Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Browser keeps getting redirected to random websites


  • This topic is locked This topic is locked
12 replies to this topic

#1 sxottwc

sxottwc

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 17 December 2014 - 05:34 PM

Running Windows 8.1 on a Microsoft Surface Pro 3 and browsing with Firefox 34.

 

DDS won't run and keeps saying "DDS is not meant to run in 'Compatibilty Mode'."

 

The problem I am facing is that at random times when I click on links in FIrefox, regardless of what the link is or what page I am on, etc., it will redirect me to different websites. Never the same site twice. I can click back a couple of times and reclick the link and get directed to the proper place though.

 

I have attempted running spybot and windows defender, but neither found any issues. Here is my Hijack This log. Can anyone help?

 

Thanks,

 

Scott

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:27:20 PM, on 12/17/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

FIREFOX: 34.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Call Graph\CallGraph.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Scott\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkID=394657
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID=394657
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 85.25.107.101 www.google-analytics.com.
O1 - Hosts: 85.25.107.101 google-analytics.com.
O1 - Hosts: 85.25.107.101 connect.facebook.net.
O1 - Hosts: 162.247.13.84 www.google-analytics.com.
O1 - Hosts: 162.247.13.84 google-analytics.com.
O1 - Hosts: 162.247.13.84 connect.facebook.net.
O1 - Hosts: 95.141.32.73 www.google-analytics.com.
O1 - Hosts: 95.141.32.73 google-analytics.com.
O1 - Hosts: 95.141.32.73 connect.facebook.net.
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [StatusAlerts] "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PlantronicsURE.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe
O4 - HKLM\..\Run: [PlantronicsBatteryStatus.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [CallGraph] C:\Program Files (x86)\Call Graph\CallGraph.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{61120B5A-C3B6-4C6C-AE09-6550064443EE}: NameServer = 8.8.8.8,8.8.8.8
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13012 bytes
 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:32 AM

Posted 17 December 2014 - 06:35 PM

Hello

sxottwc

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 sxottwc

sxottwc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 17 December 2014 - 07:07 PM

fireman4it,

 

Thank you very much for the quick reply. I ran the tools you listed and here are their log files:

 

1. AdwCleaner -

 

# AdwCleaner v4.105 - Report created 17/12/2014 at 18:56:29
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : Scott - SXOTT-SURFACE
# Running from : C:\Users\Scott\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : c2cautoupdatesvc
Service Deleted : c2cpnrsvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions

\lifbcibllhkdhoafpjfnlhfpfgnpldfl

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-

2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-

F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-

F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-

E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-

E1416B8B2E3A}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0 (x86 en-US)


-\\ Google Chrome v39.0.2171.95

[C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] :

hxxp://rocket-find.com/results.php?f=4&q={searchTerms}

&a=rckt_dsites03_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0Czz0FyBtAtA0BtC0AtCyDtC0F0Azy0CtN0D0Tzu0SzytCyEtN1L2XzutBtF

tBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0D0ByB0AyC0EyBtGyB0B0C0BtGtB0DtC0FtG0CzyyC0Dt

GyDyD0DtCtBzz0ByD0FyBzzyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0Bzy0B0A0B0CzztGyCzy0C0BtGtDyC0BzztG0CtDtDyEtGtD0AyD

zz0EtBtDyC0AtD0F0F2Q&cr=109817104&ir=
[C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] :

hxxp://rocket-find.com/results.php?f=4&q={searchTerms}

&a=rckt_dsites03_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0Czz0FyBtAtA0BtC0AtCyDtC0F0Azy0CtN0D0Tzu0SzytCyEtN1L2XzutBtF

tBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0D0ByB0AyC0EyBtGyB0B0C0BtGtB0DtC0FtG0CzyyC0Dt

GyDyD0DtCtBzz0ByD0FyBzzyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0Bzy0B0A0B0CzztGyCzy0C0BtGtDyC0BzztG0CtDtDyEtGtD0AyD

zz0EtBtDyC0AtD0F0F2Q&cr=109817104&ir=
[C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] :

hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] :

hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3229 octets] - [17/12/2014 18:51:00]
AdwCleaner[S0].txt - [3166 octets] - [17/12/2014 18:56:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3226 octets] ##########
 

 

 

