Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant IE11 Debug Messages and an Unfortunate Term Tutor Encounter


  • This topic is locked This topic is locked
8 replies to this topic

#1 MRDoyle1955

MRDoyle1955

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 PM

Posted 25 October 2014 - 06:13 PM

I am getting constant error messages when using IE11 that give me this message in a window:

 

Webpage error

 

Do you want to debug this webpage?

This webpage contains errors that might prevent it from displaying or

working correctly. If you are not testing this webpage, click No.

 

[ ] Do not show this message again

 

[ Yes ]  [  No  ]

___________________________________________

| Line:29...                                                                     |

|(Various messages and line numbers appear in this   |

|window)                                                                        |

|___________________________________________|

 

In fact, I'm getting this error right now on this very page.

If I select "Do not show this message again" there is no effect- the errors continue to pop up.

Clicking "No" shuts off the message.

Going into Tools > Internet options > Advanced and checking "Disable script debugging (Other)

stops the error messages, but does not stay checked past a restart.

Recent events:

Updated Java from java.com

Updated SUPER AntiSpyware application - i do not autorun it on startup

Caught Term Tutor Hijack by mistakenly answering a phony Java update suggestion (I know...)

I follwed online instructions to get rid of Term Tutor, reset my home pages on IE11 and Firefox.

Ran Microsoft Intermet Security Essentials- found nothing

Ran Spybot S&D, found one high risk malware and removed it. I don't remermber what it was.

When I use F12 debugging tools in IE11, the most common call that fails is for something called

outbrainWidget.js

Another thing that is happening that never happened until all this other stuff started, possibly unrelated, is when i shut the PC down the monitor screen goes all white then flashes like mad for a few seconds- as it's doing so I can see sort of "phantom" windows open on the screen.

