WiredWX Hobby Weather ToolsLog in

 


Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

2 posters

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptySomething going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
Using G/F's laptop......keyboard disables.....'Caps lock pops on by itself

Need help

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/16/2013 04:36:27 PM in x86 mode.
Windows Version: Windows 7 Ultimate N Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* WMPNetworkSvc [Missing Service]
* WPDBusEnum [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 09/16/2013 04:37:17 PM
Execution time: 0 hours(s), 0 minute(s), and 49 seconds(s)


OTL logfile created on: 9/16/2013 4:00:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tree\Downloads
Ultimate Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 62.34% Memory free
5.74 Gb Paging File | 4.53 Gb Available in Paging File | 78.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 204.43 Gb Free Space | 87.82% Space Free | Partition Type: NTFS

Computer Name: TREE-PC | User Name: Tree | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/16 15:59:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tree\Downloads\OTL.exe
PRC - [2013/09/02 16:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/08/22 21:34:16 | 000,206,624 | ---- | M] (Web Layers) -- C:\Program Files\Web Layers\updateWebLayers.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin


========== Modules (No Company Name) ==========

MOD - [2013/09/02 16:35:56 | 000,410,576 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/02 16:35:55 | 013,599,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
MOD - [2013/09/02 16:35:54 | 004,053,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 16:35:04 | 000,709,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
MOD - [2013/09/02 16:35:03 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\libegl.dll
MOD - [2013/09/02 16:35:01 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/25 17:03:47 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV - [2013/09/13 19:35:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/22 21:34:16 | 000,206,624 | ---- | M] (Web Layers) [Auto | Running] -- C:\Program Files\Web Layers\updateWebLayers.exe -- (Update Web Layers)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/25 14:21:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tree\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/20 17:31:22 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 17:31:16 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:30:52 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 17:30:52 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 17:30:52 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 17:30:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 17:30:52 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 17:30:52 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 17:30:52 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 17:30:52 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:30:52 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 17:30:51 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009/09/21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 32 DB B9 71 41 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/25 14:38:25 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! WebRep = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/16 15:46:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - Startup: C:\Users\Tree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8776BE5-A86F-4B19-895A-8D1EFD46A490}: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8776BE5-A86F-4B19-895A-8D1EFD46A490}: NameServer = 8.8.4.4,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C74D307F-C742-4632-A66A-669C268F5494}: DhcpNameServer = 207.172.3.8 207.172.3.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD2A99C5-B6CA-4337-A09D-6644DBE112AF}: DhcpNameServer = 208.59.247.45 208.59.247.46
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/16 15:47:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/16 15:47:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/09/16 15:47:44 | 000,000,000 | ---D | C] -- C:\Users\Tree\AppData\Local\temp
[2013/09/16 15:33:48 | 000,173,119 | ---- | C] (Eric_71) -- C:\Users\Tree\Desktop\Rooter exe.exe
[2013/09/16 13:41:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/16 13:41:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/16 13:41:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/14 13:46:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/14 13:39:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/13 03:03:57 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/13 03:03:55 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/13 03:03:53 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/13 03:03:53 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/13 03:03:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/13 03:03:49 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/13 03:03:49 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/13 03:03:49 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/13 03:03:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/13 03:03:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/12 12:35:08 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/09/12 12:35:06 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/12 12:35:00 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/12 12:34:59 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/09/12 12:34:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/12 12:34:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/12 12:34:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/12 12:34:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/12 12:34:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/12 12:34:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/12 12:34:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/12 12:34:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/12 12:34:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/12 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/08/24 18:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/08/24 18:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Web Layers
[2013/08/24 18:47:16 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2013/08/24 18:47:16 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2013/08/24 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\Tree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flash Movie Player
[2013/08/24 18:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Movie Player
[2013/08/24 18:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Movie Player
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/16 15:59:23 | 000,020,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/16 15:59:23 | 000,020,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/16 15:52:10 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/16 15:51:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/16 15:51:52 | 2312,105,984 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/16 15:46:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/09/16 15:33:50 | 000,173,119 | ---- | M] (Eric_71) -- C:\Users\Tree\Desktop\Rooter exe.exe
[2013/09/16 14:37:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/16 14:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/14 21:06:34 | 348,811,311 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/13 19:35:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/13 19:35:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/13 03:22:04 | 000,285,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/12 14:16:26 | 000,000,884 | RHS- | M] () -- C:\Users\Tree\ntuser.pol
[2013/09/05 21:42:26 | 000,002,129 | ---- | M] () -- C:\Users\Tree\Desktop\Google Chrome.lnk
[2013/09/05 21:42:26 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/24 18:46:49 | 000,001,008 | ---- | M] () -- C:\Users\Tree\Desktop\Flash Movie Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/16 15:50:59 | 000,001,071 | ---- | C] () -- C:\Users\Tree\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/16 15:50:49 | 000,002,129 | ---- | C] () -- C:\Users\Tree\Desktop\Google Chrome.lnk
[2013/09/16 13:41:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/16 13:41:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/16 13:41:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/16 13:41:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/16 13:41:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/24 18:48:47 | 000,000,884 | RHS- | C] () -- C:\Users\Tree\ntuser.pol
[2013/08/24 18:46:49 | 000,001,008 | ---- | C] () -- C:\Users\Tree\Desktop\Flash Movie Player.lnk

