Needing help with Trovia

svanden00 · July 3, 2014

Having problems with Trovia

flashh4 · July 3, 2014

Howdy susan and welcome to BestTechie !!!

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

===================================

AdwCleaner

Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......

    This time, click on the Clean button.

    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.

NEXT

    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!

NEXT

Full System Scan with Malwarebytes Antimalware

    Please download http://www.malwarebytes.org/mbam-download.php Malwarebytes !

    Double-click mbam-setup-exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    Click Finish.

    Run Malwarebytes Antimalware
    On the Dashboard, click the 'Update Now >>' link if it does not ask you to Update !
    After the update completes, click the 'Scan Now >>' button.
    Or, on the Dashboard, click the Scan Now >> button.
    If an update is available, click the Update Now button.
    A Threat Scan will begin.
    When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    In most cases, a restart will be required.
    Wait for the prompt to restart the computer to appear, then click on Yes.

    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.

NEXT

Download DDS and save it to your Desktop. >>> DDS

    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.

Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.

Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com

Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. DDS logs (2 logs)
Thanks
Chuck

svanden00 · July 3, 2014

How will I know which operating system is on this computer?

svanden00 · July 3, 2014

# AdwCleaner v3.214 - Report created 03/07/2014 at 09:14:55

# Updated 29/06/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Jay - JAY-PC

# Running from : C:\Users\Jay\Downloads\adwcleaner_3.214 (1).exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\inbox.appserver

Key Deleted : HKLM\SOFTWARE\Classes\inbox.ibx404

Key Deleted : HKLM\SOFTWARE\Classes\Inbox.JSServer

Key Deleted : HKLM\SOFTWARE\Classes\Inbox.Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inbox

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [inboxToolbar]

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1678857

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282144

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282146

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TotalRecipeSearch_14 Browser Plugin Loader]

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Inbox Toolbar

Key Deleted : HKCU\Software\pc speed maximizer

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\Software\Inbox Toolbar

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\Software\systweak

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant 3.8.3

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C792A75A-2A1F-4991-9B85-291745478A79}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [14364 octets] - [03/07/2014 09:04:20]

AdwCleaner[R1].txt - [12317 octets] - [03/07/2014 09:10:41]

AdwCleaner[R2].txt - [12378 octets] - [03/07/2014 09:12:36]

AdwCleaner[R3].txt - [12709 octets] - [03/07/2014 09:13:04]

AdwCleaner[R4].txt - [13040 octets] - [03/07/2014 09:13:32]

AdwCleaner[R5].txt - [13371 octets] - [03/07/2014 09:14:11]

AdwCleaner[s0].txt - [2126 octets] - [03/07/2014 09:05:50]

AdwCleaner[s1].txt - [13320 octets] - [03/07/2014 09:14:55]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [13381 octets] ##########

flashh4 · July 3, 2014

It will show in the logs !

flashh4 · July 3, 2014

Susan, that should help with the running ! I see some more we are going to have to remove later. I always wait till the programs are threw then read threw the logs & write up a fix for this computer only !!

I am in & out cause we are watching our Great granddaughter while her mom works ! And we are going camping over to Sunshine at Meetteese so i will be leaving about 5 & be gone for 9 days ! Hopefully we will get most of this clean, it won't hurt to use it if he needs to ~

Chuck

flashh4 · July 3, 2014

Looks like Windows 7 !!! >>> # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

svanden00 · July 3, 2014

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Jay on Thu 07/03/2014 at 9:21:11.22

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [service] totalrecipesearch_14service

Successfully deleted: [service] totalrecipesearch_14service

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{03F3147C-CEA6-4AAE-B0AE-8D8ABE7A8080}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2502086B-5A46-4D05-8D5B-A1E77AB8BB32}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{396A4E14-83E7-4941-B0D9-B598E1B97197}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{76F3207C-3A0A-461B-B958-5653C5718243}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{895F3DBD-2484-4A14-A0EA-C3252EBB0FF7}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8C4B563E-52A1-4A10-B700-F8BF1CD7B726}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{96B8A0EF-0D9D-4A92-B548-376DB4BBB58B}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9E5C950C-93F2-46B4-A47E-8450FFF4D841}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0154E07-2B48-475C-A82A-80EFD84EA33E}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A4503EC3-1111-4B62-8F46-0D88508F8A7B}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A9C524BF-4044-402A-AA00-8C3B3DA86125}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B38FBAED-DED1-4BA6-BA2E-F2515FD49442}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B5EDE79D-B004-47DD-93F9-152B0D145914}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D0690E53-168C-4632-99B2-5700228F760F}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\totalrecipesearch_14

