Constant redirection to ( )tursted.net; and click.cpvdr.com/redirect (hijacking?)

Posted 1/11/2014 12:57 PM
#96432
User avatar

Plshlp Valued member

Date Joined Nov 2016
Total Posts: 12
I have been having an issue where any webpage I attempt to visit results in my being redirected to somewhere with the URL ending in "tursted.net" (SIC). It typically takes 3-5 tries to reach the intended domain, and once there, attempts to work within the domain site (upload photos, etc.) will continue to result in redirection. I have also seen flash in the URL: "click.cpvdr.com/redirect." Additionally, we have recently found strange programs on the computer (weather bug, for example, which we uninstalled - I think). Finally, we are being slammed with pop-ups. If we have a virus, it appears to be preventing us from installing anti-malaware programs (including renaming anti-malaware software, as various forums have suggested, or installing "chameleon" versions). <br/> <br/>I can find very little information online regarding tursted.net - only one other post that I am not sure has been resolved. The PC is running Windows Vista 64 bit. The anti-virus software currently on the system is AVG. I have access to a clean PC for file download/transfer. If anyone it would be very much appreciated. I am not terribly savvy with computers (just a heads-up).
Posted 1/11/2014 2:14 PM
#96433
User avatar

Dickens Advanced member

Date Joined Nov 2016
Total Posts: 261
You could try installing the free version of Malwarebytes Anti-Malware from www.malwarebytes.org. <br/> <br/>You may need to do several full scans on the affected computer before any malware shows up.
Posted 1/11/2014 5:18 PM
#96434
User avatar

Plshlp Valued member

Date Joined Nov 2016
Total Posts: 12
Appreciate your reply, thank you. Prior to posting on this forum I tried installing Malwarebytes Anti-Malware - multiple times - (including renaming the file and downloading their chameleon versions) and I am unable to install. I always get an immediate error message that the files are corrupted, so based on what I have read, the virus may be interfering with my ability to install the program.
Posted 1/11/2014 6:44 PM
#96435
User avatar

Plshlp Valued member

Date Joined Nov 2016
Total Posts: 12
Based on advice by the forum moderator (Touch) to fsmhelpus regarding the same/similar issue, I followed the same instructions (not in safe mode) and downloaded/ran AdWCleaner and Farbar Recovery Scan Tool. The logs are posted below in the event someone who knows what they mean can read/comment/advise. Please note I had run the latter once before, so the Addition.txt log is from a different day. </div> <br/>AdWCleaner: <br/> <br/># AdwCleaner v3.016 - Report created 11/01/2014 at 10:17:52 <br/># Updated 23/12/2013 by Xplode <br/># Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits) <br/># Username : Gina - GINA-PC <br/># Running from : C:\Users\Gina\Desktop\Downloads per Forum\adwcleaner.exe <br/># Option : Clean <br/>***** [ Services ] ***** <br/> <br/>***** [ Files / Folders ] ***** <br/>[!] Folder Deleted : C:\ProgramData\apn <br/>[!] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar <br/>[!] Folder Deleted : C:\ProgramData\BitGuard <br/>[!] Folder Deleted : C:\ProgramData\boost_interprocess <br/>[!] Folder Deleted : C:\ProgramData\Browser Manager <br/>[!] Folder Deleted : C:\ProgramData\BrowserProtect <br/>[!] Folder Deleted : C:\ProgramData\PC Optimizer Pro <br/>[!] Folder Deleted : C:\ProgramData\TubeDimmer <br/>[!] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar <br/>[!] Folder Deleted : C:\Program Files (x86)\TidyNetwork <br/>[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search <br/>[!] Folder Deleted : C:\Program Files\PC Optimizer Pro <br/>[!] Folder Deleted : C:\Users\Gina\AppData\Local\AVG SafeGuard toolbar <br/>[!] Folder Deleted : C:\Users\Gina\AppData\Local\Conduit <br/>[!] Folder Deleted : C:\Users\Gina\AppData\Local\TidyNetwork <br/>[!] Folder Deleted : C:\Users\Gina\AppData\Local\Temp\apn <br/>[!] Folder Deleted : C:\Users\Gina\AppData\LocalLow\AVG SafeGuard toolbar <br/>[!] Folder Deleted : C:\Users\Gina\AppData\LocalLow\Conduit <br/>[!] Folder Deleted : C:\Users\Gina\AppData\LocalLow\searchresultstb <br/>[!] Folder Deleted : C:\Users\Gina\AppData\Roaming\iWin <br/>[!] Folder Deleted : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\imeshmusicboxtoolbarha <br/>[!] Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} <br/>[!] Folder Deleted : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\Extensions\tidynetwork@tidynetwork <br/>File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk <br/>File Deleted : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\.autoreg <br/>File Deleted : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\searchplugins\Conduit.xml <br/>File Deleted : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\searchplugins\safeguard-secure-search.xml <br/>File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml <br/>File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml <br/>File Deleted : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\searchplugins\safesearch.xml <br/>***** [ Shortcuts ] ***** <br/> <br/>***** [ Registry ] ***** <br/>Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] <br/>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof <br/>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL <br/>Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI <br/>Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1 <br/>Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj <br/>Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1 <br/>Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine <br/>Key Deleted : HKLM\SOFTWARE\Classes\iMesh.AudioCD <br/>Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho <br/>Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 <br/>Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol <br/>Key Deleted : HKLM\SOFTWARE\Classes\S <br/>Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi <br/>Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 <br/>Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE <br/>Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival <br/>Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] <br/>Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin <br/>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559434 <br/>Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater] <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} <br/>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} <br/>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} <br/>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} <br/>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} <br/>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} <br/>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} <br/>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} <br/>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} <br/>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} <br/>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} <br/>Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] <br/>Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} <br/>Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} <br/>Key Deleted : HKCU\Software\AVG SafeGuard toolbar <br/>Key Deleted : HKCU\Software\Imesh <br/>Key Deleted : HKCU\Software\pc optimizer pro <br/>Key Deleted : HKCU\Software\YahooPartnerToolbar <br/>Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine <br/>Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE <br/>Key Deleted : HKLM\Software\AVG SafeGuard toolbar <br/>Key Deleted : HKLM\Software\AVG Security Toolbar <br/>Key Deleted : HKLM\Software\Conduit <br/>Key Deleted : HKLM\Software\DataMngr <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam <br/>***** [ Browsers ] ***** <br/>-\\ Internet Explorer v9.0.8112.16526 <br/> <br/>-\\ Mozilla Firefox v20.0.1 (en-US) <br/>[ File : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\prefs.js ] <br/>Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); <br/>Line Deleted : user_pref("browser.search.defaultthis.engineName", "Hoyle Customized Web Search"); <br/>Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559434&SearchSource=3&q={searchTerms}"); <br/>************************* <br/>AdwCleaner[R0].txt - [14723 octets] - [11/01/2014 10:04:40] <br/>AdwCleaner[S0].txt - [13513 octets] - [11/01/2014 10:17:52] <br/>########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13574 octets] ########## <br/> <br/> <br/>FRST.txt <br/> <br/>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 05 <br/>Ran by Gina (administrator) on GINA-PC on 11-01-2014 10:25:15 <br/>Running from C:\Users\Gina\Desktop\Downloads per Forum <br/>Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English(US) <br/>Internet Explorer Version 9 <br/>Boot Mode: Normal <br/>==================== Processes (Whitelisted) ================= <br/>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe <br/>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe <br/>(Microsoft Corporation) C:\Windows\System32\SLsvc.exe <br/>(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe <br/>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe <br/>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe <br/>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe <br/>() C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe <br/>(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <br/>() C:\ProgramData\InternetUpdater\InternetUpdaterService.exe <br/>(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe <br/>(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe <br/>() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe <br/>() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe <br/>() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe <br/>() C:\ProgramData\GorillaPrice\WatGorp.exe <br/>(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe <br/>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe <br/>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe <br/>(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe <br/>(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe <br/>(Intel Corporation) C:\Windows\System32\hkcmd.exe <br/>(Intel Corporation) C:\Windows\System32\igfxpers.exe <br/>(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe <br/>(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe <br/>(Microsoft Corporation) C:\Windows\ehome\ehtray.exe <br/>(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe <br/>(Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe <br/>(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe <br/>(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe <br/>(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe <br/>(Dropbox, Inc.) C:\Users\Gina\AppData\Roaming\Dropbox\bin\Dropbox.exe <br/>(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe <br/>(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe <br/>(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe <br/>(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe <br/>(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe <br/>(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PCM4Everio\EverioService.exe <br/>(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe <br/>(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe <br/>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe <br/>(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe <br/>(Updater) C:\ProgramData\Updater\updater.exe <br/>(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe <br/>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe <br/>(Intel Corporation) C:\Windows\System32\igfxsrvc.exe <br/>(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe <br/>(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe <br/>(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe <br/>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe <br/>(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe <br/>(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe <br/>(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe <br/>(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe <br/>(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe <br/>(Microsoft Corporation) C:\Windows\System32\mobsync.exe <br/>(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe <br/>(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe <br/> <br/>==================== Registry (Whitelisted) ================== <br/>HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation) <br/>HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard) <br/>HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-11-03] (Intel Corporation) <br/>HKLM-x32\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) <br/>HKLM-x32\...\Run: [KBD] - C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe [12288 2008-07-21] (Microsoft) <br/>HKLM-x32\...\Run: [HP Health Check Scheduler] - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard) <br/>HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.) <br/>HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\Cyberlink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) <br/>HKLM-x32\...\Run: [UpdatePDIRShortCut] - C:\Program Files (x86)\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) <br/>HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.) <br/>HKLM-x32\...\Run: [TSMAgent] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-12-15] (CyberLink Corp.) <br/>HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-15] (CyberLink) <br/>HKLM-x32\...\Run: [DVDAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.) <br/>HKLM-x32\...\Run: [TVAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [206120 2009-04-22] (CyberLink Corp.) <br/>HKLM-x32\...\Run: [EverioService] - C:\Program Files (x86)\Cyberlink\PCM4Everio\EverioService.exe [151552 2007-11-01] (CyberLink Corp.) <br/>HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150016 2008-08-20] (Hewlett-Packard) <br/>HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.) <br/>HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard) <br/>HKLM-x32\...\Run: [] - [x] <br/>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) <br/>HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.) <br/>HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) <br/>HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.) <br/>HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.) <br/>HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) <br/>HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater) <br/>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) <br/>HKCU\...\Run: [HPAdvisor] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard) <br/>HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) <br/>HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17093512 2011-06-15] (Skype Technologies S.A.) <br/>HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe <br/>HKCU\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [41984 2008-01-20] (Microsoft Corporation) <br/>HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-02-11] (Google Inc.) <br/>HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.) <br/>HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater) <br/>MountPoints2: {33d56465-43c3-11de-9ce6-00248c6d050d} - K:\LaunchU3.exe -a <br/>MountPoints2: {e685d84c-3562-11df-b835-00248c6d050d} - "K:\WD SmartWare.exe" autoplay=true <br/>MountPoints2: {f57af4e6-4ef4-11de-aa1d-00248c6d050d} - Q:\LaunchU3.exe -a <br/>MountPoints2: {fe011fc8-3e9c-11de-811b-00248c6d050d} - F:\LaunchU3.exe -a <br/>HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard) <br/>HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard) <br/>AppInit_DLLs: [ ] () <br/>AppInit_DLLs-x32: [ ] () <br/>Startup: C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk <br/>ShortcutTarget: Dropbox.lnk -> C:\Users\Gina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) <br/>==================== Internet (Whitelisted) ==================== <br/>ProxyEnable: Internet Explorer proxy is enabled. <br/>ProxyServer: http=127.0.0.1:8080 <br/>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank <br/>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt <br/>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt <br/>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt <br/>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt <br/>URLSearchHook: HKCU - (No Name) - {64b507cd-5eb6-4217-aef4-c88b4fcfb77b} - No File <br/>StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe <br/>SearchScopes: HKLM - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = [url=http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd]http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd[/url] <br/>SearchScopes: HKLM - {DBCE9E38-7A69-483D-98C9-53252C19C3C2} URL = [url=http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF]http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF[/url] <br/>SearchScopes: HKLM-x32 - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = [url=http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd]http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd[/url] <br/>SearchScopes: HKLM-x32 - {DBCE9E38-7A69-483D-98C9-53252C19C3C2} URL = [url=http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF]http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF[/url] <br/>SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <br/>SearchScopes: HKCU - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = [url=http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd]http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd[/url] <br/>SearchScopes: HKCU - {0A85C0D6-CE20-4409-8103-4E6E8CB6A9CA} URL = [url=http://www.search.ask.com/web?p2=%5EADM%5EOSJ000%5EYY%5EUS&gct=&itbv=12.6.0.11&o=APN10614&tpid=ORJ-V7&apn_uid=88BADF18-C07C-4A42-BF12-F386BBCC51F3&apn_ptnrs=ADM&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16514&doi=2013-11-14&trgb=IE&q={searchTerms}&psv]http://www.search.ask.com/web?p2=%5EADM%5EOSJ000%5EYY%5EUS&gct=&itbv=12.6.0.11&o=APN10614&tpid=ORJ-V7&apn_uid=88BADF18-C07C-4A42-BF12-F386BBCC51F3&apn_ptnrs=ADM&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16514&doi=2013-11-14&trgb=IE&q={searchTerms}&psv[/url]= <br/>SearchScopes: HKCU - {5BE26BA0-629F-4AA9-BA7F-56A3617CCC81} URL = [url=http://www.google.com/search?hl=en&q={searchTerms}&aq=f&oq=&rlz=1I7GGHP_enUS366]http://www.google.com/search?hl=en&q={searchTerms}&aq=f&oq=&rlz=1I7GGHP_enUS366[/url] <br/>BHO: TidyNetwork - {039F08A7-B14C-34A3-EABC-CEB96038A1A4} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File <br/>BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) <br/>BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) <br/>BHO-x32: TidyNetwork - {039F08A7-B14C-34A3-EABC-CEB96038A1A4} - C:\Program Files (x86)\TidyNetwork\petn.dll No File <br/>BHO-x32: MyWordTool - {45470599-8237-486D-87B5-E89CD6AED154} - C:\Users\Gina\AppData\Roaming\MyWordTool\temp.dat () <br/>BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.) <br/>BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) <br/>BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) <br/>BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) <br/>BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) <br/>BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) <br/>Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) <br/>Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) <br/>Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) <br/>Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File <br/>Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation) <br/>Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) <br/>Toolbar: HKCU - No Name - {64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} - No File <br/>Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File <br/>DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab <br/>DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB <br/>DPF: HKLM-x32 {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab <br/>DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab <br/>DPF: HKLM-x32 {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB <br/>DPF: HKLM-x32 {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab <br/>DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab <br/>DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1 <br/>FireFox: <br/>======== <br/>FF ProfilePath: C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default <br/>FF SelectedSearchEngine: Google <br/>FF Homepage: www.google.com <br/>FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () <br/>FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () <br/>FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () <br/>FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) <br/>FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) <br/>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) <br/>FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) <br/>FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) <br/>FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) <br/>FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) <br/>FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll () <br/>FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) <br/>FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) <br/>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.) <br/>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) <br/>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) <br/>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) <br/>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) <br/>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) <br/>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) <br/>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) <br/>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) <br/>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) <br/>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) <br/>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml <br/>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml <br/>FF Extension: MyWordTool - C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\Extensions\emily@wilford.biz [2013-12-11] <br/>FF Extension: Tube Dimmer - C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\Extensions\support@tubedimmerapp.com [2013-12-11] <br/>FF Extension: Microsoft .NET Framework Assistant - C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\in2mo275.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-03-01] <br/>FF Extension: MyWordTool - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\emily@wilford.biz [2013-12-11] <br/>FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ <br/>FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] <br/>FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ <br/>FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 <br/>FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-16] <br/>FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension <br/>FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-05-09] <br/>FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox <br/>FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21] <br/>FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 <br/>FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-16] <br/>==================== Services (Whitelisted) ================= <br/>R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) <br/>R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) <br/>R2 GorillaPrice; C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe [625152 2013-11-11] () <br/>S3 ICDSPTSV; C:\Windows\SysWOW64\IcdSptSv.exe [99688 2009-08-06] (Sony Corporation) <br/>R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [40448 2013-12-05] () <br/>R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.) <br/>R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [247152 2008-12-03] () <br/>R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2009-04-22] () <br/>R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116104 2009-04-22] () <br/>R2 WatGorp; C:\ProgramData\GorillaPrice\WatGorp.exe [70144 2013-11-05] () <br/>S2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x] <br/>==================== Drivers (Whitelisted) ==================== <br/>R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.) <br/>R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.) <br/>R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.) <br/>R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.) <br/>R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) <br/>R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) <br/>R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) <br/>R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) <br/>R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-21] (AVG Technologies) <br/>R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] () <br/>R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.) <br/>S3 IpInIp; system32\DRIVERS\ipinip.sys [x] <br/>S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] <br/>S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] <br/>==================== NetSvcs (Whitelisted) =================== <br/> <br/>==================== One Month Created Files and Folders ======== <br/>2014-01-11 10:21 - 2014-01-11 10:21 - 00013663 _____ C:\Users\Gina\Desktop\AdwCleaner[S0].txt <br/>2014-01-11 10:20 - 2014-01-11 10:20 - 00000000 ____D C:\ProgramData\TubeDimmer <br/>2014-01-11 10:19 - 2014-01-11 10:19 - 00000000 ____D C:\ProgramData\boost_interprocess <br/>2014-01-11 10:04 - 2014-01-11 10:18 - 00000000 ____D C:\AdwCleaner <br/>2014-01-11 09:56 - 2014-01-11 10:25 - 00000000 ____D C:\Users\Gina\Desktop\Downloads per Forum <br/>2014-01-07 15:25 - 2014-01-07 15:25 - 09355359 _____ (SUPERAntiSpyware) C:\Users\Gina\Downloads\SUPERAntiSpyware (2).exe <br/>2014-01-07 15:24 - 2014-01-11 10:00 - 00002048 _____ C:\Uninstall.dat <br/>2014-01-07 15:24 - 2014-01-07 15:24 - 09793359 _____ (SUPERAntiSpyware) C:\Users\Gina\Downloads\SUPERAntiSpyware (1).exe <br/>2014-01-07 15:12 - 2014-01-11 09:57 - 00000000 ____D C:\Users\Gina\Desktop\FRST-OlderVersion <br/>2014-01-07 15:06 - 2014-01-11 09:57 - 00000000 ____D C:\FRST <br/>2014-01-06 12:34 - 2014-01-06 12:34 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Gina\Desktop\mbam-clean-1.60.2.0003.exe <br/>2014-01-06 12:20 - 2014-01-06 12:21 - 09998080 _____ (Malwarebytes Corporation ) C:\Users\Gina\Downloads\mbam-setup-1.75.0.1300.exe <br/>2013-12-25 09:59 - 2013-12-25 09:59 - 00000000 ____D C:\ProgramData\InternetUpdater <br/>2013-12-23 09:00 - 2014-01-09 16:02 - 00000000 ____D C:\Users\Gina\AppData\Local\Adobe <br/>2013-12-16 18:44 - 2013-12-16 18:44 - 00000000 ____D C:\Users\Gina\AppData\Local\Apple <br/>2013-12-14 14:18 - 2013-12-14 14:18 - 00000000 ____D C:\Users\Gina\AppData\Local\Apple Computer <br/>2013-12-13 18:22 - 2014-01-11 10:01 - 00000000 ____D C:\Users\Gina\Desktop\Prostvac <br/>2013-12-13 15:06 - 2013-11-14 18:09 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll <br/>2013-12-13 15:06 - 2013-11-14 17:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll <br/>2013-12-13 15:06 - 2013-11-14 17:37 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll <br/>2013-12-13 15:06 - 2013-11-14 17:29 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll <br/>2013-12-13 15:06 - 2013-11-14 17:29 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll <br/>2013-12-13 15:06 - 2013-11-14 17:28 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl <br/>2013-12-13 15:06 - 2013-11-14 17:28 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll <br/>2013-12-13 15:06 - 2013-11-14 17:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll <br/>2013-12-13 15:06 - 2013-11-14 17:22 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe <br/>2013-12-13 15:06 - 2013-11-14 17:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll <br/>2013-12-13 15:06 - 2013-11-14 17:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll <br/>2013-12-13 15:06 - 2013-11-14 17:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll <br/>2013-12-13 15:06 - 2013-11-14 17:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll <br/>2013-12-13 15:06 - 2013-11-14 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb <br/>2013-12-13 15:06 - 2013-11-14 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll <br/>2013-12-13 15:06 - 2013-11-14 17:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll <br/>2013-12-13 15:06 - 2013-11-14 15:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll <br/>2013-12-13 15:06 - 2013-11-14 14:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll <br/>2013-12-13 15:06 - 2013-11-14 14:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll <br/>2013-12-13 15:06 - 2013-11-14 14:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll <br/>2013-12-13 15:06 - 2013-11-14 14:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl <br/>2013-12-13 15:06 - 2013-11-14 14:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll <br/>2013-12-13 15:06 - 2013-11-14 14:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll <br/>2013-12-13 15:06 - 2013-11-14 14:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll <br/>2013-12-13 15:06 - 2013-11-14 14:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll <br/>2013-12-13 15:06 - 2013-11-14 14:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll <br/>2013-12-13 15:06 - 2013-11-14 14:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe <br/>2013-12-13 15:06 - 2013-11-14 14:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll <br/>2013-12-13 15:06 - 2013-11-14 14:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll <br/>2013-12-13 15:06 - 2013-11-14 14:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll <br/>2013-12-13 15:06 - 2013-11-14 14:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb <br/>2013-12-13 15:06 - 2013-11-14 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll <br/>==================== One Month Modified Files and Folders ======= <br/>2014-01-11 10:25 - 2014-01-11 09:56 - 00000000 ____D C:\Users\Gina\Desktop\Downloads per Forum <br/>2014-01-11 10:24 - 2009-04-09 12:23 - 01313252 _____ C:\Windows\WindowsUpdate.log <br/>2014-01-11 10:23 - 2009-03-07 12:03 - 00003576 _____ C:\Windows\System32\Tasks\HP Health Check <br/>2014-01-11 10:21 - 2014-01-11 10:21 - 00013663 _____ C:\Users\Gina\Desktop\AdwCleaner[S0].txt <br/>2014-01-11 10:21 - 2013-10-10 17:09 - 00000000 ____D C:\Users\Gina\AppData\Roaming\Dropbox <br/>2014-01-11 10:21 - 2010-02-11 08:06 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>2014-01-11 10:20 - 2014-01-11 10:20 - 00000000 ____D C:\ProgramData\TubeDimmer <br/>2014-01-11 10:19 - 2014-01-11 10:19 - 00000000 ____D C:\ProgramData\boost_interprocess <br/>2014-01-11 10:19 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT <br/>2014-01-11 10:19 - 2006-11-02 07:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 <br/>2014-01-11 10:19 - 2006-11-02 07:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 <br/>2014-01-11 10:18 - 2014-01-11 10:04 - 00000000 ____D C:\AdwCleaner <br/>2014-01-11 10:18 - 2006-11-02 07:42 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT <br/>2014-01-11 10:11 - 2012-04-16 20:32 - 00000336 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job <br/>2014-01-11 10:01 - 2013-12-13 18:22 - 00000000 ____D C:\Users\Gina\Desktop\Prostvac <br/>2014-01-11 10:01 - 2009-12-24 07:50 - 00000000 ____D C:\Users\Gina\Documents\Madison's folder <br/>2014-01-11 10:00 - 2014-01-07 15:24 - 00002048 _____ C:\Uninstall.dat <br/>2014-01-11 09:59 - 2013-06-12 15:48 - 00000000 ____D C:\ProgramData\MFAData <br/>2014-01-11 09:57 - 2014-01-07 15:12 - 00000000 ____D C:\Users\Gina\Desktop\FRST-OlderVersion <br/>2014-01-11 09:57 - 2014-01-07 15:06 - 00000000 ____D C:\FRST <br/>2014-01-11 09:56 - 2010-02-11 08:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>2014-01-10 20:36 - 2012-04-17 13:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job <br/>2014-01-10 15:53 - 2010-04-29 20:35 - 00000000 ____D C:\Users\Gina\AppData\Local\CrashDumps <br/>2014-01-10 15:04 - 2011-04-28 09:19 - 00003678 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D548582C-251D-416E-9C64-2B58D24D054B} <br/>2014-01-10 11:56 - 2013-10-10 17:12 - 00000000 ___RD C:\Users\Gina\Dropbox <br/>2014-01-10 09:08 - 2013-11-10 14:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox <br/>2014-01-09 20:16 - 2012-09-16 10:48 - 00000000 ____D C:\Users\Gina\AppData\Roaming\.minecraft <br/>2014-01-09 16:02 - 2013-12-23 09:00 - 00000000 ____D C:\Users\Gina\AppData\Local\Adobe <br/>2014-01-07 15:25 - 2014-01-07 15:25 - 09355359 _____ (SUPERAntiSpyware) C:\Users\Gina\Downloads\SUPERAntiSpyware (2).exe <br/>2014-01-07 15:24 - 2014-01-07 15:24 - 09793359 _____ (SUPERAntiSpyware) C:\Users\Gina\Downloads\SUPERAntiSpyware (1).exe <br/>2014-01-06 12:50 - 2013-06-28 16:39 - 00630318 _____ C:\Windows\PFRO.log <br/>2014-01-06 12:34 - 2014-01-06 12:34 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Gina\Desktop\mbam-clean-1.60.2.0003.exe <br/>2014-01-06 12:21 - 2014-01-06 12:20 - 09998080 _____ (Malwarebytes Corporation ) C:\Users\Gina\Downloads\mbam-setup-1.75.0.1300.exe <br/>2014-01-06 12:20 - 2006-11-02 04:46 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI <br/>2014-01-06 10:54 - 2012-03-18 21:27 - 00000000 ____D C:\Users\Gina\Xander <br/>2014-01-06 10:34 - 2011-09-18 04:38 - 00000000 ____D C:\Users\Gina\AppData\Roaming\HpUpdate <br/>2013-12-30 13:27 - 2011-06-20 19:12 - 00000000 ____D C:\Users\Gina\AppData\Roaming\Skype <br/>2013-12-27 09:55 - 2013-11-21 03:01 - 00000000 ____D C:\Program Files (x86)\PasswordBox <br/>2013-12-25 12:49 - 2013-06-28 15:51 - 00007155 _____ C:\Windows\setupact.log <br/>2013-12-25 09:59 - 2013-12-25 09:59 - 00000000 ____D C:\ProgramData\InternetUpdater <br/>2013-12-19 12:44 - 2013-10-10 17:10 - 00000000 ____D C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox <br/>2013-12-19 12:44 - 2009-05-11 16:41 - 00000000 ___RD C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup <br/>2013-12-16 18:44 - 2013-12-16 18:44 - 00000000 ____D C:\Users\Gina\AppData\Local\Apple <br/>2013-12-15 21:31 - 2013-07-18 02:00 - 00000000 ____D C:\Windows\system32\MRT <br/>2013-12-15 21:27 - 2006-11-02 04:35 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe <br/>2013-12-15 21:17 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\PolicyDefinitions <br/>2013-12-14 14:18 - 2013-12-14 14:18 - 00000000 ____D C:\Users\Gina\AppData\Local\Apple Computer <br/>2013-12-13 15:43 - 2006-11-02 07:21 - 00357984 _____ C:\Windows\system32\FNTCACHE.DAT <br/>2013-12-13 15:40 - 2009-03-07 11:13 - 00000000 ____D C:\Windows\SysWOW64\RTCOM <br/>2013-12-13 15:08 - 2009-08-28 16:07 - 00000000 ____D C:\ProgramData\Microsoft Help <br/>Files to move or delete: <br/>==================== <br/>C:\Users\Gina\PSE7_WIN_TB_WWE.exe <br/>C:\Users\Gina\PSE7_WIN_WWE.exe <br/> <br/>Some content of TEMP: <br/>==================== <br/>C:\Users\Gina\AppData\Local\Temp\APNSetup.exe <br/>C:\Users\Gina\AppData\Local\Temp\BundleSweetIMSetup.exe <br/>C:\Users\Gina\AppData\Local\Temp\Delta.exe <br/>C:\Users\Gina\AppData\Local\Temp\DeltaTB.exe <br/>C:\Users\Gina\AppData\Local\Temp\lowproc.exe <br/>C:\Users\Gina\AppData\Local\Temp\MybabylonTB.exe <br/>C:\Users\Gina\AppData\Local\Temp\Quarantine.exe <br/>C:\Users\Gina\AppData\Local\Temp\stubhelper.dll <br/>C:\Users\Gina\AppData\Local\Temp\WSSetup.exe <br/> <br/>==================== Bamital & volsnap Check ================= <br/>C:\Windows\System32\winlogon.exe => MD5 is legit <br/>C:\Windows\System32\wininit.exe => MD5 is legit <br/>C:\Windows\SysWOW64\wininit.exe => MD5 is legit <br/>C:\Windows\explorer.exe => MD5 is legit <br/>C:\Windows\SysWOW64\explorer.exe => MD5 is legit <br/>C:\Windows\System32\svchost.exe => MD5 is legit <br/>C:\Windows\SysWOW64\svchost.exe => MD5 is legit <br/>C:\Windows\System32\services.exe => MD5 is legit <br/>C:\Windows\System32\User32.dll => MD5 is legit <br/>C:\Windows\SysWOW64\User32.dll => MD5 is legit <br/>C:\Windows\System32\userinit.exe => MD5 is legit <br/>C:\Windows\SysWOW64\userinit.exe => MD5 is legit <br/>C:\Windows\System32\rpcss.dll => MD5 is legit <br/>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit <br/> <br/>LastRegBack: 2014-01-11 10:25 <br/>==================== End Of Log ============================ <br/> <br/>Addition.txt <br/> <br/>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014 <br/>Ran by Gina at 2014-01-07 15:07:06 <br/>Running from C:\Users\Gina\Desktop <br/>Boot Mode: Normal <br/>========================================================== <br/> <br/>==================== Security Center ======================== <br/>AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} <br/>AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} <br/>==================== Installed Programs ====================== <br/> Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft) <br/>64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden <br/>Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden <br/>Acrobat.com (x32 Version: 2.0.0.0 - Adobe Systems Incorporated) <br/>ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden <br/>Adobe AIR (x32 Version: 3.3.0.3650 - Adobe Systems Incorporated) <br/>Adobe AIR (x32 Version: 3.3.0.3650 - Adobe Systems Incorporated) Hidden <br/>Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) <br/>Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) <br/>Adobe Photoshop Elements 7.0 (x32 Version: 7.0 - Adobe Systems Incorporated) <br/>Adobe Photoshop Elements 7.0 (x32 Version: 7.0.0.3 - Adobe Systems Incorporated) Hidden <br/>Adobe Photoshop.com Inspiration Browser (x32 Version: 2.61 - Adobe Systems Incorporated) <br/>Adobe Reader X (10.1.8) (x32 Version: 10.1.8 - Adobe Systems Incorporated) <br/>Apple Application Support (x32 Version: 2.1.9 - Apple Inc.) <br/>Apple Mobile Device Support (Version: 5.2.0.6 - Apple Inc.) <br/>Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.) <br/>AVG 2014 (Version: 14.0.3658 - AVG Technologies) Hidden <br/>AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden <br/>AVG 2014 (Version: 2014.0.4259 - AVG Technologies) <br/>AVG SafeGuard toolbar (x32 Version: 17.1.3.3 - AVG Technologies) <br/>Bonjour (Version: 3.0.0.10 - Apple Inc.) <br/>BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden <br/>C309a (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden <br/>C4600 (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden <br/>Cisco Connect (x32 Version: 1.2.10260.0 - Cisco Consumer Products LLC) <br/>Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation) <br/>Coupon Printer for Windows (x32 Version: 5.0.0.0 - Coupons.com Incorporated) <br/>Cricut DesignStudio (x32 Version: - ) <br/>CyberLink DVD Suite Deluxe (x32 Version: 6.0.2326 - CyberLink Corp.) <br/>CyberLink DVD Suite Deluxe (x32 Version: 6.0.2326 - CyberLink Corp.) Hidden <br/>Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden <br/>DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden <br/>Digital Photo Navigator 1.5 (x32 Version: - ) <br/>Digital Voice Editor 3 (x32 Version: 3.3.00.05270 - Sony Corporation) <br/>DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden <br/>DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden <br/>Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.) <br/>Enhanced Multimedia Keyboard Solution (x32 Version: 1.0.9.2 - Hewlett-Packard) <br/>Fax (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden <br/>Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden <br/>Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.) <br/>Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden <br/>GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden <br/>Hardware Diagnostic Tools (Version: 5.1.5048.14 - PC-Doctor, Inc.) <br/>HP Active Support Library (x32 Version: 3.1.10.1 - Hewlett-Packard) <br/>HP Customer Experience Enhancements (x32 Version: 5.7.0.2875 - Hewlett-Packard) <br/>HP Customer Participation Program 14.0 (Version: 14.0 - HP) <br/>HP Demo (x32 Version: 1.00.0000 - Hewlett-Packard) <br/>HP Games (x32 Version: 1.0.0.71 - WildTangent) <br/>HP Imaging Device Functions 14.0 (Version: 14.0 - HP) <br/>HP MediaSmart DVD (x32 Version: 2.1.2717 - Hewlett-Packard) <br/>HP MediaSmart DVD (x32 Version: 2.1.2717 - Hewlett-Packard) Hidden <br/>HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2415 - Hewlett-Packard) <br/>HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2415 - Hewlett-Packard) Hidden <br/>HP MediaSmart SmartMenu (Version: 2.1.7 - Hewlett-Packard) <br/>HP MediaSmart TV (x32 Version: 2.2.1622 - Hewlett-Packard) <br/>HP MediaSmart TV (x32 Version: 2.2.1622 - Hewlett-Packard) Hidden <br/>HP Odometer (x32 Version: 2.10.0000 - Hewlett-Packard) <br/>HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0 - Hewlett-Packard Co.) <br/>HP Officejet Pro 8600 Help (x32 Version: 140.0.2.2 - Hewlett Packard) <br/>HP Officejet Pro 8600 Product Improvement Study (Version: 25.0.619.0 - Hewlett-Packard Co.) <br/>HP Photo Creations (x32 Version: 1.0.0.11942 - HP) <br/>HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5 (Version: 12.0 - HP) <br/>HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5 (Version: 14.0 - HP) <br/>HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (Version: 13.0 - HP) <br/>HP Photosmart Essential 3.5 (Version: 3.5 - HP) <br/>HP Picasso Media Center Add-In (x32 Version: 9.1.7.0 - Hewlett-Packard Development Company, L.P.) Hidden <br/>HP RC Mirror Driver (x32 Version: 2.0.0.1 - Hewlett-Packard) Hidden <br/>HP Recovery Manager RSS (x32 Version: 92.0.0.9 - Hewlet Packard Company) Hidden <br/>HP Smart Web Printing 4.60 (Version: 4.60 - HP) <br/>HP Solution Center 14.0 (Version: 14.0 - HP) <br/>HP Support Information (x32 Version: 10.1.0001 - Hewlett-Packard) <br/>HP Total Care Advisor (x32 Version: 2.4.6171.2860 - Hewlett-Packard) <br/>HP Total Care Setup (x32 Version: 1.1.2413.2876 - Hewlett-Packard Company) <br/>HP Update (x32 Version: 5.003.003.001 - Hewlett-Packard) <br/>HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden <br/>HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden <br/>HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden <br/>HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden <br/>HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden <br/>hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden <br/>HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden <br/>HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden <br/>HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden <br/>hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden <br/>I.R.I.S. OCR (x32 Version: 12.3.4.0 - HP) <br/>Intel(R) Graphics Media Accelerator Driver (Version: - Intel Corporation) <br/>Intel® Matrix Storage Manager (Version: - Intel Corporation) <br/>Internet Updater (x32 Version: 2.6.52 - Parallel Lines Development, LLC) <==== ATTENTION <br/>IrfanView (remove only) (x32 Version: 4.32 - Irfan Skiljan) <br/>iTunes (Version: 10.6.3.25 - Apple Inc.) <br/>Java 7 Update 45 (x32 Version: 7.0.450 - Oracle) <br/>Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden <br/>Java(TM) 6 Update 29 (x32 Version: 6.0.290 - Sun Microsystems, Inc.) <br/>LabelPrint (x32 Version: 2.5.1103 - CyberLink Corp.) <br/>LabelPrint (x32 Version: 2.5.1103 - CyberLink Corp.) Hidden <br/>LightScribe System Software (x32 Version: 1.18.3.2 - LightScribe) <br/>MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden <br/>Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation) <br/>Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden <br/>Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) <br/>Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden <br/>Microsoft Live Search Toolbar (x32 Version: 3.0.541.0 - Microsoft Corporation) <br/>Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden <br/>Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation) <br/>Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) <br/>Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Home and Student 60 day trial (Version: - ) <br/>Microsoft Office Labs Search Commands (x32 Version: 1.5.0.6 - Microsoft Office Labs) <br/>Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000 - Microsoft Corporation) <br/>Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <br/>Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden <br/>Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Silverlight (x32 Version: 5.1.20913.0 - Microsoft Corporation) <br/>Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation) <br/>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation) <br/>Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) <br/>Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation) <br/>Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation) <br/>Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) <br/>Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) <br/>Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) <br/>Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) <br/>Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation) <br/>Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation) <br/>Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation) <br/>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation) <br/>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation) <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) <br/>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) <br/>Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation) <br/>MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.) <br/>Mozilla Firefox 20.0.1 (x86 en-US) (x32 Version: 20.0.1 - Mozilla) <br/>Mozilla Maintenance Service (x32 Version: 20.0.1 - Mozilla) <br/>MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) <br/>MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) <br/>muvee Reveal (x32 Version: 7.0.35.7918 - muvee Technologies Pte Ltd) <br/>MyWordTool (HKCU Version: 1 - http://www.mywordtool.com) <br/>Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden <br/>OCR Software by I.R.I.S. 14.0 (Version: 14.0 - HP) <br/>Open Downloader Manager (x32 Version: - ) <br/>PhotoshopdotcomInspirationBrowser (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden <br/>PictureMover (x32 Version: 3.3.1.11 - Hewlett-Packard Company) <br/>Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) <br/>Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden <br/>PowerCinema NE for Everio (x32 Version: - ) <br/>PowerDirector (x32 Version: 7.0.2417 - CyberLink Corp.) <br/>PowerDirector (x32 Version: 7.0.2417 - CyberLink Corp.) Hidden <br/>PowerDirector Express (x32 Version: - ) <br/>PowerProducer (x32 Version: 074511a(3.7)_Vista_JVC - CyberLink Corp.) <br/>PS_AIO_05_C309_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden <br/>PS_AIO_05_C4600_Software_Min (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden <br/>Python 2.6.1 (x32 Version: 2.6.1150 - Python Software Foundation) <br/>QuickTime (x32 Version: 7.72.80.56 - Apple Inc.) <br/>QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden <br/>Realtek High Definition Audio Driver (x32 Version: 6.0.1.5789 - Realtek Semiconductor Corp.) <br/>Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden <br/>Scholastic's I SPY Fantasy (x32 Version: - ) <br/>Scholastic's I SPY Mystery (x32 Version: - ) <br/>Scholastic's I SPY Spooky Mansion Deluxe (x32 Version: - ) <br/>Scholastic's I SPY Treasure Hunt (x32 Version: 1.0 - Scholastic Inc.) <br/>Shop for HP Supplies (Version: 14.0 - HP) <br/>Skype™ 5.3 (x32 Version: 5.3.120 - Skype Technologies S.A.) <br/>SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden <br/>SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden <br/>Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated) <br/>Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden <br/>TidyNetwork (HKCU Version: - TidyNetwork) <br/>Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden <br/>TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden <br/>Tube Dimmer (x32 Version: 2.6.43 - Creative Island Media, LLC) <br/>Unity Web Player (HKCU Version: - Unity Technologies ApS) <br/>UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden <br/>Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft) <br/>Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1 - Microsoft Corporation) <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation) <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation) <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation) <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation) <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) <br/>Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft) <br/>Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft) <br/>Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft) <br/>Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version: - Microsoft) <br/>Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft) <br/>Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft) <br/>Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft) <br/>Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden <br/>Updater (x32 Version: 2.6.43 - Creative Island Media, LLC) <br/>Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies) <br/>Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies) <br/>Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) <br/>WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden <br/>WildTangent Games App (HP Games) (x32 Version: 4.0.5.14 - WildTangent) <br/>Windows Speech Recognition Macros (x32 Version: 1.0.6862.19 - Microsoft Corporation) <br/>WinRAR 4.10 beta 5 (32-bit) (x32 Version: 4.10.5 - win.rar GmbH) <br/>Your Uninstaller! 7 (x32 Version: 7.5.2013.2 - URSoft, Inc.) <br/>==================== Restore Points ========================= <br/>21-12-2013 18:34:42 Windows Update <br/>23-12-2013 00:34:54 Windows Update <br/>23-12-2013 15:40:29 Windows Update <br/>25-12-2013 17:54:46 Windows Update <br/>26-12-2013 17:58:57 Windows Update <br/>27-12-2013 16:54:34 Windows Update <br/>28-12-2013 18:51:30 Windows Update <br/>30-12-2013 16:58:20 Windows Update <br/>01-01-2014 04:30:46 Windows Update <br/>01-01-2014 20:34:08 Windows Update <br/>06-01-2014 18:31:38 Windows Update <br/>07-01-2014 17:58:08 Windows Update <br/>==================== Hosts content: ========================== <br/>2006-11-02 04:34 - 2006-09-18 13:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts <br/>127.0.0.1 localhost <br/>::1 localhost <br/>==================== Scheduled Tasks (whitelisted) ============= <br/>Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM <br/>Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages <br/>Task: {20775073-5623-493F-AA21-AAED7EC0ACA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11] (Google Inc.) <br/>Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation) <br/>Task: {3FFEF1B7-70BC-4461-99F2-55F23DC32AF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11] (Google Inc.) <br/>Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries <br/>Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI <br/>Task: {8355B68F-0C9F-4CE9-9608-A227D17A0D54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) <br/>Task: {8E8A672F-EF45-42E9-95F8-ADB50ED1A6ED} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.) <br/>Task: {960ADB34-7009-4A97-9DE9-F0A91BE6D3DF} - System32\Tasks\HP Health Check => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard) <br/>Task: {98934872-56BF-4CB1-8C7B-B03C6B921992} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) <br/>Task: {99FD2E75-4984-40AC-A6F3-778C65036A02} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-07-09] () <br/>Task: {C36BBC40-ADC2-4800-9FE8-C89BE45CF455} - System32\Tasks\hpUrlLauncher.exe_{992CCDE3-DA97-4038-AB96-62A2886F997D} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2011-09-09] (Hewlett-Packard Co.) <br/>Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] () <br/>Task: {F4263AC2-73BE-46BC-BF60-B0699E5D91E6} - System32\Tasks\TidyNetwork Update => C:\Users\Gina\AppData\Local\TidyNetwork\petnupdate.exe [2013-12-11] () <br/>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <br/>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe <br/>==================== Loaded Modules (whitelisted) ============= <br/>2011-12-25 16:16 - 2011-12-15 12:38 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll <br/>2009-04-22 21:52 - 2009-04-22 21:52 - 00074536 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus64.dll <br/>==================== Alternate Data Streams (whitelisted) ========= <br/>AlternateDataStreams: C:\Windows\SysWOW64\CN2AIB4G7Z05KD:NW <br/>AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 <br/>==================== Safe Mode (whitelisted) =================== <br/> <br/>==================== Faulty Device Manager Devices ============= <br/>Name: HP Photosmart C309a <br/>Description: HP Photosmart C309a <br/>Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} <br/>Manufacturer: Hewlett-Packard <br/>Service: StillCam <br/>Problem: : This device is disabled. (Code 22) <br/>Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. <br/>Name: Photosmart C309a series <br/>Description: Photosmart C309a series <br/>Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} <br/>Manufacturer: HP <br/>Service: <br/>Problem: : This device is disabled. (Code 22) <br/>Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. <br/>Name: Photosmart 7510 series <br/>Description: Photosmart 7510 series <br/>Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} <br/>Manufacturer: HP <br/>Service: <br/>Problem: : This device is disabled. (Code 22) <br/>Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. <br/>Name: Officejet Pro 8600 <br/>Description: Officejet Pro 8600 <br/>Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} <br/>Manufacturer: HP <br/>Service: <br/>Problem: : This device is disabled. (Code 22) <br/>Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. <br/>Name: <br/>Description: <br/>Class Guid: <br/>Manufacturer: <br/>Service: <br/>Problem: : The drivers for this device are not installed. (Code 28) <br/>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. <br/>Name: <br/>Description: <br/>Class Guid: <br/>Manufacturer: <br/>Service: <br/>Problem: : The drivers for this device are not installed. (Code 28) <br/>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. <br/> <br/>==================== Event log errors: ========================= <br/>Application errors: <br/>================== <br/>Error: (01/07/2014 09:54:55 AM) (Source: WinMgmt) (User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/>Error: (01/06/2014 08:50:41 PM) (Source: Application Error) (User: ) <br/>Description: Faulting application GorillaPrice.exe, version 0.0.0.0, time stamp 0x5280f6d4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, <br/>process id 0x14ec, application start time 0xGorillaPrice.exe0. <br/>Error: (01/06/2014 00:51:07 PM) (Source: WinMgmt) (User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/>Error: (01/06/2014 00:44:51 PM) (Source: Application Hang) (User: ) <br/>Description: The program HPAdvisor.exe version 2.4.6171.2860 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. <br/>Process ID: 1110 <br/>Start Time: 01cf0b1fd071b7e9 <br/>Termination Time: 34 <br/>Error: (01/06/2014 00:42:43 PM) (Source: WinMgmt) (User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/>Error: (01/06/2014 10:28:39 AM) (Source: WinMgmt) (User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/>Error: (01/01/2014 00:32:14 PM) (Source: WinMgmt) (User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/>Error: (12/31/2013 08:28:07 PM) (Source: WinMgmt) (User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/>Error: (12/30/2013 08:55:19 AM) (Source: WinMgmt) (User: ) <br/>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 <br/>Error: (12/28/2013 00:32:16 PM) (Source: Bonjour Service) (User: ) <br/>Description: Task Scheduling Error: m->NextScheduledSPRetry 1234498 <br/> <br/>System errors: <br/>============= <br/>Error: (01/07/2014 10:01:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) <br/>Description: 0x80070490Hewlett-Packard - Imaging, Other hardware - Null Print - HP Photosmart 7520 series{DD63C015-E52B-4739-858A-7CC7DD8F65F9}101 <br/>Error: (01/07/2014 09:55:33 AM) (Source: DCOM) (User: NT AUTHORITY) <br/>Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) <br/>Error: (01/06/2014 00:51:31 PM) (Source: DCOM) (User: NT AUTHORITY) <br/>Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) <br/>Error: (01/06/2014 00:43:19 PM) (Source: DCOM) (User: NT AUTHORITY) <br/>Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) <br/>Error: (01/06/2014 10:37:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) <br/>Description: 0x80070490Hewlett-Packard - Imaging, Other hardware - Null Print - HP Photosmart 7520 series{DD63C015-E52B-4739-858A-7CC7DD8F65F9}101 <br/>Error: (01/06/2014 10:32:23 AM) (Source: Service Control Manager) (User: ) <br/>Description: Volume Shadow Copy%%1053 <br/>Error: (01/06/2014 10:32:23 AM) (Source: Service Control Manager) (User: ) <br/>Description: 30000Volume Shadow Copy <br/>Error: (01/06/2014 10:32:22 AM) (Source: DCOM) (User: ) <br/>Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623} <br/>Error: (01/06/2014 10:28:37 AM) (Source: DCOM) (User: NT AUTHORITY) <br/>Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) <br/>Error: (01/01/2014 00:39:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) <br/>Description: 0x80070490Hewlett-Packard - Imaging, Other hardware - Null Print - HP Photosmart 7520 series{DD63C015-E52B-4739-858A-7CC7DD8F65F9}101 <br/> <br/>Microsoft Office Sessions: <br/>========================= <br/>Error: (06/22/2012 05:06:35 PM) (Source: Microsoft Office 12 Sessions)(User: ) <br/>Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 120688 seconds with 25680 seconds of active time. This session ended with a crash. <br/>Error: (04/26/2012 04:43:26 PM) (Source: Microsoft Office 12 Sessions)(User: ) <br/>Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 30091 seconds with 12120 seconds of active time. This session ended with a crash. <br/>Error: (04/25/2012 07:03:07 AM) (Source: Microsoft Office 12 Sessions)(User: ) <br/>Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 75214 seconds with 11160 seconds of active time. This session ended with a crash. <br/>Error: (03/07/2012 08:24:25 PM) (Source: Microsoft Office 12 Sessions)(User: ) <br/>Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 41 seconds with 0 seconds of active time. This session ended with a crash. <br/>Error: (02/09/2012 01:22:15 PM) (Source: Microsoft Office 12 Sessions)(User: ) <br/>Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16085 seconds with 5220 seconds of active time. This session ended with a crash. <br/>Error: (12/02/2011 08:29:57 AM) (Source: Microsoft Office 12 Sessions)(User: ) <br/>Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 39 seconds with 0 seconds of active time. This session ended with a crash. <br/>Error: (11/10/2011 09:42:36 PM) (Source: Microsoft Office 12 Sessions)(User: ) <br/>Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 93030 seconds with 16680 seconds of active time. This session ended with a crash. <br/>Error: (06/09/2011 04:36:35 PM) (Source: Microsoft Office 12 Sessions)(User: ) <br/>Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24012 seconds with 15600 seconds of active time. This session ended with a crash. <br/>Error: (06/08/2011 11:03:17 AM) (Source: Microsoft Office 12 Sessions)(User: ) <br/>Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 72551 seconds with 11520 seconds of active time. This session ended with a crash. <br/>Error: (06/07/2011 09:15:04 AM) (Source: Microsoft Office 12 Sessions)(User: ) <br/>Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1410 seconds with 900 seconds of active time. This session ended with a crash. <br/> <br/>CodeIntegrity Errors: <br/>=================================== <br/> Date: 2014-01-07 15:06:33.573 <br/> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system. <br/> Date: 2014-01-07 15:06:33.167 <br/> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system. <br/> Date: 2014-01-07 15:06:32.832 <br/> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system. <br/> Date: 2014-01-07 15:06:32.470 <br/> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system. <br/> Date: 2013-11-26 11:12:10.349 <br/> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SETF7C6.tmp because the set of per-page image hashes could not be found on the system. <br/> Date: 2013-11-26 11:12:09.828 <br/> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SETF7C6.tmp because the set of per-page image hashes could not be found on the system. <br/> Date: 2013-11-26 11:12:09.294 <br/> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SETF7C6.tmp because the set of per-page image hashes could not be found on the system. <br/> Date: 2013-11-26 11:12:08.766 <br/> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SETF7C6.tmp because the set of per-page image hashes could not be found on the system. <br/> Date: 2013-11-26 11:12:08.124 <br/> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SETEF1D.tmp because the set of per-page image hashes could not be found on the system. <br/> Date: 2013-11-26 11:12:07.603 <br/> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SETEF1D.tmp because the set of per-page image hashes could not be found on the system. <br/> <br/>==================== Memory info =========================== <br/>Percentage of memory in use: 37% <br/>Total physical RAM: 8181.33 MB <br/>Available physical RAM: 5142.35 MB <br/>Total Pagefile: 16413.68 MB <br/>Available Pagefile: 13462.35 MB <br/>Total Virtual: 8192 MB <br/>Available Virtual: 8191.8 MB <br/>==================== Drives ================================ <br/>Drive c: (HP) (Fixed) (Total:583.32 GB) (Free:311.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)] <br/>Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.85 GB) (Free:1.8 GB) NTFS ==>[System with boot components (obtained from reading drive)] <br/>==================== MBR & Partition Table ================== <br/>======================================================== <br/>Disk: 0 (Size: 596 GB) (Disk ID: 1549F232) <br/>Partition 1: (Active) - (Size=583 GB) - (Type=07 NTFS) <br/>Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS) <br/>==================== End Of Log ============================
Posted 1/12/2014 6:35 AM
#96437
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Open notepad and copy/paste the text present inside the code box below. <br/>To do this highlight the contents of the box and right click on it. Paste this into the open notepad. <br/> <br/> <br/>[code]start <br/>HKLM-x32\...\Run: [] - [x] <br/>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) <br/>HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.) <br/>HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) <br/>HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.) <br/>HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) <br/>HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater) <br/>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) <br/>HKCU\...\Run: [HPAdvisor] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard) <br/>HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) <br/>HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17093512 2011-06-15] (Skype Technologies S.A.) <br/>HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe <br/>HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-02-11] (Google Inc.) <br/>HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.) <br/>HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater) <br/>C:\ProgramData\Updater <br/>URLSearchHook: HKCU - (No Name) - {64b507cd-5eb6-4217-aef4-c88b4fcfb77b} - No File <br/>SearchScopes: HKLM - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd <br/>SearchScopes: HKLM - {DBCE9E38-7A69-483D-98C9-53252C19C3C2} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF <br/>SearchScopes: HKLM-x32 - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd <br/>SearchScopes: HKLM-x32 - {DBCE9E38-7A69-483D-98C9-53252C19C3C2} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF <br/>SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <br/>SearchScopes: HKCU - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd <br/>SearchScopes: HKCU - {0A85C0D6-CE20-4409-8103-4E6E8CB6A9CA} URL = http://www.search.ask.com/web?p2=%5EADM%5EOSJ000%5EYY%5EUS&gct=&itbv=12.6.0.11&o=APN10614&tpid=ORJ-V7&apn_uid=88BADF18-C07C-4A42-BF12-F386BBCC51F3&apn_ptnrs=ADM&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16514&doi=2013-11-14&trgb=IE&q={searchTerms}&psv= <br/>SearchScopes: HKCU - {5BE26BA0-629F-4AA9-BA7F-56A3617CCC81} URL = http://www.google.com/search?hl=en&q={searchTerms}&aq=f&oq=&rlz=1I7GGHP_enUS366 <br/>BHO: TidyNetwork - {039F08A7-B14C-34A3-EABC-CEB96038A1A4} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File <br/>Toolbar: HKCU - No Name - {64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} - No File <br/>Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File <br/>S2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x] <br/>C:\Users\Gina\PSE7_WIN_TB_WWE.exe <br/>C:\Users\Gina\PSE7_WIN_WWE.exe <br/>C:\Users\Gina\AppData\Local\Temp\APNSetup.exe <br/>C:\Users\Gina\AppData\Local\Temp\BundleSweetIMSetup.exe <br/>C:\Users\Gina\AppData\Local\Temp\Delta.exe <br/>C:\Users\Gina\AppData\Local\Temp\DeltaTB.exe <br/>C:\Users\Gina\AppData\Local\Temp\lowproc.exe <br/>C:\Users\Gina\AppData\Local\Temp\MybabylonTB.exe <br/>C:\Users\Gina\AppData\Local\Temp\Quarantine.exe <br/>C:\Users\Gina\AppData\Local\Temp\stubhelper.dll <br/>C:\Users\Gina\AppData\Local\Temp\WSSetup.exe <br/>Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM <br/>Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages <br/>Task: {20775073-5623-493F-AA21-AAED7EC0ACA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11] (Google Inc.) <br/>Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation) <br/>Task: {3FFEF1B7-70BC-4461-99F2-55F23DC32AF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11] (Google Inc.) <br/>Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries <br/>Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI <br/>Task: {8355B68F-0C9F-4CE9-9608-A227D17A0D54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) <br/>Task: {8E8A672F-EF45-42E9-95F8-ADB50ED1A6ED} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.) <br/>Task: {960ADB34-7009-4A97-9DE9-F0A91BE6D3DF} - System32\Tasks\HP Health Check => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard) <br/>Task: {98934872-56BF-4CB1-8C7B-B03C6B921992} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) <br/>Task: {99FD2E75-4984-40AC-A6F3-778C65036A02} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-07-09] () <br/>Task: {C36BBC40-ADC2-4800-9FE8-C89BE45CF455} - System32\Tasks\hpUrlLauncher.exe_{992CCDE3-DA97-4038-AB96-62A2886F997D} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2011-09-09] (Hewlett-Packard Co.) <br/>Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] () <br/>Task: {F4263AC2-73BE-46BC-BF60-B0699E5D91E6} - System32\Tasks\TidyNetwork Update => C:\Users\Gina\AppData\Local\TidyNetwork\petnupdate.exe [2013-12-11] () <br/>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <br/>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe <br/>AlternateDataStreams: C:\Windows\SysWOW64\CN2AIB4G7Z05KD:NW <br/>AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 <br/>end <br/>[/code] <br/> <br/> <br/> <br/>[red] NOTICE: This script was written specifically for this user, for use on that particular machine. <br/>Running this on another machine may cause damage to the operating system [/red] <br/> <br/>Save notepad as fixlist.txt <br/>NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. <br/> <br/> <br/>Run FRST/FRST64 and press the Fix button just once and wait. <br/>If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart. <br/>The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. <br/> <br/>Note: If the tool warned you about the outdated version please download and run the updated version. <br/> <br/> <br/>Please download Combofix from: <br/>[url]http://download.bleepingcomputer.com/sUBs/ComboFix.exe [/url] <br/> And save to the desktop. <br/> <br/>After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC: <br/>Exit all windows that are currently open on your computer. <br/>To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer. <br/> <br/>  <br/>Double-click on the combofix icon found on your desktop. <br/>  <br/>Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. <br/>In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. <br/> <br/> When finished, it will produce a logfile located at C:\combofix.txt. <br/>  <br/> <br/>Post the contents of that log in your next reply <br/> <br/>The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/12/2014 4:51 PM
#96439
User avatar

