Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Using G/F's laptop......keyboard disables.....'Caps lock pops on by itself

Need help

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/16/2013 04:36:27 PM in x86 mode.
Windows Version: Windows 7 Ultimate N Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* WMPNetworkSvc [Missing Service]
* WPDBusEnum [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 09/16/2013 04:37:17 PM
Execution time: 0 hours(s), 0 minute(s), and 49 seconds(s)


OTL logfile created on: 9/16/2013 4:00:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tree\Downloads
Ultimate Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 62.34% Memory free
5.74 Gb Paging File | 4.53 Gb Available in Paging File | 78.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 204.43 Gb Free Space | 87.82% Space Free | Partition Type: NTFS

Computer Name: TREE-PC | User Name: Tree | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/16 15:59:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tree\Downloads\OTL.exe
PRC - [2013/09/02 16:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/08/22 21:34:16 | 000,206,624 | ---- | M] (Web Layers) -- C:\Program Files\Web Layers\updateWebLayers.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin


========== Modules (No Company Name) ==========

MOD - [2013/09/02 16:35:56 | 000,410,576 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/02 16:35:55 | 013,599,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
MOD - [2013/09/02 16:35:54 | 004,053,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 16:35:04 | 000,709,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
MOD - [2013/09/02 16:35:03 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\libegl.dll
MOD - [2013/09/02 16:35:01 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/25 17:03:47 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV - [2013/09/13 19:35:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/22 21:34:16 | 000,206,624 | ---- | M] (Web Layers) [Auto | Running] -- C:\Program Files\Web Layers\updateWebLayers.exe -- (Update Web Layers)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/25 14:21:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tree\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/20 17:31:22 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 17:31:16 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:30:52 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 17:30:52 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 17:30:52 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 17:30:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 17:30:52 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 17:30:52 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 17:30:52 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 17:30:52 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:30:52 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 17:30:51 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009/09/21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 32 DB B9 71 41 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/25 14:38:25 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! WebRep = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/16 15:46:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - Startup: C:\Users\Tree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8776BE5-A86F-4B19-895A-8D1EFD46A490}: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8776BE5-A86F-4B19-895A-8D1EFD46A490}: NameServer = 8.8.4.4,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C74D307F-C742-4632-A66A-669C268F5494}: DhcpNameServer = 207.172.3.8 207.172.3.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD2A99C5-B6CA-4337-A09D-6644DBE112AF}: DhcpNameServer = 208.59.247.45 208.59.247.46
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/16 15:47:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/16 15:47:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/09/16 15:47:44 | 000,000,000 | ---D | C] -- C:\Users\Tree\AppData\Local\temp
[2013/09/16 15:33:48 | 000,173,119 | ---- | C] (Eric_71) -- C:\Users\Tree\Desktop\Rooter exe.exe
[2013/09/16 13:41:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/16 13:41:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/16 13:41:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/14 13:46:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/14 13:39:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/13 03:03:57 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/13 03:03:55 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/13 03:03:53 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/13 03:03:53 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/13 03:03:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/13 03:03:49 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/13 03:03:49 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/13 03:03:49 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/13 03:03:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/13 03:03:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/12 12:35:08 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/09/12 12:35:06 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/12 12:35:00 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/12 12:34:59 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/09/12 12:34:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/12 12:34:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/12 12:34:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/12 12:34:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/12 12:34:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/12 12:34:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/12 12:34:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/12 12:34:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/12 12:34:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/12 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/08/24 18:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/08/24 18:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Web Layers
[2013/08/24 18:47:16 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2013/08/24 18:47:16 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2013/08/24 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\Tree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flash Movie Player
[2013/08/24 18:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Movie Player
[2013/08/24 18:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Movie Player
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/16 15:59:23 | 000,020,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/16 15:59:23 | 000,020,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/16 15:52:10 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/16 15:51:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/16 15:51:52 | 2312,105,984 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/16 15:46:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/09/16 15:33:50 | 000,173,119 | ---- | M] (Eric_71) -- C:\Users\Tree\Desktop\Rooter exe.exe
[2013/09/16 14:37:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/16 14:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/14 21:06:34 | 348,811,311 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/13 19:35:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/13 19:35:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/13 03:22:04 | 000,285,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/12 14:16:26 | 000,000,884 | RHS- | M] () -- C:\Users\Tree\ntuser.pol
[2013/09/05 21:42:26 | 000,002,129 | ---- | M] () -- C:\Users\Tree\Desktop\Google Chrome.lnk
[2013/09/05 21:42:26 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/24 18:46:49 | 000,001,008 | ---- | M] () -- C:\Users\Tree\Desktop\Flash Movie Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/16 15:50:59 | 000,001,071 | ---- | C] () -- C:\Users\Tree\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/16 15:50:49 | 000,002,129 | ---- | C] () -- C:\Users\Tree\Desktop\Google Chrome.lnk
[2013/09/16 13:41:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/16 13:41:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/16 13:41:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/16 13:41:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/16 13:41:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/24 18:48:47 | 000,000,884 | RHS- | C] () -- C:\Users\Tree\ntuser.pol
[2013/08/24 18:46:49 | 000,001,008 | ---- | C] () -- C:\Users\Tree\Desktop\Flash Movie Player.lnk

========== ZeroAccess Check ==========

[2009/07/14 00:09:29 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:31:11 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


'CMX;V
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tree\Downloads
Ultimate Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 62.34% Memory free
5.74 Gb Paging File | 4.53 Gb Available in Paging File | 78.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 204.43 Gb Free Space | 87.82% Space Free | Partition Type: NTFS

Computer Name: TREE-PC | User Name: Tree | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ACA211-EE73-44DE-AD81-A33945761865}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{09D384D8-DAB9-4F55-A341-9CE86264B114}" = lport=139 | protocol=6 | dir=in | app=system |
"{2B303554-5C4C-4D71-800C-06EF3FC52F43}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34A5D4EC-0DD2-4684-A79A-B24F3B5D0C3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4113E7F6-7B9D-4DCD-8186-D81FB7060A90}" = lport=137 | protocol=17 | dir=in | app=system |
"{5383F8D5-5495-4D39-BB75-673EE243D6EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D84A3DA-91B4-43A5-B26A-AAA6A9F4F0FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84CF0C1F-DF32-49A1-9391-2C50782CB5C3}" = rport=139 | protocol=6 | dir=out | app=system |
"{8B99EE20-20A1-41C6-99A4-008226D9422F}" = lport=138 | protocol=17 | dir=in | app=system |
"{91F423EB-9F03-472B-8AB2-0E0082EFF250}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9A50E8B3-A1FC-4556-BAA8-B91121A14405}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E6AE802-3BD6-453A-8F5F-462DF6EDAAEB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B1F9B160-432A-4432-93AB-1EF2360376AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BA75EE70-9A79-4F65-AC2A-5A73E6283446}" = rport=138 | protocol=17 | dir=out | app=system |
"{D10658DD-CD66-4ADE-ACF7-3D7A0BB85D8C}" = rport=445 | protocol=6 | dir=out | app=system |
"{D7FA8C84-24A5-44A5-8054-62AC038A6B2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DBE5755C-71EC-4551-B79D-0F6464A3DC64}" = lport=445 | protocol=6 | dir=in | app=system |
"{E3ACBC40-F914-4366-AAD6-E11ED648701C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E813CCE7-3D43-4C13-A9BB-FCD6443DD30D}" = rport=137 | protocol=17 | dir=out | app=system |
"{EE661088-CEE3-4C6A-BA35-DBC67692B90D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6858254-FFF9-445C-8264-C87FBFB78FED}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FB0E71E8-96C0-463B-9864-DBE94DBE85C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3F8D89FD-07E4-4524-8D96-837D9E2AA32E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{412937EE-C7DE-4F8E-921A-330533544FC6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4448AD76-486E-4DCA-852E-9EB8987349D5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6BD5CB31-D905-4D92-8E92-C3AAD4A0ECCB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7F1B4905-B54D-496C-A74B-8655576F5418}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C6FA9815-119F-4D56-926D-68863FED8DCD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D08F0C19-BD34-4F22-8A62-7D4C8E440598}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F0CB75FF-2E56-4497-A31D-8BC0C701B331}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FB37BBCB-5D32-4064-8EAA-5A4A5D8B9711}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Flash Movie Player" = Flash Movie Player 1.5
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2013 3:32:55 PM | Computer Name = Tree-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rooter.exe, version: 0.1.1.1, time stamp:
0x4a429fb9 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp:
0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00055f99 Faulting process id:
0xe7c Faulting application start time: 0x01ceb31386022b02 Faulting application path:
C:\Users\Tree\Downloads\Rooter.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: c8afcf67-1f06-11e3-90de-001e33b25256