2. Farbar - FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Scott (administrator) on SXOTT-SURFACE on 17-12-2014 19:01:45
Running from C:\Users\Scott\Downloads
Loaded Profile: Scott (Available profiles: Scott)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Sedna Wireless Pvt. Ltd.) C:\Program Files (x86)\Call Graph\CallGraph.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [HP LJ300-400 color MFP M375-M475 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-12-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [PlantronicsURE.exe] => C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe [625040 2014-08-29] (Plantronics, Inc.)
HKLM-x32\...\Run: [PlantronicsBatteryStatus.exe] => C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe [356752 2014-08-29] (Plantronics, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3113042326-3041763641-654549647-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-3113042326-3041763641-654549647-1001\...\Run: [CallGraph] => C:\Program Files (x86)\Call Graph\CallGraph.exe [2942712 2009-11-12] (Sedna Wireless Pvt. Ltd.)
HKU\S-1-5-21-3113042326-3041763641-654549647-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3113042326-3041763641-654549647-1001\...\RunOnce: [Adobe Speed Launcher] => 1418860689
HKU\S-1-5-21-3113042326-3041763641-654549647-1001\...\MountPoints2: {d1ffe618-2eb9-11e4-8259-806e6f6e6963} - "E:\Autorun.exe"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{61120B5A-C3B6-4C6C-AE09-6550064443EE}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\c9r81ylm.default
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Xmarks - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\c9r81ylm.default\Extensions\foxmarks@kei.com [2014-11-23]
FF Extension: New Tab Homepage - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\c9r81ylm.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2014-11-01]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\c9r81ylm.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-11-01]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-11-23]
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.bing.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-08-22]
CHR Extension: (Bookmarks Side Panel) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankkfflbgjokclfgfehiinnlijdlicdb [2014-12-06]
CHR Extension: (Google Docs) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-22]
CHR Extension: (Google Drive) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-22]
CHR Extension: (YouTube) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-22]
CHR Extension: (Google Search) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-22]
CHR Extension: (New Tab Website) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkogmmlmfijkljjnhalncbabkljhceo [2014-08-22]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-08-22]
CHR Extension: (Superman) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\lknmbkgpmhdhkljehlhgfobimkncckgm [2014-08-22]
CHR Extension: (Google Wallet) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-22]
CHR Extension: (Neater Bookmarks) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2014-08-22]
CHR Extension: (Gmail) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10963688 2014-11-24] (DisplayLink Corp.)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-24] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-05-08] (Microsoft Corporation)
R3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.7.59032.0.sys [46312 2014-12-06] ()
R3 dlcdcncm; C:\Windows\system32\DRIVERS\dlcdcncm62_x64.sys [82224 2014-11-24] (DisplayLink Corp.)
R3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [209200 2014-11-24] (DisplayLink Corp.)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-07] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-07] (Intel Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2009-02-10] (EZB Systems, Inc.)
S3 JabraDFU; C:\Windows\System32\Drivers\JabraMobileCsrDfuX64.sys [38768 2014-11-15] (GN Netcom A/S)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-01-31] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [993280 2014-11-01] (Marvell Semiconductors Inc.)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-05-30] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [43624 2014-10-27] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-05-02] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49768 2014-10-13] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [66672 2014-10-25] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-04-14] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-03-18] (Microsoft Corporation)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [411136 2014-11-01] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 19:01 - 2014-12-17 19:02 - 00022035 _____ () C:\Users\Scott\Downloads\FRST.txt
2014-12-17 19:01 - 2014-12-17 19:01 - 02121216 _____ (Farbar) C:\Users\Scott\Downloads\FRST64.exe
2014-12-17 19:01 - 2014-12-17 19:01 - 00000000 ____D () C:\FRST
2014-12-17 19:00 - 2014-12-17 19:00 - 00003322 _____ () C:\Users\Scott\Desktop\AdwCleaner[S0].txt
2014-12-17 18:56 - 2014-12-17 18:56 - 00001626 _____ () C:\windows\PFRO.log
2014-12-17 18:56 - 2014-12-17 18:56 - 00000581 _____ () C:\Users\Scott\Desktop\mtn.txt
2014-12-17 18:50 - 2014-12-17 18:56 - 00000000 ____D () C:\AdwCleaner
2014-12-17 18:50 - 2014-12-17 18:50 - 02166272 _____ () C:\Users\Scott\Downloads\AdwCleaner.exe
2014-12-17 17:28 - 2014-12-17 17:28 - 00688992 _____ (Swearware) C:\Users\Scott\Downloads\dds.com
2014-12-17 17:09 - 2014-12-17 17:09 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Acronis
2014-12-17 16:56 - 2014-12-17 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2014-12-17 16:56 - 2014-12-17 16:56 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-12-17 16:55 - 2014-12-17 16:55 - 02026456 _____ () C:\Users\Scott\Downloads\dixmlsetup.exe
2014-12-17 15:10 - 2014-12-17 17:27 - 00013014 _____ () C:\Users\Scott\Downloads\hijackthis.log
2014-12-17 15:06 - 2014-12-17 15:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Scott\Downloads\HijackThis.exe