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\totalrecipesearch_14

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CBB2D444-4D06-42DB-9E2E-8E1A2628D49C}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF22384F-CF68-4D19-969F-10423715528B}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{13C1216B-1C15-4569-B1CD-574A8567ED9A}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{13C1216B-1C15-4569-B1CD-574A8567ED9A}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jay\appdata\locallow\totalrecipesearch_14"

Failed to delete: [Folder] "C:\Program Files (x86)\totalrecipesearch_14"

Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 07/03/2014 at 9:30:47.52

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

svanden00 · July 3, 2014

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.17126

Run by Jay at 9:59:03 on 2014-07-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2163 [GMT -6:00]

.

AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe

C:\Program Files\pcmax\pcmax.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\splwow64.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uURLSearchHooks: <No Name>: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} -

mWinlogon: Userinit = userinit.exe,

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine

\21.3.0.12\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine

\21.3.0.12\IPS\ipsbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office

\Office14\URLREDIR.DLL

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar

\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar

\3.0.0566.0\msneshellx.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [pcreg] C:\Program Files\pcmax\service.exe

mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe

mRun: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [pcreg] C:\Program Files\pcmax\service.exe

StartupFolder: C:\Users\Jay\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RIVERS~1.LNK - C:\Program Files

(x86)\Riverside Resort Widget\Riverside Resort Widget.exe

uPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live

\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 67.215.21.202 72.21.70.3

TCP: Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7} : DHCPNameServer = 67.215.21.202 72.21.70.3

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared

\OFFICE14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer

\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton

360\Engine64\21.3.0.12\CoIEPlg.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office

\Office14\URLREDIR.DLL

x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton

360\Engine64\21.3.0.12\CoIEPlg.dll

x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [TotalRecipeSearch Home Page Guard 64 bit] "C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator64.exe"

x64-Run: [pcreg] C:\Program Files\pcmax\service.exe

x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line

\NCPluginUpdater.exe" Update

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office

\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared

\OFFICE14\MSOXMLMF.DLL

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1503000.00C\SymDS64.sys [2014-6-7 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1503000.00C\SymEFA64.sys [2014-6-7 1148120]

R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx64.sys

[2014-6-9 1530160]

R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1503000.00C\ccSetx64.sys [2014-6-7 162392]

R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20140702.001\IDSviA64.sys [2014

-7-2 525016]

R1 RapportCerberus_69108;RapportCerberus_69108;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline

\RapportCerberus64_69108.sys [2014-7-3 631128]

R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-6-23 299736]

R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-6-23 414296]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1503000.00C\Ironx64.sys [2014-6-7 264280]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1503000.00C\symnets.sys [2014-6-7 593112]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [2014-6-7 265040]

R2 pcmaxservice;pcmaxservice Service;C:\Program Files\pcmax\pcmax.exe [2014-5-29 241344]

R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-6-23

1886488]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

[2014-6-11 142128]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-3 122584]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]

S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2013-4-22 358616]

S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2010

-2-2 52224]

S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2010-2-16 72192]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-27 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-4 1255736]

.

=============== Created Last 30 ================

.

2014-07-03 15:51:24 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2014-07-03 15:41:26 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-07-03 15:40:57 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-07-03 15:40:57 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-07-03 15:40:57 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-07-03 15:40:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-03 15:21:05 -------- d-----w- C:\Windows\ERUNT

2014-07-03 15:04:48 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll

2014-07-03 15:04:12 -------- d-----w- C:\AdwCleaner

2014-06-14 11:28:34 -------- d-----w- C:\temp

2014-06-12 16:18:55 -------- d-----w- C:\Program Files\pcmax

2014-06-12 16:18:40 -------- d-----w- C:\Users\Jay\AppData\Local\Local_Weather_LLC