Error - 9/16/2013 3:34:06 PM | Computer Name = Tree-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rooter exe.exe, version: 0.1.1.1, time
stamp: 0x4a429fb9 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x0005ed7d Faulting process
id: 0xf78 Faulting application start time: 0x01ceb313b2113254 Faulting application
path: C:\Users\Tree\Desktop\Rooter exe.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: f2c1492e-1f06-11e3-90de-001e33b25256

Error - 9/16/2013 3:37:16 PM | Computer Name = Tree-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rooter exe.exe, version: 0.1.1.1, time
stamp: 0x4a429fb9 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00055f99 Faulting process
id: 0x794 Faulting application start time: 0x01ceb3141b823cc1 Faulting application
path: C:\Users\Tree\Desktop\Rooter exe.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 642c6226-1f07-11e3-9de9-001e33b25256

Error - 9/16/2013 3:37:48 PM | Computer Name = Tree-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rooter exe.exe, version: 0.1.1.1, time
stamp: 0x4a429fb9 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00055f99 Faulting process
id: 0x108 Faulting application start time: 0x01ceb3142e248267 Faulting application
path: C:\Users\Tree\Desktop\Rooter exe.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 770c8b92-1f07-11e3-9de9-001e33b25256

Error - 9/16/2013 3:38:03 PM | Computer Name = Tree-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/16/2013 3:40:38 PM | Computer Name = Tree-PC | Source = VSS | ID = 18
Description =

Error - 9/16/2013 3:40:38 PM | Computer Name = Tree-PC | Source = VSS | ID = 8193
Description =

Error - 9/16/2013 3:40:38 PM | Computer Name = Tree-PC | Source = System Restore | ID = 8193
Description =

Error - 9/16/2013 3:48:39 PM | Computer Name = Tree-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rooter exe.exe, version: 0.1.1.1, time
stamp: 0x4a429fb9 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00055f99 Faulting process
id: 0x790 Faulting application start time: 0x01ceb315b32120ed Faulting application
path: C:\Users\Tree\Desktop\Rooter exe.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: fb00f15a-1f08-11e3-9de9-001e33b25256

Error - 9/16/2013 3:53:45 PM | Computer Name = Tree-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/16/2013 3:46:48 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:46:48 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:46:48 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:47:54 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:47:54 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:47:54 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:47:55 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 9/16/2013 3:48:06 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:48:06 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:48:06 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download AdwCleaner by Xplode onto your Desktop.

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Thank you for your quick reply.......greatly appreciate it

# AdwCleaner v3.003 - Report created 14/09/2013 at 14:33:20
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Ultimate N Service Pack 1 (32 bits)
# Username : Tree - TREE-PC
# Running from : C:\Users\Tree\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03125A57-9219-45A0-96DF-B5462EE58A1B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31D1BD13-7F61-4963-8D2A-7DCA21C063CF}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3.1
Key Deleted : HKLM\Software\InternetHelper3.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3.1 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2449 octets] - [14/09/2013 13:46:33]
AdwCleaner[S0].txt - [1870 octets] - [14/09/2013 14:33:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1930 octets] ##########
# AdwCleaner v3.004 - Report created 17/09/2013 at 20:45:25
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Ultimate N Service Pack 1 (32 bits)
# Username : Tree - TREE-PC
# Running from : C:\Users\Tree\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc
Service Deleted : DefaultTabSearch
Service Deleted : DefaultTabUpdate

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\internethelper3.1
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Users\Tree\AppData\Local\Conduit
Folder Deleted : C:\Users\Tree\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tree\AppData\LocalLow\internethelper3.1
Folder Deleted : C:\Users\Tree\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Tree\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtect]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03125A57-9219-45A0-96DF-B5462EE58A1B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31D1BD13-7F61-4963-8D2A-7DCA21C063CF}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\InternetHelper3.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3.1 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9166 octets] - [14/09/2013 13:46:33]
AdwCleaner[S0].txt - [7837 octets] - [14/09/2013 14:33:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7897 octets] ##########

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.18.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Tree :: TREE-PC [administrator]

