Post by rohwerk on Oct 19, 2013 15:04:40 GMT -8
HAVE NOT HIT OK TO REBOOT YET.
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{22C4C5E1-85AC-4865-BA7D-8CE02055A23A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22C4C5E1-85AC-4865-BA7D-8CE02055A23A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{22C4C5E1-85AC-4865-BA7D-8CE02055A23A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22C4C5E1-85AC-4865-BA7D-8CE02055A23A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3506036945-745545750-2397074263-1001\Software\Microsoft\Internet Explorer\SearchScopes\{22C4C5E1-85AC-4865-BA7D-8CE02055A23A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22C4C5E1-85AC-4865-BA7D-8CE02055A23A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Program Files (x86)\ESET\ESET Online Scanner folder moved successfully.
C:\Program Files (x86)\ESET folder moved successfully.
C:\Users\Kyle Rohwer\Desktop\FSS.exe moved successfully.
C:\FRST\Quarantine\$34abdb91f75e6e4d3541138e74b7a4fe folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Users\Kyle Rohwer\Desktop\wscsvc.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\Winmgmt.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\WinDefend.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\SharedAccess.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\MpsSvc.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\iphlpsvc.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\ShellServiceOBAC2.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\ShellServiceOBAC1.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\ZAfix2.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\ZAFix1.reg moved successfully.
C:\Windows\SysWow64\bndC1D7.tmp deleted successfully.
C:\Windows\SysWow64\SETC3B9.tmp deleted successfully.
C:\Windows\SysWow64\SETD5C5.tmp deleted successfully.
C:\Windows\SysWow64\sho1FDA.tmp deleted successfully.
C:\Windows\SysWow64\sho4C4.tmp deleted successfully.
C:\Windows\SysWow64\sho5763.tmp deleted successfully.
C:\Windows\SysWow64\sho601E.tmp deleted successfully.
========== FILES ==========
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\42d86101-1bad8c9b moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4808514a-59b3fea2 moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\3490ebce-4104c3c0 moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\5f501815-4668a7d2 moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\1b56cbd6-199036a8 moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7b20e584-7c6bc4a8 moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\50755428-20c1430b moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\64782b2a-31240b8b moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\4b8cacc5-48263681 moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5e7ddc32-290141f9 moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kyle Rohwer
->Temp folder emptied: 8923511 bytes
->Temporary Internet Files folder emptied: 212056813 bytes
->Java cache emptied: 3280628 bytes
->FireFox cache emptied: 324586767 bytes
->Google Chrome cache emptied: 313373605 bytes
->Flash cache emptied: 50820 bytes
User: Mcx1-LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 83971 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85001405 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1207730 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304594 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 945.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Kyle Rohwer
->Flash cache emptied: 0 bytes
User: Mcx1-LAPTOP
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Kyle Rohwer
->Java cache emptied: 0 bytes
User: Mcx1-LAPTOP
User: Public
Total Java Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10192013_155344
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{22C4C5E1-85AC-4865-BA7D-8CE02055A23A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22C4C5E1-85AC-4865-BA7D-8CE02055A23A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{22C4C5E1-85AC-4865-BA7D-8CE02055A23A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22C4C5E1-85AC-4865-BA7D-8CE02055A23A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3506036945-745545750-2397074263-1001\Software\Microsoft\Internet Explorer\SearchScopes\{22C4C5E1-85AC-4865-BA7D-8CE02055A23A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22C4C5E1-85AC-4865-BA7D-8CE02055A23A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Program Files (x86)\ESET\ESET Online Scanner folder moved successfully.
C:\Program Files (x86)\ESET folder moved successfully.
C:\Users\Kyle Rohwer\Desktop\FSS.exe moved successfully.
C:\FRST\Quarantine\$34abdb91f75e6e4d3541138e74b7a4fe folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Users\Kyle Rohwer\Desktop\wscsvc.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\Winmgmt.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\WinDefend.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\SharedAccess.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\MpsSvc.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\iphlpsvc.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\ShellServiceOBAC2.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\ShellServiceOBAC1.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\ZAfix2.reg moved successfully.
C:\Users\Kyle Rohwer\Desktop\ZAFix1.reg moved successfully.
C:\Windows\SysWow64\bndC1D7.tmp deleted successfully.
C:\Windows\SysWow64\SETC3B9.tmp deleted successfully.
C:\Windows\SysWow64\SETD5C5.tmp deleted successfully.
C:\Windows\SysWow64\sho1FDA.tmp deleted successfully.
C:\Windows\SysWow64\sho4C4.tmp deleted successfully.
C:\Windows\SysWow64\sho5763.tmp deleted successfully.
C:\Windows\SysWow64\sho601E.tmp deleted successfully.
========== FILES ==========
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\42d86101-1bad8c9b moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4808514a-59b3fea2 moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\3490ebce-4104c3c0 moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\5f501815-4668a7d2 moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\1b56cbd6-199036a8 moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7b20e584-7c6bc4a8 moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\50755428-20c1430b moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\64782b2a-31240b8b moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\4b8cacc5-48263681 moved successfully.
C:\Users\Kyle Rohwer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5e7ddc32-290141f9 moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kyle Rohwer
->Temp folder emptied: 8923511 bytes
->Temporary Internet Files folder emptied: 212056813 bytes
->Java cache emptied: 3280628 bytes
->FireFox cache emptied: 324586767 bytes
->Google Chrome cache emptied: 313373605 bytes
->Flash cache emptied: 50820 bytes
User: Mcx1-LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 83971 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85001405 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1207730 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304594 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 945.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Kyle Rohwer
->Flash cache emptied: 0 bytes
User: Mcx1-LAPTOP
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Kyle Rohwer
->Java cache emptied: 0 bytes
User: Mcx1-LAPTOP
User: Public
Total Java Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10192013_155344