2014-06-11 11:50:18 801280 ----a-w- C:\Windows\System32\usp10.dll

2014-06-11 11:50:18 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2014-06-11 11:50:17 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2014-06-11 11:50:17 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2014-06-11 11:50:12 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2014-06-11 11:50:11 1882112 ----a-w- C:\Windows\System32\msxml3.dll

2014-06-11 11:50:11 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll

2014-06-11 11:50:10 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll

2014-06-11 11:50:10 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll

2014-06-11 11:50:09 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2014-06-11 11:50:09 2048 ----a-w- C:\Windows\System32\msxml6r.dll

2014-06-11 11:50:09 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2014-06-11 11:48:59 506368 ----a-w- C:\Windows\System32\aepdu.dll

2014-06-11 11:48:55 424448 ----a-w- C:\Windows\System32\aeinv.dll

2014-06-07 18:18:21 875736 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\srtsp64.sys

2014-06-07 18:18:21 593112 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\symnets.sys

2014-06-07 18:18:21 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\SymDS64.sys

2014-06-07 18:18:21 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\srtspx64.sys

2014-06-07 18:18:21 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\Ironx64.sys

2014-06-07 18:18:21 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\SymELAM.sys

2014-06-07 18:18:21 1148120 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\SymEFA64.sys

2014-06-07 18:18:20 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\ccSetx64.sys

2014-06-07 18:17:45 -------- d-----w- C:\Windows\System32\drivers\N360x64\1503000.00C

.

==================== Find3M ====================

.

2014-06-23 18:15:38 358616 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys

2014-06-07 18:18:56 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll

2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll

2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll

2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll

2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll

2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll

2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-05-13 20:47:45 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-05-13 20:47:45 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-04-15 09:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll

2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll

2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll

2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe

2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 10:00:12.54 ===============

svanden00 · July 3, 2014

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 4/22/2010 11:27:52 AM

System Uptime: 7/3/2014 9:33:50 AM (1 hours ago)

.

Motherboard: PEGATRON CORPORATION | | Narra6

Processor: AMD Athlon II X2 250 Processor | CPU 1 | 3000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 585 GiB total, 522.577 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.562 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP571: 6/14/2014 5:28:47 AM - Installed Rapport

RP572: 6/14/2014 6:10:12 PM - HPSF Restore Point

RP573: 6/22/2014 12:00:02 AM - Scheduled Checkpoint

RP574: 6/29/2014 8:12:50 AM - Scheduled Checkpoint

RP575: 7/3/2014 5:22:10 AM - Installed Rapport

.

==== Installed Programs ======================

.

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 13 ActiveX

Adobe Reader X (10.1.10)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Best Buy Software Installer

Bonjour

CaddieSync Express 1.5.14

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MP Navigator EX 4.1

Canon MX410 series MP Drivers

Canon MX410 series User Registration

Canon My Printer

Canon Solution Menu EX

Canon Speed Dial Utility

CCleaner

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite Deluxe

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DesktopWeatherAlerts

DirectX for Managed Code Update (Summer 2004)

DVD Menu Pack for HP MediaSmart Video

Geek Squad 24 Hour Computer Support

Google Chrome

Google Update Helper

Hardware Diagnostic Tools

Hoyle Card Games 2005

HP Customer Experience Enhancements

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP MediaSmart SmartMenu

HP MediaSmart/TouchSmart Netflix

HP Odometer

HP Photo Creations

HP Remote Solution

HP Support Assistant

HP Support Information

HP Update

HPAsset component for HP Active Support Library

Hulu Desktop

iSEEK AnswerWorks English Runtime

iTunes

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

K-Lite Codec Pack 7.0.0 (Standard)

LabelPrint

LightScribe System Software

Malwarebytes Anti-Malware version 2.0.2.1012

Masque IGT Slots Wolf Run

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Easy Assist v2

Microsoft IntelliPoint 8.2

Microsoft IntelliType Pro 8.2

Microsoft Live Search Toolbar

Microsoft Office Access database engine 2007 (English)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Business 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Store Download Manager

Microsoft Streets & Trips 2010

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable Package

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Movie Theme Pack for HP MediaSmart Video

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton 360

NVIDIA Drivers

PictureMover

PlayReady PC Runtime amd64

Power2Go

PowerDirector

Quicken 2011

Rapport

Realtek High Definition Audio Driver

Recovery Manager

Savings Bond Wizard

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)

SkyCaddie Desktop

TotalRecipeSearch Internet Explorer Toolbar

Trusteer Endpoint Protection

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

7/3/2014 9:34:33 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147467259

7/3/2014 9:34:33 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147467259

7/3/2014 9:34:21 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

.