Plshlp Valued member

Date Joined Nov 2016
Total Posts: 12
Thank you very much. I would like to ask a question first, given your warnings (which I appreciate): <br/> <br/>Before your post came through, I spent many hours trying to succeed in accomplishing the previous contributor's suggestion (Dickens), and finally was able to run Malawarebytes anti-malware. It only found 1 item in safe mode, but when I ran it in normal mode, it found a ton of stuff. Anything it found, I told it to remove (I believe it is all logged under the "quarantined" tab). There was so much that listed Firefox, we just uninstalled Firefox since I rarely used it. And due to a script error message that kept popping up from disabling then re-enabling internet (add-ons?) (the only other advice I could find online about trusted.net), I reset the internet in the control panel to default settings (which solved that problem). We then booted up on a Windows Defender CD, but it found nothing. Now,fast and full scans by Malawarebytes find nothing. <br/> <br/>Given the removal of what Malawarebytes found, firefox, and resetting the internet to defaults, is it still okay to run your code? I thought it would be smart to ask first. I would very much like to be sure I have a clean machine so I can set a restore point in the event this happens again. However, if you advise otherwise, I will leave things be and mark this as resolved for now. <br/> <br/>Thank you.
Posted 1/13/2014 8:30 AM
#96440
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
[code]Given the removal of what Malawarebytes found, firefox, and resetting the internet to defaults, is it still okay to run your code? <br/>I thought it would be smart to ask first. I would very much like to be sure I have a clean machine so I can set a restore point in the event this happens again. <br/>However, if you advise otherwise, I will leave things be and mark this as resolved for now.[/code] <br/> <br/> <br/> <br/> <br/> <br/>There are other infections there need to be removed, I´ll therfore suggest you follow my advice ;-)

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/13/2014 5:54 PM
#96441
User avatar

Plshlp Valued member

Date Joined Nov 2016
Total Posts: 12
Thank you I will this evening when I have access to the computer again, and will post the logs.
Posted 1/13/2014 7:42 PM
#96443
User avatar

Plshlp Valued member

Date Joined Nov 2016
Total Posts: 12
Hello.</div> <br/>Following I have posted the fixlog (I am sorry I was unable to attach the file itself, as requested: the Bullguard attachment manager window would not expand to show the "browse" button, only the upload button, and neither would it allow me to type into the box). Once the ComboFix scan is complete, I will post again with that log. <br/> <br/>Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-01-2014 02 <br/>Ran by Gina at 2014-01-13 11:26:15 Run:1 <br/>Running from C:\Users\Gina\Desktop\AntiVirus Programs <br/>Boot Mode: Normal <br/>============================================== <br/>Content of fixlist: <br/>***************** <br/>start <br/>HKLM-x32\...\Run: [] - [x] <br/>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) <br/>HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.) <br/>HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) <br/>HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.) <br/>HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) <br/>HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater) <br/>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) <br/>HKCU\...\Run: [HPAdvisor] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard) <br/>HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) <br/>HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17093512 2011-06-15] (Skype Technologies S.A.) <br/>HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe <br/>HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-02-11] (Google Inc.) <br/>HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.) <br/>HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater) <br/>C:\ProgramData\Updater <br/>URLSearchHook: HKCU - (No Name) - {64b507cd-5eb6-4217-aef4-c88b4fcfb77b} - No File <br/>SearchScopes: HKLM - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = [url=http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd]http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd[/url] <br/>SearchScopes: HKLM - {DBCE9E38-7A69-483D-98C9-53252C19C3C2} URL = [url=http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF]http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF[/url] <br/>SearchScopes: HKLM-x32 - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = [url=http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd]http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd[/url] <br/>SearchScopes: HKLM-x32 - {DBCE9E38-7A69-483D-98C9-53252C19C3C2} URL = [url=http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF]http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF[/url] <br/>SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <br/>SearchScopes: HKCU - {0313C9D8-B548-4242-8F4E-8573C7191616} URL = [url=http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd]http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd[/url] <br/>SearchScopes: HKCU - {0A85C0D6-CE20-4409-8103-4E6E8CB6A9CA} URL = [url=http://www.search.ask.com/web?p2=%5EADM%5EOSJ000%5EYY%5EUS&gct=&itbv=12.6.0.11&o=APN10614&tpid=ORJ-V7&apn_uid=88BADF18-C07C-4A42-BF12-F386BBCC51F3&apn_ptnrs=ADM&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16514&doi=2013-11-14&trgb=IE&q={searchTerms}&psv]http://www.search.ask.com/web?p2=%5EADM%5EOSJ000%5EYY%5EUS&gct=&itbv=12.6.0.11&o=APN10614&tpid=ORJ-V7&apn_uid=88BADF18-C07C-4A42-BF12-F386BBCC51F3&apn_ptnrs=ADM&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16514&doi=2013-11-14&trgb=IE&q={searchTerms}&psv[/url]= <br/>SearchScopes: HKCU - {5BE26BA0-629F-4AA9-BA7F-56A3617CCC81} URL = [url=http://www.google.com/search?hl=en&q={searchTerms}&aq=f&oq=&rlz=1I7GGHP_enUS366]http://www.google.com/search?hl=en&q={searchTerms}&aq=f&oq=&rlz=1I7GGHP_enUS366[/url] <br/>BHO: TidyNetwork - {039F08A7-B14C-34A3-EABC-CEB96038A1A4} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File <br/>Toolbar: HKCU - No Name - {64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} - No File <br/>Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File <br/>S2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x] <br/>C:\Users\Gina\PSE7_WIN_TB_WWE.exe <br/>C:\Users\Gina\PSE7_WIN_WWE.exe <br/>C:\Users\Gina\AppData\Local\Temp\APNSetup.exe <br/>C:\Users\Gina\AppData\Local\Temp\BundleSweetIMSetup.exe <br/>C:\Users\Gina\AppData\Local\Temp\Delta.exe <br/>C:\Users\Gina\AppData\Local\Temp\DeltaTB.exe <br/>C:\Users\Gina\AppData\Local\Temp\lowproc.exe <br/>C:\Users\Gina\AppData\Local\Temp\MybabylonTB.exe <br/>C:\Users\Gina\AppData\Local\Temp\Quarantine.exe <br/>C:\Users\Gina\AppData\Local\Temp\stubhelper.dll <br/>C:\Users\Gina\AppData\Local\Temp\WSSetup.exe <br/>Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM <br/>Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages <br/>Task: {20775073-5623-493F-AA21-AAED7EC0ACA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11] (Google Inc.) <br/>Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation) <br/>Task: {3FFEF1B7-70BC-4461-99F2-55F23DC32AF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11] (Google Inc.) <br/>Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries <br/>Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI <br/>Task: {8355B68F-0C9F-4CE9-9608-A227D17A0D54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) <br/>Task: {8E8A672F-EF45-42E9-95F8-ADB50ED1A6ED} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.) <br/>Task: {960ADB34-7009-4A97-9DE9-F0A91BE6D3DF} - System32\Tasks\HP Health Check => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard) <br/>Task: {98934872-56BF-4CB1-8C7B-B03C6B921992} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) <br/>Task: {99FD2E75-4984-40AC-A6F3-778C65036A02} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-07-09] () <br/>Task: {C36BBC40-ADC2-4800-9FE8-C89BE45CF455} - System32\Tasks\hpUrlLauncher.exe_{992CCDE3-DA97-4038-AB96-62A2886F997D} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2011-09-09] (Hewlett-Packard Co.) <br/>Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] () <br/>Task: {F4263AC2-73BE-46BC-BF60-B0699E5D91E6} - System32\Tasks\TidyNetwork Update => C:\Users\Gina\AppData\Local\TidyNetwork\petnupdate.exe [2013-12-11] () <br/>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <br/>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe <br/>AlternateDataStreams: C:\Windows\SysWOW64\CN2AIB4G7Z05KD:NW <br/>AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 <br/>end <br/>***************** <br/>HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. <br/>HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully. <br/>HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\APSDaemon => Value deleted successfully. <br/>HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully. <br/>HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => Value deleted successfully. <br/>HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully. <br/>HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Updater => Value not found. <br/>HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => Key deleted successfully. <br/>HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\HPAdvisor => Value deleted successfully. <br/>HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ehTray.exe => Value deleted successfully. <br/>HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully. <br/>HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG => Value deleted successfully. <br/>HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\swg => Value deleted successfully. <br/>HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\HP Officejet Pro 8600 (NET) => Value deleted successfully. <br/>HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Updater => Value not found. <br/>"C:\ProgramData\Updater" => File/Directory not found. <br/>HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{64b507cd-5eb6-4217-aef4-c88b4fcfb77b} => Value not found. <br/>HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0313C9D8-B548-4242-8F4E-8573C7191616} => Key deleted successfully. <br/>HKCR\CLSID\{0313C9D8-B548-4242-8F4E-8573C7191616} => Key not found. <br/>HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DBCE9E38-7A69-483D-98C9-53252C19C3C2} => Key deleted successfully. <br/>HKCR\CLSID\{DBCE9E38-7A69-483D-98C9-53252C19C3C2} => Key not found. <br/>HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0313C9D8-B548-4242-8F4E-8573C7191616} => Key deleted successfully. <br/>HKCR\Wow6432Node\CLSID\{0313C9D8-B548-4242-8F4E-8573C7191616} => Key not found. <br/>HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{DBCE9E38-7A69-483D-98C9-53252C19C3C2} => Key deleted successfully. <br/>HKCR\Wow6432Node\CLSID\{DBCE9E38-7A69-483D-98C9-53252C19C3C2} => Key not found. <br/>HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. <br/>HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0313C9D8-B548-4242-8F4E-8573C7191616} => Key deleted successfully. <br/>HKCR\CLSID\{0313C9D8-B548-4242-8F4E-8573C7191616} => Key not found. <br/>HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A85C0D6-CE20-4409-8103-4E6E8CB6A9CA} => Key deleted successfully. <br/>HKCR\CLSID\{0A85C0D6-CE20-4409-8103-4E6E8CB6A9CA} => Key not found. <br/>HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BE26BA0-629F-4AA9-BA7F-56A3617CCC81} => Key deleted successfully. <br/>HKCR\CLSID\{5BE26BA0-629F-4AA9-BA7F-56A3617CCC81} => Key not found. <br/>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{039F08A7-B14C-34A3-EABC-CEB96038A1A4} => Key deleted successfully. <br/>HKCR\CLSID\{039F08A7-B14C-34A3-EABC-CEB96038A1A4} => Key deleted successfully. <br/>HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} => Value deleted successfully. <br/>HKCR\CLSID\{64B507CD-5EB6-4217-AEF4-C88B4FCFB77B} => Key not found. <br/>HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully. <br/>HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. <br/>vToolbarUpdater17.3.0 => Service deleted successfully. <br/>C:\Users\Gina\PSE7_WIN_TB_WWE.exe => Moved successfully. <br/>C:\Users\Gina\PSE7_WIN_WWE.exe => Moved successfully. <br/>C:\Users\Gina\AppData\Local\Temp\APNSetup.exe => Moved successfully. <br/>Could not move "C:\Users\Gina\AppData\Local\Temp\BundleSweetIMSetup.exe" => Scheduled to move on reboot. <br/>C:\Users\Gina\AppData\Local\Temp\Delta.exe => Moved successfully. <br/>C:\Users\Gina\AppData\Local\Temp\DeltaTB.exe => Moved successfully. <br/>C:\Users\Gina\AppData\Local\Temp\lowproc.exe => Moved successfully. <br/>C:\Users\Gina\AppData\Local\Temp\MybabylonTB.exe => Moved successfully. <br/>C:\Users\Gina\AppData\Local\Temp\Quarantine.exe => Moved successfully. <br/>C:\Users\Gina\AppData\Local\Temp\stubhelper.dll => Moved successfully. <br/>C:\Users\Gina\AppData\Local\Temp\WSSetup.exe => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC\TMM => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\TMM => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{192DDA2D-5815-47B8-983F-65744FEEC03A} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{192DDA2D-5815-47B8-983F-65744FEEC03A} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20775073-5623-493F-AA21-AAED7EC0ACA6} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20775073-5623-493F-AA21-AAED7EC0ACA6} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{254095AE-FB97-48EA-94A5-D8BF2AB79714} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{254095AE-FB97-48EA-94A5-D8BF2AB79714} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\Microsoft\Windows\RAC\RACAgent => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RACAgent => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3FFEF1B7-70BC-4461-99F2-55F23DC32AF4} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FFEF1B7-70BC-4461-99F2-55F23DC32AF4} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PLA\System\ConvertLogEntries => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C638E5B-ECE5-4424-A7E5-2C913CA682E9} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C638E5B-ECE5-4424-A7E5-2C913CA682E9} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8355B68F-0C9F-4CE9-9608-A227D17A0D54} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8355B68F-0C9F-4CE9-9608-A227D17A0D54} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E8A672F-EF45-42E9-95F8-ADB50ED1A6ED} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E8A672F-EF45-42E9-95F8-ADB50ED1A6ED} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP Officejet Pro 8600 => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{960ADB34-7009-4A97-9DE9-F0A91BE6D3DF} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{960ADB34-7009-4A97-9DE9-F0A91BE6D3DF} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\HP Health Check => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP Health Check => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98934872-56BF-4CB1-8C7B-B03C6B921992} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98934872-56BF-4CB1-8C7B-B03C6B921992} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99FD2E75-4984-40AC-A6F3-778C65036A02} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99FD2E75-4984-40AC-A6F3-778C65036A02} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\HP Photo Creations Communicator => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP Photo Creations Communicator => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C36BBC40-ADC2-4800-9FE8-C89BE45CF455} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C36BBC40-ADC2-4800-9FE8-C89BE45CF455} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\hpUrlLauncher.exe_{992CCDE3-DA97-4038-AB96-62A2886F997D} => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hpUrlLauncher.exe_{992CCDE3-DA97-4038-AB96-62A2886F997D} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E91D6474-70CC-42BE-80FF-8BED8AF557ED} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E91D6474-70CC-42BE-80FF-8BED8AF557ED} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless\GatherWirelessInfo => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4263AC2-73BE-46BC-BF60-B0699E5D91E6} => Key deleted successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4263AC2-73BE-46BC-BF60-B0699E5D91E6} => Key deleted successfully. <br/>C:\Windows\System32\Tasks\TidyNetwork Update => Moved successfully. <br/>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update => Key deleted successfully. <br/>C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully. <br/>C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. <br/>C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. <br/>C:\Windows\Tasks\HP Photo Creations Communicator.job => Moved successfully. <br/>C:\Windows\SysWOW64\CN2AIB4G7Z05KD => ":NW" ADS removed successfully. <br/>C:\ProgramData\Temp => ":1CE11B51" ADS removed successfully. <br/>=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-13 11:28:12)<= <br/>C:\Users\Gina\AppData\Local\Temp\BundleSweetIMSetup.exe => Is moved successfully. <br/>==== End of Fixlog ====
Posted 1/13/2014 8:26 PM
#96444
User avatar