Here is my DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by Doyle at 18:25:11 on 2014-10-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3959.2432 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
svchost.exe
svchost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://news.google.com/nwshp?hl=en&tab=wn&ei=N7pFVPvrFemPsQSVooH4AQ&ved=0CBEQqS4oBQ
uSearch Bar = Preserve
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Doyle\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STOICJ~1.LNK - C:\Program Files\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B7DF5338-A1EF-48A0-BC45-0A87103C5058} : DHCPNameServer = 192.168.1.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [ISW] <no file>
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Doyle\AppData\Roaming\Mozilla\Firefox\Profiles\5gqwtwr1.default\
FF - prefs.js: browser.search.selectedEngine - Astromenda
FF - prefs.js: browser.startup.homepage - hxxps://news.google.com/nwshp?hl=en&tab=wn&ei=e8FFVLWCA-iRsQSNy4LoAg&ved=0CAsQqS4oCA
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.astrmndasr.hmpg - true
FF - user.js: extensions.astrmndasr.hmpgUrl - hxxp://astromenda.com/?f=1&a=ast_ir_14_43_ie&cd=2XzuyEtN2Y1L1QzuzzyEtB0BtB0B0B0D0F0F0F0FyEyDzyyDtN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyBtDyB0F0BtC0CtG0CtAtCyEtG0DtB0FtCtG0ByCzytAtGtByDzz0E0C0EtC0A0Azy0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDtDtCyDtCyEyEtG0EyD0DzytGyEtDtBtCtG0Bzy0CyBtGyD0FtAzztD0DzztC0Azy0FtD2Q&cr=1390421699&ir=
FF - user.js: extensions.astrmndasr.dfltSrch - true
FF - user.js: extensions.astrmndasr.srchPrvdr - Astromenda
FF - user.js: extensions.astrmndasr.dnsErr - true
FF - user.js: extensions.astrmndasr_i.newTab - true
FF - user.js: extensions.astrmndasr.newTabUrl - hxxp://astromenda.com/?f=2&a=ast_ir_14_43_ie&cd=2XzuyEtN2Y1L1QzuzzyEtB0BtB0B0B0D0F0F0F0FyEyDzyyDtN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyBtDyB0F0BtC0CtG0CtAtCyEtG0DtB0FtCtG0ByCzytAtGtByDzz0E0C0EtC0A0Azy0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDtDtCyDtCyEyEtG0EyD0DzytGyEtDtBtCtG0Bzy0CyBtGyD0FtAzztD0DzztC0Azy0FtD2Q&cr=1390421699&ir=
FF - user.js: extensions.astrmndasr.tlbrSrchUrl - hxxp://astromenda.com/?f=3&a=ast_ir_14_43_ie&cd=2XzuyEtN2Y1L1QzuzzyEtB0BtB0B0B0D0F0F0F0FyEyDzyyDtN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyBtDyB0F0BtC0CtG0CtAtCyEtG0DtB0FtCtG0ByCzytAtGtByDzz0E0C0EtC0A0Azy0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDtDtCyDtCyEyEtG0EyD0DzytGyEtDtBtCtG0Bzy0CyBtGyD0FtAzztD0DzztC0Azy0FtD2Q&cr=1390421699&ir=&q=
FF - user.js: extensions.astrmndasr.id - 842B2BBDFFFF4595
FF - user.js: extensions.astrmndasr.instlDay - 16363
FF - user.js: extensions.astrmndasr.vrsn -
FF - user.js: extensions.astrmndasr.vrsni -
FF - user.js: extensions.astrmndasr_i.vrsnTs - 21:38:13
FF - user.js: extensions.astrmndasr.prtnrId - WSE_Astromenda
FF - user.js: extensions.astrmndasr.prdct - astrmndasr
FF - user.js: extensions.astrmndasr.aflt - ast_ir_14_43_ie
FF - user.js: extensions.astrmndasr_i.smplGrp - none
FF - user.js: extensions.astrmndasr.tlbrId -
FF - user.js: extensions.astrmndasr.instlRef - 142905_b
FF - user.js: extensions.astrmndasr.dfltLng -
FF - user.js: extensions.astrmndasr.appId - {9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
FF - user.js: extensions.astrmndasr.excTlbr - false
FF - user.js: extensions.astrmndasr.cr - 1390421699
FF - user.js: extensions.astrmndasr.cd - 2XzuyEtN2Y1L1QzuzzyEtB0BtB0B0B0D0F0F0F0FyEyDzyyDtN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyBtDyB0F0BtC0CtG0CtAtCyEtG0DtB0FtCtG0ByCzytAtGtByDzz0E0C0EtC0A0Azy0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDtDtCyDtCyEyEtG0EyD0DzytGyEtDtBtCtG0Bzy0CyBtGyD0FtAzztD0DzztC0Azy0FtD2Q
FF - user.js: extensions.astrmndasr.AL - 2
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-1 55856]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-1-22 21184]
R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2011-8-4 352816]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-7-1 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-9-15 239616]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-5-4 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-5-4 2081752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-7-1 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-1 244736]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-7-1 321064]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [2014-1-5 72344]
S2 CADopia License Manager;CADopia License Manager;C:\PROGRA~2\CADopia\CADOPI~1\LicenseManager\lmgrd.exe [2004-2-4 696320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-5-4 171928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-7-1 151936]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 125584]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-7-1 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-7-1 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-21 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-2 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-21 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-21 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-10-25 21:45:43 -------- d-----w- C:\Program Files\ATI
2014-10-25 21:44:41 -------- d-----w- C:\Program Files\ATI Technologies
2014-10-25 21:13:44 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7270FBE7-A19F-43A2-BAE2-28B57D7E7B20}\mpengine.dll
2014-10-24 17:11:42 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-23 02:46:56 -------- d-----w- C:\Windows\pss
2014-10-23 02:32:09 -------- d-----w- C:\Program Files\AMD
2014-10-21 02:56:42 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-21 01:41:26 -------- d-----w- C:\ProgramData\374311380
2014-10-20 10:44:23 0 ----a-w- C:\Windows\System32\xsdamr.dll
2014-10-20 10:44:12 70656 ----a-w- C:\Windows\System32\wcczr.dll
2014-10-18 00:41:37 -------- d-----w- C:\Users\Doyle\AppData\Roaming\Tap It Games
2014-10-18 00:35:22 -------- d-----w- C:\Program Files (x86)\Forgotten Kingdoms - Dream of Ruin - Collectors Edition
2014-10-18 00:32:43 -------- d-----w- C:\Program Files\Danse Macabre - Moulin Rouge - Collector's Edition
2014-10-18 00:29:27 -------- d-----w- C:\Program Files (x86)\9 Clues 2 - The Ward
2014-10-17 02:25:44 -------- d-----w- C:\Program Files (x86)\IGT Slots Cleopatra II
2014-10-15 21:38:59 727040 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-10-11 13:47:19 -------- d-----w- C:\Program Files\Grim Legends 2 - Song of the Dark Swan - Collector's Edition
2014-10-01 04:54:11 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-01 04:54:11 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-28 14:06:30 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
.
==================== Find3M  ====================
.
2014-10-23 03:05:20 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-23 03:05:20 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-15 22:32:00 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2014-09-15 22:32:00 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2014-09-15 22:32:00 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2014-09-15 22:32:00 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2014-09-15 22:31:50 144328 ----a-w- C:\Windows\System32\atiuxp64.dll
2014-09-15 22:31:48 126848 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2014-09-15 22:31:46 118096 ----a-w- C:\Windows\System32\atiu9p64.dll
2014-09-15 22:31:44 100032 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2014-09-15 22:31:42 1335544 ----a-w- C:\Windows\System32\aticfx64.dll
2014-09-15 22:31:40 1113576 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2014-09-15 22:31:34 10826488 ----a-w- C:\Windows\System32\atidxx64.dll
2014-09-15 22:31:30 9254184 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2014-09-15 22:31:22 7207592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2014-09-15 22:31:16 7028336 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2014-09-15 22:31:06 8044976 ----a-w- C:\Windows\System32\atiumd6a.dll
2014-09-15 22:31:02 8296296 ----a-w- C:\Windows\System32\atiumd64.dll
2014-09-15 22:29:04 293088 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2014-09-15 22:26:58 16750080 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2014-09-15 22:18:06 235008 ----a-w- C:\Windows\System32\clinfo.exe
2014-09-15 22:18:00 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2014-09-15 22:17:58 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2014-09-15 22:17:56 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2014-09-15 22:17:56 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2014-09-15 22:17:54 33867264 ----a-w- C:\Windows\System32\amdocl64.dll
2014-09-15 22:17:04 28770304 ----a-w- C:\Windows\SysWow64\amdocl.dll
2014-09-15 22:16:18 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2014-09-15 22:16:18 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-09-15 22:13:24 27918336 ----a-w- C:\Windows\System32\atio6axx.dll
2014-09-15 22:09:38 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
2014-09-15 22:09:36 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2014-09-15 22:09:10 127488 ----a-w- C:\Windows\System32\mantle64.dll
2014-09-15 22:09:04 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2014-09-15 22:09:00 5639168 ----a-w- C:\Windows\System32\amdmantle64.dll
2014-09-15 22:08:08 23375360 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2014-09-15 22:07:48 367104 ----a-w- C:\Windows\System32\atiapfxx.exe
2014-09-15 22:07:46 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2014-09-15 22:07:44 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2014-09-15 22:07:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2014-09-15 22:07:42 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2014-09-15 22:07:36 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2014-09-15 22:06:46 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2014-09-15 22:05:52 4480000 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2014-09-15 22:03:28 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2014-09-15 22:03:26 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2014-09-15 22:03:24 619008 ----a-w- C:\Windows\System32\atieclxx.exe
2014-09-15 22:03:18 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2014-09-15 22:03:12 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
2014-09-15 22:03:08 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03:04 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2014-09-15 21:59:40 827392 ----a-w- C:\Windows\System32\coinst_14.30.dll
2014-09-15 21:59:20 1210880 ----a-w- C:\Windows\System32\atiadlxx.dll
2014-09-15 21:59:16 900608 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2014-09-15 21:59:14 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2014-09-15 21:59:12 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2014-09-15 21:59:12 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2014-09-15 21:59:12 146944 ----a-w- C:\Windows\System32\atig6txx.dll
2014-09-15 21:59:08 133632 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2014-09-15 21:59:06 576000 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2014-09-15 21:58:54 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-05 02:11:09 6584320 ----a-w- C:\Windows\System32\mstscax.dll
.
============= FINISH: 18:25:44.53 ===============

Please see attach.txt (attached, duh)

 

Appreciate any help.

Thanks.
 

Attached Files


Edited by MRDoyle1955, 26 October 2014 - 07:30 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 30 October 2014 - 10:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 04 November 2014 - 08:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 05 November 2014 - 08:17 AM

This topic has been re-opened at the request of the person who originally posted.

#5 MRDoyle1955

MRDoyle1955
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 PM

Posted 05 November 2014 - 08:15 PM

Hi, masdaq-

Thanks for reactivating my topic!

here are the requested logs:

 

# AdwCleaner v3.311 - Report created 05/11/2014 at 19:55:40
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Doyle - MININT-J0R2J4M
# Running from : C:\Users\Doyle\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\AlawarEntertainment
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Users\Doyle\AppData\Local\iWin
Folder Deleted : C:\Users\Doyle\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Doyle\AppData\Roaming\quickclick
Folder Deleted : C:\Users\Doyle\AppData\Roaming\AlawarEntertainment
File Deleted : C:\Users\Doyle\AppData\Roaming\Mozilla\Firefox\Profiles\5gqwtwr1.default\searchplugins\astromenda.xml
File Deleted : C:\Users\Doyle\AppData\Roaming\Mozilla\Firefox\Profiles\5gqwtwr1.default\user.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902274}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902274}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Doyle\AppData\Roaming\Mozilla\Firefox\Profiles\5gqwtwr1.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Astromenda");
Line Deleted : user_pref("browser.search.selectedEngine", "Astromenda");
Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ir_14_43_ie&cd=2XzuyEtN2Y1L1QzuzzyEtB0BtB0B0B0D0F0F0F0FyEyDzyyDtN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFtCtN1L1CzutCyEtBzytDyD[...]
Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ir_14_43_ie&cd=2XzuyEtN2Y1L1QzuzzyEtB0BtB0B0B0D0F0F0F0FyEyDzyyDtN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFtCtN1L1CzutCyEtBzytD[...]
Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ir_14_43_ie&cd=2XzuyEtN2Y1L1QzuzzyEtB0BtB0B0B0D0F0F0F0FyEyDzyyDtN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFtCtN1L1CzutCyEtBzy[...]