==== End Of File ===========================

flashh4 · July 3, 2014

I need you to run these next !

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.

========================

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

Download RogueKiller to your desktop. >>> http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    close all running programs
    for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
    when the prescan is finished, click on Scan
    click on Report and copy/paste the content in your next post.[/list
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next reply.

=========================

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr

If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !

Post those logs & i will read threw them & write up a fix for this computer only !!

This will take an hour or so !

Thanks

Chuck

svanden00 · July 3, 2014

Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting

automatic update.
`````````Anti-malware/Other Utilities Check:`````````

Java 6 Update 31
Java version out of Date!
Adobe Reader 10.1.10 Adobe Reader out of Date!

Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting

automatic update.
`````````Anti-malware/Other Utilities Check:`````````

Java 6 Update 31
Java version out of Date!
Adobe Reader 10.1.10 Adobe Reader out of Date!

Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

svanden00 · July 3, 2014

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits

version
Started in : Normal mode
User : Jay [Admin rights]
Mode : Scan -- Date : 07/03/2014 10:44:05

Â¤Â¤Â¤ Bad processes : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Registry Entries : 32 Â¤Â¤Â¤
[PUM.Https] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-

2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet

Settings | WarnOnHTTPSToHTTPRedirect : 0 -> FOUND
[PUM.Https] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-

2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet

Settings | WarnOnHTTPSToHTTPRedirect : 0 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet

\Services\Tcpip\Parameters | DhcpNameServer : 67.215.21.202

72.21.70.3 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services

\Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 ->

FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services

\Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 ->

FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet

\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-

AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 ->

FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services

\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-

AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 ->

FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services

\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-

AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 ->

FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-

2779136815-1000\Software\Microsoft\Windows\CurrentVersion

\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-

2779136815-1000\Software\Microsoft\Windows\CurrentVersion

\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-

2779136815-1000\Software\Microsoft\Windows\CurrentVersion

\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-

2779136815-1000\Software\Microsoft\Windows\CurrentVersion

\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Policies\System |

ConsentPromptBehaviorUser : 0 -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Policies\System |

ConsentPromptBehaviorUser : 0 -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Policies\System |

ConsentPromptBehaviorAdmin : 0 -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Policies\System |

ConsentPromptBehaviorAdmin : 0 -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-

2779136815-1000\Software\Microsoft\Windows\CurrentVersion

\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 ->

FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-

2779136815-1000\Software\Microsoft\Windows\CurrentVersion

\Explorer\Advanced | Start_ShowMyGames : 2 -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-

2779136815-1000\Software\Microsoft\Windows\CurrentVersion

\Explorer\Advanced | Start_ShowUser : 2 -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-

2779136815-1000\Software\Microsoft\Windows\CurrentVersion

\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 ->

FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-

2779136815-1000\Software\Microsoft\Windows\CurrentVersion

\Explorer\Advanced | Start_ShowMyGames : 2 -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-

2779136815-1000\Software\Microsoft\Windows\CurrentVersion

\Explorer\Advanced | Start_ShowUser : 2 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel |

{20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel |

{59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel |

{20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel |

{59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[ZeroAccess] (X64) HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-

b9a3-0c966feabec1}\InprocServer32 | : C:\Users\Jay\AppData\Local

\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\n. -> FOUND
[ZeroAccess] (X64) HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-

804e-409d6c4515e9}\InprocServer32 | : C:\$Recycle.Bin\S-1-5-21-

1146792228-2588377364-2779136815-1000\

$1b443a9931efc65b68b7cc40cec30f6b\n. -> FOUND
[Hj.RegVal] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-

2779136815-1000\Software\Microsoft\Command Processor | AutoRun :

"C:\Users\Jay\AppData\Local\duS_nMjtMtx.exe" -> FOUND
[Hj.RegVal] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-

