Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am getting a lot of pop-up adds


  • This topic is locked This topic is locked
58 replies to this topic

#1 manny_g

manny_g

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 04 April 2014 - 10:13 AM

I think I have some malware on my new pc. I keep getting lots of pop up adds just about every 2-3 webpages I visit. They have no relationship to the pages I visit just the same adds over and over again. I tried runniong the dds program but it gives me a message "DDS is not meant to run in 'Compatibility Mode'. The program shall now exit." I don't know what to do about it. My first thought is to download some antimalware software but I don't want to make it harder for someone to help me. Here is some info in case its helpful. 

 

HP Pavilion 17-e019dx Notebook

Windows 8.1

 

 

Thanks again for your time

Manny

 

EDIT:
I thought of two things that might be helpful. This morning the "HP Support Assistant" prompted me to update something and I did. A while later I saw a pop up to download "HP System Event Utility" and it looked legitimate so I did. Also a lot of the ads are for "League of Angels" 

EDIT2: (attempted to Deleted extra reply:

I just did a search on the forum for compatibility of DDS with windows 8 and saw that it is not compatible. Can I still get help fixing my computer?

EDIT3:

Some more information that is very concerning the other computer in the house that is online and used regularly is also getting pop up ads and redirects. Also I was in the networking forum getting help installing a printer and noticed strange stuff in the logs of my router so on a whim I decided to post it into the thread I had active their and it was suggestion I post it here. I was going to but the logs from the router deleted. I do remember they said something about a dos attack. right now those logs show lots of activity while we are not even home/computers on(they are sleep) Should I start a new topic for her computer or is there a chance our whole network is infected?


Edited by manny_g, 04 April 2014 - 08:39 PM.


BC AdBot (Login to Remove)

 


#2 manny_g

manny_g
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 04 April 2014 - 11:14 AM

I just did a search on the forum for compatibility of DDS with windows 8 and saw that it is not compatible. Can I still get help fixing my computer?



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 05 April 2014 - 04:20 AM





Hello manny_g

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 manny_g

manny_g
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 05 April 2014 - 02:53 PM

Hi Gringo,

Thanks for helping me.
Should I also run this on the other pc that has the same problems, for lack of a better name "PC2" (My wife's Laptop)?
PC1(My laptop) status update, it is still giving me plenty of pop ups ads. It also downloaded a program to my computer on its own and the program promptly disappeared from my downloads folder when I went to view the directory. Here are two links to screenshots that will hopefully help you glean a bit more into what is occuring on my pc. One is of the aformetioned program. The second is of an error message I get when I ran/run FRST. Also, an fyi, after the error message it did not/does-not create the "addition.txt" file

jjqw.jpg
vd8m.jpg
 
Finally here is the log that did get produced from "PC1" :

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Manny (administrator) on FAMCOMP on 05-04-2014 14:34:54
Running from C:\Users\Manny\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Hewlett-Packard Company) C:\WINDOWS\system32\Hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acresso Software Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\FileManager\PhotosApp.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Adobe Photoshop CS4\Photoshop.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7165000 2014-02-25] (Realtek Semiconductor)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-04-10] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HPMessageService] - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3770770867-57313021-3667514125-1001\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-3770770867-57313021-3667514125-1001\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-05] (CyberLink Corp.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Manny\AppData\Roaming\Mozilla\Firefox\Profiles\46u4veo4.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: hp.com/HPDetect - C:\Users\Manny\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: DownThemAll! - C:\Users\Manny\AppData\Roaming\Mozilla\Firefox\Profiles\46u4veo4.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-03-10]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-04]
CHR Extension: (Google Drive) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-04]
CHR Extension: (YouTube) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-04]
CHR Extension: (Learn States and Capitals) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdblkfkcegbngjbibiefbjbeofmbgonk [2014-03-02]
CHR Extension: (Google Search) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-04]
CHR Extension: (PDF To Word DOCS) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\dipenbigkfkmchjhdcjldgmacpedblgd [2014-03-02]
CHR Extension: (Facebook news) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\edoadhjjfgeniilpmnoaddaihjkkhheb [2014-03-02]
CHR Extension: (Pandora) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-03-02]
CHR Extension: (CloudConvert) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2014-03-02]
CHR Extension: (PDF Mergy) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-03-02]
CHR Extension: (Cloud Reader) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-03-02]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-03-02]
CHR Extension: (Coloring Pages) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhcehgkaccjiljllpejjekibagmonki [2014-03-02]
CHR Extension: (Dropbox) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-03-02]
CHR Extension: (Google Play) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-03-02]
CHR Extension: (OneDrive) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-04]
CHR Extension: (PDFUnlock!) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekfhmblhhfgekoainaoplcaemmfdpmd [2014-03-02]
CHR Extension: (Outlook.com) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-03-02]
CHR Extension: (Gmail) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-04]

Edited by manny_g, 05 April 2014 - 03:15 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 05 April 2014 - 03:38 PM



Hello manny_g,

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 manny_g

manny_g
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 05 April 2014 - 09:19 PM

(PC1)AdwCleaner Log(first time):

# AdwCleaner v3.023 - Report created 05/04/2014 at 20:29:23
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Manny - FAMCOMP
# Running from : C:\Users\Manny\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Manny\AppData\Roaming\Mozilla\Firefox\Profiles\46u4veo4.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1275 octets] - [05/04/2014 20:23:12]
AdwCleaner[S0].txt - [1210 octets] - [05/04/2014 20:29:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1270 octets] ##########
 
(PC1)AdwCleaner Log(second time)(accidentally ran twice):
 
 
# AdwCleaner v3.023 - Report created 05/04/2014 at 20:37:06
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Manny - FAMCOMP
# Running from : C:\Users\Manny\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Manny\AppData\Roaming\Mozilla\Firefox\Profiles\46u4veo4.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1275 octets] - [05/04/2014 20:23:12]
AdwCleaner[R1].txt - [992 octets] - [05/04/2014 20:36:05]
AdwCleaner[S0].txt - [1350 octets] - [05/04/2014 20:29:23]
AdwCleaner[S1].txt - [914 octets] - [05/04/2014 20:37:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [973 octets] ##########
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8.1 x64
Ran by Manny on Sat 04/05/2014 at 20:42:55.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A70BD46B-04B3-4304-AE3C-9C7E510115B6}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A70BD46B-04B3-4304-AE3C-9C7E510115B6}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{A70BD46B-04B3-4304-AE3C-9C7E510115B6}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A70BD46B-04B3-4304-AE3C-9C7E510115B6}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/05/2014 at 20:46:30.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Finally a question, is it  ok if I will run DDS and FRST on the other infected pc and post those results in this thread? Also could you review this copy/paste from my router to see if it has any pertinent information?