9/17/2013 8:52:10 PM
mbam-log-2013-09-17 (20-52-10).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264547
Time elapsed: 50 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{976d7863-9e6c-4066-8c67-0993db9de35f} (PUP.Optional.WebLayers.A) -> No action taken.
HKCR\TypeLib\{392E0193-4BB3-4F94-9ACA-414B7803E687} (PUP.Optional.WebLayers.A) -> No action taken.
HKCR\Interface\{A3F7FF24-4FDE-43AA-989E-554404B37313} (PUP.Optional.WebLayers.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{976D7863-9E6C-4066-8C67-0993DB9DE35F} (PUP.Optional.WebLayers.A) -> No action taken.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\Software\PC Health Kit (Rogue.PCHealthKit) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit (Rogue.PCHealthKit) -> Quarantined and deleted successfully.

Files Detected: 28
C:\Program Files\Web Layers\WebLayersBHO.dll (PUP.Optional.WebLayers.A) -> No action taken.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7X4GA5Z6\stublogic[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMKZAT4Y\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWY87DUG\DefaultTabSetupe[1].exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWY87DUG\InternetHelper3.1[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6VGZS8Y\InternetHelper3_1_wpf[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6VGZS8Y\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\temp\air8B63.exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Tree\AppData\Local\temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\temp\ct3289663\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\temp\ct3289663\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\temp\ct3289663\spch.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\AppData\Local\temp\ct3289663\stub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tree\Downloads\iLividSetup-r367-n-bc (3).exe (PUP.Optional.Bandoo) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\InternetHelper3.1ToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Local\Conduit\CT3289663\InternetHelper3.1AutoUpdateHelper.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir (PUP.Optional.DefaultTab) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir (PUP.Optional.DefaultTab) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir (PUP.Optional.DefaultTab) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir (PUP.Optional.DefaultTab) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir (PUP.Optional.DefaultTab) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir (PUP.Optional.DefaultTab.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\update.exe.vir (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\Tree\Desktop\PC Health Kit.lnk (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\PC Health Kit.lnk (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Help.lnk (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\PC Health Kit on the Web.lnk (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Uninstall PC Health Kit.lnk (Rogue.PCHealthKit) -> Quarantined and deleted successfully.

(end)

Please run MBAM again, make sure everything is checked and click on "Remove the infections". I'll be back tomorrow to check the results of the other scans.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Ultimate N x86
Ran by Tree on Tue 09/17/2013 at 21:46:46.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pc health kit



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{976D7863-9E6C-4066-8C67-0993DB9DE35F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\web layers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4BE0DA4B-28C7-4077-9E03-13AFAD34A997}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7DC59D91-4C5F-441B-AA3D-250790E7832A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{976D7863-9E6C-4066-8C67-0993DB9DE35F}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\pc health kit"
Failed to delete: [Folder] "C:\Program Files\web layers"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/17/2013 at 21:50:24.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java(TM) 6 Update 22
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 11.8.800.168
Google Chrome 29.0.1547.62
Google Chrome 29.0.1547.66
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.18.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Tree :: TREE-PC [administrator]

9/17/2013 10:01:59 PM
mbam-log-2013-09-17 (22-01-59).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264972
Time elapsed: 53 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 22
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7X4GA5Z6\stublogic[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMKZAT4Y\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWY87DUG\DefaultTabSetupe[1].exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWY87DUG\InternetHelper3.1[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6VGZS8Y\InternetHelper3_1_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6VGZS8Y\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\temp\air8B63.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\temp\ct3289663\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\temp\ct3289663\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\temp\ct3289663\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\AppData\Local\temp\ct3289663\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tree\Downloads\iLividSetup-r367-n-bc (3).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\InternetHelper3.1ToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Local\Conduit\CT3289663\InternetHelper3.1AutoUpdateHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Tree\AppData\Roaming\DefaultTab\DefaultTab\update.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.

(end)

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*******************************************
Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
  
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  
• Copy and paste the contents of these two log files in your next reply.
  

Ran MBAM anti rootkit......no threats were found


Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.18.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
Tree :: TREE-PC [administrator]

9/18/2013 4:45:04 PM
mbar-log-2013-09-18 (16-45-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 195398
Time elapsed: 11 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMKZAT4Y\PCHealthKit[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Tree\AppData\Local\temp\airD34C.exe multiple threats cleaned by deleting - quarantined



Hope I did this right

The 'CMX;V v'CMX;V'cmx;v issue is still in 'cmx;v the computer as you can see


ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f94f77cfaa519f4c843125d0600d6805
# engine=15180
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-19 12:33:51
# local_time=2013-09-18 08:33:51 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 96 38293943 155342703 0 0
# compatibility_mode=5893 16776573 100 94 0 131095622 0 0
# scanned=80725
# found=2
# cleaned=2
# scan_time=2869
sh=948C83C98A86C129E5B49D61A6004D3BB940B0EA ft=1 fh=84d52bf3a9d301a7 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Tree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMKZAT4Y\PCHealthKit[1].exe"
sh=948C83C98A86C129E5B49D61A6004D3BB940B0EA ft=1 fh=84d52bf3a9d301a7 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Tree\AppData\Local\temp\airD34C.exe"

Using G/F's laptop......keyboard disables.....'Caps lock pops on by itself

Is this still happening? It's probably a hardware problem

The 'CMX;V v'CMX;V'cmx;v issue is still in 'cmx;v the computer as you can see.

I'm afraid I can't understand what you mean by this. Could you give me a better explanation or give me a screenshot?

Often, the computer will automatically lock caps, then it locks up the keyboard.

Hard to explain....ea'CMX;H ;each page I have open, the page for will scoll to the bottom of the page all while.....I can't even go to the top of the page

Even right now the caps lock is turning on by itself

I have no control of the keyboard at times

Often, the computer will automatically lock caps, then it locks up the keyboard.

You could try plugging another keyboard into the laptop.
What browser are you using?

She has Google Chrome......I use Firefox on mine

As far as another keyboard, this is something in the computer....something is setting it off


I will try however

Do you have the same problem when using Internet Explorer?

getting worse.

tough typing at all

keeps pinging forcES page down...have to restart all the time now

when i shut down.....see flash of s'c'reen that is infecting laptop....hard to make out what it is

IE not working at all

Shuts down saying there is a problem with IE

Did absolutely nothing

What about 'cO'MBOFIX?

JonEJet wrote:

What about 'cO'MBOFIX?

Ok, we'll try CF. I didn't know if your computer could run it but we'll give it a try.

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

ComboFix 13-09-19.01 - Tree 09/19/2013 19:51:13.3.2 - x86
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.2940.1569 [GMT -4:00]
Running from: c:\users\Tree\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tree\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
((((((((((((((((((((((((( Files Created from 2013-08-19 to 2013-09-19 )))))))))))))))))))))))))))))))
.
.
2013-09-19 23:58 . 2013-09-19 23:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-19 23:58 . 2013-09-19 23:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-19 21:26 . 2013-09-19 21:26 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC80FC16-D0AC-4442-966A-54F253AC380B}\offreg.dll
2013-09-18 23:43 . 2013-09-18 23:43 -------- d-----w- c:\program files\ESET
2013-09-18 20:44 . 2013-09-18 20:57 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-18 20:32 . 2013-09-18 20:32 -------- d-----w- c:\programdata\Oracle
2013-09-18 20:32 . 2013-09-18 20:32 -------- d-----w- c:\program files\Common Files\Java
2013-09-18 20:31 . 2013-09-18 20:31 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-18 07:03 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-18 07:03 . 2013-08-10 03:58 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-09-18 07:03 . 2013-08-10 03:58 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-09-18 07:03 . 2013-08-10 03:58 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-09-18 07:03 . 2013-08-10 03:58 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-09-17 17:16 . 2013-08-02 01:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-17 17:16 . 2013-08-02 01:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-17 17:16 . 2013-08-02 00:43 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-17 17:16 . 2013-08-02 00:43 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-17 17:16 . 2013-08-02 00:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-17 17:16 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC80FC16-D0AC-4442-966A-54F253AC380B}\mpengine.dll
2013-09-16 22:27 . 2013-09-16 22:27 -------- d-----w- C:\Intel
2013-09-16 21:35 . 2013-09-16 21:35 -------- d-----w- c:\users\Tree\AppData\Local\Apple
2013-09-16 20:42 . 2013-09-17 01:18 -------- d-----w- c:\users\Tree\Downloads - Copy
2013-09-14 17:46 . 2013-09-19 20:39 -------- d-----w- C:\AdwCleaner
2013-09-14 17:39 . 2013-09-14 17:39 -------- d-----w- c:\windows\ERUNT
2013-08-24 22:48 . 2013-09-19 21:14 -------- d-----w- c:\program files\Web Layers
2013-08-24 22:47 . 2013-05-08 06:10 770384 ----a-w- c:\windows\system32\msvcr100.dll
2013-08-24 22:47 . 2013-05-08 06:10 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-08-24 22:46 . 2013-08-24 22:46 -------- d-----w- c:\program files\Flash Movie Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-18 20:31 . 2012-07-17 00:05 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-18 20:31 . 2012-05-25 21:02 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-16 22:35 . 2013-03-16 01:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-16 22:35 . 2013-03-16 01:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-07 08:22 . 2012-05-25 16:55 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-19 01:41 . 2013-08-14 16:26 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-14 16:28 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-14 16:28 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-14 16:28 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-14 16:29 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-14 16:29 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-14 16:29 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-14 16:29 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 16:29 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Tree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-25 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 Update Web Layers;Update Web Layers;c:\program files\Web Layers\updateWebLayers.exe [2013-08-23 206624]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 01:34 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-16 22:35]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-16 19:42]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-16 19:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{A8776BE5-A86F-4B19-895A-8D1EFD46A490}: NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{A8776BE5-A86F-4B19-895A-8D1EFD46A490}\44B4E445: NameServer = 8.8.4.4,8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PC Health Kit_is1 - c:\program files\PC Health Kit\unins000.exe
AddRemove-Web Layers - c:\program files\Web Layers\WebLayersuninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-19 20:00:29
ComboFix-quarantined-files.txt 2013-09-20 00:00
.
Pre-Run: 225,114,562,560 bytes free
Post-Run: 225,087,434,752 bytes free
.
- - End Of File - - 27C2ED9D3FAAF02CC9DD894716B5F8E6
A36C5E4F47E84449FF07ED3517B43A31

