svanden00

Members
  • Content Count

    11
  • Joined

  • Last visited

About svanden00

  • Rank
    Member
  1. All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49218725-54B1-4FE5-ACA3-5ADE4D65021D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49218725-54B1-4FE5-ACA3-5ADE4D65021D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\ deleted successfully. HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BC6EE30-C35F-4371-B584-0FC09BF895BF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BC6EE30-C35F-4371-B584-0FC09BF895BF}\ not found. Registry key HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B0F85C57-022E-420F-8CE5-093C11469756}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0F85C57-022E-420F-8CE5-093C11469756}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a0154e07-2b48-475c-a82a-80efd84ea33e} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e}\ not found. Registry value HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_JULY_P1 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TotalRecipeSearch Search Scope Monitor deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk moved successfully. File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk scheduled to be moved on reboot. C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Riverside Resort Widget.lnk moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gopher\ deleted successfully. File Protocol\Handler\gopher - No CLSID value found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully. File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Jay ->Java cache emptied: 3606086 bytes User: Public Total Java Files Cleaned = 3.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 57472 bytes User: Default User ->Flash cache emptied: 0 bytes User: Jay ->Flash cache emptied: 26347106 bytes User: Public Total Flash Files Cleaned = 25.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Jay ->Temp folder emptied: 51009585 bytes ->Temporary Internet Files folder emptied: 33340424 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 15374844 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84513571 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 176.00 mb HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 07032014_124955 Files\Folders moved on Reboot... File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk not found! C:\Users\Jay\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Jay\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  2. RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jay [Admin rights] Mode : Remove -- Date : 07/03/2014 12:00:08 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 32 ¤¤¤ [PUM.Https] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> NOT SELECTED [PUM.Https] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> NOT SELECTED [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 -> NOT SELECTED [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> NOT SELECTED [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> NOT SELECTED [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NOT SELECTED [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NOT SELECTED [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> NOT SELECTED [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> NOT SELECTED [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> NOT SELECTED [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> NOT SELECTED [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> NOT SELECTED [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> NOT SELECTED [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED [ZeroAccess] (X64) HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 | : C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\n. [x] -> REPLACED (C:\Windows\system32\shell32.dll) [ZeroAccess] (X64) HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 | : C:\$Recycle.Bin\S-1-5-21-1146792228-2588377364-2779136815-1000\$1b443a9931efc65b68b7cc40cec30f6b\n. [x] -> REPLACED (C:\Windows\system32\shell32.dll) [Hj.RegVal] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Command Processor | AutoRun : "C:\Users\Jay\AppData\Local\duS_nMjtMtx.exe" -> REPLACED () [Hj.RegVal] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Command Processor | AutoRun : "C:\Users\Jay\AppData\Local\duS_nMjtMtx.exe" -> REPLACED () ¤¤¤ Scheduled tasks : 2 ¤¤¤ [suspicious.Path] \\4473 -- wscript.exe (C:\Users\Jay\AppData\Local\Temp\launchie.vbs //B) -> DELETED [suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> DELETED ¤¤¤ Files : 3 ¤¤¤ [ZeroAccess][File] @ -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\@ -> DELETED [ZeroAccess][Folder] L -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\L -> DELETED [ZeroAccess][Folder] U -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\U -> DELETED ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD64 00AAKS-65A7B SCSI Disk Device +++++ --- User --- [MBR] bd7c3e7d59ffe741a2454cf4ababd859 [bSP] eb50dc3a606bbbd4c4782f8f30779905 : Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 599354 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1227683840 | Size: 11024 MB User = LL1 ... OK Error reading LL2 MBR! ([1] Incorrect function. ) +++++ PhysicalDrive1: Multi Flash Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_SCN_07032014_104405.log - RKreport_SCN_07032014_115956.log
  3. OTL logfile created on: 7/3/2014 10:49:39 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jay\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17126) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.40% Memory free 7.50 Gb Paging File | 5.67 Gb Available in Paging File | 75.66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 585.31 Gb Total Space | 523.35 Gb Free Space | 89.42% Space Free | Partition Type: NTFS Drive D: | 10.77 Gb Total Space | 1.56 Gb Free Space | 14.51% Space Free | Partition Type: NTFS Computer Name: JAY-PC | User Name: Jay | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/07/03 10:47:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Downloads\OTL.com PRC - [2014/07/03 10:21:02 | 000,854,390 | ---- | M] () -- C:\Users\Jay\Downloads\SecurityCheck.exe PRC - [2014/06/23 12:15:28 | 002,640,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe PRC - [2014/06/23 12:15:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2014/05/29 05:16:32 | 000,241,344 | ---- | M] () -- C:\Program Files\pcmax\pcmax.exe PRC - [2014/05/11 00:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe PRC - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/08 10:17:46 | 002,544,960 | ---- | M] (SkyHawke) -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe PRC - [2010/11/20 06:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe PRC - [2010/09/14 19:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2010/07/27 03:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009/08/24 20:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ========== Modules (No Company Name) ========== MOD - [2014/07/03 10:21:02 | 000,854,390 | ---- | M] () -- C:\Users\Jay\Downloads\SecurityCheck.exe MOD - [2014/07/03 05:29:27 | 001,404,120 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll MOD - [2014/03/23 17:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll MOD - [2013/09/13 20:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013/09/13 20:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2013/05/08 10:17:46 | 000,167,232 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\conduitscripting0.dll MOD - [2013/05/08 10:13:34 | 000,590,848 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qjson0.dll MOD - [2013/05/08 10:13:26 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qextserialport1.dll MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2009/06/22 20:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\libgcc_s_dw2-1.dll MOD - [2009/01/10 12:32:40 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\mingwm10.dll ========== Services (SafeList) ========== SRV - [2014/06/23 12:15:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2014/05/13 14:47:49 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/05/11 00:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe -- (N360) SRV - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/07/27 03:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV - [2014/07/03 05:29:24 | 000,631,128 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys -- (RapportCerberus_69108) DRV - [2014/06/23 12:15:38 | 000,414,296 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64) DRV - [2014/06/23 12:15:38 | 000,299,736 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64) DRV - [2014/06/21 03:20:11 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20140702.023\ex64.sys -- (NAVEX15) DRV - [2014/06/21 03:20:11 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20140702.023\eng64.sys -- (NAVENG) DRV - [2014/06/10 20:31:55 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2014/06/10 20:31:55 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2014/06/06 16:56:44 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20140702.001\IDSviA64.sys -- (IDSVia64) DRV - [2014/05/09 19:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{49218725-54B1-4FE5-ACA3-5ADE4D65021D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\URLSearchHook: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - No CLSID value found IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\SearchScopes,DefaultScope = {B0F85C57-022E-420F-8CE5-093C11469756} IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\SearchScopes\{3BC6EE30-C35F-4371-B584-0FC09BF895BF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_enUS454 IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\SearchScopes\{B0F85C57-022E-420F-8CE5-093C11469756}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111043,6901,0,8,0 IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn\ [2014/07/03 10:07:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014/06/07 17:13:25 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.trovi.com/?gd=&ctid=CT3329903&octid=EB_ORIGINAL_CTID&ISID=M11615D30-1A23-42CB-A5F8-E93A6CB02C38&SearchSource=55&CUI=&UM=2&UP=SP4D8C4040-F118-4385-83C0-B85B628DC8F8&SSPV= CHR - plugin: Error reading preferences file CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\ CHR - Extension: Norton Identity Protection = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.48_0\ CHR - Extension: Google Wallet = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ Hosts file not found O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {a0154e07-2b48-475c-a82a-80efd84ea33e} - No CLSID value found. O3 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe (SkyHawke) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe () O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKLM..\Run: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h File not found O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000..\Run: [pcreg] C:\Program Files\pcmax\service.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found O4 - Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Riverside Resort Widget.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.215.21.202 72.21.70.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7}: DhcpNameServer = 67.215.21.202 72.21.70.3 O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1146792228-2588377364-2779136815-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/07/03 10:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller [2014/07/03 09:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2014/07/03 09:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2014/07/03 09:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2014/07/03 09:21:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014/07/03 09:04:48 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll [2014/07/03 09:04:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/06/14 05:28:34 | 000,000,000 | ---D | C] -- C:\temp [2014/06/12 10:18:40 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Local_Weather_LLC [2014/06/12 10:18:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts [2014/06/11 05:50:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll [2014/06/11 05:50:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2014/06/11 05:49:48 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014/06/11 05:49:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014/06/11 05:49:46 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014/06/11 05:49:45 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2014/06/11 05:49:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014/06/11 05:49:41 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014/06/11 05:49:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014/06/11 05:49:37 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014/06/11 05:49:33 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2014/06/11 05:49:33 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014/06/11 05:49:32 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014/06/11 05:49:31 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014/06/07 17:11:49 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 ========== Files - Modified Within 30 Days ========== [2014/07/03 10:38:16 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/07/03 10:29:00 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2014/07/03 10:05:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/07/03 10:05:34 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys [2014/07/03 09:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/07/03 09:52:38 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/06/30 14:17:51 | 000,002,245 | ---- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2014/06/30 14:17:51 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014/06/30 13:35:12 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job [2014/06/28 15:52:37 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJay.job [2014/06/20 12:39:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf8cb6f601a850.job [2014/06/17 13:01:08 | 006,828,052 | ---- | M] () -- C:\Users\Jay\Documents\Troy Built Manual.pdf [2014/06/07 17:11:49 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2014/06/07 10:03:27 | 001,480,320 | ---- | M] () -- C:\Users\Jay\Documents\JoAnn Logan Laing.pdf ========== Files Created - No Company Name ========== [2014/07/03 09:41:02 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/06/20 12:39:25 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf8cb6f601a850.job [2014/06/17 13:01:08 | 006,828,052 | ---- | C] () -- C:\Users\Jay\Documents\Troy Built Manual.pdf [2014/06/07 10:03:27 | 001,480,320 | ---- | C] () -- C:\Users\Jay\Documents\JoAnn Logan Laing.pdf [2014/02/15 09:42:38 | 001,005,944 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpJONNA AND SUSAN 2014.JPG [2013/02/12 18:21:33 | 000,834,069 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpSUSAN, NANCY, KAREN FEBRUARY 2013.JPG [2013/02/12 18:21:32 | 002,392,573 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpSUSAN, NANCY, KAREN FEBRUARY 2013.0 [2013/01/14 17:13:23 | 000,751,078 | ---- | C] () -- C:\ProgramData\1.bmp [2013/01/14 17:13:11 | 000,018,252 | ---- | C] () -- C:\ProgramData\sound.mp3 [2013/01/14 17:12:59 | 000,114,890 | ---- | C] () -- C:\ProgramData\1.jpg [2012/10/20 12:33:46 | 000,049,864 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpMINI REUNION APRIL 30, 2012.JPG [2012/10/20 12:33:45 | 000,065,584 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpMINI REUNION APRIL 30, 2012.0 [2012/08/14 16:31:42 | 000,027,520 | ---- | C] () -- C:\Users\Jay\AppData\Local\dt.dat [2012/08/06 06:32:14 | 004,503,728 | ---- | C] () -- C:\ProgramData\rat_0ybba.pad [2012/03/30 13:36:36 | 000,053,501 | ---- | C] () -- C:\Users\Jay\AppData\Local\tmpBUD IN ARIZONA MARCH 2012.JPG [2010/10/09 14:50:11 | 000,002,904 | ---- | C] () -- C:\Users\Jay\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2011/11/17 00:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\@ [2011/11/17 00:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\L [2013/02/15 23:13:45 | 000,000,000 | -HSD | M] -- C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\U [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\Jay\AppData\Local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-1146792228-2588377364-2779136815-1000\$1b443a9931efc65b68b7cc40cec30f6b\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 20:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 20:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/01/10 21:08:47 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013/01/10 21:08:47 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2012/10/14 14:18:59 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\AVG [2012/12/14 11:47:50 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\AVG2013 [2012/06/07 16:41:12 | 000,000,000 | -HSD | M] -- C:\Users\Jay\AppData\Roaming\Best Antivirus Software [2013/05/04 14:33:29 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Canon [2013/11/14 14:00:13 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\com.highimpactdirect.Riverside [2011/12/09 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Masque [2010/04/22 11:38:01 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\PictureMover [2010/05/24 16:47:37 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\SkyGolf [2010/10/09 14:50:14 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Template [2012/12/14 11:38:04 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\TuneUp Software [2012/12/30 09:44:32 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Visan [2010/05/14 17:57:35 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\WinBatch ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0B4227B4 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:290A724C < End of report >
  4. RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jay [Admin rights] Mode : Scan -- Date : 07/03/2014 10:44:05 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 32 ¤¤¤ [PUM.Https] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364- 2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> FOUND [PUM.Https] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364- 2779136815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet \Services\Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services \Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services \Tcpip\Parameters | DhcpNameServer : 67.215.21.202 72.21.70.3 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet \Services\Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0- AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services \Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0- AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services \Tcpip\Parameters\Interfaces\{C24CADA4-9C69-41A7-9FD0- AB93644A81F7} | DhcpNameServer : 67.215.21.202 72.21.70.3 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364- 2779136815-1000\Software\Microsoft\Windows\CurrentVersion \Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364- 2779136815-1000\Software\Microsoft\Windows\CurrentVersion \Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364- 2779136815-1000\Software\Microsoft\Windows\CurrentVersion \Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364- 2779136815-1000\Software\Microsoft\Windows\CurrentVersion \Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364- 2779136815-1000\Software\Microsoft\Windows\CurrentVersion \Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> FOUND [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364- 2779136815-1000\Software\Microsoft\Windows\CurrentVersion \Explorer\Advanced | Start_ShowMyGames : 2 -> FOUND [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364- 2779136815-1000\Software\Microsoft\Windows\CurrentVersion \Explorer\Advanced | Start_ShowUser : 2 -> FOUND [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364- 2779136815-1000\Software\Microsoft\Windows\CurrentVersion \Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> FOUND [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364- 2779136815-1000\Software\Microsoft\Windows\CurrentVersion \Explorer\Advanced | Start_ShowMyGames : 2 -> FOUND [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364- 2779136815-1000\Software\Microsoft\Windows\CurrentVersion \Explorer\Advanced | Start_ShowUser : 2 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [ZeroAccess] (X64) HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd- b9a3-0c966feabec1}\InprocServer32 | : C:\Users\Jay\AppData\Local \{1b443a99-31ef-c65b-68b7-cc40cec30f6b}\n. -> FOUND [ZeroAccess] (X64) HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442- 804e-409d6c4515e9}\InprocServer32 | : C:\$Recycle.Bin\S-1-5-21- 1146792228-2588377364-2779136815-1000\ $1b443a9931efc65b68b7cc40cec30f6b\n. -> FOUND [Hj.RegVal] (X64) HKEY_USERS\S-1-5-21-1146792228-2588377364- 2779136815-1000\Software\Microsoft\Command Processor | AutoRun : "C:\Users\Jay\AppData\Local\duS_nMjtMtx.exe" -> FOUND [Hj.RegVal] (X86) HKEY_USERS\S-1-5-21-1146792228-2588377364- 2779136815-1000\Software\Microsoft\Command Processor | AutoRun : "C:\Users\Jay\AppData\Local\duS_nMjtMtx.exe" -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [suspicious.Path] \\4473 -- wscript.exe (C:\Users\Jay\AppData \Local\Temp\launchie.vbs //B) -> FOUND [suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> FOUND ¤¤¤ Files : 3 ¤¤¤ [ZeroAccess][File] @ -- C:\Users\Jay\AppData\Local\{1b443a99- 31ef-c65b-68b7-cc40cec30f6b}\@ -> FOUND [ZeroAccess][Folder] L -- C:\Users\Jay\AppData\Local\{1b443a99- 31ef-c65b-68b7-cc40cec30f6b}\L -> FOUND [ZeroAccess][Folder] U -- C:\Users\Jay\AppData\Local\{1b443a99- 31ef-c65b-68b7-cc40cec30f6b}\U -> FOUND ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤
  5. Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 31 Java version out of Date! Adobe Reader 10.1.10 Adobe Reader out of Date! Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 31 Java version out of Date! Adobe Reader 10.1.10 Adobe Reader out of Date! Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
  6. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 4/22/2010 11:27:52 AM System Uptime: 7/3/2014 9:33:50 AM (1 hours ago) . Motherboard: PEGATRON CORPORATION | | Narra6 Processor: AMD Athlon II X2 250 Processor | CPU 1 | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 585 GiB total, 522.577 GiB free. D: is FIXED (NTFS) - 11 GiB total, 1.562 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP571: 6/14/2014 5:28:47 AM - Installed Rapport RP572: 6/14/2014 6:10:12 PM - HPSF Restore Point RP573: 6/22/2014 12:00:02 AM - Scheduled Checkpoint RP574: 6/29/2014 8:12:50 AM - Scheduled Checkpoint RP575: 7/3/2014 5:22:10 AM - Installed Rapport . ==== Installed Programs ====================== . Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 13 ActiveX Adobe Reader X (10.1.10) Apple Application Support Apple Mobile Device Support Apple Software Update Best Buy Software Installer Bonjour CaddieSync Express 1.5.14 Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MP Navigator EX 4.1 Canon MX410 series MP Drivers Canon MX410 series User Registration Canon My Printer Canon Solution Menu EX Canon Speed Dial Utility CCleaner Compatibility Pack for the 2007 Office system CyberLink DVD Suite Deluxe Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DesktopWeatherAlerts DirectX for Managed Code Update (Summer 2004) DVD Menu Pack for HP MediaSmart Video Geek Squad 24 Hour Computer Support Google Chrome Google Update Helper Hardware Diagnostic Tools Hoyle Card Games 2005 HP Customer Experience Enhancements HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP MediaSmart SmartMenu HP MediaSmart/TouchSmart Netflix HP Odometer HP Photo Creations HP Remote Solution HP Support Assistant HP Support Information HP Update HPAsset component for HP Active Support Library Hulu Desktop iSEEK AnswerWorks English Runtime iTunes Java Auto Updater Java 6 Update 31 Junk Mail filter update K-Lite Codec Pack 7.0.0 (Standard) LabelPrint LightScribe System Software Malwarebytes Anti-Malware version 2.0.2.1012 Masque IGT Slots Wolf Run Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Easy Assist v2 Microsoft IntelliPoint 8.2 Microsoft IntelliType Pro 8.2 Microsoft Live Search Toolbar Microsoft Office Access database engine 2007 (English) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Business 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Store Download Manager Microsoft Streets & Trips 2010 Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable Package Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Movie Theme Pack for HP MediaSmart Video MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton 360 NVIDIA Drivers PictureMover PlayReady PC Runtime amd64 Power2Go PowerDirector Quicken 2011 Rapport Realtek High Definition Audio Driver Recovery Manager Savings Bond Wizard Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) SkyCaddie Desktop TotalRecipeSearch Internet Explorer Toolbar Trusteer Endpoint Protection Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 7/3/2014 9:34:33 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147467259 7/3/2014 9:34:33 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147467259 7/3/2014 9:34:21 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. . ==== End Of File ===========================
  7. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17126 Run by Jay at 9:59:03 on 2014-07-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2163 [GMT -6:00] . AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe C:\Program Files\pcmax\pcmax.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\Explorer.EXE C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\splwow64.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\msiexec.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uURLSearchHooks: <No Name>: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - mWinlogon: Userinit = userinit.exe, BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX \ewpexbho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine \21.3.0.12\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine \21.3.0.12\IPS\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office \Office14\URLREDIR.DLL BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar \3.0.0566.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar \3.0.0566.0\msneshellx.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [pcreg] C:\Program Files\pcmax\service.exe mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe mRun: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [pcreg] C:\Program Files\pcmax\service.exe StartupFolder: C:\Users\Jay\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RIVERS~1.LNK - C:\Program Files (x86)\Riverside Resort Widget\Riverside Resort Widget.exe uPolicies-Explorer: HideSCAHealth = dword:1 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: HideSCAHealth = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live \Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office \Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office \Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 67.215.21.202 72.21.70.3 TCP: Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7} : DHCPNameServer = 67.215.21.202 72.21.70.3 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared \OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer \chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\CoIEPlg.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office \Office14\URLREDIR.DLL x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\CoIEPlg.dll x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [TotalRecipeSearch Home Page Guard 64 bit] "C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator64.exe" x64-Run: [pcreg] C:\Program Files\pcmax\service.exe x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line \NCPluginUpdater.exe" Update x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office \Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office \Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared \OFFICE14\MSOXMLMF.DLL x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1503000.00C\SymDS64.sys [2014-6-7 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1503000.00C\SymEFA64.sys [2014-6-7 1148120] R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [2014-6-9 1530160] R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1503000.00C\ccSetx64.sys [2014-6-7 162392] R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20140702.001\IDSviA64.sys [2014 -7-2 525016] R1 RapportCerberus_69108;RapportCerberus_69108;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline \RapportCerberus64_69108.sys [2014-7-3 631128] R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-6-23 299736] R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-6-23 414296] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1503000.00C\Ironx64.sys [2014-6-7 264280] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1503000.00C\symnets.sys [2014-6-7 593112] R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [2014-6-7 265040] R2 pcmaxservice;pcmaxservice Service;C:\Program Files\pcmax\pcmax.exe [2014-5-29 241344] R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-6-23 1886488] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-11 142128] R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-3 122584] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework \v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616] S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2013-4-22 358616] S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2010 -2-2 52224] S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2010-2-16 72192] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-27 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-4 1255736] . =============== Created Last 30 ================ . 2014-07-03 15:51:24 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2014-07-03 15:41:26 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-07-03 15:40:57 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-07-03 15:40:57 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-07-03 15:40:57 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-07-03 15:40:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-03 15:21:05 -------- d-----w- C:\Windows\ERUNT 2014-07-03 15:04:48 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll 2014-07-03 15:04:12 -------- d-----w- C:\AdwCleaner 2014-06-14 11:28:34 -------- d-----w- C:\temp 2014-06-12 16:18:55 -------- d-----w- C:\Program Files\pcmax 2014-06-12 16:18:40 -------- d-----w- C:\Users\Jay\AppData\Local\Local_Weather_LLC 2014-06-11 11:50:18 801280 ----a-w- C:\Windows\System32\usp10.dll 2014-06-11 11:50:18 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2014-06-11 11:50:17 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2014-06-11 11:50:17 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-06-11 11:50:12 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2014-06-11 11:50:11 1882112 ----a-w- C:\Windows\System32\msxml3.dll 2014-06-11 11:50:11 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll 2014-06-11 11:50:10 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll 2014-06-11 11:50:10 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll 2014-06-11 11:50:09 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2014-06-11 11:50:09 2048 ----a-w- C:\Windows\System32\msxml6r.dll 2014-06-11 11:50:09 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2014-06-11 11:48:59 506368 ----a-w- C:\Windows\System32\aepdu.dll 2014-06-11 11:48:55 424448 ----a-w- C:\Windows\System32\aeinv.dll 2014-06-07 18:18:21 875736 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\srtsp64.sys 2014-06-07 18:18:21 593112 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\symnets.sys 2014-06-07 18:18:21 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\SymDS64.sys 2014-06-07 18:18:21 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\srtspx64.sys 2014-06-07 18:18:21 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\Ironx64.sys 2014-06-07 18:18:21 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\SymELAM.sys 2014-06-07 18:18:21 1148120 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\SymEFA64.sys 2014-06-07 18:18:20 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\ccSetx64.sys 2014-06-07 18:17:45 -------- d-----w- C:\Windows\System32\drivers\N360x64\1503000.00C . ==================== Find3M ==================== . 2014-06-23 18:15:38 358616 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys 2014-06-07 18:18:56 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll 2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll 2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll 2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll 2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-05-13 20:47:45 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-05-13 20:47:45 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-04-15 09:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX 2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll 2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll 2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll 2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll 2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe 2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 10:00:12.54 ===============
  8. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Jay on Thu 07/03/2014 at 9:21:11.22 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] totalrecipesearch_14service Successfully deleted: [service] totalrecipesearch_14service ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{03F3147C-CEA6-4AAE-B0AE-8D8ABE7A8080} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2502086B-5A46-4D05-8D5B-A1E77AB8BB32} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{396A4E14-83E7-4941-B0D9-B598E1B97197} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{76F3207C-3A0A-461B-B958-5653C5718243} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{895F3DBD-2484-4A14-A0EA-C3252EBB0FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8C4B563E-52A1-4A10-B700-F8BF1CD7B726} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{96B8A0EF-0D9D-4A92-B548-376DB4BBB58B} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9E5C950C-93F2-46B4-A47E-8450FFF4D841} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0154E07-2B48-475C-A82A-80EFD84EA33E} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A4503EC3-1111-4B62-8F46-0D88508F8A7B} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A9C524BF-4044-402A-AA00-8C3B3DA86125} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B38FBAED-DED1-4BA6-BA2E-F2515FD49442} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B5EDE79D-B004-47DD-93F9-152B0D145914} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D0690E53-168C-4632-99B2-5700228F760F} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\totalrecipesearch_14 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\totalrecipesearch_14 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CBB2D444-4D06-42DB-9E2E-8E1A2628D49C} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF22384F-CF68-4D19-969F-10423715528B} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{13C1216B-1C15-4569-B1CD-574A8567ED9A} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{13C1216B-1C15-4569-B1CD-574A8567ED9A} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Jay\appdata\locallow\totalrecipesearch_14" Failed to delete: [Folder] "C:\Program Files (x86)\totalrecipesearch_14" Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{1b443a99-31ef-c65b-68b7-cc40cec30f6b} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 07/03/2014 at 9:30:47.52 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. # AdwCleaner v3.214 - Report created 03/07/2014 at 09:14:55 # Updated 29/06/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Jay - JAY-PC # Running from : C:\Users\Jay\Downloads\adwcleaner_3.214 (1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\inbox.appserver Key Deleted : HKLM\SOFTWARE\Classes\inbox.ibx404 Key Deleted : HKLM\SOFTWARE\Classes\Inbox.JSServer Key Deleted : HKLM\SOFTWARE\Classes\Inbox.Toolbar Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inbox Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [inboxToolbar] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1678857 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282144 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282146 Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TotalRecipeSearch_14 Browser Plugin Loader] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Inbox Toolbar Key Deleted : HKCU\Software\pc speed maximizer Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Freecause Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\Inbox Toolbar Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\Software\systweak Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant 3.8.3 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C792A75A-2A1F-4991-9B85-291745478A79} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb ************************* AdwCleaner[R0].txt - [14364 octets] - [03/07/2014 09:04:20] AdwCleaner[R1].txt - [12317 octets] - [03/07/2014 09:10:41] AdwCleaner[R2].txt - [12378 octets] - [03/07/2014 09:12:36] AdwCleaner[R3].txt - [12709 octets] - [03/07/2014 09:13:04] AdwCleaner[R4].txt - [13040 octets] - [03/07/2014 09:13:32] AdwCleaner[R5].txt - [13371 octets] - [03/07/2014 09:14:11] AdwCleaner[s0].txt - [2126 octets] - [03/07/2014 09:05:50] AdwCleaner[s1].txt - [13320 octets] - [03/07/2014 09:14:55] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [13381 octets] ##########
  10. How will I know which operating system is on this computer?