2779136815-1000\Software\Microsoft\Command Processor | AutoRun :

"C:\Users\Jay\AppData\Local\duS_nMjtMtx.exe" -> FOUND

Â¤Â¤Â¤ Scheduled tasks : 2 Â¤Â¤Â¤
[suspicious.Path] \\4473 -- wscript.exe (C:\Users\Jay\AppData

\Local\Temp\launchie.vbs //B) -> FOUND
[suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft

Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security

Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) ->

FOUND

Â¤Â¤Â¤ Files : 3 Â¤Â¤Â¤
[ZeroAccess][File] @ -- C:\Users\Jay\AppData\Local\{1b443a99-

31ef-c65b-68b7-cc40cec30f6b}\@ -> FOUND
[ZeroAccess][Folder] L -- C:\Users\Jay\AppData\Local\{1b443a99-

31ef-c65b-68b7-cc40cec30f6b}\L -> FOUND
[ZeroAccess][Folder] U -- C:\Users\Jay\AppData\Local\{1b443a99-

31ef-c65b-68b7-cc40cec30f6b}\U -> FOUND

Â¤Â¤Â¤ HOSTS File : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Antirootkit : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Web browsers : 0 Â¤Â¤Â¤

svanden00 · July 3, 2014

OTL logfile created on: 7/3/2014 10:49:39 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jay\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.40% Memory free
7.50 Gb Paging File | 5.67 Gb Available in Paging File | 75.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.31 Gb Total Space | 523.35 Gb Free Space | 89.42% Space Free | Partition Type: NTFS
Drive D: | 10.77 Gb Total Space | 1.56 Gb Free Space | 14.51% Space Free | Partition Type: NTFS

Computer Name: JAY-PC | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/07/03 10:47:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Downloads\OTL.com
PRC - [2014/07/03 10:21:02 | 000,854,390 | ---- | M] () -- C:\Users\Jay\Downloads\SecurityCheck.exe
PRC - [2014/06/23 12:15:28 | 002,640,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/06/23 12:15:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/05/29 05:16:32 | 000,241,344 | ---- | M] () -- C:\Program Files\pcmax\pcmax.exe
PRC - [2014/05/11 00:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe
PRC - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/08 10:17:46 | 002,544,960 | ---- | M] (SkyHawke) -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
PRC - [2010/11/20 06:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/09/14 19:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/07/27 03:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/24 20:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

========== Modules (No Company Name) ==========

MOD - [2014/07/03 10:21:02 | 000,854,390 | ---- | M] () -- C:\Users\Jay\Downloads\SecurityCheck.exe
MOD - [2014/07/03 05:29:27 | 001,404,120 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2014/03/23 17:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2013/09/13 20:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 20:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/05/08 10:17:46 | 000,167,232 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\conduitscripting0.dll
MOD - [2013/05/08 10:13:34 | 000,590,848 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qjson0.dll
MOD - [2013/05/08 10:13:26 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qextserialport1.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/06/22 20:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\libgcc_s_dw2-1.dll
MOD - [2009/01/10 12:32:40 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\mingwm10.dll

========== Services (SafeList) ==========

SRV - [2014/06/23 12:15:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/05/13 14:47:49 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/11 00:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe -- (N360)
SRV - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/07/27 03:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV - [2014/07/03 05:29:24 | 000,631,128 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys -- (RapportCerberus_69108)
DRV - [2014/06/23 12:15:38 | 000,414,296 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2014/06/23 12:15:38 | 000,299,736 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2014/06/21 03:20:11 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20140702.023\ex64.sys -- (NAVEX15)
DRV - [2014/06/21 03:20:11 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20140702.023\eng64.sys -- (NAVENG)
DRV - [2014/06/10 20:31:55 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/06/10 20:31:55 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/06/06 16:56:44 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20140702.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/05/09 19:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49218725-54B1-4FE5-ACA3-5ADE4D65021D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\URLSearchHook: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - No CLSID value found
IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\SearchScopes,DefaultScope = {B0F85C57-022E-420F-8CE5-093C11469756}
IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\SearchScopes\{3BC6EE30-C35F-4371-B584-0FC09BF895BF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_enUS454
IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\SearchScopes\{B0F85C57-022E-420F-8CE5-093C11469756}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111043,6901,0,8,0
IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn\ [2014/07/03 10:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014/06/07 17:13:25 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.trovi.com/?gd=&ctid=CT3329903&octid=EB_ORIGINAL_CTID&ISID=M11615D30-1A23-42CB-A5F8-E93A6CB02C38&SearchSource=55&CUI=&UM=2&UP=SP4D8C4040-F118-4385-83C0-B85B628DC8F8&SSPV=
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Norton Identity Protection = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.48_0\
CHR - Extension: Google Wallet = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

Hosts file not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {a0154e07-2b48-475c-a82a-80efd84ea33e} - No CLSID value found.
O3 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe (SkyHawke)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h File not found
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Riverside Resort Widget.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.215.21.202 72.21.70.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7}: DhcpNameServer = 67.215.21.202 72.21.70.3
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/07/03 10:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/03 09:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/07/03 09:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/03 09:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/03 09:21:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/03 09:04:48 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/07/03 09:04:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/14 05:28:34 | 000,000,000 | ---D | C] -- C:\temp
[2014/06/12 10:18:40 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Local_Weather_LLC
[2014/06/12 10:18:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
[2014/06/11 05:50:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/11 05:50:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/11 05:49:48 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/11 05:49:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/11 05:49:46 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/11 05:49:45 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/11 05:49:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/11 05:49:41 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/11 05:49:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/11 05:49:37 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/11 05:49:33 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/11 05:49:33 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/11 05:49:32 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/11 05:49:31 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/07 17:11:49 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

========== Files - Modified Within 30 Days ==========

[2014/07/03 10:38:16 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/03 10:29:00 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/07/03 10:05:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/03 10:05:34 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/03 09:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/03 09:52:38 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/30 14:17:51 | 000,002,245 | ---- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/30 14:17:51 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/30 13:35:12 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/06/28 15:52:37 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJay.job
[2014/06/20 12:39:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf8cb6f601a850.job
[2014/06/17 13:01:08 | 006,828,052 | ---- | M] () -- C:\Users\Jay\Documents\Troy Built Manual.pdf
[2014/06/07 17:11:49 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/06/07 10:03:27 | 001,480,320 | ---- | M] () -- C:\Users\Jay\Documents\JoAnn Logan Laing.pdf

========== Files Created - No Company Name ==========

[2014/07/03 09:41:02 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/20 12:39:25 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf8cb6f601a850.job
[2014/06/17 13:01:08 | 006,828,052 | ---- | C] () -- C:\Users\Jay\Documents\Troy Built Manual.pdf
[2014/06/07 10:03:27 | 001,480,320 | ---- | C] () -- C:\Users\Jay\Documents\JoAnn Logan Laing.pdf
[2014/02/15 09:42:38 | 001,005,944 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpJONNA AND SUSAN 2014.JPG
[2013/02/12 18:21:33 | 000,834,069 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpSUSAN, NANCY, KAREN FEBRUARY 2013.JPG
[2013/02/12 18:21:32 | 002,392,573 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpSUSAN, NANCY, KAREN FEBRUARY 2013.0
[2013/01/14 17:13:23 | 000,751,078 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/01/14 17:13:11 | 000,018,252 | ---- | C] () -- C:\ProgramData\sound.mp3
[2013/01/14 17:12:59 | 000,114,890 | ---- | C] () -- C:\ProgramData\1.jpg
[2012/10/20 12:33:46 | 000,049,864 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpMINI REUNION APRIL 30, 2012.JPG
[2012/10/20 12:33:45 | 000,065,584 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpMINI REUNION APRIL 30, 2012.0
[2012/08/14 16:31:42 | 000,027,520 | ---- | C] () -- C:\Users\Jay\AppData\Local\dt.dat
[2012/08/06 06:32:14 | 004,503,728 | ---- | C] () -- C:\ProgramData\rat_0ybba.pad
[2012/03/30 13:36:36 | 000,053,501 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpBUD IN ARIZONA MARCH 2012.JPG
[2010/10/09 14:50:11 | 000,002,904 | ---- | C] () -- C:\Users\Jay\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2011/11/17 00:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\@
[2011/11/17 00:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\L
[2013/02/15 23:13:45 | 000,000,000 | -HSD | M] -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\U
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1146792228-2588377364-2779136815-1000\$1b443a9931efc65b68b7cc40cec30f6b\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 20:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 20:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/10 21:08:47 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/10 21:08:47 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/10/14 14:18:59 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\AVG
[2012/12/14 11:47:50 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\AVG2013
[2012/06/07 16:41:12 | 000,000,000 | -HSD | M] -- C:\Users\Jay\AppData\Roaming\Best Antivirus Software
[2013/05/04 14:33:29 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Canon
[2013/11/14 14:00:13 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\com.highimpactdirect.Riverside
[2011/12/09 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Masque
[2010/04/22 11:38:01 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\PictureMover
[2010/05/24 16:47:37 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\SkyGolf
[2010/10/09 14:50:14 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Template
[2012/12/14 11:38:04 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\TuneUp Software
[2012/12/30 09:44:32 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Visan
[2010/05/14 17:57:35 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:290A724C

< End of report >

flashh4 · July 3, 2014

Hi, run this & lets get rid of those infections !!

Open RogueKiller :
* Quit all programs that you may have started.
* Please disconnect any USB or external drives from the computer before you run this scan!
* For Vista or Windows 7, right-click and select "Run as Administrator to start"
* For Windows XP, double-click to start.
* Wait until Prescan has finished ...
* Then Click on "Scan" button
* Wait until the Status box shows "Scan Finished"
* click on "delete"
* Wait until the Status box shows "Deleting Finished"
* Click on "Report" and copy/paste the content of the Notepad into your next reply.
* The log should be found in RKreport[1].txt on your Desktop
* Exit/Close RogueKiller+

Post that before i continue !!

Chuck

svanden00 · July 3, 2014

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jay [Admin rights]
Mode : Remove -- Date : 07/03/2014 12:00:08

Â¤Â¤Â¤ Bad processes : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Registry Entries : 32 Â¤Â¤Â¤
[PUM.Https] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> NOT SELECTED
[PUM.Https] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[ZeroAccess] (X64) HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 | : C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\n. [x] -> REPLACED (C:\Windows\system32\shell32.dll)
[ZeroAccess] (X64) HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 | : C:\$Recycle.Bin\S-1-5-21-1146792228-2588377364-2779136815-1000\$1b443a9931efc65b68b7cc40cec30f6b\n. [x] -> REPLACED (C:\Windows\system32\shell32.dll)
[Hj.RegVal] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Command Processor | AutoRun : "C:\Users\Jay\AppData\Local\duS_nMjtMtx.exe" -> REPLACED ()
[Hj.RegVal] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Command Processor | AutoRun : "C:\Users\Jay\AppData\Local\duS_nMjtMtx.exe" -> REPLACED ()

Â¤Â¤Â¤ Scheduled tasks : 2 Â¤Â¤Â¤
[suspicious.Path] \\4473 -- wscript.exe (C:\Users\Jay\AppData\Local\Temp\launchie.vbs //B) -> DELETED
[suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> DELETED

Â¤Â¤Â¤ Files : 3 Â¤Â¤Â¤
[ZeroAccess][File] @ -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\@ -> DELETED
[ZeroAccess][Folder] L -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\L -> DELETED
[ZeroAccess][Folder] U -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\U -> DELETED

Â¤Â¤Â¤ HOSTS File : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Antirootkit : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Web browsers : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ MBR Check : Â¤Â¤Â¤
+++++ PhysicalDrive0: WDC WD64 00AAKS-65A7B SCSI Disk Device +++++
--- User ---
[MBR] bd7c3e7d59ffe741a2454cf4ababd859
[bSP] eb50dc3a606bbbd4c4782f8f30779905 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 599354 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1227683840 | Size: 11024 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_07032014_104405.log - RKreport_SCN_07032014_115956.log

flashh4 · July 3, 2014

Oh yeah, we got rid of it in 1 pass !! Yay for our team !

Ok lets continue, i think we are almost done !!