Can you post a screenshot to show me what's happening?

not sure it will show wyo anything.......it jst forces me to the bottom of each page I'm browsing......and the caps lock tab is popping on and off frequently


right now I'm having no problems.....but it wil come back

When I sign off and restart the computer....I get a quick flash of a black screen with some sort of "joker"....so I know it's infected with something

Ok, let's try to run MBAM in Safe Mode.

Did quick scan

v'CMXMalwarebytes Anti-Malware 1.75.0.1300;VV
www.malwarebytes.org

Database version: v2013.09.18.01

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16686
Tree :: TREE-PC [administrator]

9/19/2013 9:27:00 PM
mbam-log-2013-09-19 (21-27-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189351
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Tree [Admin rights]
Mode : Scan -- Date : 09/19/2013 22:02:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HTS543225L9SA00 ATA Device +++++
--- User ---
[MBR] 1fd5845997dc416a317fed465928bddd
[BSP] 269e08151baa3366ac5c2bd2e5a11350 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09192013_220225.txt >>

BTW...Thank you very much for trying to help me with this.....greatly appreciated

Please run RogueKiller again and delete those items.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory..

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Tree [Admin rights]
Mode : Remove -- Date : 09/20/2013 16:02:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HTS543225L9SA00 ATA Device +++++
--- User ---
[MBR] 1fd5845997dc416a317fed465928bddd
[BSP] 269e08151baa3366ac5c2bd2e5a11350 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_09202013_160220.txt >>
RKreport[0]_D_09192013_220449.txt;RKreport[0]_D_09202013_155910.txt;RKreport[0]_S_09192013_220225.txt
RKreport[0]_S_09202013_155846.txt;RKreport[0]_S_09202013_160200.txt