2014-12-16 13:02 - 2014-12-16 13:02 - 09257206 _____ () C:\Users\Scott\Downloads\Chuck Norris Explains What Really Killed Bruce Lee At The 1975 San Diego Comic-Con Convention.mp4
2014-12-15 00:41 - 2014-12-15 00:42 - 00000000 ____D () C:\Users\Scott\Desktop\Cash Trade
2014-12-14 16:31 - 2014-12-14 16:45 - 734156800 _____ () C:\Users\Scott\Downloads\Gymkata (1985) [thePiratePimp].avi
2014-12-14 16:03 - 2014-12-14 16:03 - 00000000 ____D () C:\Users\Scott\Desktop\From Doug
2014-12-14 16:02 - 2014-12-14 16:02 - 00000000 ____D () C:\Users\Scott\Desktop\KYC Packages
2014-12-12 18:36 - 2014-12-12 18:36 - 00002571 _____ () C:\Users\Scott\Documents\touchscreen issues.txt
2014-12-11 00:41 - 2014-12-07 11:55 - 00001503 __RSH () C:\windows\system32\Drivers\etc\hosts.20141211-004109.backup
2014-12-11 00:40 - 2014-12-07 11:55 - 00001503 __RSH () C:\windows\system32\Drivers\etc\hosts.20141211-004042.backup
2014-12-11 00:29 - 2014-12-11 01:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-11 00:29 - 2014-12-11 00:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-11 00:29 - 2014-12-11 00:29 - 00001410 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-11 00:29 - 2014-12-11 00:29 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-12-11 00:29 - 2014-12-11 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-11 00:29 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-12-10 19:32 - 2014-12-10 19:32 - 00000765 _____ () C:\Users\Scott\Desktop\text.txt
2014-12-10 19:26 - 2014-12-10 19:28 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\GetRightToGo
2014-12-10 18:10 - 2014-12-10 18:10 - 00000123 _____ () C:\Users\Scott\Documents\malena.txt
2014-12-09 14:58 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-12-09 14:58 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-12-09 14:46 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-09 14:46 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-09 14:46 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-09 14:46 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-12-09 14:46 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-09 14:46 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-09 14:46 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-09 14:46 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-09 14:46 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-09 14:46 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-09 14:46 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-12-09 14:46 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-12-09 14:46 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-09 14:46 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-09 14:46 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-09 14:46 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2014-12-09 14:46 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-09 14:46 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-12-09 14:46 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-09 14:46 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-09 14:46 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-09 14:46 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-09 14:46 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-09 14:46 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-09 14:46 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-12-09 14:46 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-09 14:46 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-09 14:46 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2014-12-09 14:46 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-09 14:46 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-12-09 14:46 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-09 14:46 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-09 14:46 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-09 14:46 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-09 14:46 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-09 14:46 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-09 14:46 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-09 14:46 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-09 14:46 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-09 14:46 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupStatusProvider.dll
2014-12-09 14:46 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-09 14:46 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-09 14:46 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-09 14:46 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll
2014-12-09 14:46 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll
2014-12-09 14:46 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2014-12-09 14:46 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2014-12-09 14:46 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2014-12-09 14:46 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\intelpep.sys
2014-12-08 12:41 - 2014-12-11 13:40 - 00000000 ____D () C:\Users\Scott\Desktop\Library
2014-12-07 16:35 - 2014-12-07 16:35 - 00000000 _____ () C:\windows\setuperr.log
2014-12-07 16:35 - 2014-12-07 16:35 - 00000000 _____ () C:\windows\setupact.log
2014-12-07 16:30 - 2014-12-17 18:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-07 16:30 - 2014-12-17 18:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-07 16:30 - 2014-12-13 02:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-07 14:18 - 2014-12-07 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-07 11:55 - 2014-12-07 11:55 - 00000761 _____ () C:\windows\system32\Drivers\etc\hosts.txt
2014-12-06 14:33 - 2014-12-06 14:33 - 00000000 ____D () C:\Users\Scott\Downloads\---
2014-12-06 12:42 - 2014-12-06 12:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-06 12:29 - 2014-12-06 12:29 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\com.rosettastone.languagetraining
2014-12-06 12:17 - 2014-12-06 12:26 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Audacity
2014-12-06 12:09 - 2014-12-06 12:10 - 00000000 ____D () C:\Users\Scott\Downloads\Pimsleur
2014-12-06 12:03 - 2014-12-06 12:28 - 00000000 ____D () C:\ProgramData\Rosetta Stone Backups