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

OTL Fix !
* Double-click OTL.exe to start the program.
* Copy and Paste the following code into the . text box of the OTL tool/program ! Start with and include the colon plus :OTL

:OTLIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{49218725-54B1-4FE5-ACA3-5ADE4D65021D}: "URL" = http://www.bing.com/...rc=IE-SearchBoxIE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSEIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\URLSearchHook: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - No CLSID value foundIE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\SearchScopes,DefaultScope = {B0F85C57-022E-420F-8CE5-093C11469756}IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\SearchScopes\{3BC6EE30-C35F-4371-B584-0FC09BF895BF}: "URL" = http://www.google.co...1I7ADFA_enUS454IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\SearchScopes\{B0F85C57-022E-420F-8CE5-093C11469756}: "URL" = http://search.yahoo....1043,6901,0,8,0FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll File not foundO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - {a0154e07-2b48-475c-a82a-80efd84ea33e} - No CLSID value found.O3 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not foundO4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not foundO4 - HKLM..\Run: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk =  File not foundO4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk =  File not foundO4 - Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Riverside Resort Widget.lnk =  File not foundO13 - gopher Prefix: missingO18 - Protocol\Handler\gopher - No CLSID value foundO18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not foundO21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click

# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

====================

Need updated:

Java version out of Date!

[*]Please go here to install Java >>> http://www.java.com/en/

[o] click on the Free Java Download Button
[o] click on Agree and start Free download
[o] click on Run
[o] click on run again
[o] click on install
[o] when install is complete click on close
[*]Reboot your computer

...........................................

Adobe Reader 10.1.10 Adobe Reader out of Date!

Update Adobe Reader

Make sure you uncheck the box to install McAfee Security Scan Plus

Please uninstall unless you already have Adobe Reader XXX XXX xxx before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs. Locate Adobe Reader XX xxx xx and click on Change/Remove to uninstall it.
Click here to download the latest version of Adobe Acrobat Reader.
Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.

If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
Close your Internet browser and open it again.

Post the OTL fix log !!

Also how's it running !

It may be a bit slow till a few normal reboots !!

Chuck

svanden00 · July 3, 2014

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49218725-54B1-4FE5-ACA3-5ADE4D65021D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49218725-54B1-4FE5-ACA3-5ADE4D65021D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\ deleted successfully.
HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BC6EE30-C35F-4371-B584-0FC09BF895BF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BC6EE30-C35F-4371-B584-0FC09BF895BF}\ not found.
Registry key HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B0F85C57-022E-420F-8CE5-093C11469756}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0F85C57-022E-420F-8CE5-093C11469756}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a0154e07-2b48-475c-a82a-80efd84ea33e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e}\ not found.
Registry value HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_JULY_P1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TotalRecipeSearch Search Scope Monitor deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk scheduled to be moved on reboot.
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Riverside Resort Widget.lnk moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gopher\ deleted successfully.
File Protocol\Handler\gopher - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jay
->Java cache emptied: 3606086 bytes

User: Public

Total Java Files Cleaned = 3.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 57472 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jay
->Flash cache emptied: 26347106 bytes

User: Public

Total Flash Files Cleaned = 25.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jay
->Temp folder emptied: 51009585 bytes
->Temporary Internet Files folder emptied: 33340424 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 15374844 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84513571 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 176.00 mb

HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 07032014_124955

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk not found!
C:\Users\Jay\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jay\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

flashh4 · July 3, 2014

Ok lets remove all programs we used in the cleaning !!

Please download OTCleanIt and save it to desktop.

    Double-click OTCleanIt.exe. >>> http://oldtimer.geekstogo.com/OTC.exe
    Click the CleanUp! button.
    Select Yes when the "Begin cleanup Process?" prompt appears.
    If you are prompted to Reboot during the cleanup, select Yes.
    The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Let me know if that trovia.com site is still popping up ??

flashh4 · July 3, 2014

Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Here are some tips to reduce the potential for spyware/malware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    From within Internet Explorer click on the Tools menu and then click onOptions.
    Click once on theSecurity tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure.
NoScript

adblock plus

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free

5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware .

===============================

Seems as tho no one has had any problems with that site. So when i get back we will dig deeper !

Look on the bright side you have a clean computer of infections & un-wanted programs & 1 very bad infection !!

See ya when i get back !

flashh4 · July 12, 2014

This topic is now locked !! If you need it re-opened please PM me or any Mod !!

Thanks

Chuck

Needing help with Trovia

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites