Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Up and Random Browser Redirect


  • This topic is locked This topic is locked
19 replies to this topic

#1 xilver1

xilver1

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 23 July 2014 - 03:20 PM

Bottom left corner of screen gives pop up ad on many websites but not all. I also get a redirect sometimes when I click links within the browser page. I haven't experienced this with certain sites like Google or Facebook yet. I get it on sites like La Times and USA today crossword just to name a couple.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17207
Run by Farr at 13:02:55 on 2014-07-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1526 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\System32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
Q:\140066.enu\Office14\WINWORDC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\splwow64.exe
Q:\140066.enu\Office14\OffSpon.EXE
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
Q:\140066.enu\Office14\EXCELC.EXE
Q:\140066.enu\Office14\OffSpon.EXE
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [Nvdiai] wscript.exe "C:\Microsoft\lib\inc\xx.js"
uRun: [convient] C:\windows\System32\dcomnify.exe
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{2FCEBC04-233B-4671-8DBD-10526B114412} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{2FCEBC04-233B-4671-8DBD-10526B114412} : DHCPNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{2FCEBC04-233B-4671-8DBD-10526B114412}\859363D453 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{76EC4BC5-BBDF-468C-AFEF-5FDCA81C48EE} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{B55249F9-C298-4D45-97E0-E073B5931BD2} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{B55249F9-C298-4D45-97E0-E073B5931BD2} : DHCPNameServer = 192.168.1.1 68.238.64.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 212.47.195.162 www.google-analytics.com.
Hosts: 212.47.195.162 google-analytics.com.
Hosts: 212.47.195.162 connect.facebook.net.
Hosts: 146.0.75.221 www.google-analytics.com.
Hosts: 146.0.75.221 google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\windows\System32\drivers\avkmgr.sys [2014-7-22 28600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-7-22 430160]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-7-22 430160]
R2 avgntflt;avgntflt;C:\windows\System32\drivers\avgntflt.sys [2014-7-22 117712]
R2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-7-14 141392]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2014-7-18 67584]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-6-9 435032]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-27 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-27 158976]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-2-22 75304]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-12-27 35008]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-12-27 239136]
R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192Ce.sys [2010-12-27 877088]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-12-27 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-1-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-07-22 20:55:08 -------- d-----w- C:\Users\Farr\AppData\Roaming\Avira
2014-07-22 19:45:39 28600 ----a-w- C:\windows\System32\drivers\avkmgr.sys
2014-07-22 19:45:39 117712 ----a-w- C:\windows\System32\drivers\avgntflt.sys
2014-07-22 18:00:04 -------- d-----w- C:\Program Files (x86)\Avira
2014-07-22 18:00:01 -------- d-----w- C:\ProgramData\Avira
2014-07-22 13:45:49 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2ECFBA4-E16D-46BA-960B-C2E2D855836A}\mpengine.dll
2014-07-18 23:15:21 -------- d-----w- C:\Program Files (x86)\ESET
2014-07-18 23:01:24 -------- d-----w- C:\windows\ERUNT
2014-07-18 22:40:03 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-07-18 22:07:43 -------- d-----w- C:\AdwCleaner
2014-07-18 15:58:20 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2014-07-18 15:38:47 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-07-18 15:38:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-18 14:19:08 29160 ----a-w- C:\windows\SysWow64\drivers\TrueSight.sys
2014-07-18 14:19:07 -------- d-----w- C:\ProgramData\RogueKiller
2014-07-18 00:35:43 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-16 19:36:33 -------- d-----w- C:\Users\Farr\AppData\Local\Okkwics
2014-07-16 19:36:06 -------- d-----w- C:\Program Files (x86)\msrtn32
2014-07-16 19:31:25 -------- d-----w- C:\Microsoft__Sdk
2014-07-16 19:29:41 -------- d-----w- C:\microsoft
2014-07-16 19:29:40 -------- d-----w- C:\Program Files (x86)\res_0711
2014-07-16 19:29:35 -------- d-----w- C:\Program Files (x86)\explorer_0711
2014-07-16 18:40:43 -------- d-----w- C:\Users\Farr\AppData\Roaming\serv
2014-07-16 18:40:43 -------- d-----w- C:\ProgramData\Online
2014-07-09 17:16:54 -------- d-sh--w- C:\Users\Farr\AppData\Local\EmieUserList
2014-07-09 17:16:54 -------- d-sh--w- C:\Users\Farr\AppData\Local\EmieSiteList
2014-07-09 13:34:30 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-09 13:34:29 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 13:34:29 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-09 13:34:29 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-09 13:34:29 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 13:34:27 519168 ----a-w- C:\windows\System32\aepdu.dll
2014-07-09 13:34:26 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-07-09 13:29:30 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-07-09 13:29:29 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-07-09 13:29:29 22016 ----a-w- C:\windows\SysWow64\secur32.dll
.
==================== Find3M  ====================
.
2014-07-08 20:54:46 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 20:54:46 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-06-19 01:06:55 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-05-30 08:08:52 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2014-04-25 02:34:59 801280 ----a-w- C:\windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\windows\SysWow64\usp10.dll
.
============= FINISH: 13:04:37.44 ===============
 
 
 
 
 
 
 
 
 
 
 
 
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 28 July 2014 - 08:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 xilver1

xilver1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 29 July 2014 - 04:14 PM

It took a while but it looks the pop ups are still there and I have had a few redirects too. It progressed like this. I opened the browser and went to a site I typically see the pop up and it did not come up the first time so I closed it and reopened it and then it popped up but not like before. I only saw a white outline of where the ad would be and a little red x to close it in the top right corner of the white outline. Inside the outline was transparent. Then the pop ups stopped completely for an hour or so but when they came back they were just like they were before. At this point they are less frequent. They used to pop up every time now it seems random. 

 

 

RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software

 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Farr [Admin rights]
Mode : Remove -- Date : 07/29/2014  07:17:27
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 13 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 68.238.64.12  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 68.238.64.12  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 68.238.64.12  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2FCEBC04-233B-4671-8DBD-10526B114412} | DhcpNameServer : 192.168.1.1 68.238.64.12  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B55249F9-C298-4D45-97E0-E073B5931BD2} | DhcpNameServer : 192.168.1.1 68.238.64.12  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2FCEBC04-233B-4671-8DBD-10526B114412} | DhcpNameServer : 192.168.1.1 68.238.64.12  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B55249F9-C298-4D45-97E0-E073B5931BD2} | DhcpNameServer : 192.168.1.1 68.238.64.12  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2FCEBC04-233B-4671-8DBD-10526B114412} | DhcpNameServer : 192.168.1.1 68.238.64.12  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B55249F9-C298-4D45-97E0-E073B5931BD2} | DhcpNameServer : 192.168.1.1 68.238.64.12  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] f775371b57784f7d98a9f46d6d429d0c
[BSP] b79570121e42348a1a739003ee68f945 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 463437 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 952193024 | Size: 12002 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_07182014_074350.log - RKreport_SCN_07182014_073153.log - RKreport_SCN_07292014_065834.log - RKreport_SCN_07292014_071527.log
 
 
 
 
 
 
# AdwCleaner v3.301 - Report created 29/07/2014 at 08:52:49
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Farr - FARR-PC
# Running from : C:\Users\Farr\Downloads\adwcleaner_3.301.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Farr\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11455 octets] - [18/07/2014 15:39:31]
AdwCleaner[R1].txt - [924 octets] - [29/07/2014 08:49:34]
AdwCleaner[S0].txt - [12340 octets] - [18/07/2014 15:48:56]
AdwCleaner[S1].txt - [846 octets] - [29/07/2014 08:52:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [905 octets] ##########
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Farr (administrator) on FARR-PC on 29-07-2014 09:04:39
Running from C:\Users\Farr\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch 
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-02] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" 
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-4042158811-3756900593-2969682626-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-14] (Google Inc.)
HKU\S-1-5-21-4042158811-3756900593-2969682626-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-4042158811-3756900593-2969682626-1000\...\Run: [Nvdiai] => wscript.exe "C:\Microsoft\lib\inc\xx.js" 
HKU\S-1-5-21-4042158811-3756900593-2969682626-1000\...\Run: [convient] => C:\windows\system32\dcomnify.exe 
HKU\S-1-5-21-4042158811-3756900593-2969682626-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-4042158811-3756900593-2969682626-1000\...\MountPoints2: {2f6a5dd0-2703-11e0-8388-806e6f6e6963} - F:\LaunchU3.exe -a
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
SearchScopes: HKCU - {AD47CB95-B46D-49F3-8CFF-70429477D84F} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.64.12
Tcpip\..\Interfaces\{2FCEBC04-233B-4671-8DBD-10526B114412}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{76EC4BC5-BBDF-468C-AFEF-5FDCA81C48EE}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{B55249F9-C298-4D45-97E0-E073B5931BD2}: [NameServer]8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://www.msn.com/"
CHR DefaultSearchKeyword: ask
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Farr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (TVU Web Player for FireFox) - C:\windows\system32\TVUAx\npTVUAx.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Default Location Class) - C:\Users\Farr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-07-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Farr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Farr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Users\Farr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Avira Browser Safety) - C:\Users\Farr\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-07-22]
CHR Extension: (Google Wallet) - C:\Users\Farr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Farr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKCU\...\Chrome\Extension: [epcjlgbmfbaelfjlpkiklammhmiglfpn] - C:\Users\Farr\AppData\Local\CRE\epcjlgbmfbaelfjlpkiklammhmiglfpn.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [epcjlgbmfbaelfjlpkiklammhmiglfpn] - C:\Users\Farr\AppData\Local\CRE\epcjlgbmfbaelfjlpkiklammhmiglfpn.crx [2011-12-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-02] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-02] (Avira Operations GmbH & Co. KG)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-29 09:04 - 2014-07-29 09:06 - 00019594 _____ () C:\Users\Farr\Desktop\FRST.txt
2014-07-29 09:03 - 2014-07-29 09:04 - 00000000 ____D () C:\FRST
2014-07-29 09:02 - 2014-07-29 09:03 - 02093568 _____ (Farbar) C:\Users\Farr\Desktop\FRST64.exe
2014-07-29 09:00 - 2014-07-29 09:00 - 00000984 _____ () C:\Users\Farr\Desktop\AdwCleaner[S1].txt
2014-07-29 07:23 - 2014-07-29 07:23 - 01365551 _____ () C:\Users\Farr\Desktop\adwcleaner_3.301.exe
2014-07-29 07:18 - 2014-07-29 07:18 - 00003696 _____ () C:\Users\Farr\Desktop\RKreport_DEL_07292014_071727.log
2014-07-29 06:46 - 2014-07-29 06:49 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-07-29 06:44 - 2014-07-29 06:45 - 05379160 _____ () C:\Users\Farr\Desktop\RogueKillerX64.exe
2014-07-26 10:29 - 2014-07-26 10:29 - 26285915 _____ () C:\Users\Farr\Desktop\Good Vibes.zip
2014-07-26 10:27 - 2014-07-26 10:27 - 21841580 _____ () C:\Users\Farr\Desktop\My Shame T2.wav
2014-07-26 10:25 - 2014-07-26 10:25 - 33914924 _____ () C:\Users\Farr\Desktop\Good Vibes.wav
2014-07-24 07:40 - 2014-07-24 07:40 - 00001899 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-24 07:40 - 2014-07-24 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-24 07:32 - 2014-07-24 07:32 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-07-23 13:04 - 2014-07-23 13:04 - 00021335 _____ () C:\Users\Farr\Desktop\dds.txt
2014-07-23 13:04 - 2014-07-23 13:04 - 00006255 _____ () C:\Users\Farr\Desktop\attach.txt
2014-07-22 13:55 - 2014-07-22 13:55 - 00000000 ____D () C:\Users\Farr\AppData\Roaming\Avira
2014-07-22 12:45 - 2014-07-02 13:06 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-07-22 12:45 - 2014-07-02 13:06 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-07-22 12:45 - 2014-07-02 13:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-07-22 12:20 - 2014-07-22 12:21 - 04430600 _____ (Avira Operations GmbH & Co. KG) C:\Users\Farr\Downloads\avira_en_av_39502119_m7o2b91xtb31l6msxv2h_wd.exe
2014-07-22 11:00 - 2014-07-22 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-22 11:00 - 2014-07-22 12:45 - 00000000 ____D () C:\ProgramData\Avira
2014-07-22 11:00 - 2014-07-22 12:45 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-22 11:00 - 2014-07-22 12:21 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-22 10:58 - 2014-07-22 10:59 - 04430600 _____ (Avira Operations GmbH & Co. KG) C:\Users\Farr\Downloads\avira_en_av___ws2.exe