Plshlp Valued member

Date Joined Nov 2016
Total Posts: 12
Below I have pasted the ComboFix log. Thank you for such clear directions. Attachment Manager window will still not expand, so I have copied and pasted the log, not attached the file.</div> <br/> <br/>ComboFix 14-01-13.01 - Gina 01/13/2014 11:51:32.1.4 - x64 <br/>Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8181.6106 [GMT -8:00] <br/>Running from: c:\users\Gina\Desktop\ComboFix.exe <br/>AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} <br/>SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} <br/>SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>c:\users\Gina\AppData\Local\Microsoft\Windows\Temporary Internet Files\4Pil380h.jpg <br/>c:\users\Gina\AppData\Local\Microsoft\Windows\Temporary Internet Files\6RbR1r.jpg <br/>c:\users\Gina\AppData\Local\Microsoft\Windows\Temporary Internet Files\73qvnc.jpg <br/>c:\users\Gina\AppData\Local\Microsoft\Windows\Temporary Internet Files\x8Fy1r.jpg <br/>c:\users\Gina\AppData\Roaming\a7fb61f3-d402-43d7-85ce-a5b96038a1a4 <br/>c:\users\Gina\g2mdlhlpx.exe <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2013-12-13 to 2014-01-13 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2014-01-13 20:15 . 2014-01-13 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp <br/>2014-01-12 01:19 . 2014-01-12 01:19 -------- d-----w- c:\windows\Microsoft Antimalware <br/>2014-01-11 23:33 . 2014-01-11 23:33 -------- d-----w- c:\programdata\ErrorEND64 <br/>2014-01-11 21:38 . 2014-01-11 21:38 -------- d-----w- c:\users\Gina\AppData\Roaming\Malwarebytes <br/>2014-01-11 21:38 . 2014-01-11 21:38 -------- d-----w- c:\programdata\Malwarebytes <br/>2014-01-11 21:38 . 2014-01-11 21:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware <br/>2014-01-11 21:38 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2014-01-11 18:19 . 2014-01-11 23:17 -------- d-----w- c:\programdata\boost_interprocess <br/>2014-01-11 18:04 . 2014-01-11 18:18 -------- d-----w- C:\AdwCleaner <br/>2014-01-07 23:06 . 2014-01-13 19:28 -------- d-----w- C:\FRST <br/>2013-12-25 17:59 . 2014-01-12 00:53 -------- d-----w- c:\programdata\InternetUpdater <br/>2013-12-23 17:00 . 2014-01-10 00:02 -------- d-----w- c:\users\Gina\AppData\Local\Adobe <br/>2013-12-17 02:44 . 2013-12-17 02:44 -------- d-----w- c:\users\Gina\AppData\Local\Apple <br/>2013-12-14 22:18 . 2013-12-14 22:18 -------- d-----w- c:\users\Gina\AppData\Local\Apple Computer <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2013-12-16 05:27 . 2006-11-02 12:35 90708896 ----a-w- c:\windows\system32\mrt.exe <br/>2013-12-12 00:36 . 2012-04-17 21:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe <br/>2013-12-12 00:36 . 2011-05-29 02:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl <br/>2013-11-21 11:00 . 2013-06-12 23:59 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys <br/>2013-11-15 02:09 . 2013-12-13 23:06 17847296 ----a-w- c:\windows\system32\mshtml.dll <br/>2013-11-15 01:42 . 2013-12-13 23:06 10926080 ----a-w- c:\windows\system32\ieframe.dll <br/>2013-11-15 01:37 . 2013-12-13 23:06 2334720 ----a-w- c:\windows\system32\jscript9.dll <br/>2013-11-15 01:29 . 2013-12-13 23:06 1347072 ----a-w- c:\windows\system32\urlmon.dll <br/>2013-11-15 01:29 . 2013-12-13 23:06 1392128 ----a-w- c:\windows\system32\wininet.dll <br/>2013-11-15 01:28 . 2013-12-13 23:06 1494528 ----a-w- c:\windows\system32\inetcpl.cpl <br/>2013-11-15 01:28 . 2013-12-13 23:06 237056 ----a-w- c:\windows\system32\url.dll <br/>2013-11-15 01:25 . 2013-12-13 23:06 85504 ----a-w- c:\windows\system32\jsproxy.dll <br/>2013-11-15 01:22 . 2013-12-13 23:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe <br/>2013-11-15 01:20 . 2013-12-13 23:06 599040 ----a-w- c:\windows\system32\vbscript.dll <br/>2013-11-15 01:20 . 2013-12-13 23:06 816640 ----a-w- c:\windows\system32\jscript.dll <br/>2013-11-15 01:19 . 2013-12-13 23:06 2147840 ----a-w- c:\windows\system32\iertutil.dll <br/>2013-11-15 01:19 . 2013-12-13 23:06 729088 ----a-w- c:\windows\system32\msfeeds.dll <br/>2013-11-15 01:18 . 2013-12-13 23:06 96768 ----a-w- c:\windows\system32\mshtmled.dll <br/>2013-11-15 01:18 . 2013-12-13 23:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb <br/>2013-11-15 01:12 . 2013-12-13 23:06 248320 ----a-w- c:\windows\system32\ieui.dll <br/>2013-11-14 22:50 . 2013-12-13 23:06 1806848 ----a-w- c:\windows\SysWow64\jscript9.dll <br/>2013-11-14 22:42 . 2013-12-13 23:06 1129472 ----a-w- c:\windows\SysWow64\wininet.dll <br/>2013-11-14 22:42 . 2013-12-13 23:06 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl <br/>2013-11-14 22:38 . 2013-12-13 23:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe <br/>2013-11-14 22:38 . 2013-12-13 23:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll <br/>2013-11-14 22:35 . 2013-12-13 23:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb <br/>2013-11-14 00:39 . 2013-11-14 00:39 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll <br/>2013-11-06 05:55 . 2013-11-06 05:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys <br/>2013-11-05 05:52 . 2013-11-05 05:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys <br/>2013-11-01 07:00 . 2013-11-01 07:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys <br/>2013-11-01 06:49 . 2013-11-01 06:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys <br/>2013-10-30 04:34 . 2008-01-21 02:46 1386496 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll <br/>2013-10-30 04:34 . 2013-12-11 23:27 374784 ----a-w- c:\windows\system32\SysFxUI.dll <br/>2013-10-30 03:55 . 2013-12-11 23:27 122368 ----a-w- c:\windows\system32\drivers\drmk.sys <br/>2013-10-30 02:33 . 2013-12-11 23:27 218112 ----a-w- c:\windows\system32\drivers\portcls.sys <br/>2013-10-30 02:10 . 2013-12-11 23:27 2776064 ----a-w- c:\windows\system32\win32k.sys <br/>2013-10-25 06:25 . 2013-10-25 06:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys <br/>2013-10-22 09:31 . 2013-12-11 23:27 79360 ----a-w- c:\windows\system32\imagehlp.dll <br/>2013-10-22 07:19 . 2013-12-11 23:27 158208 ----a-w- c:\windows\SysWow64\imagehlp.dll <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] <br/>@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] <br/>2013-09-11 02:09 131248 ----a-w- c:\users\Gina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] <br/>@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] <br/>2013-09-11 02:09 131248 ----a-w- c:\users\Gina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] <br/>@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] <br/>2013-09-11 02:09 131248 ----a-w- c:\users\Gina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] <br/>"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 41984] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] <br/>"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] <br/>"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288] <br/>"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016] <br/>"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216] <br/>"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] <br/>"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] <br/>"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-11-27 210216] <br/>"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-16 1152296] <br/>"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-16 189736] <br/>"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200] <br/>"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-04-23 206120] <br/>"EverioService"="c:\program files (x86)\CyberLink\PCM4Everio\EverioService.exe" [2007-11-02 151552] <br/>"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] <br/>"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] <br/>"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] <br/>"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176] <br/>. <br/>c:\users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>Dropbox.lnk - c:\users\Gina\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-12-17 30714312] <br/>. <br/>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] <br/>PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2008-12-18 430080] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] <br/>"LoadAppInit_DLLs"=1 (0x1) <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\rjatydimofu.exe] <br/>"debugger"=tasklist.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] <br/>@="Service" <br/>. <br/>S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x] <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] <br/>hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc <br/>. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs <br/>Themes <br/>. <br/>. <br/>--------- X64 Entries ----------- <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] <br/>@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] <br/>2013-09-11 02:09 164016 ----a-w- c:\users\Gina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] <br/>@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] <br/>2013-09-11 02:09 164016 ----a-w- c:\users\Gina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] <br/>@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] <br/>2013-09-11 02:09 164016 ----a-w- c:\users\Gina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] <br/>@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] <br/>2013-09-11 02:09 164016 ----a-w- c:\users\Gina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-11-04 182808] <br/>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-27 154648] <br/>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-27 227352] <br/>"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-27 202264] <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = about:blank <br/>uLocal Page = c:\windows\system32\blank.htm <br/>mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt <br/>mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt <br/>mLocal Page = c:\windows\SysWOW64\blank.htm <br/>uInternet Settings,ProxyOverride = *.local <br/>uInternet Settings,ProxyServer = http=127.0.0.1:8080 <br/>TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/>. <br/>Toolbar-10 - (no file) <br/>Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_1213b - c:\users\Gina\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe <br/>SafeBoot-WudfPf <br/>SafeBoot-WudfRd <br/>Toolbar-10 - (no file) <br/>HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe <br/>. <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] <br/>"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] <br/>"Enabled"=dword:00000001 <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] <br/>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker5" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] <br/>"Enabled"=dword:00000001 <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Shockwave Flash Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] <br/>@="0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="ShockwaveFlash.ShockwaveFlash.11" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="ShockwaveFlash.ShockwaveFlash" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Macromedia Flash Factory Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="FlashFactory.FlashFactory.1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="FlashFactory.FlashFactory" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker5" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] <br/>@="Shockwave Flash" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] <br/>@Denied: (A 2) (Everyone) <br/>@="" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] <br/>@="FlashBroker" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] <br/>"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, <br/> 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ <br/>. <br/>Completion time: 2014-01-13 12:18:14 <br/>ComboFix-quarantined-files.txt 2014-01-13 20:18 <br/>. <br/>Pre-Run: 367,732,105,216 bytes free <br/>Post-Run: 368,166,985,728 bytes free <br/>. <br/>- - End Of File - - 1A748E4A0B4D79309710E29069201E83 <br/>81CD5EC01DB0CE57EDD853F82462EF27
Posted 1/17/2014 5:11 PM
#96475
User avatar

