svanden00
-
Content Count
11 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by svanden00
-
-
RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jay [Admin rights]
Mode : Remove -- Date : 07/03/2014 12:00:08¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 32 ¤¤¤
[PUM.Https] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> NOT SELECTED
[PUM.Https] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[ZeroAccess] (X64) HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 | : C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\n. [x] -> REPLACED (C:\Windows\system32\shell32.dll)
[ZeroAccess] (X64) HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 | : C:\$Recycle.Bin\S-1-5-21-1146792228-2588377364-2779136815-1000\$1b443a9931efc65b68b7cc40cec30f6b\n. [x] -> REPLACED (C:\Windows\system32\shell32.dll)
[Hj.RegVal] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Command Processor | AutoRun : "C:\Users\Jay\AppData\Local\duS_nMjtMtx.exe" -> REPLACED ()
[Hj.RegVal] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Command Processor | AutoRun : "C:\Users\Jay\AppData\Local\duS_nMjtMtx.exe" -> REPLACED ()¤¤¤ Scheduled tasks : 2 ¤¤¤
[suspicious.Path] \\4473 -- wscript.exe (C:\Users\Jay\AppData\Local\Temp\launchie.vbs //B) -> DELETED
[suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> DELETED¤¤¤ Files : 3 ¤¤¤
[ZeroAccess][File] @ -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\@ -> DELETED
[ZeroAccess][Folder] L -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\L -> DELETED
[ZeroAccess][Folder] U -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\U -> DELETED¤¤¤ HOSTS File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD64 00AAKS-65A7B SCSI Disk Device +++++
--- User ---
[MBR] bd7c3e7d59ffe741a2454cf4ababd859
[bSP] eb50dc3a606bbbd4c4782f8f30779905 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 599354 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1227683840 | Size: 11024 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )+++++ PhysicalDrive1: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )============================================
RKreport_SCN_07032014_104405.log - RKreport_SCN_07032014_115956.log -
OTL logfile created on: 7/3/2014 10:49:39 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jay\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.40% Memory free
7.50 Gb Paging File | 5.67 Gb Available in Paging File | 75.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.31 Gb Total Space | 523.35 Gb Free Space | 89.42% Space Free | Partition Type: NTFS
Drive D: | 10.77 Gb Total Space | 1.56 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
Computer Name: JAY-PC | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/07/03 10:47:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Downloads\OTL.com
PRC - [2014/07/03 10:21:02 | 000,854,390 | ---- | M] () -- C:\Users\Jay\Downloads\SecurityCheck.exe
PRC - [2014/06/23 12:15:28 | 002,640,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/06/23 12:15:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/05/29 05:16:32 | 000,241,344 | ---- | M] () -- C:\Program Files\pcmax\pcmax.exe
PRC - [2014/05/11 00:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe
PRC - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/08 10:17:46 | 002,544,960 | ---- | M] (SkyHawke) -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
PRC - [2010/11/20 06:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/09/14 19:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/07/27 03:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/24 20:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
========== Modules (No Company Name) ==========
MOD - [2014/07/03 10:21:02 | 000,854,390 | ---- | M] () -- C:\Users\Jay\Downloads\SecurityCheck.exe
MOD - [2014/07/03 05:29:27 | 001,404,120 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2014/03/23 17:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2013/09/13 20:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 20:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/05/08 10:17:46 | 000,167,232 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\conduitscripting0.dll
MOD - [2013/05/08 10:13:34 | 000,590,848 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qjson0.dll
MOD - [2013/05/08 10:13:26 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qextserialport1.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/06/22 20:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\libgcc_s_dw2-1.dll
MOD - [2009/01/10 12:32:40 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\mingwm10.dll
========== Services (SafeList) ==========
SRV - [2014/06/23 12:15:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/05/13 14:47:49 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/11 00:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe -- (N360)
SRV - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/07/27 03:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV - [2014/07/03 05:29:24 | 000,631,128 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys -- (RapportCerberus_69108)
DRV - [2014/06/23 12:15:38 | 000,414,296 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2014/06/23 12:15:38 | 000,299,736 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2014/06/21 03:20:11 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20140702.023\ex64.sys -- (NAVEX15)
DRV - [2014/06/21 03:20:11 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20140702.023\eng64.sys -- (NAVENG)
DRV - [2014/06/10 20:31:55 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/06/10 20:31:55 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/06/06 16:56:44 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20140702.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/05/09 19:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49218725-54B1-4FE5-ACA3-5ADE4D65021D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\URLSearchHook: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - No CLSID value found
IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\SearchScopes,DefaultScope = {B0F85C57-022E-420F-8CE5-093C11469756}
IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\SearchScopes\{3BC6EE30-C35F-4371-B584-0FC09BF895BF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_enUS454
IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\SearchScopes\{B0F85C57-022E-420F-8CE5-093C11469756}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111043,6901,0,8,0
IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn\ [2014/07/03 10:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014/06/07 17:13:25 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.trovi.com/?gd=&ctid=CT3329903&octid=EB_ORIGINAL_CTID&ISID=M11615D30-1A23-42CB-A5F8-E93A6CB02C38&SearchSource=55&CUI=&UM=2&UP=SP4D8C4040-F118-4385-83C0-B85B628DC8F8&SSPV=
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Norton Identity Protection = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.48_0\
CHR - Extension: Google Wallet = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
Hosts file not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {a0154e07-2b48-475c-a82a-80efd84ea33e} - No CLSID value found.
O3 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe (SkyHawke)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h File not found
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Riverside Resort Widget.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.215.21.202 72.21.70.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7}: DhcpNameServer = 67.215.21.202 72.21.70.3
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/07/03 10:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/03 09:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/07/03 09:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/03 09:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/03 09:21:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/03 09:04:48 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/07/03 09:04:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/14 05:28:34 | 000,000,000 | ---D | C] -- C:\temp
[2014/06/12 10:18:40 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Local_Weather_LLC
[2014/06/12 10:18:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
[2014/06/11 05:50:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/11 05:50:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/11 05:49:48 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/11 05:49:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/11 05:49:46 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/11 05:49:45 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/11 05:49:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/11 05:49:41 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/11 05:49:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/11 05:49:37 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/11 05:49:33 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/11 05:49:33 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/11 05:49:32 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/11 05:49:31 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/07 17:11:49 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
========== Files - Modified Within 30 Days ==========
[2014/07/03 10:38:16 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/03 10:29:00 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/07/03 10:05:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/03 10:05:34 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/03 09:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/03 09:52:38 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/30 14:17:51 | 000,002,245 | ---- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/30 14:17:51 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/30 13:35:12 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/06/28 15:52:37 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJay.job
[2014/06/20 12:39:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf8cb6f601a850.job
[2014/06/17 13:01:08 | 006,828,052 | ---- | M] () -- C:\Users\Jay\Documents\Troy Built Manual.pdf
[2014/06/07 17:11:49 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/06/07 10:03:27 | 001,480,320 | ---- | M] () -- C:\Users\Jay\Documents\JoAnn Logan Laing.pdf
========== Files Created - No Company Name ==========
[2014/07/03 09:41:02 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/20 12:39:25 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf8cb6f601a850.job
[2014/06/17 13:01:08 | 006,828,052 | ---- | C] () -- C:\Users\Jay\Documents\Troy Built Manual.pdf
[2014/06/07 10:03:27 | 001,480,320 | ---- | C] () -- C:\Users\Jay\Documents\JoAnn Logan Laing.pdf
[2014/02/15 09:42:38 | 001,005,944 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpJONNA AND SUSAN 2014.JPG
[2013/02/12 18:21:33 | 000,834,069 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpSUSAN, NANCY, KAREN FEBRUARY 2013.JPG
[2013/02/12 18:21:32 | 002,392,573 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpSUSAN, NANCY, KAREN FEBRUARY 2013.0
[2013/01/14 17:13:23 | 000,751,078 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/01/14 17:13:11 | 000,018,252 | ---- | C] () -- C:\ProgramData\sound.mp3
[2013/01/14 17:12:59 | 000,114,890 | ---- | C] () -- C:\ProgramData\1.jpg
[2012/10/20 12:33:46 | 000,049,864 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpMINI REUNION APRIL 30, 2012.JPG
[2012/10/20 12:33:45 | 000,065,584 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpMINI REUNION APRIL 30, 2012.0
[2012/08/14 16:31:42 | 000,027,520 | ---- | C] () -- C:\Users\Jay\AppData\Local\dt.dat
[2012/08/06 06:32:14 | 004,503,728 | ---- | C] () -- C:\ProgramData\rat_0ybba.pad
[2012/03/30 13:36:36 | 000,053,501 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpBUD IN ARIZONA MARCH 2012.JPG
[2010/10/09 14:50:11 | 000,002,904 | ---- | C] () -- C:\Users\Jay\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2011/11/17 00:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\@
[2011/11/17 00:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\L
[2013/02/15 23:13:45 | 000,000,000 | -HSD | M] -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\U
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\n.