2014-07-19 07:16 - 2014-07-19 07:17 - 00448512 _____ (OldTimer Tools) C:\Users\Farr\Desktop\TFC.exe
2014-07-19 07:11 - 2014-07-19 07:11 - 00991232 _____ () C:\Users\Farr\Downloads\MicrosoftFixit50267.msi
2014-07-18 16:15 - 2014-07-18 16:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-18 16:12 - 2014-07-18 16:15 - 02347384 _____ (ESET) C:\Users\Farr\Downloads\esetsmartinstaller_enu.exe
2014-07-18 16:01 - 2014-07-18 16:01 - 00000000 ____D () C:\windows\ERUNT
2014-07-18 15:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-18 15:08 - 2014-07-18 15:08 - 01016261 _____ (Thisisu) C:\Users\Farr\Desktop\JRT.exe
2014-07-18 15:07 - 2014-07-29 08:53 - 00000000 ____D () C:\AdwCleaner
2014-07-18 15:04 - 2014-07-18 15:04 - 00000085 _____ () C:\windows\wininit.ini
2014-07-18 14:59 - 2014-07-18 14:59 - 04161313 _____ () C:\Users\Farr\Downloads\tdsskiller.zip
2014-07-18 14:50 - 2014-07-18 14:50 - 00401920 _____ (Farbar) C:\Users\Farr\Desktop\MiniToolBox.exe
2014-07-18 12:05 - 2014-07-18 12:05 - 00688992 ____R (Swearware) C:\Users\Farr\Desktop\dds.com
2014-07-18 08:58 - 2014-07-18 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-18 08:58 - 2014-07-18 08:58 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-18 08:39 - 2014-07-18 08:39 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-07-18 08:38 - 2014-07-18 15:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-18 08:38 - 2014-07-18 15:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-18 08:09 - 2014-07-18 08:09 - 00854390 ____N () C:\Users\Farr\Desktop\SecurityCheck.exe
2014-07-18 07:19 - 2014-07-18 07:19 - 00029160 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys
2014-07-18 07:19 - 2014-07-18 07:19 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-17 17:35 - 2014-07-17 17:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 13:27 - 2014-07-16 13:27 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-07-16 13:27 - 2014-07-16 13:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-07-16 12:52 - 2014-07-16 12:52 - 00000000 ____D () C:\windows\Sun
2014-07-16 12:36 - 2014-07-18 19:19 - 00000000 ____D () C:\Users\Farr\AppData\Local\Okkwics
2014-07-16 12:36 - 2014-07-16 12:36 - 00000000 ____D () C:\Program Files (x86)\msrtn32
2014-07-16 12:35 - 2014-07-16 13:29 - 00000866 _____ () C:\windows\SysWOW64\InstallUtil.InstallLog
2014-07-16 12:35 - 2014-07-16 12:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-16 12:33 - 2014-07-16 12:33 - 00000761 _____ () C:\windows\system32\Drivers\etc\hosts.txt
2014-07-16 12:31 - 2014-07-16 12:31 - 00000000 ____D () C:\Microsoft__Sdk
2014-07-16 12:29 - 2014-07-18 19:18 - 00000000 ____D () C:\Program Files (x86)\explorer_0711
2014-07-16 12:29 - 2014-07-16 12:29 - 00000000 ____D () C:\Program Files (x86)\res_0711
2014-07-16 11:40 - 2014-07-18 19:19 - 00000000 ____D () C:\Users\Farr\AppData\Roaming\serv
2014-07-16 11:40 - 2014-07-16 11:40 - 00000000 ____D () C:\ProgramData\Online
2014-07-10 12:38 - 2014-07-18 15:00 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Farr\Desktop\TDSSKiller.exe
2014-07-09 10:16 - 2014-07-09 10:16 - 00000000 __SHD () C:\Users\Farr\AppData\Local\EmieUserList
2014-07-09 10:16 - 2014-07-09 10:16 - 00000000 __SHD () C:\Users\Farr\AppData\Local\EmieSiteList
2014-07-09 07:01 - 2014-07-09 07:01 - 00046943 ____N () C:\Users\Farr\Desktop\solo2.aup
2014-07-09 07:01 - 2014-07-09 07:01 - 00000000 ____D () C:\Users\Farr\Desktop\solo2_data
2014-07-09 06:38 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 06:38 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 06:38 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 06:38 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 06:38 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 06:38 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 06:38 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 06:38 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 06:38 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 06:38 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 06:38 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 06:38 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 06:38 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 06:38 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 06:38 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 06:38 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 06:38 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 06:38 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 06:38 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 06:38 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 06:38 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 06:38 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 06:38 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 06:38 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 06:38 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 06:38 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 06:38 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 06:38 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 06:38 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 06:38 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 06:38 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 06:38 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 06:38 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 06:38 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 06:38 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 06:38 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 06:38 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 06:38 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 06:38 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 06:38 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 06:38 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 06:38 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 06:38 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 06:38 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 06:38 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 06:38 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 06:38 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 06:38 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 06:38 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 06:38 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 06:38 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 06:38 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 06:38 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 06:38 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 06:38 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 06:38 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 06:34 - 2014-06-29 19:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 06:34 - 2014-06-29 19:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 06:33 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 06:33 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 06:33 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 06:33 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 06:33 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 06:33 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 06:33 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 06:33 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 06:33 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 06:33 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 06:33 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 06:33 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 06:33 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 06:33 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 06:33 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 06:33 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 06:33 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 06:33 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 06:33 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 06:33 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 06:29 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 06:29 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 06:29 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-29 09:06 - 2014-07-29 09:04 - 00019594 _____ () C:\Users\Farr\Desktop\FRST.txt
2014-07-29 09:04 - 2014-07-29 09:03 - 00000000 ____D () C:\FRST
2014-07-29 09:04 - 2010-12-27 04:19 - 01058632 _____ () C:\windows\WindowsUpdate.log
2014-07-29 09:04 - 2009-07-13 22:13 - 00789658 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-29 09:03 - 2014-07-29 09:02 - 02093568 _____ (Farbar) C:\Users\Farr\Desktop\FRST64.exe
2014-07-29 09:00 - 2014-07-29 09:00 - 00000984 _____ () C:\Users\Farr\Desktop\AdwCleaner[S1].txt
2014-07-29 08:59 - 2010-10-14 21:32 - 00877880 _____ () C:\windows\PFRO.log
2014-07-29 08:59 - 2010-10-14 21:04 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-29 08:59 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-29 08:59 - 2009-07-13 21:51 - 00054942 _____ () C:\windows\setupact.log
2014-07-29 08:53 - 2014-07-18 15:07 - 00000000 ____D () C:\AdwCleaner
2014-07-29 08:53 - 2012-04-13 10:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-29 08:52 - 2011-01-21 23:29 - 00000000 ____D () C:\Users\Farr\AppData\Roaming\SoftGrid Client
2014-07-29 08:46 - 2010-10-14 21:04 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-29 07:23 - 2014-07-29 07:23 - 01365551 _____ () C:\Users\Farr\Desktop\adwcleaner_3.301.exe
2014-07-29 07:18 - 2014-07-29 07:18 - 00003696 _____ () C:\Users\Farr\Desktop\RKreport_DEL_07292014_071727.log
2014-07-29 06:49 - 2014-07-29 06:46 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-07-29 06:46 - 2009-07-13 21:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-29 06:46 - 2009-07-13 21:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-29 06:45 - 2014-07-29 06:44 - 05379160 _____ () C:\Users\Farr\Desktop\RogueKillerX64.exe
2014-07-29 06:38 - 2011-04-05 14:06 - 00131432 _____ () C:\Users\Farr\Documents\expenses.xlsx
2014-07-29 06:38 - 2011-01-24 08:14 - 00236544 _____ () C:\Users\Farr\Documents\daily_earnings.xls
2014-07-29 06:23 - 2012-08-12 15:14 - 00000000 ____D () C:\Users\Farr\AppData\Roaming\Audacity
2014-07-26 10:29 - 2014-07-26 10:29 - 26285915 _____ () C:\Users\Farr\Desktop\Good Vibes.zip
2014-07-26 10:27 - 2014-07-26 10:27 - 21841580 _____ () C:\Users\Farr\Desktop\My Shame T2.wav
2014-07-26 10:25 - 2014-07-26 10:25 - 33914924 _____ () C:\Users\Farr\Desktop\Good Vibes.wav
2014-07-25 18:35 - 2013-03-15 06:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 18:35 - 2013-03-15 06:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 10:36 - 2014-06-13 12:03 - 00000000 ____D () C:\Users\Farr\Documents\Helium Flash Fiction
2014-07-25 06:07 - 2013-03-15 06:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 07:42 - 2014-05-15 14:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-24 07:41 - 2014-05-15 14:44 - 00000000 ____D () C:\ProgramData\Garmin
2014-07-24 07:40 - 2014-07-24 07:40 - 00001899 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-24 07:40 - 2014-07-24 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-24 07:40 - 2014-05-15 14:43 - 00003554 _____ () C:\windows\System32\Tasks\GarminUpdaterTask
2014-07-24 07:40 - 2014-05-15 13:37 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-07-24 07:32 - 2014-07-24 07:32 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-07-23 13:04 - 2014-07-23 13:04 - 00021335 _____ () C:\Users\Farr\Desktop\dds.txt
2014-07-23 13:04 - 2014-07-23 13:04 - 00006255 _____ () C:\Users\Farr\Desktop\attach.txt
2014-07-22 13:55 - 2014-07-22 13:55 - 00000000 ____D () C:\Users\Farr\AppData\Roaming\Avira
2014-07-22 12:49 - 2014-07-22 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-22 12:45 - 2014-07-22 11:00 - 00000000 ____D () C:\ProgramData\Avira
2014-07-22 12:45 - 2014-07-22 11:00 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-22 12:21 - 2014-07-22 12:20 - 04430600 _____ (Avira Operations GmbH & Co. KG) C:\Users\Farr\Downloads\avira_en_av_39502119_m7o2b91xtb31l6msxv2h_wd.exe
2014-07-22 12:21 - 2014-07-22 11:00 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-22 10:59 - 2014-07-22 10:58 - 04430600 _____ (Avira Operations GmbH & Co. KG) C:\Users\Farr\Downloads\avira_en_av___ws2.exe
2014-07-19 07:17 - 2014-07-19 07:16 - 00448512 _____ (OldTimer Tools) C:\Users\Farr\Desktop\TFC.exe
2014-07-19 07:11 - 2014-07-19 07:11 - 00991232 _____ () C:\Users\Farr\Downloads\MicrosoftFixit50267.msi
2014-07-18 19:19 - 2014-07-16 12:36 - 00000000 ____D () C:\Users\Farr\AppData\Local\Okkwics
2014-07-18 19:19 - 2014-07-16 11:40 - 00000000 ____D () C:\Users\Farr\AppData\Roaming\serv
2014-07-18 19:18 - 2014-07-16 12:29 - 00000000 ____D () C:\Program Files (x86)\explorer_0711
2014-07-18 19:18 - 2013-03-31 14:42 - 00000000 ____D () C:\Users\Farr\AppData\Local\CRE
2014-07-18 16:15 - 2014-07-18 16:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-18 16:15 - 2014-07-18 16:12 - 02347384 _____ (ESET) C:\Users\Farr\Downloads\esetsmartinstaller_enu.exe
2014-07-18 16:01 - 2014-07-18 16:01 - 00000000 ____D () C:\windows\ERUNT
2014-07-18 15:11 - 2014-07-18 08:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-18 15:11 - 2010-12-27 04:45 - 00000000 ____D () C:\ProgramData\Norton
2014-07-18 15:08 - 2014-07-18 15:08 - 01016261 _____ (Thisisu) C:\Users\Farr\Desktop\JRT.exe
2014-07-18 15:04 - 2014-07-18 15:04 - 00000085 _____ () C:\windows\wininit.ini
2014-07-18 15:04 - 2014-07-18 08:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-18 15:00 - 2014-07-10 12:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Farr\Desktop\TDSSKiller.exe
2014-07-18 14:59 - 2014-07-18 14:59 - 04161313 _____ () C:\Users\Farr\Downloads\tdsskiller.zip
2014-07-18 14:50 - 2014-07-18 14:50 - 00401920 _____ (Farbar) C:\Users\Farr\Desktop\MiniToolBox.exe
2014-07-18 12:05 - 2014-07-18 12:05 - 00688992 ____R (Swearware) C:\Users\Farr\Desktop\dds.com
2014-07-18 08:58 - 2014-07-18 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-18 08:58 - 2014-07-18 08:58 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-18 08:39 - 2014-07-18 08:39 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-07-18 08:09 - 2014-07-18 08:09 - 00854390 ____N () C:\Users\Farr\Desktop\SecurityCheck.exe
2014-07-18 07:19 - 2014-07-18 07:19 - 00029160 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys
2014-07-18 07:19 - 2014-07-18 07:19 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-17 17:58 - 2009-07-13 22:32 - 00000000 ____D () C:\windows\Performance
2014-07-17 17:35 - 2014-07-17 17:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 13:29 - 2014-07-16 12:35 - 00000866 _____ () C:\windows\SysWOW64\InstallUtil.InstallLog
2014-07-16 13:27 - 2014-07-16 13:27 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-07-16 13:27 - 2014-07-16 13:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-07-16 12:55 - 2013-09-27 15:47 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-16 12:52 - 2014-07-16 12:52 - 00000000 ____D () C:\windows\Sun
2014-07-16 12:36 - 2014-07-16 12:36 - 00000000 ____D () C:\Program Files (x86)\msrtn32
2014-07-16 12:35 - 2014-07-16 12:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-16 12:33 - 2014-07-16 12:33 - 00000761 _____ () C:\windows\system32\Drivers\etc\hosts.txt
2014-07-16 12:31 - 2014-07-16 12:31 - 00000000 ____D () C:\Microsoft__Sdk
2014-07-16 12:29 - 2014-07-16 12:29 - 00000000 ____D () C:\Program Files (x86)\res_0711
2014-07-16 11:40 - 2014-07-16 11:40 - 00000000 ____D () C:\ProgramData\Online
2014-07-16 09:05 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-16 08:18 - 2013-03-31 14:02 - 00000000 ____D () C:\Users\Farr\Documents\xilver
2014-07-12 15:41 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-07-09 10:16 - 2014-07-09 10:16 - 00000000 __SHD () C:\Users\Farr\AppData\Local\EmieUserList
2014-07-09 10:16 - 2014-07-09 10:16 - 00000000 __SHD () C:\Users\Farr\AppData\Local\EmieSiteList
2014-07-09 07:50 - 2009-07-13 21:45 - 00280000 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-09 07:48 - 2014-05-06 10:39 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-09 07:48 - 2009-07-14 00:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 07:48 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-09 07:48 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-09 07:09 - 2013-08-15 05:16 - 00000000 ____D () C:\windows\system32\MRT
2014-07-09 07:06 - 2011-04-06 20:28 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 07:01 - 2014-07-09 07:01 - 00046943 ____N () C:\Users\Farr\Desktop\solo2.aup
2014-07-09 07:01 - 2014-07-09 07:01 - 00000000 ____D () C:\Users\Farr\Desktop\solo2_data
2014-07-08 13:54 - 2012-04-13 10:00 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 13:54 - 2012-04-13 10:00 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 13:54 - 2011-06-21 05:49 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-02 13:06 - 2014-07-22 12:45 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-07-02 13:06 - 2014-07-22 12:45 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-07-02 13:06 - 2014-07-22 12:45 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-06-29 19:09 - 2014-07-09 06:34 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-29 19:04 - 2014-07-09 06:34 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
 
Some content of TEMP:
====================
C:\Users\Farr\AppData\Local\Temp\avgnt.exe
C:\Users\Farr\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-26 17:47
 
==================== End Of Log ============================
 
 
 
 
 
 
 

Attached Files


Edited by xilver1, 29 July 2014 - 04:17 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 30 July 2014 - 07:19 AM

AdwCleaner v3.301 - Report created 29/07/2014 at 08:52:49

Your version of AdwCleaner is outdated.

Remove it and get the latest version from this site.
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Run the tool and remove everyting that is found.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM\...\Run: [] => [X]
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-4042158811-3756900593-2969682626-1000\...\Run: [Nvdiai] => wscript.exe "C:\Microsoft\lib\inc\xx.js"
HKU\S-1-5-21-4042158811-3756900593-2969682626-1000\...\Run: [convient] => C:\windows\system32\dcomnify.exe
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\windows\system32\TVUAx\npTVUAx.dll No File
CHR DefaultSearchKeyword: ask
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Farr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\windows\system32\TVUAx\npTVUAx.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR HKCU\...\Chrome\Extension: [epcjlgbmfbaelfjlpkiklammhmiglfpn] - C:\Users\Farr\AppData\Local\CRE\epcjlgbmfbaelfjlpkiklammhmiglfpn.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [epcjlgbmfbaelfjlpkiklammhmiglfpn] - C:\Users\Farr\AppData\Local\CRE\epcjlgbmfbaelfjlpkiklammhmiglfpn.crx [2011-12-19]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 xilver1

xilver1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 31 July 2014 - 10:51 PM

So far it seems to be running about the same as I reported last time. 
 
 
 
# AdwCleaner v3.302 - Report created 31/07/2014 at 17:06:13
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Farr - FARR-PC
# Running from : C:\Users\Farr\Desktop\adwcleaner_3.302.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Farr\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11455 octets] - [18/07/2014 15:39:31]
AdwCleaner[R1].txt - [924 octets] - [29/07/2014 08:49:34]
AdwCleaner[R2].txt - [1040 octets] - [31/07/2014 17:04:03]
AdwCleaner[S0].txt - [12340 octets] - [18/07/2014 15:48:56]
AdwCleaner[S1].txt - [984 octets] - [29/07/2014 08:52:49]
AdwCleaner[S2].txt - [963 octets] - [31/07/2014 17:06:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1022 octets] ##########
 
 
 
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 02
Ran by Farr at 2014-07-31 17:16:08 Run:1
Running from C:\Users\Farr\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM\...\Run: [] => [X]
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-4042158811-3756900593-2969682626-1000\...\Run: [Nvdiai] => wscript.exe "C:\Microsoft\lib\inc\xx.js"
HKU\S-1-5-21-4042158811-3756900593-2969682626-1000\...\Run: [convient] => C:\windows\system32\dcomnify.exe
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\windows\system32\TVUAx\npTVUAx.dll No File
CHR DefaultSearchKeyword: ask
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Farr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\windows\system32\TVUAx\npTVUAx.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR HKCU\...\Chrome\Extension: [epcjlgbmfbaelfjlpkiklammhmiglfpn] - C:\Users\Farr\AppData\Local\CRE\epcjlgbmfbaelfjlpkiklammhmiglfpn.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [epcjlgbmfbaelfjlpkiklammhmiglfpn] - C:\Users\Farr\AppData\Local\CRE\epcjlgbmfbaelfjlpkiklammhmiglfpn.crx [2011-12-19]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
 
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.
HKU\S-1-5-21-4042158811-3756900593-2969682626-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Nvdiai => value deleted successfully.
HKU\S-1-5-21-4042158811-3756900593-2969682626-1000\Software\Microsoft\Windows\CurrentVersion\Run\\convient => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\gopher" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" => Key not found.
"HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File" => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File" => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer" => Key deleted successfully.
C:\windows\system32\TVUAx\npTVUAx.dll not found.
CHR DefaultSearchKeyword: ask ==> The Chrome "Settings" can be used to fix the entry.
C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll not found.
C:\Users\Farr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll not found.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\windows\system32\TVUAx\npTVUAx.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\epcjlgbmfbaelfjlpkiklammhmiglfpn" => Key deleted successfully.
"C:\Users\Farr\AppData\Local\CRE\epcjlgbmfbaelfjlpkiklammhmiglfpn.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\epcjlgbmfbaelfjlpkiklammhmiglfpn" => Key deleted successfully.
"C:\Users\Farr\AppData\Local\CRE\epcjlgbmfbaelfjlpkiklammhmiglfpn.crx" => File/Directory not found.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
 
==== End of Fixlog ====
 
 
 
 
 

 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 01 August 2014 - 10:06 AM

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If that fails to remove the Redirects try this.
...

Reset all you Browsers.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Clcik the Apply button.
Close IE.

===

Your router may have been corrupted.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html


How To Set Up a Network Router
http://compnetworking.about.com/od/homenetworking/ht/routerconfigure.htm


How is it now?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 07 August 2014 - 01:05 PM

Are you still with me?

#8 xilver1

xilver1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 07 August 2014 - 03:16 PM

Yes I am. I finished up with the router reset yesterday. I did see the pop ups yesterday after I reset it but I am not seeing them now. 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 08 August 2014 - 06:37 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

p.s.
I will keep this topic open for an other 6 days

#10 xilver1

xilver1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 11 August 2014 - 08:29 AM

The pop ups seem to be completely gone. I am not sure about the redirects. Since the reset there have been a few from a couple different sites that I've noticed. 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 11 August 2014 - 09:29 AM

Clean the Java Cache. Tutorial here.
http://www.java.com/en/download/help/plugin_cache.xml
<<<>>>

Empty flash cache.
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
<<<>>>

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 17 August 2014 - 07:53 AM

If all is well.
 
To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe.
===


#13 xilver1

xilver1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 19 August 2014 - 08:34 AM

I'm pretty sure I uninstalled java. I couldn't find it anywhere on my computer. I did empty the flash cache but I'm still having some redirects. Is there anything else I can try?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 19 August 2014 - 01:02 PM

 
Reinstall the browser in which you are still getting redirected.
 
Remove Firefox using the Add/Remove Programs.
Restart the computer normally
Reinstall the browser.
 
I suggest you save your bookmarks before remove Firefox.
Restore bookmarks from backup or move them to another computer
<<<>>>
 
Or Chrome
 
I would remove Chrome using the Add/Remove Programs.
Restart the computer normally.
Re-install Chrome.
 
Save your Bookmarks before proceeding.
 
They can be imported back to the new version.
===


#15 xilver1

xilver1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 22 August 2014 - 03:42 PM

I removed and re-installed chrome and still getting some redirects. I also tried explorer and get with that browser too. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users