========== ZeroAccess Check ==========

[2009/07/14 00:09:29 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:31:11 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


'CMX;V
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tree\Downloads
Ultimate Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 62.34% Memory free
5.74 Gb Paging File | 4.53 Gb Available in Paging File | 78.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 204.43 Gb Free Space | 87.82% Space Free | Partition Type: NTFS

Computer Name: TREE-PC | User Name: Tree | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ACA211-EE73-44DE-AD81-A33945761865}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{09D384D8-DAB9-4F55-A341-9CE86264B114}" = lport=139 | protocol=6 | dir=in | app=system |
"{2B303554-5C4C-4D71-800C-06EF3FC52F43}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34A5D4EC-0DD2-4684-A79A-B24F3B5D0C3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4113E7F6-7B9D-4DCD-8186-D81FB7060A90}" = lport=137 | protocol=17 | dir=in | app=system |
"{5383F8D5-5495-4D39-BB75-673EE243D6EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D84A3DA-91B4-43A5-B26A-AAA6A9F4F0FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84CF0C1F-DF32-49A1-9391-2C50782CB5C3}" = rport=139 | protocol=6 | dir=out | app=system |
"{8B99EE20-20A1-41C6-99A4-008226D9422F}" = lport=138 | protocol=17 | dir=in | app=system |
"{91F423EB-9F03-472B-8AB2-0E0082EFF250}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9A50E8B3-A1FC-4556-BAA8-B91121A14405}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E6AE802-3BD6-453A-8F5F-462DF6EDAAEB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B1F9B160-432A-4432-93AB-1EF2360376AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BA75EE70-9A79-4F65-AC2A-5A73E6283446}" = rport=138 | protocol=17 | dir=out | app=system |
"{D10658DD-CD66-4ADE-ACF7-3D7A0BB85D8C}" = rport=445 | protocol=6 | dir=out | app=system |
"{D7FA8C84-24A5-44A5-8054-62AC038A6B2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DBE5755C-71EC-4551-B79D-0F6464A3DC64}" = lport=445 | protocol=6 | dir=in | app=system |
"{E3ACBC40-F914-4366-AAD6-E11ED648701C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E813CCE7-3D43-4C13-A9BB-FCD6443DD30D}" = rport=137 | protocol=17 | dir=out | app=system |
"{EE661088-CEE3-4C6A-BA35-DBC67692B90D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6858254-FFF9-445C-8264-C87FBFB78FED}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FB0E71E8-96C0-463B-9864-DBE94DBE85C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3F8D89FD-07E4-4524-8D96-837D9E2AA32E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{412937EE-C7DE-4F8E-921A-330533544FC6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4448AD76-486E-4DCA-852E-9EB8987349D5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6BD5CB31-D905-4D92-8E92-C3AAD4A0ECCB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7F1B4905-B54D-496C-A74B-8655576F5418}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C6FA9815-119F-4D56-926D-68863FED8DCD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D08F0C19-BD34-4F22-8A62-7D4C8E440598}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F0CB75FF-2E56-4497-A31D-8BC0C701B331}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FB37BBCB-5D32-4064-8EAA-5A4A5D8B9711}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Flash Movie Player" = Flash Movie Player 1.5
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2013 3:32:55 PM | Computer Name = Tree-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rooter.exe, version: 0.1.1.1, time stamp:
0x4a429fb9 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp:
0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00055f99 Faulting process id:
0xe7c Faulting application start time: 0x01ceb31386022b02 Faulting application path:
C:\Users\Tree\Downloads\Rooter.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: c8afcf67-1f06-11e3-90de-001e33b25256

Error - 9/16/2013 3:34:06 PM | Computer Name = Tree-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rooter exe.exe, version: 0.1.1.1, time
stamp: 0x4a429fb9 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x0005ed7d Faulting process
id: 0xf78 Faulting application start time: 0x01ceb313b2113254 Faulting application
path: C:\Users\Tree\Desktop\Rooter exe.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: f2c1492e-1f06-11e3-90de-001e33b25256

Error - 9/16/2013 3:37:16 PM | Computer Name = Tree-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rooter exe.exe, version: 0.1.1.1, time
stamp: 0x4a429fb9 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00055f99 Faulting process
id: 0x794 Faulting application start time: 0x01ceb3141b823cc1 Faulting application
path: C:\Users\Tree\Desktop\Rooter exe.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 642c6226-1f07-11e3-9de9-001e33b25256

Error - 9/16/2013 3:37:48 PM | Computer Name = Tree-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rooter exe.exe, version: 0.1.1.1, time
stamp: 0x4a429fb9 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00055f99 Faulting process
id: 0x108 Faulting application start time: 0x01ceb3142e248267 Faulting application
path: C:\Users\Tree\Desktop\Rooter exe.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 770c8b92-1f07-11e3-9de9-001e33b25256

Error - 9/16/2013 3:38:03 PM | Computer Name = Tree-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/16/2013 3:40:38 PM | Computer Name = Tree-PC | Source = VSS | ID = 18
Description =

Error - 9/16/2013 3:40:38 PM | Computer Name = Tree-PC | Source = VSS | ID = 8193
Description =

Error - 9/16/2013 3:40:38 PM | Computer Name = Tree-PC | Source = System Restore | ID = 8193
Description =

Error - 9/16/2013 3:48:39 PM | Computer Name = Tree-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rooter exe.exe, version: 0.1.1.1, time
stamp: 0x4a429fb9 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00055f99 Faulting process
id: 0x790 Faulting application start time: 0x01ceb315b32120ed Faulting application
path: C:\Users\Tree\Desktop\Rooter exe.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: fb00f15a-1f08-11e3-9de9-001e33b25256

Error - 9/16/2013 3:53:45 PM | Computer Name = Tree-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/16/2013 3:46:48 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:46:48 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:46:48 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:47:54 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:47:54 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:47:54 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:47:55 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 9/16/2013 3:48:06 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:48:06 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:48:06 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptyRe: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

*********************************************
Something going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptyRe: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
Thank you for your quick reply.......greatly appreciate it

# AdwCleaner v3.003 - Report created 14/09/2013 at 14:33:20
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Ultimate N Service Pack 1 (32 bits)
# Username : Tree - TREE-PC
# Running from : C:\Users\Tree\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03125A57-9219-45A0-96DF-B5462EE58A1B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31D1BD13-7F61-4963-8D2A-7DCA21C063CF}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3.1
Key Deleted : HKLM\Software\InternetHelper3.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3.1 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2449 octets] - [14/09/2013 13:46:33]
AdwCleaner[S0].txt - [1870 octets] - [14/09/2013 14:33:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1930 octets] ##########
# AdwCleaner v3.004 - Report created 17/09/2013 at 20:45:25
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Ultimate N Service Pack 1 (32 bits)
# Username : Tree - TREE-PC
# Running from : C:\Users\Tree\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc
Service Deleted : DefaultTabSearch
Service Deleted : DefaultTabUpdate

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\internethelper3.1
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Users\Tree\AppData\Local\Conduit
Folder Deleted : C:\Users\Tree\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tree\AppData\LocalLow\internethelper3.1
Folder Deleted : C:\Users\Tree\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Tree\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtect]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03125A57-9219-45A0-96DF-B5462EE58A1B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31D1BD13-7F61-4963-8D2A-7DCA21C063CF}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\InternetHelper3.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3.1 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9166 octets] - [14/09/2013 13:46:33]
AdwCleaner[S0].txt - [7837 octets] - [14/09/2013 14:33:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7897 octets] ##########

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptyRe: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.18.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Tree :: TREE-PC [administrator]

9/17/2013 8:52:10 PM
mbam-log-2013-09-17 (20-52-10).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264547
Time elapsed: 50 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{976d7863-9e6c-4066-8c67-0993db9de35f} (PUP.Optional.WebLayers.A) -> No action taken.
HKCR\TypeLib\{392E0193-4BB3-4F94-9ACA-414B7803E687} (PUP.Optional.WebLayers.A) -> No action taken.
HKCR\Interface\{A3F7FF24-4FDE-43AA-989E-554404B37313} (PUP.Optional.WebLayers.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{976D7863-9E6C-4066-8C67-0993DB9DE35F} (PUP.Optional.WebLayers.A) -> No action taken.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\Software\PC Health Kit (Rogue.PCHealthKit) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit (Rogue.PCHealthKit) -> Quarantined and deleted successfully.

Files Detected: 28
C:\Program Files\Web Layers\WebLayersBHO.dll (PUP.Optional.WebLayers.A) -> No action taken.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7X4GA5Z6\stublogic[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMKZAT4Y\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWY87DUG\DefaultTabSetupe[1].exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWY87DUG\InternetHelper3.1[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6VGZS8Y\InternetHelper3_1_wpf[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6VGZS8Y\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\temp\air8B63.exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Tree\AppData\Local\temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\temp\ct3289663\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\temp\ct3289663\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\temp\ct3289663\spch.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\temp\ct3289663\stub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\Downloads\iLividSetup-r367-n-bc (3).exe (PUP.Optional.Bandoo) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\InternetHelper3.1ToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Local\Conduit\CT3289663\InternetHelper3.1AutoUpdateHelper.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir (PUP.Optional.DefaultTab) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir (PUP.Optional.DefaultTab) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir (PUP.Optional.DefaultTab) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir (PUP.Optional.DefaultTab) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir (PUP.Optional.DefaultTab) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir (PUP.Optional.DefaultTab.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\update.exe.vir (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\Tree\Desktop\PC Health Kit.lnk (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\PC Health Kit.lnk (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Help.lnk (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\PC Health Kit on the Web.lnk (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Uninstall PC Health Kit.lnk (Rogue.PCHealthKit) -> Quarantined and deleted successfully.

(end)

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptyRe: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
Please run MBAM again, make sure everything is checked and click on "Remove the infections". I'll be back tomorrow to check the results of the other scans.

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptyRe: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Ultimate N x86
Ran by Tree on Tue 09/17/2013 at 21:46:46.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pc health kit



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{976D7863-9E6C-4066-8C67-0993DB9DE35F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\web layers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4BE0DA4B-28C7-4077-9E03-13AFAD34A997}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7DC59D91-4C5F-441B-AA3D-250790E7832A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{976D7863-9E6C-4066-8C67-0993DB9DE35F}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\pc health kit"
Failed to delete: [Folder] "C:\Program Files\web layers"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/17/2013 at 21:50:24.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptyRe: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java(TM) 6 Update 22
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 11.8.800.168
Google Chrome 29.0.1547.62
Google Chrome 29.0.1547.66
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptyRe: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.18.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Tree :: TREE-PC [administrator]

9/17/2013 10:01:59 PM
mbam-log-2013-09-17 (22-01-59).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264972
Time elapsed: 53 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 22
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7X4GA5Z6\stublogic[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMKZAT4Y\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWY87DUG\DefaultTabSetupe[1].exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWY87DUG\InternetHelper3.1[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6VGZS8Y\InternetHelper3_1_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6VGZS8Y\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\temp\air8B63.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\temp\ct3289663\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\temp\ct3289663\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\temp\ct3289663\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\temp\ct3289663\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\Downloads\iLividSetup-r367-n-bc (3).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\InternetHelper3.1ToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Local\Conduit\CT3289663\InternetHelper3.1AutoUpdateHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\update.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.

(end)

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptyRe: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*******************************************
Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptyRe: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
Ran MBAM anti rootkit......no threats were found


Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.18.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
Tree :: TREE-PC [administrator]

9/18/2013 4:45:04 PM
mbar-log-2013-09-18 (16-45-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 195398
Time elapsed: 11 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptyRe: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the Something going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EsetOnline button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on Something going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EsetSmartInstall to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Something going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EsetSmartInstallDesktopIcon-1 icon on your desktop.

•Check Something going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EsetAcceptTerms
•Click the Something going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EsetStart button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check Something going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EsetScanArchives
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push Something going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EsetListThreats
•Push Something going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EsetExport, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the Something going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EsetBack button.
•Push Something going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EsetFinish
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptyRe: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMKZAT4Y\PCHealthKit[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Tree\AppData\Local\temp\airD34C.exe multiple threats cleaned by deleting - quarantined



Hope I did this right

The 'CMX;V v'CMX;V'cmx;v issue is still in 'cmx;v the computer as you can see


ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f94f77cfaa519f4c843125d0600d6805
# engine=15180
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-19 12:33:51
# local_time=2013-09-18 08:33:51 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 96 38293943 155342703 0 0
# compatibility_mode=5893 16776573 100 94 0 131095622 0 0
# scanned=80725
# found=2
# cleaned=2
# scan_time=2869
sh=948C83C98A86C129E5B49D61A6004D3BB940B0EA ft=1 fh=84d52bf3a9d301a7 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMKZAT4Y\PCHealthKit[1].exe"
sh=948C83C98A86C129E5B49D61A6004D3BB940B0EA ft=1 fh=84d52bf3a9d301a7 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Tree\AppData\Local\temp\airD34C.exe"

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptyRe: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
Using G/F's laptop......keyboard disables.....'Caps lock pops on by itself
Is this still happening? It's probably a hardware problem
The 'CMX;V v'CMX;V'cmx;v issue is still in 'cmx;v the computer as you can see.
I'm afraid I can't understand what you mean by this. Could you give me a better explanation or give me a screenshot?

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptyRe: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
Often, the computer will automatically lock caps, then it locks up the keyboard.

Hard to explain....ea'CMX;H ;each page I have open, the page for will scoll to the bottom of the page all while.....I can't even go to the top of the page

Even right now the caps lock is turning on by itself

I have no control of the keyboard at times

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptyRe: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
Often, the computer will automatically lock caps, then it locks up the keyboard.
You could try plugging another keyboard into the laptop.
What browser are you using?

descriptionSomething going on.........'cmx;v'cmx;v   :V'cmx;v SEE...Lol EmptyRe: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum