest you follow my advice ;-)


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Plshlp
New Member


Date Joined Jan 2014
Total Posts : 12
 
   Posted 1/13/2014 8:54 PM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
Thank you I will this evening when I have access to the computer again, and will post the logs.
Back to Top
 

Plshlp
New Member


Date Joined Jan 2014
Total Posts : 12
 
   Posted 1/13/2014 10:42 PM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
Hello.
 
Following I have posted the fixlog (I am sorry I was unable to attach the file itself, as requested:  the Bullguard attachment manager window would not expand to show the "browse" button, only the upload button, and neither would it allow me to type into the box).  Once the ComboFix scan is complete, I will post again with that log.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-01-2014 02
Ran by Gina at 2014-01-13 11:26:15 Run:1
Running from C:\Users\Gina\Desktop\AntiVirus Programs
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [HPAdvisor] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17093512 2011-06-15] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-02-11] (Google Inc.)
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater)
C:\ProgramData\Updater
URLSearchHook: HKCU - (No Name) - {64b507cd-5eb6-4217-aef4-c88b4fcfb77b} - No File
SearchScopes: HKLM - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {DBCE9E38-7A69-483D-98C9-53252C19C3C2} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {DBCE9E38-7A69-483D-98C9-53252C19C3C2} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {0A85C0D6-CE20-4409-8103-4E6E8CB6A9CA} URL = http://www.search.ask.com/web?p2=%5EADM%5EOSJ000%5EYY%5EUS&gct=&itbv=12.6.0.11&o=APN10614&tpid=ORJ-V7&apn_uid=88BADF18-C07C-4A42-BF12-F386BBCC51F3&apn_ptnrs=ADM&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16514&doi=2013-11-14&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {5BE26BA0-629F-4AA9-BA7F-56A3617CCC81} URL = http://www.google.com/search?hl=en&q={searchTerms}&aq=f&oq=&rlz=1I7GGHP_enUS366
BHO: TidyNetwork - {039F08A7-B14C-34A3-EABC-CEB96038A1A4} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File
Toolbar: HKCU - No Name - {64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]
C:\Users\Gina\PSE7_WIN_TB_WWE.exe
C:\Users\Gina\PSE7_WIN_WWE.exe
C:\Users\Gina\AppData\Local\Temp\APNSetup.exe
C:\Users\Gina\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Gina\AppData\Local\Temp\Delta.exe
C:\Users\Gina\AppData\Local\Temp\DeltaTB.exe
C:\Users\Gina\AppData\Local\Temp\lowproc.exe
C:\Users\Gina\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Gina\AppData\Local\Temp\Quarantine.exe
C:\Users\Gina\AppData\Local\Temp\stubhelper.dll
C:\Users\Gina\AppData\Local\Temp\WSSetup.exe
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {20775073-5623-493F-AA21-AAED7EC0ACA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11] (Google Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {3FFEF1B7-70BC-4461-99F2-55F23DC32AF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11] (Google Inc.)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8355B68F-0C9F-4CE9-9608-A227D17A0D54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {8E8A672F-EF45-42E9-95F8-ADB50ED1A6ED} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {960ADB34-7009-4A97-9DE9-F0A91BE6D3DF} - System32\Tasks\HP Health Check => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {98934872-56BF-4CB1-8C7B-B03C6B921992} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {99FD2E75-4984-40AC-A6F3-778C65036A02} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-07-09] ()
Task: {C36BBC40-ADC2-4800-9FE8-C89BE45CF455} - System32\Tasks\hpUrlLauncher.exe_{992CCDE3-DA97-4038-AB96-62A2886F997D} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F4263AC2-73BE-46BC-BF60-B0699E5D91E6} - System32\Tasks\TidyNetwork Update => C:\Users\Gina\AppData\Local\TidyNetwork\petnupdate.exe [2013-12-11] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
AlternateDataStreams: C:\Windows\SysWOW64\CN2AIB4G7Z05KD:NW
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51
end
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\APSDaemon => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Updater => Value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\HPAdvisor => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ehTray.exe => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\swg => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\HP Officejet Pro 8600 (NET) => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Updater => Value not found.
"C:\ProgramData\Updater" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{64b507cd-5eb6-4217-aef4-c88b4fcfb77b} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0313C9D8-B548-4242-8F4E-8573C7191616} => Key deleted successfully.
HKCR\CLSID\{0313C9D8-B548-4242-8F4E-8573C7191616} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DBCE9E38-7A69-483D-98C9-53252C19C3C2} => Key deleted successfully.
HKCR\CLSID\{DBCE9E38-7A69-483D-98C9-53252C19C3C2} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0313C9D8-B548-4242-8F4E-8573C7191616} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0313C9D8-B548-4242-8F4E-8573C7191616} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{DBCE9E38-7A69-483D-98C9-53252C19C3C2} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBCE9E38-7A69-483D-98C9-53252C19C3C2} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0313C9D8-B548-4242-8F4E-8573C7191616} => Key deleted successfully.
HKCR\CLSID\{0313C9D8-B548-4242-8F4E-8573C7191616} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A85C0D6-CE20-4409-8103-4E6E8CB6A9CA} => Key deleted successfully.
HKCR\CLSID\{0A85C0D6-CE20-4409-8103-4E6E8CB6A9CA} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BE26BA0-629F-4AA9-BA7F-56A3617CCC81} => Key deleted successfully.
HKCR\CLSID\{5BE26BA0-629F-4AA9-BA7F-56A3617CCC81} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{039F08A7-B14C-34A3-EABC-CEB96038A1A4} => Key deleted successfully.
HKCR\CLSID\{039F08A7-B14C-34A3-EABC-CEB96038A1A4} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} => Value deleted successfully.
HKCR\CLSID\{64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
vToolbarUpdater17.3.0 => Service deleted successfully.
C:\Users\Gina\PSE7_WIN_TB_WWE.exe => Moved successfully.
C:\Users\Gina\PSE7_WIN_WWE.exe => Moved successfully.
C:\Users\Gina\AppData\Local\Temp\APNSetup.exe => Moved successfully.
Could not move "C:\Users\Gina\AppData\Local\Temp\BundleSweetIMSetup.exe" => Scheduled to move on reboot.
C:\Users\Gina\AppData\Local\Temp\Delta.exe => Moved successfully.
C:\Users\Gina\AppData\Local\Temp\DeltaTB.exe => Moved successfully.
C:\Users\Gina\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Gina\AppData\Local\Temp\MybabylonTB.exe => Moved successfully.
C:\Users\Gina\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Gina\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Gina\AppData\Local\Temp\WSSetup.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC\TMM => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\TMM => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{192DDA2D-5815-47B8-983F-65744FEEC03A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{192DDA2D-5815-47B8-983F-65744FEEC03A} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20775073-5623-493F-AA21-AAED7EC0ACA6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20775073-5623-493F-AA21-AAED7EC0ACA6} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{254095AE-FB97-48EA-94A5-D8BF2AB79714} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{254095AE-FB97-48EA-94A5-D8BF2AB79714} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\RAC\RACAgent => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RACAgent => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3FFEF1B7-70BC-4461-99F2-55F23DC32AF4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FFEF1B7-70BC-4461-99F2-55F23DC32AF4} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PLA\System\ConvertLogEntries => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C638E5B-ECE5-4424-A7E5-2C913CA682E9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C638E5B-ECE5-4424-A7E5-2C913CA682E9} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8355B68F-0C9F-4CE9-9608-A227D17A0D54} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8355B68F-0C9F-4CE9-9608-A227D17A0D54} => Key deleted successfully.
C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E8A672F-EF45-42E9-95F8-ADB50ED1A6ED} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E8A672F-EF45-42E9-95F8-ADB50ED1A6ED} => Key deleted successfully.
C:\Windows\System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP Officejet Pro 8600 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{960ADB34-7009-4A97-9DE9-F0A91BE6D3DF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{960ADB34-7009-4A97-9DE9-F0A91BE6D3DF} => Key deleted successfully.
C:\Windows\System32\Tasks\HP Health Check => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP Health Check => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98934872-56BF-4CB1-8C7B-B03C6B921992} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98934872-56BF-4CB1-8C7B-B03C6B921992} => Key deleted successfully.
C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99FD2E75-4984-40AC-A6F3-778C65036A02} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99FD2E75-4984-40AC-A6F3-778C65036A02} => Key deleted successfully.
C:\Windows\System32\Tasks\HP Photo Creations Communicator => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP Photo Creations Communicator => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C36BBC40-ADC2-4800-9FE8-C89BE45CF455} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C36BBC40-ADC2-4800-9FE8-C89BE45CF455} => Key deleted successfully.
C:\Windows\System32\Tasks\hpUrlLauncher.exe_{992CCDE3-DA97-4038-AB96-62A2886F997D} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hpUrlLauncher.exe_{992CCDE3-DA97-4038-AB96-62A2886F997D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E91D6474-70CC-42BE-80FF-8BED8AF557ED} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E91D6474-70CC-42BE-80FF-8BED8AF557ED} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless\GatherWirelessInfo => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4263AC2-73BE-46BC-BF60-B0699E5D91E6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4263AC2-73BE-46BC-BF60-B0699E5D91E6} => Key deleted successfully.
C:\Windows\System32\Tasks\TidyNetwork Update => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update => Key deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\HP Photo Creations Communicator.job => Moved successfully.
C:\Windows\SysWOW64\CN2AIB4G7Z05KD => ":NW" ADS removed successfully.
C:\ProgramData\Temp => ":1CE11B51" ADS removed successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-13 11:28:12)<=
C:\Users\Gina\AppData\Local\Temp\BundleSweetIMSetup.exe => Is moved successfully.
==== End of Fixlog ====
Back to Top
 

Plshlp
New Member


Date Joined Jan 2014
Total Posts : 12
 
   Posted 1/13/2014 11:26 PM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
Below I have pasted the ComboFix log.  Thank you for such clear directions.  Attachment Manager window will still not expand, so I have copied and pasted the log, not attached the file.
 
 
ComboFix 14-01-13.01 - Gina 01/13/2014  11:51:32.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.8181.6106 [GMT -8:00]
Running from: c:\users\Gina\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gina\AppData\Local\Microsoft\Windows\Temporary Internet Files\4Pil380h.jpg
c:\users\Gina\AppData\Local\Microsoft\Windows\Temporary Internet Files\6RbR1r.jpg
c:\users\Gina\AppData\Local\Microsoft\Windows\Temporary Internet Files\73qvnc.jpg
c:\users\Gina\AppData\Local\Microsoft\Windows\Temporary Internet Files\x8Fy1r.jpg
c:\users\Gina\AppData\Roaming\a7fb61f3-d402-43d7-85ce-a5b96038a1a4
c:\users\Gina\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-13 to 2014-01-13  )))))))))))))))))))))))))))))))
.
.
2014-01-13 20:15 . 2014-01-13 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-12 01:19 . 2014-01-12 01:19 -------- d-----w- c:\windows\Microsoft Antimalware
2014-01-11 23:33 . 2014-01-11 23:33 -------- d-----w- c:\programdata\ErrorEND64
2014-01-11 21:38 . 2014-01-11 21:38 -------- d-----w- c:\users\Gina\AppData\Roaming\Malwarebytes
2014-01-11 21:38 . 2014-01-11 21:38 -------- d-----w- c:\programdata\Malwarebytes
2014-01-11 21:38 . 2014-01-11 21:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-11 21:38 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-11 18:19 . 2014-01-11 23:17 -------- d-----w- c:\programdata\boost_interprocess
2014-01-11 18:04 . 2014-01-11 18:18 -------- d-----w- C:\AdwCleaner
2014-01-07 23:06 . 2014-01-13 19:28 -------- d-----w- C:\FRST
2013-12-25 17:59 . 2014-01-12 00:53 -------- d-----w- c:\programdata\InternetUpdater
2013-12-23 17:00 . 2014-01-10 00:02 -------- d-----w- c:\users\Gina\AppData\Local\Adobe
2013-12-17 02:44 . 2013-12-17 02:44 -------- d-----w- c:\users\Gina\AppData\Local\Apple
2013-12-14 22:18 . 2013-12-14 22:18 -------- d-----w- c:\users\Gina\AppData\Local\Apple Computer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-16 05:27 . 2006-11-02 12:35 90708896 ----a-w- c:\windows\system32\mrt.exe
2013-12-12 00:36 . 2012-04-17 21:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-12 00:36 . 2011-05-29 02:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-21 11:00 . 2013-06-12 23:59 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-15 02:09 . 2013-12-13 23:06 17847296 ----a-w- c:\windows\system32\mshtml.dll
2013-11-15 01:42 . 2013-12-13 23:06 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-11-15 01:37 . 2013-12-13 23:06 2334720 ----a-w- c:\windows\system32\jscript9.dll
2013-11-15 01:29 . 2013-12-13 23:06 1347072 ----a-w- c:\windows\system32\urlmon.dll
2013-11-15 01:29 . 2013-12-13 23:06 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-11-15 01:28 . 2013-12-13 23:06 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-15 01:28 . 2013-12-13 23:06 237056 ----a-w- c:\windows\system32\url.dll
2013-11-15 01:25 . 2013-12-13 23:06 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-15 01:22 . 2013-12-13 23:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-15 01:20 . 2013-12-13 23:06 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-11-15 01:20 . 2013-12-13 23:06 816640 ----a-w- c:\windows\system32\jscript.dll
2013-11-15 01:19 . 2013-12-13 23:06 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-11-15 01:19 . 2013-12-13 23:06 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-15 01:18 . 2013-12-13 23:06 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-15 01:18 . 2013-12-13 23:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-15 01:12 . 2013-12-13 23:06 248320 ----a-w- c:\windows\system32\ieui.dll