 

 

[Admin login] from source 192.168.1.6, Saturday, Apr 05,2014 18:13:16
[LAN access from remote] from 186.61.15.76:19167 to 192.168.1.9:6881 Saturday, Apr 05,2014 18:01:48
[LAN access from remote] from 50.165.239.204:58160 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:59:51
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:59:19
[Remote login] from source 186.202.68.171, Saturday, Apr 05,2014 17:58:25
[Remote login failure] from source 186.202.68.171, Saturday, Apr 05,2014 17:58:21
[Remote login failure] from source 186.202.68.171, Saturday, Apr 05,2014 17:58:10
[LAN access from remote] from 2.181.239.204:49096 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:57:28
[LAN access from remote] from 186.61.15.76:19167 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:54:20
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:52:03
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:51:50
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:51:46
[LAN access from remote] from 190.5.47.204:51380 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:48:59
[LAN access from remote] from 186.213.207.204:1089 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:48:28
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:46:48
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:46:36
[LAN access from remote] from 212.13.15.204:51578 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:44:38
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:42:50
[DHCP IP: (192.168.1.6)] to MAC address 80:56:F2:66:9E:2F, Saturday, Apr 05,2014 17:39:35
[DHCP IP: (192.168.1.4)] to MAC address 00:21:6B:60:A1:00, Saturday, Apr 05,2014 17:39:06
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:38:07
[LAN access from remote] from 2.181.239.204:49096 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:36:59
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:35:57
[LAN access from remote] from 190.5.47.204:51380 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:34:54
[DHCP IP: (192.168.1.6)] to MAC address 80:56:F2:66:9E:2F, Saturday, Apr 05,2014 17:32:09
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:31:47
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:31:37
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:31:25
[LAN access from remote] from 222.117.239.204:36349 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:28:54
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:27:30
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:23:11
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:22:39
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:22:15
[LAN access from remote] from 190.5.47.204:51380 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:18:25
[LAN access from remote] from 212.13.15.204:51578 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:18:21
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:17:13
[Admin login] from source 192.168.1.6, Saturday, Apr 05,2014 17:16:17
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:15:12
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:15:12
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:12:36
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:09:06
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:07:16
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:07:14
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:02:28
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 17:01:46
[LAN access from remote] from 212.13.15.204:51578 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:59:16
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:58:54
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:57:43
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:53:38
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:51:23
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:50:53
[DHCP IP: (192.168.1.8)] to MAC address 00:24:BE:72:57:39, Saturday, Apr 05,2014 16:49:11
[LAN access from remote] from 178.205.47.204:21758 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:48:53
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:47:07
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:46:45
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:45:15
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:44:04
[LAN access from remote] from 212.13.15.204:51578 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:42:03
[DHCP IP: (192.168.1.6)] to MAC address 80:56:F2:66:9E:2F, Saturday, Apr 05,2014 16:41:20
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:39:38
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:37:31
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:37:04
[LAN access from remote] from 178.205.47.204:21758 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:32:32
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:31:44
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:31:34
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:31:11
[DHCP IP: (192.168.1.9)] to MAC address F0:25:B7:61:E9:47, Saturday, Apr 05,2014 16:30:59
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:26:01
[DHCP IP: (192.168.1.5)] to MAC address CC:3A:61:05:77:41, Saturday, Apr 05,2014 16:24:49
[LAN access from remote] from 68.197.79.204:35311 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:23:57
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:22:59
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:22:25
[LAN access from remote] from 222.117.239.204:36349 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:22:07
[LAN access from remote] from 86.133.143.76:22561 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:21:18
[LAN access from remote] from 190.5.47.204:51380 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:20:11
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:18:02
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:16:45
[LAN access from remote] from 178.205.47.204:21758 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:16:15
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:15:26
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:14:25
[LAN access from remote] from 212.13.15.204:51578 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:12:18
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:10:32
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:09:27
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:07:33
[LAN access from remote] from 86.133.143.76:22561 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:05:35
[LAN access from remote] from 190.5.47.204:51380 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:04:06
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:01:43
[DHCP IP: (192.168.1.5)] to MAC address CC:3A:61:05:77:41, Saturday, Apr 05,2014 16:01:36
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:01:33
[Time synchronized with NTP server] Saturday, Apr 05,2014 15:59:55
[Internet connected] IP address: 76.85.175.204, Saturday, Apr 05,2014 16:00:27
[LAN access from remote] from 178.205.47.204:21758 to 192.168.1.9:6881 Saturday, Apr 05,2014 16:00:22
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:59:24
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:55:26
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:54:26
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:53:55
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:51:52
[LAN access from remote] from 86.133.143.76:22561 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:51:01
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:50:08
[LAN access from remote] from 190.5.47.204:51380 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:48:17
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:47:13
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:47:12
[LAN access from remote] from 186.29.207.76:11317 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:46:25
[LAN access from remote] from 212.13.15.204:51578 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:46:12
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:43:16
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:39:58
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:37:25
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:37:11
[LAN access from remote] from 86.133.143.76:22561 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:35:49
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:32:11
[LAN access from remote] from 212.13.15.204:51578 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:29:27
[LAN access from remote] from 68.197.79.204:35311 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:29:24
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:28:48
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:28:09
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:24:18
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:23:19
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:23:00
[LAN access from remote] from 86.133.143.76:22561 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:20:52
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:20:11
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:18:15
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:17:12
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:14:26
[LAN access from remote] from 94.253.143.204:16700 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:14:19
[LAN access from remote] from 212.13.15.204:51578 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:11:31
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:09:14
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:08:36
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:08:26
[LAN access from remote] from 86.133.143.76:22561 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:05:31
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:05:14
[LAN access from remote] from 186.45.175.204:14346 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:04:16
[LAN access from remote] from 109.208.84.131:6881 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:02:27
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:01:48
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:01:46
[LAN access from remote] from 68.197.79.204:35311 to 192.168.1.9:6881 Saturday, Apr 05,2014 15:00:19
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:58:53
[LAN access from remote] from 94.253.143.204:16700 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:57:57
[LAN access from remote] from 212.13.15.204:51578 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:55:53
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:53:49
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:53:28
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:52:51
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:50:36
[LAN access from remote] from 186.45.175.204:14346 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:48:24
[LAN access from remote] from 90.213.111.204:33432 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:47:29
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:47:10
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:45:41
[LAN access from remote] from 94.253.143.204:16700 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:44:26
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:43:50
[LAN access from remote] from 212.13.15.204:51578 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:40:21
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:38:56
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:37:52
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:37:26
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:35:47
[LAN access from remote] from 78.101.143.76:21252 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:35:23
[LAN access from remote] from 86.133.143.76:22561 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:34:10
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:32:09
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:31:27
[LAN access from remote] from 202.5.143.184:28127 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:29:05
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:28:36
[LAN access from remote] from 212.13.15.204:51578 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:25:03
[DHCP IP: (192.168.1.3)] to MAC address E0:CB:1D:BF:55:43, Saturday, Apr 05,2014 14:24:45
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:23:34
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:23:17
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:22:06
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:21:36
[LAN access from remote] from 90.213.111.204:33432 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:19:45
[LAN access from remote] from 186.45.175.204:14346 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:19:21
[LAN access from remote] from 86.133.143.76:22561 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:18:21
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:17:09
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:16:39
[LAN access from remote] from 2.229.175.76:48493 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:15:06
[LAN access from remote] from 2.61.15.76:42176 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:15:00
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:14:03
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:09:44
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:08:53
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:07:38
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:06:26
[LAN access from remote] from 92.37.15.76:56980 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:06:06
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:05:39
[LAN access from remote] from 86.133.143.76:22561 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:04:01
[LAN access from remote] from 186.45.175.204:14346 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:03:54
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:02:07
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:00:59
[LAN access from remote] from 2.61.15.76:42176 to 192.168.1.9:6881 Saturday, Apr 05,2014 14:00:35
[LAN access from remote] from 2.229.175.76:1829 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:59:53
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:57:48
[LAN access from remote] from 212.13.15.204:51578 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:57:47
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:53:47
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:51:22
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:50:59
[LAN access from remote] from 86.133.143.76:22561 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:49:40
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:49:35
[LAN access from remote] from 186.45.175.204:14346 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:49:32
[LAN access from remote] from 78.101.143.76:21253 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:49:14
[LAN access from remote] from 180.245.15.76:25938 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:46:38
[LAN access from remote] from 2.229.175.76:48493 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:43:57
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:43:37
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:42:11
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:38:48
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:37:58
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:35:08
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:34:37
[LAN access from remote] from 186.45.175.204:14346 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:33:25
[LAN access from remote] from 86.133.143.76:22561 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:32:16
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:32:06
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:31:58
[LAN access from remote] from 180.245.15.76:25938 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:31:03
[LAN access from remote] from 78.101.143.76:21252 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:30:06
[LAN access from remote] from 2.61.15.76:42176 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:29:33
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:27:37
[LAN access from remote] from 2.229.175.76:48493 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:27:31
[DHCP IP: (192.168.1.5)] to MAC address CC:3A:61:05:77:41, Saturday, Apr 05,2014 13:26:56
[LAN access from remote] from 202.5.143.184:28127 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:26:44
[LAN access from remote] from 212.13.15.204:51578 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:25:48
[LAN access from remote] from 88.229.111.204:33487 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:24:39
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:24:13
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:21:44
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:20:27
[LAN access from remote] from 186.45.175.204:14346 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:19:46
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:18:15
[LAN access from remote] from 178.77.15.204:34914 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:16:29
[LAN access from remote] from 180.245.15.76:25938 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:16:05
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:15:40
[LAN access from remote] from 2.61.15.76:42176 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:15:08
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:12:24
[LAN access from remote] from 2.229.175.76:1828 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:12:14
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:09:21
[LAN access from remote] from 212.13.15.204:51578 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:08:16
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:06:31
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:06:02
[LAN access from remote] from 186.45.175.204:14346 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:05:58
[LAN access from remote] from 74.69.239.76:6881 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:04:12
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:03:51
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:02:05
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:00:59
[LAN access from remote] from 2.61.15.76:42176 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:00:51
[LAN access from remote] from 180.245.15.76:25938 to 192.168.1.9:6881 Saturday, Apr 05,2014 13:00:20
[LAN access from remote] from 88.229.111.204:33487 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:58:39
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:58:31
[LAN access from remote] from 2.229.175.76:48493 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:56:09
[LAN access from remote] from 92.37.79.204:37671 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:52:21
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:51:31
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:50:54
[LAN access from remote] from 190.245.47.204:61347 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:48:50
[LAN access from remote] from 94.69.47.204:36438 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:47:29
[LAN access from remote] from 2.61.15.76:42176 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:47:19
[LAN access from remote] from 46.165.15.76:60908 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:47:04
[LAN access from remote] from 68.229.15.204:26194 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:44:55
[LAN access from remote] from 46.237.111.204:11073 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:44:46
[LAN access from remote] from 2.229.175.76:48493 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:41:57
[LAN access from remote] from 24.53.47.204:35980 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:38:43
[LAN access from remote] from 158.181.143.204:18927 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:38:32
[LAN access from remote] from 186.45.175.76:28639 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:37:22
[LAN access from remote] from 187.234.231.126:60051 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:36:47
[LAN access from remote] from 187.234.231.126:21152 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:36:47
[LAN access from remote] from 98.165.79.204:18275 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:36:37
[LAN access from remote] from 212.13.15.204:51578 to 192.168.1.9:6881 Saturday, Apr 05,2014 12:36:36