16:15:02.0972 5356 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:15:03.0415 5356 ============================================================
16:15:03.0415 5356 Current date / time: 2013/09/20 16:15:03.0415
16:15:03.0415 5356 SystemInfo:
16:15:03.0415 5356
16:15:03.0415 5356 OS Version: 6.1.7601 ServicePack: 1.0
16:15:03.0415 5356 Product type: Workstation
16:15:03.0416 5356 ComputerName: TREE-PC
16:15:03.0416 5356 UserName: Tree
16:15:03.0416 5356 Windows directory: C:\Windows
16:15:03.0416 5356 System windows directory: C:\Windows
16:15:03.0416 5356 Processor architecture: Intel x86
16:15:03.0416 5356 Number of processors: 2
16:15:03.0416 5356 Page size: 0x1000
16:15:03.0416 5356 Boot type: Normal boot
16:15:03.0416 5356 ============================================================
16:15:04.0565 5356 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:15:04.0581 5356 ============================================================
16:15:04.0581 5356 \Device\Harddisk0\DR0:
16:15:04.0587 5356 MBR partitions:
16:15:04.0587 5356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:15:04.0587 5356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
16:15:04.0587 5356 ============================================================
16:15:04.0643 5356 C: <-> \Device\Harddisk0\DR0\Partition2
16:15:04.0643 5356 ============================================================
16:15:04.0643 5356 Initialize success
16:15:04.0643 5356 ============================================================
16:15:19.0219 5316 ============================================================
16:15:19.0219 5316 Scan started
16:15:19.0219 5316 Mode: Manual; SigCheck; TDLFS;
16:15:19.0219 5316 ============================================================
16:15:19.0664 5316 ================ Scan system memory ========================
16:15:19.0664 5316 System memory - ok
16:15:19.0665 5316 ================ Scan services =============================
16:15:19.0872 5316 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:15:19.0999 5316 1394ohci - ok
16:15:20.0143 5316 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:15:20.0181 5316 ACPI - ok
16:15:20.0274 5316 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:15:20.0310 5316 AcpiPmi - ok
16:15:20.0448 5316 [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:15:20.0483 5316 AdobeFlashPlayerUpdateSvc - ok
16:15:20.0540 5316 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:15:20.0583 5316 adp94xx - ok
16:15:20.0607 5316 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:15:20.0644 5316 adpahci - ok
16:15:20.0667 5316 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:15:20.0699 5316 adpu320 - ok
16:15:20.0734 5316 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:15:20.0794 5316 AeLookupSvc - ok
16:15:20.0836 5316 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:15:20.0876 5316 AFD - ok
16:15:20.0942 5316 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
16:15:20.0998 5316 AgereSoftModem - ok
16:15:21.0028 5316 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:15:21.0058 5316 agp440 - ok
16:15:21.0099 5316 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:15:21.0129 5316 aic78xx - ok
16:15:21.0176 5316 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:15:21.0210 5316 ALG - ok
16:15:21.0243 5316 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:15:21.0272 5316 aliide - ok
16:15:21.0303 5316 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:15:21.0333 5316 amdagp - ok
16:15:21.0348 5316 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:15:21.0376 5316 amdide - ok
16:15:21.0403 5316 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:15:21.0437 5316 AmdK8 - ok
16:15:21.0454 5316 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:15:21.0489 5316 AmdPPM - ok
16:15:21.0523 5316 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:15:21.0554 5316 amdsata - ok
16:15:21.0589 5316 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:15:21.0621 5316 amdsbs - ok
16:15:21.0641 5316 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:15:21.0670 5316 amdxata - ok
16:15:21.0703 5316 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:15:21.0762 5316 AppID - ok
16:15:21.0799 5316 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:15:21.0857 5316 AppIDSvc - ok
16:15:21.0893 5316 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
16:15:21.0929 5316 Appinfo - ok
16:15:22.0026 5316 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:15:22.0061 5316 Apple Mobile Device - ok
16:15:22.0106 5316 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
16:15:22.0141 5316 AppMgmt - ok
16:15:22.0174 5316 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
16:15:22.0204 5316 arc - ok
16:15:22.0215 5316 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:15:22.0247 5316 arcsas - ok
16:15:22.0274 5316 [ 0AE43C6C411254049279C2EE55630F95 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
16:15:22.0311 5316 aswFsBlk - ok
16:15:22.0349 5316 [ 6693141560B1615D8DCCF0D8EB00087E ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:15:22.0376 5316 aswMonFlt - ok
16:15:22.0397 5316 [ 225013C16FE096714D71649AD7A20E8B ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
16:15:22.0424 5316 aswRdr - ok
16:15:22.0456 5316 [ DCB199B967375753B5019EC15F008F53 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
16:15:22.0510 5316 aswSnx - ok