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1146792228-2588377364-2779136815-1000\$1b443a9931efc65b68b7cc40cec30f6b\n.
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 20:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 20:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/01/10 21:08:47 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/10 21:08:47 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/10/14 14:18:59 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\AVG
[2012/12/14 11:47:50 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\AVG2013
[2012/06/07 16:41:12 | 000,000,000 | -HSD | M] -- C:\Users\Jay\AppData\Roaming\Best Antivirus Software
[2013/05/04 14:33:29 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Canon
[2013/11/14 14:00:13 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\com.highimpactdirect.Riverside
[2011/12/09 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Masque
[2010/04/22 11:38:01 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\PictureMover
[2010/05/24 16:47:37 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\SkyGolf
[2010/10/09 14:50:14 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Template
[2012/12/14 11:38:04 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\TuneUp Software
[2012/12/30 09:44:32 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Visan
[2010/05/14 17:57:35 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:290A724C< End of report >
-
RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
version
Started in : Normal mode
User : Jay [Admin rights]
Mode : Scan -- Date : 07/03/2014 10:44:05¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 32 ¤¤¤
[PUM.Https] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet
Settings | WarnOnHTTPSToHTTPRedirect : 0 -> FOUND
[PUM.Https] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet
Settings | WarnOnHTTPSToHTTPRedirect : 0 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 67.215.21.202
72.21.70.3 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 ->
FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 ->
FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-
AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 ->
FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-
AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 ->
FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-
AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 ->
FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion
\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion
\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion
\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion
\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
ConsentPromptBehaviorUser : 0 -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
ConsentPromptBehaviorUser : 0 -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
ConsentPromptBehaviorAdmin : 0 -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
ConsentPromptBehaviorAdmin : 0 -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion
\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 ->
FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion
\Explorer\Advanced | Start_ShowMyGames : 2 -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion
\Explorer\Advanced | Start_ShowUser : 2 -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion
\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 ->
FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion
\Explorer\Advanced | Start_ShowMyGames : 2 -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion
\Explorer\Advanced | Start_ShowUser : 2 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel |
{20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel |
{59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel |
{20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel |
{59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[ZeroAccess] (X64) HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 | : C:\Users\Jay\AppData\Local
\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\n. -> FOUND
[ZeroAccess] (X64) HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 | : C:\$Recycle.Bin\S-1-5-21-
1146792228-2588377364-2779136815-1000\
$1b443a9931efc65b68b7cc40cec30f6b\n. -> FOUND
[Hj.RegVal] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Command Processor | AutoRun :
"C:\Users\Jay\AppData\Local\duS_nMjtMtx.exe" -> FOUND
[Hj.RegVal] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Command Processor | AutoRun :
"C:\Users\Jay\AppData\Local\duS_nMjtMtx.exe" -> FOUND
¤¤¤ Scheduled tasks : 2 ¤¤¤
[suspicious.Path] \\4473 -- wscript.exe (C:\Users\Jay\AppData\Local\Temp\launchie.vbs //B) -> FOUND
[suspicious.Path] \Microsoft\Microsoft Antimalware\MicrosoftAntimalware Scheduled Scan -- c:\Program Files\Microsoft Security
Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) ->
FOUND
¤¤¤ Files : 3 ¤¤¤
[ZeroAccess][File] @ -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\@ -> FOUND
[ZeroAccess][Folder] L -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\L -> FOUND
[ZeroAccess][Folder] U -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\U -> FOUND
¤¤¤ HOSTS File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
-
Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attemptingautomatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 6 Update 31
Java version out of Date!