2014-12-06 12:03 - 2014-12-06 12:28 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-12-06 12:03 - 2014-12-06 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2014-12-06 12:03 - 2014-12-06 12:28 - 00000000 ____D () C:\Program Files (x86)\Rosetta Stone
2014-12-06 12:03 - 2014-12-06 12:03 - 00003376 _____ () C:\windows\System32\Tasks\WINshell Event Notification
2014-12-06 12:03 - 2014-12-06 12:03 - 00003372 _____ () C:\windows\System32\Tasks\WINshell Event Logging
2014-12-06 12:03 - 2014-12-06 12:03 - 00000000 ____D () C:\ProgramData\RosettaStoneLtdServices
2014-12-06 12:03 - 2014-12-06 12:03 - 00000000 ____D () C:\Program Files (x86)\RosettaStoneLtdServices
2014-12-06 02:04 - 2014-12-06 02:04 - 00000000 ____D () C:\Program Files\DisplayLink Graphics
2014-12-06 02:04 - 2014-11-24 04:07 - 00437480 _____ (DisplayLink Corp.) C:\windows\system32\Drivers\dlkmd.sys
2014-12-06 02:04 - 2014-11-24 04:07 - 00018664 _____ (DisplayLink Corp.) C:\windows\system32\Drivers\dlkmdldr.sys
2014-12-06 02:03 - 2014-12-06 02:03 - 01030656 _____ (DisplayLink Corp.) C:\windows\system32\DisplayLinkUsbCo64_7.7.59032.0.dll
2014-12-06 02:03 - 2014-12-06 02:03 - 00046312 _____ () C:\windows\system32\Drivers\DisplayLinkUsbIo_x64_7.7.59032.0.sys
2014-11-30 19:14 - 2014-11-27 15:22 - 13569820 _____ () C:\Users\Scott\Documents\How to Carve a Turkey with Food Network's Alton Brown.mp4
2014-11-29 23:19 - 2014-11-29 23:19 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\MPC-HC
2014-11-28 01:12 - 2014-11-28 01:12 - 00000000 ____D () C:\Users\Scott\Downloads\The Quest For The Cures...Continues
2014-11-24 23:20 - 2014-11-24 23:20 - 00001547 _____ () C:\Users\Scott\Documents\Dragon Tattoos.txt
2014-11-24 12:00 - 2014-12-17 18:57 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Call Graph
2014-11-24 12:00 - 2014-11-24 12:00 - 00001057 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call Graph.lnk
2014-11-24 12:00 - 2014-11-24 12:00 - 00000000 ____D () C:\Program Files (x86)\Call Graph
2014-11-24 11:58 - 2014-11-24 11:58 - 00003140 _____ () C:\windows\System32\Tasks\{D81FDCFA-58E4-4ACD-8CBF-CE1597415703}
2014-11-24 04:07 - 2014-11-24 04:07 - 00209200 _____ (DisplayLink Corp.) C:\windows\system32\Drivers\dlusbaudio_x64.sys
2014-11-24 04:07 - 2014-11-24 04:07 - 00082224 _____ (DisplayLink Corp.) C:\windows\system32\Drivers\dlcdcncm62_x64.sys
2014-11-24 04:04 - 2014-11-24 04:04 - 01662184 _____ (DisplayLink Corp.) C:\windows\system32\dlumd9.dll
2014-11-24 04:04 - 2014-11-24 04:04 - 01662184 _____ (DisplayLink Corp.) C:\windows\system32\dlumd64.dll
2014-11-24 04:04 - 2014-11-24 04:04 - 01662184 _____ (DisplayLink Corp.) C:\windows\system32\dlumd11.dll
2014-11-24 04:04 - 2014-11-24 04:04 - 01662184 _____ (DisplayLink Corp.) C:\windows\system32\dlumd10.dll
2014-11-24 04:04 - 2014-11-24 04:04 - 01296616 _____ (DisplayLink Corp.) C:\windows\SysWOW64\dlumd9.dll
2014-11-24 04:04 - 2014-11-24 04:04 - 01296616 _____ (DisplayLink Corp.) C:\windows\SysWOW64\dlumd32.dll
2014-11-24 04:04 - 2014-11-24 04:04 - 01296616 _____ (DisplayLink Corp.) C:\windows\SysWOW64\dlumd11.dll
2014-11-24 04:04 - 2014-11-24 04:04 - 01296616 _____ (DisplayLink Corp.) C:\windows\SysWOW64\dlumd10.dll
2014-11-23 23:42 - 2014-12-11 11:32 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-11-23 23:42 - 2014-12-11 11:32 - 00002237 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-11-23 23:42 - 2014-12-11 11:32 - 00002076 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-11-23 23:31 - 2014-11-23 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plantronics
2014-11-23 23:31 - 2014-11-23 23:31 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-11-23 23:31 - 2014-11-23 23:31 - 00000000 ____D () C:\Program Files (x86)\Plantronics
2014-11-21 14:37 - 2014-12-17 18:56 - 01328191 _____ () C:\windows\WindowsUpdate.log
2014-11-19 12:54 - 2014-11-19 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-11-19 12:54 - 2014-11-14 09:12 - 00254976 _____ () C:\windows\system32\xvidvfw.dll
2014-11-19 12:54 - 2014-11-14 09:11 - 00240128 _____ () C:\windows\SysWOW64\xvidvfw.dll
2014-11-19 12:54 - 2014-11-13 10:05 - 00729088 _____ () C:\windows\system32\xvidcore.dll
2014-11-19 12:54 - 2014-11-13 10:04 - 00655872 _____ () C:\windows\SysWOW64\xvidcore.dll
2014-11-19 12:54 - 2014-11-03 07:39 - 00260696 _____ () C:\windows\system32\unrar64.dll
2014-11-19 12:54 - 2014-11-03 07:39 - 00218712 _____ () C:\windows\SysWOW64\unrar.dll
2014-11-19 12:54 - 2014-07-22 14:51 - 03502080 _____ (x264vfw project) C:\windows\system32\x264vfw64.dll
2014-11-19 12:54 - 2014-07-22 14:50 - 03510784 _____ (x264vfw project) C:\windows\SysWOW64\x264vfw.dll
2014-11-19 12:54 - 2012-07-21 06:55 - 00180736 _____ (fccHandler) C:\windows\system32\ac3acm.acm
2014-11-19 12:54 - 2012-07-21 06:54 - 00122880 _____ (fccHandler) C:\windows\SysWOW64\ac3acm.acm
2014-11-19 12:54 - 2011-12-07 13:37 - 00148992 _____ ( ) C:\windows\system32\lagarith.dll
2014-11-19 12:54 - 2011-12-07 13:32 - 00216064 _____ ( ) C:\windows\SysWOW64\lagarith.dll
2014-11-19 12:53 - 2014-11-19 12:53 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-11-19 12:53 - 2014-11-14 13:00 - 00112640 _____ () C:\windows\SysWOW64\ff_vfw.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00000047 _____ () C:\windows\wininit.ini
2014-11-19 12:29 - 2014-11-19 12:29 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\iFree
2014-11-19 12:28 - 2014-11-19 12:28 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Amolto
2014-11-19 12:28 - 2014-11-19 12:28 - 00000000 ____D () C:\Users\Scott\AppData\Local\AmoltoCallRecorder
2014-11-19 12:28 - 2014-11-19 12:28 - 00000000 ____D () C:\Users\Scott\AppData\Local\Amolto
2014-11-19 12:13 - 2014-11-19 12:13 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\MP3SkypeRecorder
2014-11-19 12:13 - 2014-11-19 12:13 - 00000000 ____D () C:\Users\Scott\AppData\Local\MP3_Skype_Recorder
2014-11-18 23:40 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-18 23:40 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-18 23:40 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-18 23:40 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-17 13:24 - 2014-11-17 13:24 - 00000000 __SHD () C:\Users\Scott\AppData\Local\EmieBrowserModeList
2014-11-17 01:15 - 2014-11-17 01:17 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2014-11-17 01:15 - 2014-11-17 01:15 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 19:02 - 2014-08-22 11:46 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Skype
2014-12-17 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sru
2014-12-17 18:57 - 2014-09-28 16:19 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat
2014-12-17 18:57 - 2014-08-22 11:45 - 00004994 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SXOTT-SURFACE-Scott SXOTT-SURFACE
2014-12-17 18:57 - 2014-08-22 11:01 - 00000000 ____D () C:\Users\Scott\AppData\Local\Adobe
2014-12-17 18:57 - 2014-08-22 10:36 - 00000930 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-17 18:57 - 2014-08-22 10:30 - 00000000 ___DO () C:\Users\Scott\OneDrive
2014-12-17 18:56 - 2013-08-22 09:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-17 18:56 - 2013-08-22 08:25 - 01310720 ___SH () C:\windows\system32\config\BBI
2014-12-17 18:51 - 2014-08-22 10:36 - 00000934 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 18:49 - 2014-08-22 14:06 - 00000000 ____D () C:\Users\Scott\Documents\Outlook Files
2014-12-17 18:14 - 2014-11-01 17:16 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-17 17:22 - 2014-08-22 10:33 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3113042326-3041763641-654549647-1001
2014-12-17 17:20 - 2014-08-22 10:28 - 00000000 ____D () C:\Users\Scott\AppData\Local\Packages
2014-12-17 17:03 - 2014-08-22 11:48 - 00000000 ____D () C:\Users\Scott\Documents\My Call Graphs
2014-12-17 16:59 - 2014-05-08 22:06 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-17 15:15 - 2014-08-22 11:43 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\uTorrent
2014-12-17 12:02 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppReadiness
2014-12-16 18:56 - 2014-01-09 03:54 - 00110398 _____ () C:\Users\Scott\Documents\Convict Conditioning.xlsx
2014-12-16 15:18 - 2014-08-22 20:35 - 01347072 ___SH () C:\Users\Scott\Desktop\Thumbs.db
2014-12-13 08:50 - 2014-08-22 14:17 - 02107904 ___SH () C:\Users\Scott\Downloads\Thumbs.db
2014-12-12 15:52 - 2014-11-12 12:43 - 00000000 ____D () C:\Users\Scott\Downloads\Science
2014-12-11 04:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\rescache
2014-12-10 19:33 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sr-Latn-RS
2014-12-10 19:33 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sr-Latn-CS
2014-12-10 19:33 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-10 18:05 - 2014-08-22 14:16 - 00000000 ____D () C:\Users\Scott\Documents\Recipes
2014-12-10 18:02 - 2014-09-04 12:32 - 00025819 _____ () C:\Users\Scott\Desktop\Contacts.xlsx
2014-12-10 15:45 - 2014-08-22 14:01 - 00039492 _____ () C:\Users\Scott\Desktop\AMEX.xlsx
2014-12-10 07:35 - 2014-08-31 12:14 - 00000000 ____D () C:\Users\Scott\AppData\Local\Microsoft Help
2014-12-10 07:07 - 2014-10-16 00:39 - 00000759 _____ () C:\Users\Scott\Documents\DesignLibrary_Photoshop.log
2014-12-09 16:39 - 2013-08-22 10:20 - 00000000 ____D () C:\windows\CbsTemp
2014-12-09 16:38 - 2014-08-25 00:13 - 00000000 ____D () C:\windows\system32\MRT
2014-12-09 16:37 - 2014-08-25 00:13 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-09 13:14 - 2014-11-01 17:16 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-08 12:38 - 2014-08-22 14:01 - 00000000 ____D () C:\Users\Scott\Desktop\Andy
2014-12-07 16:25 - 2014-08-22 12:12 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Mp3tag
2014-12-07 14:18 - 2014-11-06 12:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-07 14:18 - 2014-08-22 11:45 - 00000000 ____D () C:\ProgramData\Skype
2014-12-07 13:32 - 2014-09-21 10:52 - 00000000 ____D () C:\windows\Minidump
2014-12-07 13:24 - 2014-11-01 17:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-06 14:33 - 2014-08-22 14:19 - 00000000 ____D () C:\Users\Scott\Downloads\eBooks
2014-12-06 12:06 - 2014-08-22 12:08 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-12-06 11:49 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\Cursors
2014-12-06 02:03 - 2014-08-22 23:59 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2014-12-05 15:26 - 2014-08-22 14:04 - 00000000 ____D () C:\Users\Scott\Documents\Logins
2014-12-05 13:54 - 2014-09-19 13:20 - 00000000 ____D () C:\Users\Scott\Desktop\7903 Monarch
2014-12-05 00:24 - 2014-11-02 21:28 - 00000000 ____D () C:\Users\Scott\Downloads\New folder
2014-12-04 16:16 - 2014-10-23 13:27 - 00000000 ____D () C:\Users\Scott\Downloads\TV
2014-12-03 21:40 - 2014-11-01 17:42 - 00000000 ____D () C:\Users\Scott\Downloads\YouTube
2014-12-02 12:05 - 2014-08-22 14:01 - 00012722 _____ () C:\Users\Scott\Desktop\Payments.xlsx
2014-12-01 13:14 - 2014-08-22 14:15 - 00000000 ____D () C:\Users\Scott\Documents\Quantum
2014-11-30 07:47 - 2014-08-22 10:28 - 00000000 ____D () C:\Users\Scott
2014-11-26 16:10 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 16:10 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 01:11 - 2013-08-22 09:44 - 00483944 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-23 23:42 - 2014-08-22 11:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-23 23:41 - 2014-08-22 11:03 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-23 23:37 - 2014-09-16 15:59 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-11-21 16:56 - 2014-08-22 14:17 - 00000000 ____D () C:\Users\Scott\Downloads\Black Mesa
2014-11-21 16:10 - 2014-09-26 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-11-21 16:10 - 2014-09-26 11:58 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-11-20 02:28 - 2014-05-08 21:43 - 00000000 ____D () C:\windows\Firmware
2014-11-19 12:38 - 2014-11-01 14:48 - 00000000 ____D () C:\windows\system32\appmgmt
2014-11-19 12:27 - 2014-08-22 11:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-19 12:25 - 2014-08-22 11:41 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-17 01:19 - 2014-08-22 10:28 - 00000000 ____D () C:\Users\Scott\AppData\Local\VirtualStore
2014-11-17 01:15 - 2014-08-22 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain

Some content of TEMP:
====================
C:\Users\Scott\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Scott\AppData\Local\Temp\Quarantine.exe
C:\Users\Scott\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Scott\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-17 04:59

==================== End Of Log ============================

 

 

2. Farbar - Addition.txt


2. Farbar - Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Scott at 2014-12-17 19:02:16
Running from C:\Users\Scott\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3113042326-3041763641-654549647-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.1 - Adobe Systems Incorporated)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Calisto DFU Driver (x64) (HKLM\...\{1C20E609-768A-4FDC-AC75-2CE466D81506}) (Version: 2.4.49092.0 - Plantronics, Inc.)
Call Graph (HKLM-x32\...\Call Graph) (Version:  - Sedna Wireless Pvt. Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
DisplayLink Core Software (HKLM\...\{1DA82330-F0D8-4F54-B93D-613708864080}) (Version: 7.7.59032.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{DB8324FA-E972-454B-B039-E911D568BD56}) (Version: 7.7.59032.0 - DisplayLink Corp.)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP LJ300-400 color MFP M375-M475 (HKLM-x32\...\{9D1DE902-8058-4555-A16A-FBFAA49587DB}) (Version: 5.0.12200.706 - Hewlett-Packard)
HP LJ300-400 color MFP M375-M475 Fax (HKLM-x32\...\{F284FAB3-7B91-499F-856A-1A8BF7649D8D}) (Version: 29.0.84.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM375M475DSService (x32 Version: 001.001.05164 - Hewlett-Packard) Hidden
HPLaserJet300-400ColorM375-M475Series_HelpLearnCenter_SI (HKLM-x32\...\{72A474E0-5AA3-4EDD-8FAA-D87CB2FD0654}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM375-M475 (x32 Version: 1.02.0013 - HP) Hidden
hppFaxDrvM375M475 (x32 Version: 003.000.00003 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM375_M475LaserJetService (x32 Version: 005.021.00132 - Hewlett-Packard) Hidden
hppSendFaxM375M475 (x32 Version: 003.000.00003 - Hewlett-Packard) Hidden
hppToolboxProxyM375 (x32 Version: 035.024.006 - HP) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM375_M475 (x32 Version: 050.034.0131 - Hewlett-Packard) Hidden
InstanceFinder (x32 Version: 020.021.004 - HP) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Mega Codec Pack 10.8.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.5 - )
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - English (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3113042326-3041763641-654549647-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Mp3tag v2.65a (HKLM-x32\...\Mp3tag) (Version: v2.65a - Florian Heidenreich)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
PDF Password Remover (HKLM-x32\...\{7F4CFF03-15E4-45BD-BFA3-5323A8EAE2F1}_is1) (Version:  - PDF Password Remover, Inc.)
Plantronics Spokes Software (HKLM-x32\...\{571712F1-AB1A-4BE0-B915-540AC7522DD8}) (Version: 2.8.55399.3 - Plantronics, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.13.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
ToolboxProxy (x32 Version: 035.024.006 - HP) Hidden
UltraISO Premium V9.33 (HKLM-x32\...\UltraISO_is1) (Version:  - )
ViceVersa Pro 2 (Build 2015) (HKLM-x32\...\ViceVersa Pro 2_is1) (Version: 2 - TGRMN Software)
WD My Cloud (HKLM\...\{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}) (Version: 1.0.6.13 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
Windows Driver Package - Plantronics, Inc. (usbser.ntamd64) Ports  (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3113042326-3041763641-654549647-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3113042326-3041763641-654549647-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Scott\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

04-12-2014 07:20:27 Scheduled Checkpoint
06-12-2014 02:03:14 Installed DisplayLink Core Software
07-12-2014 14:16:50 Removed Skype™ 6.22
07-12-2014 16:35:05 Windows Backup
13-12-2014 02:42:46 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2014-12-07 11:55 - 00001503 _RASH C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
85.25.107.101 www.google-analytics.com.
85.25.107.101 google-analytics.com.
85.25.107.101 connect.facebook.net.
162.247.13.84 www.google-analytics.com.
162.247.13.84 google-analytics.com.
162.247.13.84 connect.facebook.net.
95.141.32.73 www.google-analytics.com.
95.141.32.73 google-analytics.com.
95.141.32.73 connect.facebook.net.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A86F3D1-F975-4229-AD27-C3EE1A31A838} - System32\Tasks\WINshell Event Logging => C:\Users\Scott\AppData\Local\Temp\Dscp1.exe <==== ATTENTION
Task: {128FF24E-922C-4527-8F75-7F9FB110DFA5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {277207C0-D66A-4BF3-96DC-0EEE482969E7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-09] (Microsoft Corporation)
Task: {33640001-7609-41F4-AF85-16D297346481} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3113042326-3041763641-654549647-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {6173A415-AD3B-4AC7-BDF2-732E718B7776} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {6325B924-49CA-43BE-A4F1-82546D145643} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {6BB3EBC1-CC79-4A7C-9FEF-C9FA3542995E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SXOTT-SURFACE-Scott SXOTT-SURFACE => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
Task: {8693103F-15BB-436A-9E09-4FEAD9D69EC9} - System32\Tasks\{D81FDCFA-58E4-4ACD-8CBF-CE1597415703} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.9.0.106&amp;LastError=404
Task: {93A3EAEA-6341-4957-8764-7DF5BD703F63} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-sxott@thexaviergroup.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {9B2D9597-BE37-4AB2-832A-FEC5322528DB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {A361A767-22E1-4235-9D5F-49040DEE9087} - System32\Tasks\{F7B69ABF-5BCF-484C-A993-551DE4FF7097} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.9.0.106&amp;LastError=404
Task: {B1263D67-9D2F-426D-912A-FC1DAD511374} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {B73FE1F2-E455-47DE-AAE5-3C330304F470} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-22] (Google Inc.)
Task: {B95D7B1B-58F3-4F54-A95C-B731582FD277} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {BB4DF7D2-6F53-4A54-B012-BD7041E6509E} - System32\Tasks\{5983A715-8169-4206-B185-03D45B7F0247} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.9.0.106&amp;LastError=404
Task: {C1E97DB8-A4E6-4BB6-9D91-95E50EE1A794} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {E0EDBF4F-FA2D-4E11-ACC9-85B3E8B36B4C} - System32\Tasks\WINshell Event Notification => C:\Users\Scott\AppData\Local\Temp\SBCint2.exe <==== ATTENTION
Task: {F5625449-779B-4A73-91B1-3870E78165B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-22] (Google Inc.)
Task: {F8B793BA-4A3E-48DA-8C14-DCCFE04965C5} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-22 11:41 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-09-26 13:41 - 2014-09-26 13:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-08-26 21:51 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-26 13:40 - 2014-09-26 13:40 - 06237856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-12-11 00:29 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-11 00:29 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-11 00:29 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-11 00:29 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-11 00:29 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-26 21:52 - 2014-11-17 17:59 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-08-26 21:48 - 2014-11-17 17:58 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2009-10-25 21:58 - 2009-10-25 21:58 - 00454886 _____ () C:\Program Files (x86)\Call Graph\sqlite3.dll
2014-07-07 16:21 - 2014-07-07 16:21 - 00410744 _____ () C:\windows\SYSTEM32\TrueColor5.2\LcProxy2.ax
2014-07-07 16:21 - 2014-07-07 16:21 - 00749168 _____ () C:\windows\SYSTEM32\TrueColor5.2\CAL2.dll
2014-09-28 20:01 - 2014-09-28 20:01 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-11-24 02:35 - 2014-11-24 02:35 - 00136704 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Config.#\ae14695f45429da00b608bd3da9f1ae9\Plantronics.Config.XmlSerializers.ni.dll
2014-11-24 02:30 - 2014-11-24 02:30 - 00304128 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Rest\e7ea8a8d280571327b41c17b11273389\Plantronics.UC.Rest.ni.dll
2014-11-24 02:34 - 2014-11-24 02:34 - 00030720 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Rest#\3b0cac67176ee4c2378b261a0b4614c2\Plantronics.UC.Rest.JsonpExtension.ni.dll
2014-09-28 20:01 - 2014-09-28 20:01 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-09-28 20:01 - 2014-09-28 20:01 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2014-12-06 12:42 - 2014-12-06 12:43 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Scott\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "StatusAlerts"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-3113042326-3041763641-654549647-1001\...\StartupApproved\Run: => "AmoltoRecorder"
HKU\S-1-5-21-3113042326-3041763641-654549647-1001\...\StartupApproved\Run: => "HDSoft"

========================= Accounts: ==========================

Administrator (S-1-5-21-3113042326-3041763641-654549647-500 - Administrator - Disabled)
Guest (S-1-5-21-3113042326-3041763641-654549647-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3113042326-3041763641-654549647-1003 - Limited - Enabled)
Scott (S-1-5-21-3113042326-3041763641-654549647-1001 - Administrator - Enabled) => C:\Users\Scott

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/17/2014 06:57:23 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (12/17/2014 06:57:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (12/17/2014 04:58:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/17/2014 04:58:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/17/2014 11:20:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4667.1000, time stamp: 0x543d34a5
Faulting module name: wwlib.dll, version: 15.0.4667.1000, time stamp: 0x543d3631
Exception code: 0xc0000005
Fault offset: 0x0029bea3
Faulting process id: 0x7b0
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5

Error: (12/17/2014 04:59:51 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (12/16/2014 06:00:09 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (12/16/2014 05:57:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.3.9600.16384, time stamp: 0x5215dfe3
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eebd22
Exception code: 0xc0000008
Fault offset: 0x000000000009355a
Faulting process id: 0x9c8
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5

Error: (12/15/2014 03:27:11 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (12/15/2014 03:24:29 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.


System errors:
=============
Error: (12/17/2014 05:09:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Acronis Nonstop Backup Service service, but this action failed with the following error:
%%1056

Error: (12/17/2014 05:08:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Acronis Nonstop Backup Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/16/2014 04:51:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (12/16/2014 05:57:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/15/2014 00:24:33 AM) (Source: DCOM) (EventID: 10016) (User: SXOTT-SURFACE)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}SXOTT-SURFACEScottS-1-5-21-3113042326-3041763641-654549647-1001LocalHost (Using LRPC)UnavailableS-1-15-2-2553126853-3900301745-722364791-2314306712-857547675-3703095181-1352458205

Error: (12/15/2014 00:24:27 AM) (Source: DCOM) (EventID: 10016) (User: SXOTT-SURFACE)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}SXOTT-SURFACEScottS-1-5-21-3113042326-3041763641-654549647-1001LocalHost (Using LRPC)UnavailableS-1-15-2-2553126853-3900301745-722364791-2314306712-857547675-3703095181-1352458205

Error: (12/15/2014 00:24:19 AM) (Source: DCOM) (EventID: 10016) (User: SXOTT-SURFACE)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}SXOTT-SURFACEScottS-1-5-21-3113042326-3041763641-654549647-1001LocalHost (Using LRPC)UnavailableS-1-15-2-2553126853-3900301745-722364791-2314306712-857547675-3703095181-1352458205

Error: (12/15/2014 00:24:10 AM) (Source: DCOM) (EventID: 10016) (User: SXOTT-SURFACE)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}SXOTT-SURFACEScottS-1-5-21-3113042326-3041763641-654549647-1001LocalHost (Using LRPC)UnavailableS-1-15-2-2553126853-3900301745-722364791-2314306712-857547675-3703095181-1352458205

Error: (12/15/2014 00:24:03 AM) (Source: DCOM) (EventID: 10016) (User: SXOTT-SURFACE)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}SXOTT-SURFACEScottS-1-5-21-3113042326-3041763641-654549647-1001LocalHost (Using LRPC)UnavailableS-1-15-2-2553126853-3900301745-722364791-2314306712-857547675-3703095181-1352458205

Error: (12/15/2014 00:23:55 AM) (Source: DCOM) (EventID: 10016) (User: SXOTT-SURFACE)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}SXOTT-SURFACEScottS-1-5-21-3113042326-3041763641-654549647-1001LocalHost (Using LRPC)UnavailableS-1-15-2-2553126853-3900301745-722364791-2314306712-857547675-3703095181-1352458205


Microsoft Office Sessions:
=========================
Error: (12/17/2014 06:57:23 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (12/17/2014 06:57:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (12/17/2014 04:58:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (12/17/2014 04:58:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (12/17/2014 11:20:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE15.0.4667.1000543d34a5wwlib.dll15.0.4667.1000543d3631c00000050029bea37b001d015d2cd15bd98C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXEC:\Program Files\Microsoft Office 15\root\office15\wwlib.dlla01abbc7-8608-11e4-827e-600292ccf82d

Error: (12/17/2014 04:59:51 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (12/16/2014 06:00:09 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (12/16/2014 05:57:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.3.9600.163845215dfe3ntdll.dll6.3.9600.1727853eebd22c0000008000000000009355a9c801d015d1c5de534eC:\windows\system32\svchost.exeC:\windows\SYSTEM32\ntdll.dll48d1797d-8512-11e4-827e-600292ccf82d

Error: (12/15/2014 03:27:11 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (12/15/2014 03:24:29 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe


CodeIntegrity Errors:
===================================
  Date: 2014-12-13 05:17:01.270
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-13 05:17:00.782
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-13 05:17:00.134
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-13 05:16:59.625
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-13 05:16:59.036
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-13 05:16:58.581
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-13 05:01:25.400
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-13 05:01:24.835
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-13 05:01:24.168
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-13 05:01:23.647
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4650U CPU @ 1.70GHz
Percentage of memory in use: 29%
Total physical RAM: 8097.07 MB
Available physical RAM: 5682.63 MB
Total Pagefile: 16289.07 MB
Available Pagefile: 13536.63 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:471.2 GB) (Free:227.61 GB) NTFS
Drive e: () (Fixed) (Total:1863.01 GB) (Free:666.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 1FCA9F2A)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E574C7E1)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:32 AM

Posted 17 December 2014 - 07:24 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   1.77KB   2 downloads

 

 

 

 

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 sxottwc

sxottwc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 17 December 2014 - 07:55 PM

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
Ran by Scott at 2014-12-17 19:40:33 Run:1
Running from C:\Users\Scott\Downloads
Loaded Profile: Scott (Available profiles: Scott)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3113042326-3041763641-654549647-1001\...\RunOnce: [Adobe Speed Launcher] => 1418860689
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Hosts:
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]
C:\Users\Scott\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Scott\AppData\Local\Temp\Quarantine.exe
C:\Users\Scott\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Scott\AppData\Local\Temp\sqlite3.dll
Task: {0A86F3D1-F975-4229-AD27-C3EE1A31A838} - System32\Tasks\WINshell Event Logging => C:\Users\Scott\AppData\Local\Temp\Dscp1.exe <==== ATTENTION



*****************

HKU\S-1-5-21-3113042326-3041763641-654549647-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found] not found.
C:\Users\Scott\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe => Moved successfully.
C:\Users\Scott\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Scott\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Scott\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A86F3D1-F975-4229-AD27-C3EE1A31A838}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A86F3D1-F975-4229-AD27-C3EE1A31A838}" => Key deleted successfully.
C:\Windows\System32\Tasks\WINshell Event Logging => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WINshell Event Logging" => Key deleted successfully.

==== End of Fixlog ====

 

 

 

Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/17/2014
Scan Time: 7:42:31 PM
Logfile: mbam log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.17.04
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Scott

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339278
Time Elapsed: 5 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:32 AM

Posted 17 December 2014 - 08:03 PM

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 sxottwc

sxottwc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 17 December 2014 - 08:32 PM

So far it seems to be working. Before I ran the fix with the fixlist.txt, it was still redirecting. But now it appears to be ok. I will wait and see if anything else comes up between now and tomorrow and let you know. Thank you for your help.



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:32 AM

Posted 18 December 2014 - 12:39 AM

ok let me know. :thumbup2:


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 sxottwc

sxottwc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 18 December 2014 - 10:34 PM

It's been one whole day with no redirects at all. So I think it is safe to say that it worked. Thank you very much for your help!



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:32 AM

Posted 19 December 2014 - 12:33 AM

Hello, sxottwc.

Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

 

 

 

One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest.  It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on.  Whether these things are files or sites it doesn't really matter.  If something is out to get you, and you click on it, it most likely will. 

Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!.  These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.  For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert.  When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge.  You can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites.  I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites.  I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you.  It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection.  Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money.  By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:


Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running.  This alone can save you a lot of trouble with malware in the future. 
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java).  You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 sxottwc

sxottwc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 19 December 2014 - 12:52 AM

Yes, everything is running smoothly and I have no further questions. Thanks again!

 

And as requested, here is the last logfile:

 

# AdwCleaner v4.105 - Report created 19/12/2014 at 00:43:52
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : Scott - SXOTT-SURFACE
# Running from : C:\Users\Scott\Downloads\Programs\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0 (x86 en-US)


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [3229 octets] - [17/12/2014 18:51:00]
AdwCleaner[R1].txt - [1129 octets] - [19/12/2014 00:42:45]
AdwCleaner[S0].txt - [3322 octets] - [17/12/2014 18:56:29]
AdwCleaner[S1].txt - [1047 octets] - [19/12/2014 00:43:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1107 octets] ##########
 



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:32 AM

Posted 19 December 2014 - 12:49 PM

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:32 AM

Posted 21 December 2014 - 03:32 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users