#7 manny_g

manny_g
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 05 April 2014 - 09:26 PM

Is it possible that our phones are getting this virus(es)
My phone is getting pop ups to! This is from my phone so far browser:
Site Blocked!

This web page at ad.leadboltads.net has been blocked by Bluhell Firewall

While it might be harmless, we prevented you from accessing this page as part of our active protection. If you trust that domain, click "Allow" to go straight to the page.

However, keep in mind that even a safe-looking domain could hide a potentially harmful website using Click-through techniques behind it.

#8 manny_g

manny_g
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 05 April 2014 - 10:02 PM

pc2(wifes laptop) dds log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16540  BrowserJavaVersion: 10.51.2
Run by Liz at 21:56:52 on 2014-04-05
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4062.1922 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\nvvsvc.exe
C:\Windows\system32\vfsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe
C:\windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\SysWOW64\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\WUDFHost.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\windows\WindowsMobile\wmdSync.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\windows\ehome\ehtray.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Users\Liz\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Multimedia Card Reader\readericon10.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\splwow64.exe
C:\windows\System32\mobsync.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ehTray.exe] C:\windows\ehome\ehTray.exe
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe
mRun: [readericon10] C:\Program Files (x86)\Multimedia Card Reader\readericon10.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
mRun: [BrStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Liz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Liz\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Liz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~2.LNK - C:\windows\System32\RunDll32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001051-0002-0051-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
Trusted Zone: remititonline.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{22549689-761C-4592-9D6F-0C367735CD9F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6A17FA6C-3DAB-4BCB-AA6B-69B9BFE2C5BB} : DHCPNameServer = 192.168.1.1
LSA: Notification Packages =  scecli DPPWDFLT
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb
x64-BHO: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
x64-Run: [Windows Mobile-based device management] C:\windows\WindowsMobile\wmdSync.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-7-23 27632]
R2 AESTFilters;Andrea ST Filters Service;C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe [2009-2-12 89600]
R2 FontCache;Windows Font Cache Service;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2008-3-18 30520]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-8-30 133928]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\windows\SMINST\BLService.exe [2008-9-3 361808]
R2 vfsFPService;Validity Fingerprint Service;C:\windows\System32\vfsFPService.exe [2008-8-24 719152]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-9-3 227896]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\NETw5v64.sys [2008-11-17 4751360]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 vfs101a;vfs101a;C:\windows\System32\drivers\vfs101a.sys [2008-9-3 49968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 sbupdate;SentryBay Update Service (sbupdate);C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe [2013-3-24 138600]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\b57nd60a.sys [2008-1-20 214016]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-3-7 266240]
S3 PerfHost;Performance Counter DLL Host;C:\windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Point64;Microsoft IntelliPoint Filter Driver;C:\windows\System32\drivers\point64k.sys [2008-6-10 36424]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-5 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-03-18 08:00:56 90015360 ----a-w- C:\windows\System32\mrt.exe
2014-03-12 15:30:58 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 15:30:57 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 14:52:30 133928 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2014-02-23 07:12:29 17847808 ----a-w- C:\windows\System32\mshtml.dll
2014-02-23 06:54:58 2334720 ----a-w- C:\windows\System32\jscript9.dll
2014-02-23 06:52:45 10926592 ----a-w- C:\windows\System32\ieframe.dll
2014-02-23 06:48:43 1347072 ----a-w- C:\windows\System32\urlmon.dll
2014-02-23 06:48:31 1392128 ----a-w- C:\windows\System32\wininet.dll
2014-02-23 06:46:42 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2014-02-23 06:46:20 237056 ----a-w- C:\windows\System32\url.dll
2014-02-23 06:46:08 86016 ----a-w- C:\windows\System32\jsproxy.dll
2014-02-23 06:45:36 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2014-02-23 06:45:32 816640 ----a-w- C:\windows\System32\jscript.dll
2014-02-23 06:45:27 599040 ----a-w- C:\windows\System32\vbscript.dll
2014-02-23 06:44:57 729088 ----a-w- C:\windows\System32\msfeeds.dll
2014-02-23 06:44:57 2147840 ----a-w- C:\windows\System32\iertutil.dll
2014-02-23 06:44:14 96768 ----a-w- C:\windows\System32\mshtmled.dll
2014-02-23 06:44:02 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2014-02-23 06:43:22 248320 ----a-w- C:\windows\System32\ieui.dll
2014-02-23 05:50:22 12347904 ----a-w- C:\windows\SysWow64\mshtml.dll
2014-02-23 05:47:19 1806848 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-02-23 05:43:55 9739264 ----a-w- C:\windows\SysWow64\ieframe.dll
2014-02-23 05:41:03 1105408 ----a-w- C:\windows\SysWow64\urlmon.dll
2014-02-23 05:40:18 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-23 05:39:28 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-02-23 05:38:15 231936 ----a-w- C:\windows\SysWow64\url.dll
2014-02-23 05:38:08 65536 ----a-w- C:\windows\SysWow64\jsproxy.dll
2014-02-23 05:38:08 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-02-23 05:37:49 421376 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-02-23 05:37:28 717824 ----a-w- C:\windows\SysWow64\jscript.dll
2014-02-23 05:37:12 607744 ----a-w- C:\windows\SysWow64\msfeeds.dll
2014-02-23 05:37:09 1796096 ----a-w- C:\windows\SysWow64\iertutil.dll
2014-02-23 05:36:31 73216 ----a-w- C:\windows\SysWow64\mshtmled.dll
2014-02-23 05:36:22 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-02-23 05:35:49 176640 ----a-w- C:\windows\SysWow64\ieui.dll
2014-02-07 12:11:49 2776064 ----a-w- C:\windows\System32\win32k.sys
2014-02-03 13:20:59 619008 ----a-w- C:\windows\System32\qedit.dll
2014-02-03 10:37:54 505344 ----a-w- C:\windows\SysWow64\qedit.dll
2014-01-30 10:12:47 1111040 ----a-w- C:\windows\System32\wer.dll
2014-01-30 07:46:58 876032 ----a-w- C:\windows\SysWow64\wer.dll
2014-01-25 06:19:42 268512 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2014-01-19 07:33:29 270496 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 21:57:26.87 ===============
 

Attached Files



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 06 April 2014 - 05:35 AM


Hello manny_g

With the phones does it happen when you are on Wifi? It could be the router. we will look into that soon.

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 manny_g

manny_g
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 06 April 2014 - 05:17 PM

I tried to run combofix but I got an error message posted below. For a while  I had no pop up ads but then I accidentally opened IE and got a pop up right away and also started getting them on chrome again. Now Im getting the ads like before.

wqzv.jpg

Finally Should I start a new thread for the other computer?


Edited by manny_g, 06 April 2014 - 05:18 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 07 April 2014 - 07:45 AM




I would like to know how the computer is doing at this time and I would like you to rerun FRST for me and send me a new report

If you cannot find it here is the link again.

Please download the Farbar Recovery Scan Tool from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ - Click on the BLUE download buttons only - ( The GREEN ones are ads)

save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it.
When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run.

Please attach that log to your reply.
The first time the tool is run, it makes a second log (Addition.txt).
Please attach that to your reply as well
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 manny_g

manny_g
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 07 April 2014 - 09:04 PM

Hi,

I am still getting the popup adds as before and it seems to be running slowly

I ran the tool requested and it had the same error as before "Aut2exe has stopped working..."

Here is the log produced.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Manny (administrator) on FAMCOMP on 07-04-2014 20:53:18
Running from C:\Users\Manny\Desktop
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Hewlett-Packard Company) C:\WINDOWS\system32\Hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\setup.exe
(Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
(Microsoft Corporation) C:\WINDOWS\system32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7165000 2014-02-25] (Realtek Semiconductor)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-04-10] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HPMessageService] - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3770770867-57313021-3667514125-1001\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-3770770867-57313021-3667514125-1001\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-05] (CyberLink Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {A70BD46B-04B3-4304-AE3C-9C7E510115B6} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {A70BD46B-04B3-4304-AE3C-9C7E510115B6} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Manny\AppData\Roaming\Mozilla\Firefox\Profiles\46u4veo4.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: hp.com/HPDetect - C:\Users\Manny\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: DownThemAll! - C:\Users\Manny\AppData\Roaming\Mozilla\Firefox\Profiles\46u4veo4.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-03-10]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-04]
CHR Extension: (Google Drive) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-04]
CHR Extension: (YouTube) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-04]
CHR Extension: (Learn States and Capitals) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdblkfkcegbngjbibiefbjbeofmbgonk [2014-03-02]
CHR Extension: (Google Search) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-04]
CHR Extension: (PDF To Word DOCS) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\dipenbigkfkmchjhdcjldgmacpedblgd [2014-03-02]
CHR Extension: (Facebook news) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\edoadhjjfgeniilpmnoaddaihjkkhheb [2014-03-02]
CHR Extension: (Pandora) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-03-02]
CHR Extension: (CloudConvert) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2014-03-02]
CHR Extension: (PDF Mergy) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-03-02]
CHR Extension: (Cloud Reader) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-03-02]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-03-02]
CHR Extension: (Coloring Pages) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhcehgkaccjiljllpejjekibagmonki [2014-03-02]
CHR Extension: (Dropbox) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-03-02]
CHR Extension: (Google Play) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-03-02]
CHR Extension: (OneDrive) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-04]
CHR Extension: (PDFUnlock!) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekfhmblhhfgekoainaoplcaemmfdpmd [2014-03-02]
CHR Extension: (Outlook.com) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-03-02]
CHR Extension: (Gmail) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-04]



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 08 April 2014 - 07:46 AM


Hello manny_g

It looks like it is freezing up on chrome so I would like you to to this for chrome and then rerun FRST once more and lets see if it will give us a complete report

We need to reset Chrome back to defaults to completely clear out what is going on.

We can keep the bookmarks by exporting them - Export Bookmarks


Then I need you to go Google Sync and sign into your account

scroll down untill you see the "Stop and Clear" button and click on button

At the prompt click on "Ok"

Now we need to uninstall chrome

I want you to uninstall Chrome and if asked about user data or settings then remove this also

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

After you have Chrome reinstalled please check things out and let me know how it is doing.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 manny_g

manny_g
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 08 April 2014 - 08:00 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Manny (administrator) on FAMCOMP on 08-04-2014 19:46:06
Running from C:\Users\Manny\Desktop
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Hewlett-Packard Company) C:\WINDOWS\system32\Hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7165000 2014-02-25] (Realtek Semiconductor)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-04-10] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HPMessageService] - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3770770867-57313021-3667514125-1001\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-3770770867-57313021-3667514125-1001\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-05] (CyberLink Corp.)
HKU\S-1-5-21-3770770867-57313021-3667514125-1001\...\Run: [GoogleChromeAutoLaunch_567BAEBF8C6EDB354229E59CBF8627E7] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-01] (Google Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {A70BD46B-04B3-4304-AE3C-9C7E510115B6} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {A70BD46B-04B3-4304-AE3C-9C7E510115B6} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Manny\AppData\Roaming\Mozilla\Firefox\Profiles\46u4veo4.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: hp.com/HPDetect - C:\Users\Manny\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: DownThemAll! - C:\Users\Manny\AppData\Roaming\Mozilla\Firefox\Profiles\46u4veo4.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-03-10]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-08]
CHR Extension: (Google Drive) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-08]
CHR Extension: (YouTube) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-08]
CHR Extension: (Google Search) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-08]
CHR Extension: (Google Wallet) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-08]
CHR Extension: (Gmail) - C:\Users\Manny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-08]