Adobe Reader 10.1.10 Adobe Reader out of Date!
Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attemptingautomatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 6 Update 31
Java version out of Date!
Adobe Reader 10.1.10 Adobe Reader out of Date!
Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log`````````````````````` -
.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 4/22/2010 11:27:52 AMSystem Uptime: 7/3/2014 9:33:50 AM (1 hours ago).Motherboard: PEGATRON CORPORATION | | Narra6Processor: AMD Athlon II X2 250 Processor | CPU 1 | 3000/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 585 GiB total, 522.577 GiB free.D: is FIXED (NTFS) - 11 GiB total, 1.562 GiB free.E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP571: 6/14/2014 5:28:47 AM - Installed RapportRP572: 6/14/2014 6:10:12 PM - HPSF Restore PointRP573: 6/22/2014 12:00:02 AM - Scheduled CheckpointRP574: 6/29/2014 8:12:50 AM - Scheduled CheckpointRP575: 7/3/2014 5:22:10 AM - Installed Rapport.==== Installed Programs ======================.Activation Assistant for the 2007 Microsoft Office suitesActiveCheck component for HP Active Support LibraryAdobe AIRAdobe Flash Player 13 ActiveXAdobe Reader X (10.1.10)Apple Application SupportApple Mobile Device SupportApple Software UpdateBest Buy Software InstallerBonjourCaddieSync Express 1.5.14Canon Easy-PhotoPrint EXCanon Easy-WebPrint EXCanon Inkjet Printer/Scanner/Fax Extended Survey ProgramCanon MP Navigator EX 4.1Canon MX410 series MP DriversCanon MX410 series User RegistrationCanon My PrinterCanon Solution Menu EXCanon Speed Dial UtilityCCleanerCompatibility Pack for the 2007 Office systemCyberLink DVD Suite DeluxeDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDesktopWeatherAlertsDirectX for Managed Code Update (Summer 2004)DVD Menu Pack for HP MediaSmart VideoGeek Squad 24 Hour Computer SupportGoogle ChromeGoogle Update HelperHardware Diagnostic ToolsHoyle Card Games 2005HP Customer Experience EnhancementsHP MediaSmart DemoHP MediaSmart DVDHP MediaSmart Music/Photo/VideoHP MediaSmart SmartMenuHP MediaSmart/TouchSmart NetflixHP OdometerHP Photo CreationsHP Remote SolutionHP Support AssistantHP Support InformationHP UpdateHPAsset component for HP Active Support LibraryHulu DesktopiSEEK AnswerWorks English RuntimeiTunesJava Auto UpdaterJava 6 Update 31Junk Mail filter updateK-Lite Codec Pack 7.0.0 (Standard)LabelPrintLightScribe System SoftwareMalwarebytes Anti-Malware version 2.0.2.1012Masque IGT Slots Wolf RunMicrosoft .NET Framework 4.5.1Microsoft Application Error ReportingMicrosoft Choice GuardMicrosoft Easy Assist v2Microsoft IntelliPoint 8.2Microsoft IntelliType Pro 8.2Microsoft Live Search ToolbarMicrosoft Office Access database engine 2007 (English)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Business 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Store Download ManagerMicrosoft Streets & Trips 2010Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable PackageMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WorksMovie Theme Pack for HP MediaSmart VideoMSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Norton 360NVIDIA DriversPictureMoverPlayReady PC Runtime amd64Power2GoPowerDirectorQuicken 2011RapportRealtek High Definition Audio DriverRecovery ManagerSavings Bond WizardSecurity Update for Microsoft .NET Framework 4.5.1 (KB2898869)Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2767915) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2810073) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2878284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2880971) 32-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionSilicon Laboratories CP210x USB to UART Bridge (Driver Removal)SkyCaddie DesktopTotalRecipeSearch Internet Explorer ToolbarTrusteer Endpoint ProtectionUpdate for Microsoft Access 2010 (KB2553446) 32-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit EditionUpdate for Microsoft InfoPath 2010 (KB2817369) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2825635) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2878225) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2837595) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687567) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2837579) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit EditionUpdate for Microsoft Visio 2010 (KB2880526) 32-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2880529) 32-Bit EditionVisual Studio 2008 x64 RedistributablesVisual Studio 2010 x64 RedistributablesWindows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Photo GalleryWindows Live SyncWindows Live Upload ToolWindows Live Writer.==== Event Viewer Messages From Past Week ========.7/3/2014 9:34:33 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-21474672597/3/2014 9:34:33 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-21474672597/3/2014 9:34:21 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file..==== End Of File ===========================
-
DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 11.0.9600.17126Run by Jay at 9:59:03 on 2014-07-03Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2163 [GMT -6:00].AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXEc:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exeC:\Program Files\pcmax\pcmax.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\Explorer.EXEC:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exeC:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exeC:\Windows\System32\WUDFHost.exeC:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Microsoft IntelliPoint\dpupdchk.exeC:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exeC:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXEC:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\splwow64.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationc:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Program Files (x86)\Windows Live\Mail\wlmail.exeC:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\msiexec.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreserveuURLSearchHooks: <No Name>: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} -mWinlogon: Userinit = userinit.exe,BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\ipsbho.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllTB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllTB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dllEB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dlluRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [pcreg] C:\Program Files\pcmax\service.exemRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exemRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logonmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exemRun: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /hmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [pcreg] C:\Program Files\pcmax\service.exeStartupFolder: C:\Users\Jay\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RIVERS~1.LNK - C:\Program Files(x86)\Riverside Resort Widget\Riverside Resort Widget.exeuPolicies-Explorer: HideSCAHealth = dword:1mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: HideSCAHealth = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 67.215.21.202 72.21.70.3TCP: Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7} : DHCPNameServer = 67.215.21.202 72.21.70.3Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -SSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton360\Engine64\21.3.0.12\CoIEPlg.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton360\Engine64\21.3.0.12\CoIEPlg.dllx64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartupx64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /backgroundx64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonx64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"x64-Run: [TotalRecipeSearch Home Page Guard 64 bit] "C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator64.exe"x64-Run: [pcreg] C:\Program Files\pcmax\service.exex64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Updatex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1503000.00C\SymDS64.sys [2014-6-7 493656]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1503000.00C\SymEFA64.sys [2014-6-7 1148120]R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx64.sys[2014-6-9 1530160]R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1503000.00C\ccSetx64.sys [2014-6-7 162392]R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20140702.001\IDSviA64.sys [2014-7-2 525016]R1 RapportCerberus_69108;RapportCerberus_69108;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys [2014-7-3 631128]R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-6-23 299736]R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-6-23 414296]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1503000.00C\Ironx64.sys [2014-6-7 264280]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1503000.00C\symnets.sys [2014-6-7 593112]R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [2014-6-7 265040]R2 pcmaxservice;pcmaxservice Service;C:\Program Files\pcmax\pcmax.exe [2014-5-29 241344]R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-6-231886488]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys[2014-6-11 142128]R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-3 122584]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2013-4-22 358616]S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2010-2-2 52224]S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2010-2-16 72192]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-27 59392]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-4 1255736].