Plshlp Valued member

Date Joined Nov 2016
Total Posts: 12
Should anything further be done based on the ComboFix log and the fix list log posted 1/13?
Posted 1/18/2014 6:02 AM
#96476
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
I´ve missed you, sorry :blush: <br/> <br/> <br/> <br/>Yes, there is some folders there looks suspicious to me. <br/> <br/> <br/> <br/>Download: [url=http://thisisudax.org/downloads/JRT.exe ]Junk Removal Tool[/url] <br/>To Desktop <br/> <br/>Disable your Antivirus program if required <br/>For vista and windows 7 right click on the tool and select run as administrator. <br/> <br/>After the scan is completed, post the generated log here.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/18/2014 5:30 PM
#96481
User avatar

Plshlp Valued member

Date Joined Nov 2016
Total Posts: 12
Thank you. Here is the log. Note... I ran this tool a few days ago.... I will post that log as well as perhaps the suspicious folders were removed in that first run.</div> <br/>Today's log: <br/> <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/>Junkware Removal Tool (JRT) by Thisisu <br/>Version: 6.1.0 (01.07.2014:1) <br/>OS: Windows (TM) Vista Home Premium x64 <br/>Ran by Gina on Sat 01/18/2014 at 9:17:58.53 <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/> <br/> <br/>~~~ Services <br/> <br/>~~~ Registry Values <br/> <br/>~~~ Registry Keys <br/> <br/>~~~ Files <br/> <br/>~~~ Folders <br/> <br/>~~~ Event Viewer Logs were cleared <br/> <br/> <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/>Scan was completed on Sat 01/18/2014 at 9:27:48.57 <br/>End of JRT log <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/> <br/> <br/>Log earlier this week: <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/>Junkware Removal Tool (JRT) by Thisisu <br/>Version: 6.1.0 (01.07.2014:1) <br/>OS: Windows (TM) Vista Home Premium x64 <br/>Ran by Gina on Thu 01/16/2014 at 8:58:56.95 <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/> <br/><b> <br/>~~~ Services <br/> <br/>~~~ Registry Values <br/>Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page <br/>Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL <br/> <br/>~~~ Registry Keys <br/>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject <br/>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject.1 <br/>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85} <br/>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54} <br/> <br/>~~~ Files <br/>Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll" <br/>Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll" <br/> <br/>~~~ Folders <br/>Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" <br/>Successfully deleted: [Folder] "C:\Users\Gina\AppData\Roaming\mywordtool" <br/>Successfully deleted: [Folder] "C:\Users\Gina\appdata\locallow\datamngr" <br/>Successfully deleted: [Folder] "C:\Program Files (x86)\coupons" <br/> <br/>~~~ Event Viewer Logs were cleared <br/> <br/> <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/>Scan was completed on Thu 01/16/2014 at 9:08:11.49 <br/>End of JRT log <br/>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <br/></b>
Posted 1/19/2014 2:35 PM
#96487
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Please download RKill by Grinler from one of the 3 links below and save it to your desktop. <br/> <br/>Rkill.exe - http://download.bleepingcomputer.com/grinler/rkill.exe <br/>Rkill.com - http://download.bleepingcomputer.com/grinler/rkill.com <br/>Rkill.scr - http://download.bleepingcomputer.com/grinler/rkill.scr <br/> <br/> <br/>◾ Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. <br/> <br/>◾ Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator) <br/> <br/>◾ A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. <br/> <br/>◾ If nothing happens or if the tool does not run, please let me know in your next reply <br/> <br/>Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again. <br/> <br/> <br/>Please post the log it produce.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/19/2014 11:42 PM
#96489
User avatar

Plshlp Valued member

Date Joined Nov 2016
Total Posts: 12
Thank you. Here is the log generated:</div> <br/>Rkill 2.6.5 by Lawrence Abrams (Grinler) <br/>http://www.bleepingcomputer.com/ <br/>Copyright 2008-2014 BleepingComputer.com <br/>More Information about Rkill can be found at this link: <br/> http://www.bleepingcomputer.com/forums/topic308364.html <br/>Program started at: 01/19/2014 03:39:14 PM in x64 mode. <br/>Windows Version: Windows Vista (TM) Home Premium Service Pack 2 <br/>Checking for Windows services to stop: <br/> * No malware services found to stop. <br/>Checking for processes to terminate: <br/> * No malware processes found to kill. <br/>Checking Registry for malware related settings: <br/> * No issues found in the Registry. <br/>Resetting .EXE, .COM, & .BAT associations in the Windows Registry. <br/>Performing miscellaneous checks: <br/> * Windows Defender Disabled <br/> [HKLM\SOFTWARE\Microsoft\Windows Defender] <br/> "DisableAntiSpyware" = dword:00000001 <br/>Checking Windows Service Integrity: <br/> * Windows Defender (WinDefend) is not Running. <br/> Startup Type set to: Manual <br/>Searching for Missing Digital Signatures: <br/> * No issues found. <br/>Checking HOSTS File: <br/> * HOSTS file entries found: <br/> 127.0.0.1 localhost <br/>Program finished at: 01/19/2014 03:40:11 PM <br/>Execution time: 0 hours(s), 0 minute(s), and 57 seconds(s)
Posted 1/20/2014 8:37 AM
#96491
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Nothing suspicious there, so please tell how things are running ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/20/2014 5:10 PM
#96500
User avatar

Plshlp Valued member

Date Joined Nov 2016
Total Posts: 12
I think it is running much better than it has in a long time. Noticeably faster, and have not had the browser "hijacked" all week. Maybe well enough to create a restore point in case my son accidentally downloads something again! (We think that is how all of this started)
Posted 1/21/2014 9:19 AM
#96504
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Sounds good :smile: <br/> <br/> <br/>[code]Maybe well enough to create a restore point in case my son accidentally downloads something again! (We think that is how all of this started[/code] <br/> <br/> <br/> <br/>Sound like a good idea to to create a restore point now. <br/> <br/> <br/> <br/> <br/>Please download: Delfix <br/> <br/> <br/>by "Xplode" to your Desktop. <br/> <br/>Run the tool and check the following boxes below: <br/> <br/>Remove disinfection tools <br/>Create registry backup <br/>Purge System Restore <br/> <br/>Now click on "Run" button. Wait for the programme completes his work. <br/> <br/>All the tools we used should be gone. <br/>Tool will create and open an log report (DelFix.txt) <br/>Note: The report will also be stored on C:\DelFix.txt <br/> <br/> <br/>> I don't need DelFix log report.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/21/2014 3:17 PM
#96505
User avatar

Plshlp Valued member

Date Joined Nov 2016
Total Posts: 12
Done. </div> <br/>I wish to thank you again for all of the expertise you have shared with me to help resolve this issue. I'm very grateful. Best regards.
Posted 1/22/2014 11:12 PM
#96509
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
My pleasure :smile: <br/> <br/> <br/> <br/> <br/>I´ll lock this topic, it you need it reopened, please PM me.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, December 8, 2016, 5:03 AM (GMT +1)
There are a total of 61,161 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 1 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Crawlerz.
There are currently no users on-line.