==================== Services (Whitelisted) =================

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-03-06] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-03-21] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-20] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-27] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U5 AppMgmt; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-02-27] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-03-21] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-03-21] (Realtek Semiconductor Corporation                           )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-02-27] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-03-21] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-08 19:44 - 2014-04-08 19:44 - 00002242 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-08 19:36 - 2014-04-08 19:36 - 00001247 _____ () C:\Users\Manny\Desktop\Revo Uninstaller.lnk
2014-04-08 19:36 - 2014-04-08 19:36 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-08 19:24 - 2014-04-08 19:24 - 00015130 _____ () C:\Users\Manny\Desktop\CHROMEbookmarks_4_8_14.html
2014-04-07 20:55 - 2014-04-07 20:55 - 00016369 _____ () C:\Users\Manny\Desktop\FRST1.txt
2014-04-07 20:45 - 2014-04-07 20:45 - 02157056 _____ (Farbar) C:\Users\Manny\Desktop\FRST64.exe
2014-04-07 20:45 - 2014-04-07 20:45 - 01145856 _____ (Farbar) C:\Users\Manny\Desktop\FRST.exe
2014-04-07 20:43 - 2014-04-08 19:46 - 00019282 _____ () C:\Users\Manny\Desktop\FRST.txt
2014-04-07 20:37 - 2014-04-07 20:37 - 02157056 _____ (Farbar) C:\Users\Manny\Desktop\FRST642.exe
2014-04-06 09:53 - 2014-04-06 09:53 - 04911911 _____ () C:\Users\Manny\Desktop\combofix error.psd
2014-04-06 09:49 - 2014-04-06 11:59 - 00000000 ___SD () C:\32788R22FWJFW
2014-04-06 09:49 - 2014-04-06 09:49 - 00000000 ____D () C:\WINDOWS\erdnt
2014-04-06 09:41 - 2014-04-06 11:58 - 05195663 ____R (Swearware) C:\Users\Manny\Desktop\ComboFix.exe
2014-04-05 20:42 - 2014-04-05 20:42 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-05 20:23 - 2014-04-05 20:37 - 00000000 ____D () C:\AdwCleaner
2014-04-05 20:12 - 2014-04-05 20:12 - 00001004 _____ () C:\Users\Manny\Desktop\Documents.lnk
2014-04-05 20:07 - 2014-04-05 20:07 - 01038974 _____ (Thisisu) C:\Users\Manny\Desktop\JRT.exe
2014-04-05 20:06 - 2014-04-05 20:06 - 01426178 _____ () C:\Users\Manny\Desktop\AdwCleaner.exe
2014-04-05 19:51 - 2014-04-05 19:51 - 00001342 _____ () C:\Users\Manny\Downloads\directions 4 5 14.txt
2014-04-05 14:29 - 2014-04-05 14:35 - 00017341 _____ () C:\Users\Manny\Downloads\FRST.txt
2014-04-05 14:28 - 2014-04-05 14:29 - 00000000 ____D () C:\FRST
2014-04-05 14:28 - 2014-04-05 14:28 - 02157056 _____ (Farbar) C:\Users\Manny\Downloads\FRST64.exe
2014-04-04 09:54 - 2014-04-04 09:52 - 00688992 _____ (Swearware) C:\Users\Manny\Desktop\dds.com
2014-03-26 21:34 - 2014-03-26 21:34 - 00000000 ____D () C:\Users\Manny\AppData\Roaming\Oracle
2014-03-26 21:33 - 2014-03-26 21:33 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-03-26 21:33 - 2014-03-26 21:33 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-03-26 21:33 - 2014-03-26 21:33 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-03-26 21:33 - 2014-03-26 21:33 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-03-23 10:11 - 2014-03-23 10:11 - 00000000 ____D () C:\Users\Manny\AppData\Roaming\WTablet
2014-03-23 10:11 - 2014-03-23 10:11 - 00000000 ____D () C:\Program Files\TabletPlugins
2014-03-23 10:11 - 2014-03-23 10:11 - 00000000 ____D () C:\Program Files\Tablet
2014-03-23 10:11 - 2014-03-23 10:11 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2014-03-23 10:11 - 2014-01-13 11:24 - 01913624 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Pen_Tablet.dll
2014-03-23 10:11 - 2014-01-13 11:24 - 01906968 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Pen_Touch_Tablet.dll
2014-03-23 10:11 - 2014-01-13 11:24 - 01780504 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomMT.dll
2014-03-23 10:11 - 2014-01-13 11:24 - 01778968 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wintab32.dll
2014-03-23 10:11 - 2014-01-13 11:24 - 01551640 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Pen_Tablet.dll
2014-03-23 10:11 - 2014-01-13 11:24 - 01544472 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Pen_Touch_Tablet.dll
2014-03-23 10:11 - 2014-01-13 11:24 - 01432344 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\WacomMT.dll
2014-03-23 10:11 - 2014-01-13 11:24 - 01428248 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wintab32.dll
2014-03-23 10:11 - 2013-11-11 19:16 - 00090424 _____ (Wacom Technology) C:\WINDOWS\system32\Drivers\wachidrouter.sys
2014-03-23 10:11 - 2013-11-11 19:16 - 00015160 _____ (Wacom Technology) C:\WINDOWS\system32\Drivers\wacomrouterfilter.sys
2014-03-23 10:11 - 2013-11-11 19:16 - 00014136 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\hidkmdf.sys
2014-03-23 10:11 - 2012-04-11 17:34 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfcoinstaller01009.dll
2014-03-21 06:08 - 2014-03-21 06:08 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-03-21 06:08 - 2014-03-21 06:08 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2014-03-21 06:07 - 2014-03-21 06:08 - 00006762 _____ () C:\WINDOWS\DPINST.LOG
2014-03-21 06:07 - 2014-03-21 06:08 - 00001332 _____ () C:\WINDOWS\Synaptics.log
2014-03-21 06:06 - 2014-03-21 06:05 - 00722160 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2014-03-21 06:06 - 2014-03-21 06:05 - 00524016 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2014-03-21 06:06 - 2014-03-21 06:05 - 00421616 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo19.dll
2014-03-21 06:06 - 2014-03-21 06:05 - 00400112 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2014-03-21 06:06 - 2014-03-21 06:05 - 00251632 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2014-03-21 06:06 - 2014-03-21 06:05 - 00169712 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynTPCom.dll
2014-03-21 06:06 - 2014-03-21 06:05 - 00034544 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2014-03-21 06:03 - 2014-03-21 06:03 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-03-21 06:01 - 2014-03-21 06:08 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-03-21 06:00 - 2014-03-21 06:00 - 00830680 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2014-03-21 06:00 - 2014-03-21 06:00 - 00074456 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2014-03-21 05:57 - 2014-03-21 05:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-03-21 05:57 - 2014-03-21 05:56 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2014-03-21 05:57 - 2014-03-21 05:56 - 00099288 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverx64.sys
2014-03-19 16:30 - 2014-02-22 07:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-19 16:30 - 2014-02-22 06:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-18 16:02 - 2014-01-07 20:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-03-18 16:02 - 2014-01-07 20:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-03-18 16:02 - 2014-01-07 20:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-03-18 16:02 - 2014-01-04 10:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-03-18 16:02 - 2014-01-04 10:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-03-18 16:02 - 2014-01-04 09:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-03-18 16:02 - 2014-01-04 08:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-03-18 16:02 - 2014-01-02 18:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-03-18 16:02 - 2014-01-02 18:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-03-18 16:02 - 2013-12-31 20:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-03-18 16:02 - 2013-12-31 20:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-03-18 16:02 - 2013-12-31 19:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-03-18 16:02 - 2013-12-31 19:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-03-18 16:02 - 2013-12-31 18:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-03-18 16:02 - 2013-12-31 18:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-03-18 16:02 - 2013-12-31 18:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-03-18 16:02 - 2013-12-30 18:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-03-18 16:02 - 2013-12-30 18:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-03-18 16:02 - 2013-12-30 18:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-03-18 16:02 - 2013-12-30 18:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-03-18 16:02 - 2013-12-30 18:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-03-18 16:02 - 2013-12-27 10:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-03-18 16:02 - 2013-12-27 03:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-03-18 16:02 - 2013-12-27 03:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-03-18 16:02 - 2013-12-27 03:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-03-18 16:02 - 2013-12-27 02:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-03-18 16:02 - 2013-12-27 02:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-03-18 16:02 - 2013-12-27 01:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-03-18 16:02 - 2013-12-21 02:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-03-18 16:02 - 2013-12-17 02:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-03-18 16:02 - 2013-12-14 01:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-03-18 16:02 - 2013-12-14 01:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-03-18 16:02 - 2013-12-13 05:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-03-18 16:02 - 2013-12-13 01:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-03-18 16:02 - 2013-12-13 00:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-03-18 16:02 - 2013-12-09 03:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-18 16:02 - 2013-12-08 23:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-17 23:04 - 2014-03-18 00:10 - 00000000 ____D () C:\Users\Manny\Documents\OLD HP Lap Top
2014-03-14 21:27 - 2014-03-14 21:27 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-03-13 22:48 - 2013-10-30 19:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-13 22:48 - 2013-10-30 19:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-13 22:48 - 2013-10-30 19:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-13 21:02 - 2014-02-10 22:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-13 21:01 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-13 21:01 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-13 21:01 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-13 21:01 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-13 21:01 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-13 21:01 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-13 21:01 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-13 21:01 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-13 21:01 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-13 21:01 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-13 21:01 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-13 21:01 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-13 21:01 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-13 21:01 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-13 21:01 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-13 21:01 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-13 21:01 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-13 21:01 - 2014-02-10 21:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-13 21:01 - 2014-02-10 21:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-13 21:01 - 2014-01-31 11:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-13 21:01 - 2014-01-31 11:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-13 21:01 - 2014-01-31 11:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-13 21:01 - 2014-01-31 08:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-13 21:01 - 2014-01-31 04:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-13 21:01 - 2014-01-29 04:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-13 21:01 - 2014-01-29 03:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-13 21:01 - 2014-01-29 03:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-13 21:01 - 2014-01-29 03:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-13 21:01 - 2014-01-29 03:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-13 21:01 - 2014-01-29 02:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-13 21:01 - 2014-01-29 02:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-13 21:01 - 2014-01-29 02:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-13 21:01 - 2014-01-29 01:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-13 21:01 - 2014-01-28 19:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-13 21:01 - 2014-01-27 14:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-13 21:01 - 2014-01-27 14:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-13 21:01 - 2014-01-27 14:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-13 21:01 - 2014-01-27 13:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-13 21:01 - 2014-01-27 13:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-13 21:01 - 2014-01-27 13:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-13 21:01 - 2014-01-27 13:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-13 21:01 - 2014-01-27 13:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-13 21:01 - 2014-01-27 12:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-13 21:01 - 2014-01-27 12:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-13 21:01 - 2014-01-27 12:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-13 21:01 - 2014-01-27 10:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-13 21:01 - 2014-01-27 10:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-13 21:01 - 2014-01-27 06:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-13 21:01 - 2014-01-17 18:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-13 21:01 - 2014-01-17 16:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-13 21:01 - 2013-12-21 09:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-13 21:01 - 2013-12-21 03:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-13 21:01 - 2013-12-20 05:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-13 21:01 - 2013-12-20 05:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-12 02:23 - 2014-03-12 02:23 - 00000000 ____D () C:\Users\Manny\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-03-12 01:42 - 2014-03-12 01:42 - 00000000 ____D () C:\Program Files\Adobe
2014-03-12 01:39 - 2014-03-12 01:39 - 00000000 ____D () C:\ProgramData\ALM
2014-03-12 01:38 - 2008-04-07 05:38 - 00051032 ____R (Adobe Systems Inc) C:\WINDOWS\system32\AdobePDF.dll
2014-03-12 01:38 - 2008-04-07 05:38 - 00024416 ____R (Adobe Systems Inc.) C:\WINDOWS\system32\AdobePDFUI.dll
2014-03-12 01:32 - 2014-03-12 01:32 - 00000000 ____D () C:\WINDOWS\SysWOW64\spool
2014-03-12 01:31 - 2014-03-12 01:31 - 00000000 ____D () C:\Program Files (x86)\Adobe Media Player
2014-03-12 01:30 - 2014-03-12 01:44 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-12 01:30 - 2014-03-12 01:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-12 01:30 - 2014-03-12 01:30 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-03-12 00:55 - 2014-03-12 00:55 - 00000000 ____D () C:\Users\Manny\Desktop\Adobe CS5 Design Premium
2014-03-12 00:55 - 2014-03-12 00:55 - 00000000 ____D () C:\Users\Manny\Desktop\Adobe CS4
2014-03-11 18:45 - 2014-03-11 18:45 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-03-11 18:45 - 2014-03-11 18:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-03-10 21:38 - 2014-03-10 21:38 - 00000000 ____D () C:\Users\Manny\AppData\Local\Macromedia
2014-03-10 21:04 - 2014-03-10 21:04 - 00000000 ____D () C:\Users\Manny\AppData\Roaming\Mozilla
2014-03-10 21:04 - 2014-03-10 21:04 - 00000000 ____D () C:\Users\Manny\AppData\Local\Mozilla
2014-03-10 21:04 - 2014-03-10 21:04 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-10 21:04 - 2014-03-10 21:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-10 21:03 - 2014-03-10 21:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-09 14:36 - 2014-03-09 14:36 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-03-09 14:36 - 2014-03-09 14:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-03-09 14:36 - 2014-03-09 14:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-03-09 14:35 - 2014-03-09 14:35 - 00000000 ____D () C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-03-09 14:34 - 2014-03-09 14:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-03-09 14:33 - 2014-03-13 22:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-09 14:33 - 2014-03-09 14:33 - 00000000 __RHD () C:\MSOCache
2014-03-09 14:33 - 2014-03-09 14:33 - 00000000 ____D () C:\Users\Manny\AppData\Local\Microsoft Help
2014-03-09 14:33 - 2014-03-09 14:33 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-09 14:33 - 2014-03-09 14:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services