=============== Created Last 30 ================.2014-07-03 15:51:24 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard2014-07-03 15:41:26 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys2014-07-03 15:40:57 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2014-07-03 15:40:57 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys2014-07-03 15:40:57 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys2014-07-03 15:40:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-03 15:21:05 -------- d-----w- C:\Windows\ERUNT2014-07-03 15:04:48 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll2014-07-03 15:04:12 -------- d-----w- C:\AdwCleaner2014-06-14 11:28:34 -------- d-----w- C:\temp2014-06-12 16:18:55 -------- d-----w- C:\Program Files\pcmax2014-06-12 16:18:40 -------- d-----w- C:\Users\Jay\AppData\Local\Local_Weather_LLC2014-06-11 11:50:18 801280 ----a-w- C:\Windows\System32\usp10.dll2014-06-11 11:50:18 626688 ----a-w- C:\Windows\SysWow64\usp10.dll2014-06-11 11:50:17 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2014-06-11 11:50:17 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2014-06-11 11:50:12 2002432 ----a-w- C:\Windows\System32\msxml6.dll2014-06-11 11:50:11 1882112 ----a-w- C:\Windows\System32\msxml3.dll2014-06-11 11:50:11 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll2014-06-11 11:50:10 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll2014-06-11 11:50:10 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll2014-06-11 11:50:09 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll2014-06-11 11:50:09 2048 ----a-w- C:\Windows\System32\msxml6r.dll2014-06-11 11:50:09 2048 ----a-w- C:\Windows\System32\msxml3r.dll2014-06-11 11:48:59 506368 ----a-w- C:\Windows\System32\aepdu.dll2014-06-11 11:48:55 424448 ----a-w- C:\Windows\System32\aeinv.dll2014-06-07 18:18:21 875736 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\srtsp64.sys2014-06-07 18:18:21 593112 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\symnets.sys2014-06-07 18:18:21 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\SymDS64.sys2014-06-07 18:18:21 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\srtspx64.sys2014-06-07 18:18:21 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\Ironx64.sys2014-06-07 18:18:21 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\SymELAM.sys2014-06-07 18:18:21 1148120 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\SymEFA64.sys2014-06-07 18:18:20 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\ccSetx64.sys2014-06-07 18:17:45 -------- d-----w- C:\Windows\System32\drivers\N360x64\1503000.00C.==================== Find3M ====================.2014-06-23 18:15:38 358616 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys2014-06-07 18:18:56 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll2014-05-13 20:47:45 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-05-13 20:47:45 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-04-15 09:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll.============= FINISH: 10:00:12.54 ===============
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 7 Home Premium x64Ran by Jay on Thu 07/03/2014 at 9:21:11.22~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ServicesSuccessfully stopped: [service] totalrecipesearch_14serviceSuccessfully deleted: [service] totalrecipesearch_14service~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{03F3147C-CEA6-4AAE-B0AE-8D8ABE7A8080}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2502086B-5A46-4D05-8D5B-A1E77AB8BB32}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{396A4E14-83E7-4941-B0D9-B598E1B97197}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{76F3207C-3A0A-461B-B958-5653C5718243}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{895F3DBD-2484-4A14-A0EA-C3252EBB0FF7}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8C4B563E-52A1-4A10-B700-F8BF1CD7B726}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{96B8A0EF-0D9D-4A92-B548-376DB4BBB58B}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9E5C950C-93F2-46B4-A47E-8450FFF4D841}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0154E07-2B48-475C-A82A-80EFD84EA33E}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A4503EC3-1111-4B62-8F46-0D88508F8A7B}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A9C524BF-4044-402A-AA00-8C3B3DA86125}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B38FBAED-DED1-4BA6-BA2E-F2515FD49442}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B5EDE79D-B004-47DD-93F9-152B0D145914}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D0690E53-168C-4632-99B2-5700228F760F}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\totalrecipesearch_14Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\totalrecipesearch_14Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CBB2D444-4D06-42DB-9E2E-8E1A2628D49C}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF22384F-CF68-4D19-969F-10423715528B}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{13C1216B-1C15-4569-B1CD-574A8567ED9A}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{13C1216B-1C15-4569-B1CD-574A8567ED9A}~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\Users\Jay\appdata\locallow\totalrecipesearch_14"Failed to delete: [Folder] "C:\Program Files (x86)\totalrecipesearch_14"Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 07/03/2014 at 9:30:47.52End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
# AdwCleaner v3.214 - Report created 03/07/2014 at 09:14:55# Updated 29/06/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Jay - JAY-PC# Running from : C:\Users\Jay\Downloads\adwcleaner_3.214 (1).exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLLKey Deleted : HKLM\SOFTWARE\Classes\Conduit.EngineKey Deleted : HKLM\SOFTWARE\Classes\inbox.appserverKey Deleted : HKLM\SOFTWARE\Classes\inbox.ibx404Key Deleted : HKLM\SOFTWARE\Classes\Inbox.JSServerKey Deleted : HKLM\SOFTWARE\Classes\Inbox.ToolbarKey Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inboxKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCSValue Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [inboxToolbar]Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1678857Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282144Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282146Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TotalRecipeSearch_14 Browser Plugin Loader]Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}Key Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\IGearSettingsKey Deleted : HKCU\Software\IMKey Deleted : HKCU\Software\ImInstallerKey Deleted : HKCU\Software\Inbox ToolbarKey Deleted : HKCU\Software\pc speed maximizerKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\FreecauseKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\Freeze.comKey Deleted : HKLM\Software\Inbox ToolbarKey Deleted : HKLM\Software\SearchProtectKey Deleted : HKLM\Software\systweakKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant 3.8.3Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C792A75A-2A1F-4991-9B85-291745478A79}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtectKey Deleted : [x64] HKLM\SOFTWARE\Tarma InstallerData Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dllData Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dllData Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dllData Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dllData Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dllData Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dllData Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dllData Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17126Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]-\\ Google Chrome v35.0.1916.153[ File : C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\preferences ]Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfglDeleted [Extension] : flpcjncodpafbgdpnkljologafpionhb*************************AdwCleaner[R0].txt - [14364 octets] - [03/07/2014 09:04:20]AdwCleaner[R1].txt - [12317 octets] - [03/07/2014 09:10:41]AdwCleaner[R2].txt - [12378 octets] - [03/07/2014 09:12:36]AdwCleaner[R3].txt - [12709 octets] - [03/07/2014 09:13:04]AdwCleaner[R4].txt - [13040 octets] - [03/07/2014 09:13:32]AdwCleaner[R5].txt - [13371 octets] - [03/07/2014 09:14:11]AdwCleaner[s0].txt - [2126 octets] - [03/07/2014 09:05:50]AdwCleaner[s1].txt - [13320 octets] - [03/07/2014 09:14:55]########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [13381 octets] ##########
-
How will I know which operating system is on this computer?
-
Having problems with Trovia
Needing help with Trovia
in Malware Removal
Posted
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49218725-54B1-4FE5-ACA3-5ADE4D65021D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49218725-54B1-4FE5-ACA3-5ADE4D65021D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\ deleted successfully.
HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BC6EE30-C35F-4371-B584-0FC09BF895BF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BC6EE30-C35F-4371-B584-0FC09BF895BF}\ not found.
Registry key HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B0F85C57-022E-420F-8CE5-093C11469756}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0F85C57-022E-420F-8CE5-093C11469756}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a0154e07-2b48-475c-a82a-80efd84ea33e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e}\ not found.
Registry value HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_JULY_P1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TotalRecipeSearch Search Scope Monitor deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk scheduled to be moved on reboot.
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Riverside Resort Widget.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gopher\ deleted successfully.
File Protocol\Handler\gopher - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Jay
->Java cache emptied: 3606086 bytes
User: Public
Total Java Files Cleaned = 3.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 57472 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Jay
->Flash cache emptied: 26347106 bytes
User: Public
Total Flash Files Cleaned = 25.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jay
->Temp folder emptied: 51009585 bytes
->Temporary Internet Files folder emptied: 33340424 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 15374844 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84513571 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 176.00 mb
HOSTS file reset successfully
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 07032014_124955
Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk not found!
C:\Users\Jay\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jay\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...