*************************

AdwCleaner[R0].txt - [5133 octets] - [05/11/2014 19:51:13]
AdwCleaner[R1].txt - [5193 octets] - [05/11/2014 19:54:18]
AdwCleaner[S0].txt - [4921 octets] - [05/11/2014 19:55:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4981 octets] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Doyle (administrator) on MININT-J0R2J4M on 05-11-2014 20:07:44
Running from C:\Users\Doyle\Desktop\FarBar
Loaded Profile: Doyle (Available profiles: Doyle)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Stoic Joker's Network) C:\Program Files\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ISW] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-08-09] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2737725186-2393671597-1739674870-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKU\S-1-5-21-2737725186-2393671597-1739674870-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6087448 2014-01-21] (Piriform Ltd)
HKU\S-1-5-21-2737725186-2393671597-1739674870-1002\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-2737725186-2393671597-1739674870-1002\...\MountPoints2: {08681053-a41c-11e0-ab23-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-2737725186-2393671597-1739674870-1002\...\MountPoints2: {228b12fd-b403-11e0-adbd-842b2bbdffff} - "D:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\Doyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stoic Joker's T-Clock 2010 x64.lnk
ShortcutTarget: Stoic Joker's T-Clock 2010 x64.lnk -> C:\Program Files\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe (Stoic Joker's Network)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/nwshp?hl=en&tab=wn&ei=N7pFVPvrFemPsQSVooH4AQ&ved=0CBEQqS4oBQ
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Doyle\AppData\Roaming\Mozilla\Firefox\Profiles\5gqwtwr1.default
FF Homepage: https://news.google.com/nwshp?hl=en&tab=wn&ei=e8FFVLWCA-iRsQSNy4LoAg&ved=0CAsQqS4oCA
FF Keyword.URL: hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\Doyle\AppData\Roaming\Mozilla\Firefox\Profiles\5gqwtwr1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-11]
FF Extension: New Tab Homepage - C:\Users\Doyle\AppData\Roaming\Mozilla\Firefox\Profiles\5gqwtwr1.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2012-08-07]
FF Extension: BetterPrivacy - C:\Users\Doyle\AppData\Roaming\Mozilla\Firefox\Profiles\5gqwtwr1.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-12-28]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-08-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-08-15]
FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 CADopia License Manager; C:\Program Files (x86)\CADopia\CADopia Standard 6\LicenseManager\lmgrd.exe [696320 2004-02-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [72344 2008-11-25] (SiSoftware) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-08-04] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-08-04] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-08-04] (Paragon)
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]
S1 ttnfd; system32\drivers\ttnfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 20:07 - 2014-11-05 20:07 - 00000000 ____D () C:\FRST
2014-11-05 20:05 - 2014-11-05 20:07 - 00000000 ____D () C:\Users\Doyle\Desktop\FarBar
2014-11-05 19:53 - 2014-11-05 19:53 - 00005133 _____ () C:\Users\Doyle\Desktop\AdwCleaner[R0].txt
2014-11-05 19:51 - 2014-11-05 19:55 - 00000000 ____D () C:\AdwCleaner
2014-11-05 19:50 - 2014-11-05 19:50 - 01375089 _____ () C:\Users\Doyle\Desktop\AdwCleaner.exe
2014-11-05 15:06 - 2014-11-05 20:01 - 00056534 _____ () C:\Windows\WindowsUpdate.log
2014-11-03 21:21 - 2014-11-03 21:33 - 00000000 ____D () C:\Users\Doyle\Desktop\Vet Records
2014-11-01 06:22 - 2014-11-01 06:22 - 00002436 _____ () C:\Users\Doyle\Desktop\Fear For Sale 5 - The 13 Keys - CE.lnk
2014-11-01 06:21 - 2014-11-01 06:22 - 00000000 ____D () C:\Program Files (x86)\Fear for Sale 5 - The 13 Keys - Collector's Edition
2014-10-26 07:10 - 2014-10-26 07:10 - 00000000 ____D () C:\Users\Doyle\AppData\Roaming\AMD
2014-10-26 06:41 - 2014-10-26 06:41 - 00000000 ____D () C:\ProgramData\ATI
2014-10-26 06:40 - 2014-10-26 06:40 - 00056548 _____ () C:\Windows\SysWOW64\CCCInstall_201410260740507944.log
2014-10-26 06:40 - 2014-10-26 06:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-10-26 06:40 - 2014-10-26 06:40 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-10-26 06:39 - 2014-10-26 06:39 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-10-25 18:13 - 2014-10-26 07:38 - 00000000 ____D () C:\Users\Doyle\Desktop\bleeping
2014-10-25 17:10 - 2014-10-25 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
2014-10-25 16:45 - 2014-10-25 16:45 - 00000000 ____D () C:\Program Files\ATI
2014-10-25 16:44 - 2014-10-25 16:44 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-10-25 16:38 - 2014-10-25 16:38 - 00048696 _____ () C:\Windows\SysWOW64\CCCInstall_201410251738423629.log
2014-10-25 16:25 - 2014-10-25 16:25 - 286582040 _____ (AMD Inc.) C:\Users\Doyle\Documents\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
2014-10-22 22:26 - 2011-12-24 10:30 - 00001257 _____ () C:\Users\Doyle\Desktop\Hoyle Casino Games 2012.lnk
2014-10-22 21:46 - 2014-10-22 21:53 - 00000000 ____D () C:\Windows\pss
2014-10-22 21:34 - 2014-10-22 21:34 - 00049541 _____ () C:\Windows\SysWOW64\CCCInstall_201410222234263867.log
2014-10-22 21:32 - 2014-10-22 21:32 - 00000000 ____D () C:\Program Files\AMD
2014-10-20 21:56 - 2014-10-20 21:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-20 21:56 - 2014-10-20 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-20 21:56 - 2014-10-20 21:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-20 21:50 - 2014-10-20 21:50 - 05583433 _____ (Swearware) C:\Users\Doyle\Documents\ComboFix.exe
2014-10-20 15:09 - 2014-10-20 15:09 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-20 05:44 - 2014-10-20 05:44 - 00003856 _____ () C:\Windows\System32\Tasks\{6D3F94C9-14AD-CDB3-ADD4-AC6A6EAE8F54}
2014-10-20 05:44 - 2014-10-20 05:44 - 00000000 _____ () C:\Windows\system32\xsdamr.dll
2014-10-17 19:41 - 2014-10-17 19:41 - 00000000 ____D () C:\Users\Doyle\AppData\Roaming\Tap It Games
2014-10-17 19:37 - 2014-10-17 19:37 - 00002528 _____ () C:\Users\Doyle\Desktop\Forgotten Kingdoms - Dream of Ruin - CE.lnk
2014-10-17 19:35 - 2014-10-17 19:35 - 00000000 ____D () C:\Program Files (x86)\Forgotten Kingdoms - Dream of Ruin - Collectors Edition
2014-10-17 19:33 - 2014-10-17 19:33 - 00002408 _____ () C:\Users\Doyle\Desktop\Danse Macabre - Moulin Rouge - CE.lnk
2014-10-17 19:32 - 2014-10-17 19:33 - 00000000 ____D () C:\Program Files\Danse Macabre - Moulin Rouge - Collector's Edition
2014-10-16 21:25 - 2014-10-20 21:11 - 00000000 ____D () C:\Program Files (x86)\IGT Slots Cleopatra II
2014-10-15 16:39 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 16:39 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 16:39 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 16:39 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 16:39 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 16:39 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 16:39 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 16:39 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 16:39 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 16:39 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 16:39 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 16:39 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 16:39 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 16:39 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 16:39 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 16:39 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 16:39 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 16:39 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 16:39 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 16:39 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 16:39 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 16:39 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 16:39 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 16:39 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 16:39 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 16:39 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 16:39 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 16:39 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 16:39 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 16:39 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 16:39 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 16:39 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 16:39 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 16:39 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 16:39 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 16:39 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 16:39 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 16:39 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 16:39 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 16:38 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 16:38 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 16:38 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 16:38 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 16:38 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 16:38 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 16:38 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 16:38 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 16:38 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 16:38 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 16:38 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 16:38 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 16:38 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 16:38 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 16:38 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 16:38 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 16:38 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 16:38 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 16:38 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 16:38 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 16:38 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 16:38 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 16:38 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 16:38 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 16:38 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 16:38 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 16:38 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 16:38 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 16:38 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 16:38 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 16:38 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 16:38 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 16:38 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 16:38 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 16:38 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 16:38 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 16:38 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 16:38 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 16:38 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 16:38 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 16:38 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 16:38 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 16:38 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 16:38 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 16:38 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 16:38 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 16:38 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-11 08:47 - 2014-10-25 16:04 - 00000000 ____D () C:\Program Files\Grim Legends 2 - Song of the Dark Swan - Collector's Edition

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 20:05 - 2009-07-13 23:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 20:05 - 2009-07-13 23:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 20:03 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 19:57 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 17:23 - 2013-11-23 10:18 - 00000000 ____D () C:\Users\Doyle\AppData\Roaming\ClassicShell
2014-11-05 13:09 - 2011-12-24 10:30 - 00000000 ____D () C:\Users\Doyle\AppData\Roaming\Hoyle Casino
2014-11-04 21:13 - 2013-12-02 08:18 - 00000000 ____D () C:\Users\Doyle\Documents\Mailing Labels
2014-11-03 21:34 - 2013-12-30 08:11 - 00000000 ____D () C:\Users\Doyle\Documents\PDF files
2014-11-03 21:22 - 2011-07-22 19:32 - 00000426 _____ () C:\Windows\BRWMARK.INI
2014-11-03 11:00 - 2011-07-25 19:40 - 00000000 ____D () C:\Program Files (x86)\PCStitch 7
2014-11-02 09:31 - 2011-07-23 17:07 - 00000000 ____D () C:\Users\Doyle\Desktop\Completed Cross Stitch
2014-11-01 23:11 - 2009-07-14 00:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-01 16:48 - 2014-01-08 18:00 - 00000000 ____D () C:\Users\Doyle\AppData\Local\CrashDumps
2014-11-01 06:42 - 2011-12-13 22:57 - 00000000 ____D () C:\Users\Doyle\AppData\Roaming\EleFun Games
2014-11-01 06:22 - 2011-07-22 20:03 - 00000000 ____D () C:\Users\Doyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-10-30 06:25 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 06:41 - 2012-03-20 04:50 - 00000000 ____D () C:\ProgramData\AMD
2014-10-25 16:43 - 2012-02-05 05:37 - 00000000 ____D () C:\AMD
2014-10-25 16:23 - 2011-10-22 20:06 - 00000000 ____D () C:\Users\Doyle\Documents\Marty's Stuff
2014-10-25 15:55 - 2011-07-20 18:35 - 00000000 ___RD () C:\Users\Doyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-22 22:05 - 2012-08-09 07:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-22 22:05 - 2011-07-21 20:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-22 22:04 - 2011-07-21 20:20 - 00000000 ____D () C:\Users\Doyle\AppData\Local\Adobe
2014-10-22 17:26 - 2013-01-08 05:35 - 00000000 ____D () C:\Users\Doyle\Desktop\Recipes
2014-10-22 17:26 - 2011-07-23 17:06 - 00000000 ____D () C:\Users\Doyle\Desktop\Cloth Dolls
2014-10-22 17:18 - 2011-07-23 18:15 - 00000000 ____D () C:\Users\Doyle\Desktop\Crossstitch Patterns
2014-10-21 23:17 - 2014-07-17 23:00 - 00000000 ____D () C:\Users\Doyle\Desktop\Lat For The Ball
2014-10-21 05:42 - 2013-02-24 10:04 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-20 21:57 - 2013-10-26 12:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-20 21:09 - 2014-08-15 20:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-19 13:40 - 2014-05-04 07:19 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-19 12:48 - 2014-07-20 10:14 - 00022886 _____ () C:\swissarmy.ref
2014-10-17 19:50 - 2011-09-14 19:48 - 00000000 ____D () C:\Users\Doyle\AppData\Roaming\Vast Studios
2014-10-17 19:44 - 2014-06-10 19:42 - 00000000 ____D () C:\Users\Doyle\AppData\Roaming\Eipix
2014-10-16 10:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 00:21 - 2009-07-13 23:45 - 00358840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 00:18 - 2014-05-02 05:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 23:47 - 2013-08-15 14:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 23:45 - 2011-07-21 20:07 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-11 09:04 - 2011-09-02 05:11 - 00000000 ____D () C:\Users\Doyle\AppData\Roaming\Artifex Mundi
2014-10-07 12:20 - 2011-12-10 11:35 - 00000000 ____D () C:\Users\Doyle\Desktop\Love Quilts
2014-10-06 23:50 - 2011-07-22 20:31 - 00000000 ____D () C:\Users\Doyle\AppData\Roaming\Hoyle

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 17:55

==================== End Of Log ============================

 

Addition.txt is attached.

Awaiting further instructions.

MRD

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 06 November 2014 - 09:48 AM

Do you want to debug this webpage?
This webpage contains errors that might prevent it from displaying or
working correctly. If you are not testing this webpage, click No.


This debug issue is set in your Internet Explorer.

Open IE and under the Tools menu select Internet Options
Click the Advanced tab.

Under the Browsing Section.
Add a mark under these 2 items.
Disable Script Debugging (IE)
Disable Script Debuggins (others)

Click the Apply button.

===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

HKLM\...\Run: [ISW] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]
S1 ttnfd; system32\drivers\ttnfd.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:13FB6DB8
AlternateDataStreams: C:\ProgramData\Temp:1604D047
AlternateDataStreams: C:\ProgramData\Temp:26499772
AlternateDataStreams: C:\ProgramData\Temp:2D133896
AlternateDataStreams: C:\ProgramData\Temp:2D2461E7
AlternateDataStreams: C:\ProgramData\Temp:4C3D5A8B
AlternateDataStreams: C:\ProgramData\Temp:587F3582
AlternateDataStreams: C:\ProgramData\Temp:58E38390
AlternateDataStreams: C:\ProgramData\Temp:6EE8565A
AlternateDataStreams: C:\ProgramData\Temp:6F1F66C0
AlternateDataStreams: C:\ProgramData\Temp:774C075A
AlternateDataStreams: C:\ProgramData\Temp:795F6DEC
AlternateDataStreams: C:\ProgramData\Temp:8075370B
AlternateDataStreams: C:\ProgramData\Temp:87A3A233
AlternateDataStreams: C:\ProgramData\Temp:9195103F
AlternateDataStreams: C:\ProgramData\Temp:943971F5
AlternateDataStreams: C:\ProgramData\Temp:AA0017FD
AlternateDataStreams: C:\ProgramData\Temp:AFC732F7
AlternateDataStreams: C:\ProgramData\Temp:B2112128
AlternateDataStreams: C:\ProgramData\Temp:C78DADEA
AlternateDataStreams: C:\ProgramData\Temp:CC141B05
AlternateDataStreams: C:\ProgramData\Temp:DBC3D477
AlternateDataStreams: C:\ProgramData\Temp:DD6F157A
AlternateDataStreams: C:\ProgramData\Temp:E0888117
AlternateDataStreams: C:\ProgramData\Temp:E2CFA9CD
AlternateDataStreams: C:\ProgramData\Temp:E5496666
AlternateDataStreams: C:\ProgramData\Temp:E8C44CB4
AlternateDataStreams: C:\ProgramData\Temp:EC257A5C
AlternateDataStreams: C:\ProgramData\Temp:EE198B1F
AlternateDataStreams: C:\ProgramData\Temp:F54781BF
AlternateDataStreams: C:\ProgramData\Temp:F56BE392
AlternateDataStreams: C:\ProgramData\Temp:F5D01D7C
AlternateDataStreams: C:\ProgramData\Temp:F610C203
AlternateDataStreams: C:\ProgramData\Temp:F89F2593
AlternateDataStreams: C:\ProgramData\Temp:FB4262DE

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#7 MRDoyle1955

MRDoyle1955
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 PM

Posted 06 November 2014 - 06:31 PM

Hi, nasdaq-

 

Check box for "Disable debug messages (Other)" did not stay checked before- now it does.

 

Contents of Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Doyle at 2014-11-06 18:16:10 Run:1
Running from C:\Users\Doyle\Desktop\FarBar
Loaded Profile: Doyle (Available profiles: Doyle)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKLM\...\Run: [ISW] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]
S1 ttnfd; system32\drivers\ttnfd.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:13FB6DB8
AlternateDataStreams: C:\ProgramData\Temp:1604D047
AlternateDataStreams: C:\ProgramData\Temp:26499772
AlternateDataStreams: C:\ProgramData\Temp:2D133896
AlternateDataStreams: C:\ProgramData\Temp:2D2461E7
AlternateDataStreams: C:\ProgramData\Temp:4C3D5A8B
AlternateDataStreams: C:\ProgramData\Temp:587F3582
AlternateDataStreams: C:\ProgramData\Temp:58E38390
AlternateDataStreams: C:\ProgramData\Temp:6EE8565A
AlternateDataStreams: C:\ProgramData\Temp:6F1F66C0
AlternateDataStreams: C:\ProgramData\Temp:774C075A
AlternateDataStreams: C:\ProgramData\Temp:795F6DEC
AlternateDataStreams: C:\ProgramData\Temp:8075370B
AlternateDataStreams: C:\ProgramData\Temp:87A3A233
AlternateDataStreams: C:\ProgramData\Temp:9195103F
AlternateDataStreams: C:\ProgramData\Temp:943971F5
AlternateDataStreams: C:\ProgramData\Temp:AA0017FD
AlternateDataStreams: C:\ProgramData\Temp:AFC732F7
AlternateDataStreams: C:\ProgramData\Temp:B2112128
AlternateDataStreams: C:\ProgramData\Temp:C78DADEA
AlternateDataStreams: C:\ProgramData\Temp:CC141B05
AlternateDataStreams: C:\ProgramData\Temp:DBC3D477
AlternateDataStreams: C:\ProgramData\Temp:DD6F157A
AlternateDataStreams: C:\ProgramData\Temp:E0888117
AlternateDataStreams: C:\ProgramData\Temp:E2CFA9CD
AlternateDataStreams: C:\ProgramData\Temp:E5496666
AlternateDataStreams: C:\ProgramData\Temp:E8C44CB4
AlternateDataStreams: C:\ProgramData\Temp:EC257A5C
AlternateDataStreams: C:\ProgramData\Temp:EE198B1F
AlternateDataStreams: C:\ProgramData\Temp:F54781BF
AlternateDataStreams: C:\ProgramData\Temp:F56BE392
AlternateDataStreams: C:\ProgramData\Temp:F5D01D7C
AlternateDataStreams: C:\ProgramData\Temp:F610C203
AlternateDataStreams: C:\ProgramData\Temp:F89F2593
AlternateDataStreams: C:\ProgramData\Temp:FB4262DE

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ISW => value deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
"HKCR\PROTOCOLS\Filter\text/xml" => Key deleted successfully.
"HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\termtutor@termtutor.com => value deleted successfully.
PCDSRVC{67F2314B-25F2B3C0-06020101}_0 => Service deleted successfully.
ttnfd => Service deleted successfully.
C:\ProgramData\Temp => ":13FB6DB8" ADS removed successfully.
C:\ProgramData\Temp => ":1604D047" ADS removed successfully.
C:\ProgramData\Temp => ":26499772" ADS removed successfully.
C:\ProgramData\Temp => ":2D133896" ADS removed successfully.
C:\ProgramData\Temp => ":2D2461E7" ADS removed successfully.
C:\ProgramData\Temp => ":4C3D5A8B" ADS removed successfully.
C:\ProgramData\Temp => ":587F3582" ADS removed successfully.
C:\ProgramData\Temp => ":58E38390" ADS removed successfully.
C:\ProgramData\Temp => ":6EE8565A" ADS removed successfully.
C:\ProgramData\Temp => ":6F1F66C0" ADS removed successfully.
C:\ProgramData\Temp => ":774C075A" ADS removed successfully.
C:\ProgramData\Temp => ":795F6DEC" ADS removed successfully.
C:\ProgramData\Temp => ":8075370B" ADS removed successfully.
C:\ProgramData\Temp => ":87A3A233" ADS removed successfully.
C:\ProgramData\Temp => ":9195103F" ADS removed successfully.
C:\ProgramData\Temp => ":943971F5" ADS removed successfully.
C:\ProgramData\Temp => ":AA0017FD" ADS removed successfully.
C:\ProgramData\Temp => ":AFC732F7" ADS removed successfully.
C:\ProgramData\Temp => ":B2112128" ADS removed successfully.
C:\ProgramData\Temp => ":C78DADEA" ADS removed successfully.
C:\ProgramData\Temp => ":CC141B05" ADS removed successfully.
C:\ProgramData\Temp => ":DBC3D477" ADS removed successfully.
C:\ProgramData\Temp => ":DD6F157A" ADS removed successfully.
C:\ProgramData\Temp => ":E0888117" ADS removed successfully.
C:\ProgramData\Temp => ":E2CFA9CD" ADS removed successfully.
C:\ProgramData\Temp => ":E5496666" ADS removed successfully.
C:\ProgramData\Temp => ":E8C44CB4" ADS removed successfully.
C:\ProgramData\Temp => ":EC257A5C" ADS removed successfully.
C:\ProgramData\Temp => ":EE198B1F" ADS removed successfully.
C:\ProgramData\Temp => ":F54781BF" ADS removed successfully.
C:\ProgramData\Temp => ":F56BE392" ADS removed successfully.
C:\ProgramData\Temp => ":F5D01D7C" ADS removed successfully.
C:\ProgramData\Temp => ":F610C203" ADS removed successfully.
C:\ProgramData\Temp => ":F89F2593" ADS removed successfully.
C:\ProgramData\Temp => ":FB4262DE" ADS removed successfully.

==== End of Fixlog ====

 

Contents of checkup.txt:

 

 Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 Spybot - Search & Destroy
 Java 8 Update 25 
 Java version out of Date!
 Adobe Flash Player 15.0.0.152 
 Mozilla Firefox 31.0 Firefox out of Date! 
 Mozilla Thunderbird (24.6.0)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

As I said, PC was already running better. Have not seen debug messages at all this session.

 

What's next?

MRDoyle1955



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 07 November 2014 - 08:11 AM

Java 8 Update 25
Java version out of Date!

Ignore this remark. You have the latest version.

===

Glad we could help.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 13 November 2014 - 01:22 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users