==================== One Month Modified Files and Folders =======

2014-04-08 19:46 - 2014-04-07 20:43 - 00019282 _____ () C:\Users\Manny\Desktop\FRST.txt
2014-04-08 19:44 - 2014-04-08 19:44 - 00002242 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-08 19:44 - 2014-01-04 17:25 - 00000000 ____D () C:\Users\Manny\AppData\Local\Google
2014-04-08 19:44 - 2014-01-04 17:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-08 19:42 - 2014-02-27 07:07 - 00000000 __RDO () C:\Users\Manny\SkyDrive
2014-04-08 19:42 - 2014-01-04 17:25 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 19:40 - 2014-02-27 02:43 - 00000000 ____D () C:\Users\Manny
2014-04-08 19:37 - 2013-12-25 05:04 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3770770867-57313021-3667514125-1001
2014-04-08 19:36 - 2014-04-08 19:36 - 00001247 _____ () C:\Users\Manny\Desktop\Revo Uninstaller.lnk
2014-04-08 19:36 - 2014-04-08 19:36 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-08 19:35 - 2014-03-03 21:50 - 01731961 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-08 19:24 - 2014-04-08 19:24 - 00015130 _____ () C:\Users\Manny\Desktop\CHROMEbookmarks_4_8_14.html
2014-04-08 19:24 - 2013-12-25 04:58 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E97311FB-2D98-4BBC-B63A-4D8AD077583E}
2014-04-08 19:24 - 2013-11-14 02:28 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-08 19:24 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-08 19:19 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-08 19:17 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-07 23:47 - 2014-01-04 17:25 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 20:55 - 2014-04-07 20:55 - 00016369 _____ () C:\Users\Manny\Desktop\FRST1.txt
2014-04-07 20:48 - 2014-03-08 00:56 - 00000348 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForManny.job
2014-04-07 20:48 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-07 20:45 - 2014-04-07 20:45 - 02157056 _____ (Farbar) C:\Users\Manny\Desktop\FRST64.exe
2014-04-07 20:45 - 2014-04-07 20:45 - 01145856 _____ (Farbar) C:\Users\Manny\Desktop\FRST.exe
2014-04-07 20:37 - 2014-04-07 20:37 - 02157056 _____ (Farbar) C:\Users\Manny\Desktop\FRST642.exe
2014-04-06 11:59 - 2014-04-06 09:49 - 00000000 ___SD () C:\32788R22FWJFW
2014-04-06 11:58 - 2014-04-06 09:41 - 05195663 ____R (Swearware) C:\Users\Manny\Desktop\ComboFix.exe
2014-04-06 09:53 - 2014-04-06 09:53 - 04911911 _____ () C:\Users\Manny\Desktop\combofix error.psd
2014-04-06 09:49 - 2014-04-06 09:49 - 00000000 ____D () C:\WINDOWS\erdnt
2014-04-05 20:44 - 2014-03-08 00:56 - 00003162 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForManny
2014-04-05 20:42 - 2014-04-05 20:42 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-05 20:37 - 2014-04-05 20:23 - 00000000 ____D () C:\AdwCleaner
2014-04-05 20:12 - 2014-04-05 20:12 - 00001004 _____ () C:\Users\Manny\Desktop\Documents.lnk
2014-04-05 20:07 - 2014-04-05 20:07 - 01038974 _____ (Thisisu) C:\Users\Manny\Desktop\JRT.exe
2014-04-05 20:06 - 2014-04-05 20:06 - 01426178 _____ () C:\Users\Manny\Desktop\AdwCleaner.exe
2014-04-05 19:51 - 2014-04-05 19:51 - 00001342 _____ () C:\Users\Manny\Downloads\directions 4 5 14.txt
2014-04-05 19:47 - 2014-03-04 22:05 - 00000000 ____D () C:\Users\Manny\AppData\Local\Adobe
2014-04-05 19:47 - 2013-12-25 04:58 - 00000000 ____D () C:\Users\Manny\AppData\Roaming\Adobe
2014-04-05 14:35 - 2014-04-05 14:29 - 00017341 _____ () C:\Users\Manny\Downloads\FRST.txt
2014-04-05 14:29 - 2014-04-05 14:28 - 00000000 ____D () C:\FRST
2014-04-05 14:28 - 2014-04-05 14:28 - 02157056 _____ (Farbar) C:\Users\Manny\Downloads\FRST64.exe
2014-04-04 09:52 - 2014-04-04 09:54 - 00688992 _____ (Swearware) C:\Users\Manny\Desktop\dds.com
2014-04-04 08:24 - 2014-01-04 17:31 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-04-04 08:23 - 2013-06-19 21:48 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-04-04 08:22 - 2012-08-03 19:02 - 00000000 ____D () C:\SWSetup
2014-04-03 14:23 - 2014-01-04 17:30 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-26 21:42 - 2014-01-04 17:25 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-26 21:42 - 2014-01-04 17:25 - 00003648 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-26 21:34 - 2014-03-26 21:34 - 00000000 ____D () C:\Users\Manny\AppData\Roaming\Oracle
2014-03-26 21:34 - 2014-03-02 14:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-26 21:33 - 2014-03-26 21:33 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-03-26 21:33 - 2014-03-26 21:33 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-03-26 21:33 - 2014-03-26 21:33 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-03-26 21:33 - 2014-03-26 21:33 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-03-23 10:11 - 2014-03-23 10:11 - 00000000 ____D () C:\Users\Manny\AppData\Roaming\WTablet
2014-03-23 10:11 - 2014-03-23 10:11 - 00000000 ____D () C:\Program Files\TabletPlugins
2014-03-23 10:11 - 2014-03-23 10:11 - 00000000 ____D () C:\Program Files\Tablet
2014-03-23 10:11 - 2014-03-23 10:11 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2014-03-23 10:02 - 2014-02-25 23:36 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-21 06:08 - 2014-03-21 06:08 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-03-21 06:08 - 2014-03-21 06:08 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2014-03-21 06:08 - 2014-03-21 06:07 - 00006762 _____ () C:\WINDOWS\DPINST.LOG
2014-03-21 06:08 - 2014-03-21 06:07 - 00001332 _____ () C:\WINDOWS\Synaptics.log
2014-03-21 06:08 - 2014-03-21 06:01 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-03-21 06:08 - 2014-03-08 15:53 - 00003803 _____ () C:\WINDOWS\setupact.log
2014-03-21 06:08 - 2013-06-19 22:29 - 00002990 _____ () C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2014-03-21 06:05 - 2014-03-21 06:06 - 00722160 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2014-03-21 06:05 - 2014-03-21 06:06 - 00524016 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2014-03-21 06:05 - 2014-03-21 06:06 - 00421616 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo19.dll
2014-03-21 06:05 - 2014-03-21 06:06 - 00400112 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2014-03-21 06:05 - 2014-03-21 06:06 - 00251632 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2014-03-21 06:05 - 2014-03-21 06:06 - 00169712 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynTPCom.dll