2013-11-14 22:50 . 2013-12-13 23:06 1806848 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-14 22:42 . 2013-12-13 23:06 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-14 22:42 . 2013-12-13 23:06 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-14 22:38 . 2013-12-13 23:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-14 22:38 . 2013-12-13 23:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-14 22:35 . 2013-12-13 23:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-14 00:39 . 2013-11-14 00:39 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-06 05:55 . 2013-11-06 05:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-11-05 05:52 . 2013-11-05 05:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-11-01 07:00 . 2013-11-01 07:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-11-01 06:49 . 2013-11-01 06:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-10-30 04:34 . 2008-01-21 02:46 1386496 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 04:34 . 2013-12-11 23:27 374784 ----a-w- c:\windows\system32\SysFxUI.dll
2013-10-30 03:55 . 2013-12-11 23:27 122368 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-10-30 02:33 . 2013-12-11 23:27 218112 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-10-30 02:10 . 2013-12-11 23:27 2776064 ----a-w- c:\windows\system32\win32k.sys
2013-10-25 06:25 . 2013-10-25 06:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-10-22 09:31 . 2013-12-11 23:27 79360 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-22 07:19 . 2013-12-11 23:27 158208 ----a-w- c:\windows\SysWow64\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Gina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Gina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Gina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 41984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-11-27 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-16 1152296]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-16 189736]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-04-23 206120]
"EverioService"="c:\program files (x86)\CyberLink\PCM4Everio\EverioService.exe" [2007-11-02 151552]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
.
c:\users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Gina\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-12-17 30714312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2008-12-18 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\rjatydimofu.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Gina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Gina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Gina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Gina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-11-04 182808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-27 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-27 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-27 202264]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:8080
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_1213b - c:\users\Gina\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
Toolbar-10 - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2014-01-13  12:18:14
ComboFix-quarantined-files.txt  2014-01-13 20:18
.
Pre-Run: 367,732,105,216 bytes free
Post-Run: 368,166,985,728 bytes free
.
- - End Of File - - 1A748E4A0B4D79309710E29069201E83
81CD5EC01DB0CE57EDD853F82462EF27
 
Back to Top
 

Plshlp
New Member


Date Joined Jan 2014
Total Posts : 12
 
   Posted 1/17/2014 8:11 PM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
Should anything further be done based on the ComboFix log and the fix list log posted 1/13?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12969
 
   Posted 1/18/2014 9:02 AM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
I´ve missed you, sorry blush



Yes, there is some folders there looks suspicious to me.



Download: Junk Removal Tool
To Desktop

Disable your Antivirus program if required
For vista and windows 7 right click on the tool and select run as administrator.

After the scan is completed, post the generated log here.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Plshlp
New Member


Date Joined Jan 2014
Total Posts : 12
 
   Posted 1/18/2014 8:30 PM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
Thank you.  Here is the log.  Note... I ran this tool a few days ago.... I will post that log as well as perhaps the suspicious folders were removed in that first run.
 
Today's log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Gina on Sat 01/18/2014 at  9:17:58.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

~~~ Services
 
~~~ Registry Values
 
~~~ Registry Keys
 
~~~ Files
 
~~~ Folders
 
~~~ Event Viewer Logs were cleared
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/18/2014 at  9:27:48.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Log earlier this week:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Gina on Thu 01/16/2014 at  8:58:56.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

~~~ Services
 
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}
 
~~~ Files
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
 
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Gina\AppData\Roaming\mywordtool"
Successfully deleted: [Folder] "C:\Users\Gina\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
 
~~~ Event Viewer Logs were cleared
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/16/2014 at  9:08:11.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12969
 
   Posted 1/19/2014 5:35 PM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
Please download RKill by Grinler from one of the 3 links below and save it to your desktop.

Rkill.exe - http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com - http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr - http://download.bleepingcomputer.com/grinler/rkill.scr


◾ Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

◾ Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)

◾ A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.

◾ If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


Please post the log it produce.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Plshlp
New Member


Date Joined Jan 2014
Total Posts : 12
 
   Posted 1/20/2014 2:42 AM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
Thank you.   Here is the log generated:
 
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 01/19/2014 03:39:14 PM in x64 mode.
Windows Version: Windows Vista (TM) Home Premium Service Pack 2
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * No malware processes found to kill.
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
 * Windows Defender Disabled
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
Searching for Missing Digital Signatures:
 * No issues found.
Checking HOSTS File:
 * HOSTS file entries found:
  127.0.0.1       localhost
Program finished at: 01/19/2014 03:40:11 PM
Execution time: 0 hours(s), 0 minute(s), and 57 seconds(s)
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12969
 
   Posted 1/20/2014 11:37 AM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
Nothing suspicious there, so please tell how things are running ?


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Plshlp
New Member


Date Joined Jan 2014
Total Posts : 12
 
   Posted 1/20/2014 8:10 PM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
I think it is running much better than it has in a long time.  Noticeably faster, and have not had the browser "hijacked" all week.  Maybe well enough to create a restore point in case my son accidentally downloads something again! (We think that is how all of this started)
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12969
 
   Posted 1/21/2014 12:19 PM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
Sounds good smile


Maybe well enough to create a restore point in case my son accidentally downloads something again! (We think that is how all of this started




Sound like a good idea to to create a restore point now.




Please download: Delfix


by "Xplode" to your Desktop.

Run the tool and check the following boxes below:

Remove disinfection tools
Create registry backup
Purge System Restore


Now click on "Run" button. Wait for the programme completes his work.

All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Plshlp
New Member


Date Joined Jan 2014
Total Posts : 12
 
   Posted 1/21/2014 6:17 PM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
Done. 
 
I wish to thank you again for all of the expertise you have shared with me to help resolve this issue.  I'm very grateful.  Best regards.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12969
 
   Posted 1/23/2014 2:12 AM (GMT +3)    Quote: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)Alert an admin about: Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
My pleasure smile




I´ll lock this topic, it you need it reopened, please PM me.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 
New Topic Locked Topic Printable version of : Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)
 
Forum Information
Currently it is Monday, April 21, 2014 5:06 AM (GMT +3)
There are a total of 60,362 posts in 13,273 threads.
In the last 3 days there were 1 new threads and 6 reply posts. View Active Threads
Who's Online
This forum has 35769 registered members. Please welcome our newest member, rakberes.
1 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard not shutting off Windows Firewall (0)4/20/2014 11:16:45 PM (VegemiteKid)
Internet connection intermittent (10)4/20/2014 10:26:47 AM (wafu)
Safe Results while surfing no longer show (15)4/18/2014 10:05:11 AM (DCR)