2014-03-21 06:05 - 2014-03-21 06:06 - 00034544 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2014-03-21 06:03 - 2014-03-21 06:03 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-03-21 06:02 - 2013-08-22 01:57 - 03068120 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlane.sys
2014-03-21 06:02 - 2013-06-19 22:32 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-21 06:00 - 2014-03-21 06:00 - 00830680 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2014-03-21 06:00 - 2014-03-21 06:00 - 00074456 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2014-03-21 05:59 - 2013-06-19 22:30 - 00000000 ____D () C:\Program Files\Intel
2014-03-21 05:57 - 2014-03-21 05:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-03-21 05:56 - 2014-03-21 05:57 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2014-03-21 05:56 - 2014-03-21 05:57 - 00099288 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverx64.sys
2014-03-21 05:56 - 2013-06-19 22:32 - 00016344 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelMEFWVer.dll
2014-03-21 05:53 - 2013-06-19 22:27 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2014-03-19 16:29 - 2013-12-25 04:58 - 00000000 ___RD () C:\Users\Manny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-19 16:29 - 2013-12-25 04:58 - 00000000 ___RD () C:\Users\Manny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-19 06:54 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-19 06:24 - 2014-03-08 16:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 06:24 - 2014-03-08 16:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-19 06:24 - 2014-03-03 22:31 - 00020538 _____ () C:\WINDOWS\PFRO.log
2014-03-19 06:24 - 2013-08-22 09:44 - 03096136 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-19 06:22 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-19 06:22 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 06:22 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 06:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-19 06:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-19 06:01 - 2014-03-01 22:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-19 05:58 - 2014-03-06 05:49 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-18 00:10 - 2014-03-17 23:04 - 00000000 ____D () C:\Users\Manny\Documents\OLD HP Lap Top
2014-03-16 13:17 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-14 21:29 - 2013-12-25 04:55 - 00000000 ____D () C:\Users\Manny\AppData\Local\Packages
2014-03-14 21:27 - 2014-03-14 21:27 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-03-13 22:05 - 2014-03-09 14:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 22:01 - 2013-08-22 08:25 - 00000167 _____ () C:\WINDOWS\win.ini
2014-03-12 02:23 - 2014-03-12 02:23 - 00000000 ____D () C:\Users\Manny\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-03-12 01:44 - 2014-03-12 01:30 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-12 01:43 - 2014-03-12 01:30 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-12 01:42 - 2014-03-12 01:42 - 00000000 ____D () C:\Program Files\Adobe
2014-03-12 01:39 - 2014-03-12 01:39 - 00000000 ____D () C:\ProgramData\ALM
2014-03-12 01:38 - 2014-03-04 22:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-12 01:32 - 2014-03-12 01:32 - 00000000 ____D () C:\WINDOWS\SysWOW64\spool
2014-03-12 01:31 - 2014-03-12 01:31 - 00000000 ____D () C:\Program Files (x86)\Adobe Media Player
2014-03-12 01:30 - 2014-03-12 01:30 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-03-12 00:55 - 2014-03-12 00:55 - 00000000 ____D () C:\Users\Manny\Desktop\Adobe CS5 Design Premium
2014-03-12 00:55 - 2014-03-12 00:55 - 00000000 ____D () C:\Users\Manny\Desktop\Adobe CS4
2014-03-11 18:45 - 2014-03-11 18:45 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-03-11 18:45 - 2014-03-11 18:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-03-10 21:38 - 2014-03-10 21:38 - 00000000 ____D () C:\Users\Manny\AppData\Local\Macromedia
2014-03-10 21:04 - 2014-03-10 21:04 - 00000000 ____D () C:\Users\Manny\AppData\Roaming\Mozilla
2014-03-10 21:04 - 2014-03-10 21:04 - 00000000 ____D () C:\Users\Manny\AppData\Local\Mozilla
2014-03-10 21:04 - 2014-03-10 21:04 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-10 21:04 - 2014-03-10 21:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-10 21:04 - 2014-03-10 21:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-09 14:37 - 2014-02-27 04:25 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-03-09 14:37 - 2013-11-14 02:17 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-03-09 14:36 - 2014-03-09 14:36 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-03-09 14:36 - 2014-03-09 14:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-03-09 14:36 - 2014-03-09 14:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-03-09 14:36 - 2013-06-19 21:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-03-09 14:36 - 2013-06-19 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-09 14:35 - 2014-03-09 14:35 - 00000000 ____D () C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-03-09 14:35 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-09 14:34 - 2014-03-09 14:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-03-09 14:33 - 2014-03-09 14:33 - 00000000 __RHD () C:\MSOCache
2014-03-09 14:33 - 2014-03-09 14:33 - 00000000 ____D () C:\Users\Manny\AppData\Local\Microsoft Help
2014-03-09 14:33 - 2014-03-09 14:33 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-09 14:33 - 2014-03-09 14:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-03-09 14:21 - 2013-12-25 04:55 - 00000000 ____D () C:\Users\Manny\AppData\Local\VirtualStore

Some content of TEMP:
====================
C:\Users\Manny\AppData\Local\Temp\Extract.exe
C:\Users\Manny\AppData\Local\Temp\Quarantine.exe
C:\Users\Manny\AppData\Local\Temp\SP65792.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-13 21:01] - [2014-01-31 11:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02

 

LastRegBack: 2014-04-06 23:22

==================== End Of Log ============================

I will browse the web and see how pop ups do.

Attached Files



#15 manny_g

manny_g
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 08 April 2014 - 08:40 PM

Just an update on the pop up ads. I was doing fine until I tried to log into this forum I clicked on the body of the sign in pop up and got a pop up  add right away. I tried it again to test and every time I click on it I get another popup add. I am sure they have no relation to bleepingcomputers just thought I'd mention it to see if it helps






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users