16:15:22.0537 5316 [ B32873E5A1443C0A1E322266E203BF10 ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:15:22.0572 5316 aswSP - ok
16:15:22.0602 5316 [ 6FF544175A9180C5D88534D3D9C9A9F7 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
16:15:22.0629 5316 aswTdi - ok
16:15:22.0663 5316 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:15:22.0724 5316 AsyncMac - ok
16:15:22.0756 5316 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:15:22.0784 5316 atapi - ok
16:15:22.0856 5316 [ AC4ADAC154563AB41CC79B0257BC685A ] athr C:\Windows\system32\DRIVERS\athr.sys
16:15:22.0916 5316 athr - ok
16:15:22.0959 5316 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:15:23.0027 5316 AudioEndpointBuilder - ok
16:15:23.0045 5316 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:15:23.0114 5316 Audiosrv - ok
16:15:23.0163 5316 [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:15:23.0190 5316 avast! Antivirus - ok
16:15:23.0222 5316 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:15:23.0264 5316 AxInstSV - ok
16:15:23.0316 5316 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
16:15:23.0355 5316 b06bdrv - ok
16:15:23.0383 5316 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:15:23.0419 5316 b57nd60x - ok
16:15:23.0453 5316 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:15:23.0488 5316 BDESVC - ok
16:15:23.0501 5316 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:15:23.0565 5316 Beep - ok
16:15:23.0612 5316 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:15:23.0680 5316 BFE - ok
16:15:23.0726 5316 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
16:15:23.0805 5316 BITS - ok
16:15:23.0838 5316 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:15:23.0871 5316 blbdrive - ok
16:15:23.0925 5316 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:15:23.0958 5316 Bonjour Service - ok
16:15:23.0992 5316 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:15:24.0025 5316 bowser - ok
16:15:24.0040 5316 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:15:24.0079 5316 BrFiltLo - ok
16:15:24.0112 5316 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:15:24.0147 5316 BrFiltUp - ok
16:15:24.0188 5316 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:15:24.0252 5316 BridgeMP - ok
16:15:24.0303 5316 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:15:24.0339 5316 Browser - ok
16:15:24.0357 5316 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:15:24.0396 5316 Brserid - ok
16:15:24.0411 5316 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:15:24.0448 5316 BrSerWdm - ok
16:15:24.0478 5316 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:15:24.0514 5316 BrUsbMdm - ok
16:15:24.0534 5316 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:15:24.0567 5316 BrUsbSer - ok
16:15:24.0588 5316 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:15:24.0625 5316 BTHMODEM - ok
16:15:24.0677 5316 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:15:24.0740 5316 bthserv - ok
16:15:24.0902 5316 catchme - ok
16:15:24.0949 5316 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:15:25.0011 5316 cdfs - ok
16:15:25.0058 5316 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:15:25.0092 5316 cdrom - ok
16:15:25.0124 5316 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:15:25.0184 5316 CertPropSvc - ok
16:15:25.0222 5316 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
16:15:25.0258 5316 circlass - ok
16:15:25.0281 5316 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:15:25.0318 5316 CLFS - ok
16:15:25.0375 5316 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:15:25.0403 5316 clr_optimization_v2.0.50727_32 - ok
16:15:25.0472 5316 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:15:25.0499 5316 clr_optimization_v4.0.30319_32 - ok
16:15:25.0537 5316 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:15:25.0569 5316 CmBatt - ok
16:15:25.0601 5316 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:15:25.0629 5316 cmdide - ok
16:15:25.0668 5316 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
16:15:25.0721 5316 CNG - ok
16:15:25.0748 5316 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:15:25.0778 5316 Compbatt - ok
16:15:25.0836 5316 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:15:25.0873 5316 CompositeBus - ok
16:15:25.0888 5316 COMSysApp - ok
16:15:25.0913 5316 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:15:25.0941 5316 crcdisk - ok
16:15:25.0991 5316 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:15:26.0029 5316 CryptSvc - ok
16:15:26.0075 5316 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
16:15:26.0114 5316 CSC - ok
16:15:26.0143 5316 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
16:15:26.0187 5316 CscService - ok
16:15:26.0226 5316 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:15:26.0300 5316 DcomLaunch - ok
16:15:26.0338 5316 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:15:26.0406 5316 defragsvc - ok
16:15:26.0446 5316 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:15:26.0505 5316 DfsC - ok
16:15:26.0553 5316 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:15:26.0593 5316 Dhcp - ok
16:15:26.0606 5316 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:15:26.0670 5316 discache - ok
16:15:26.0711 5316 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
16:15:26.0741 5316 Disk - ok
16:15:26.0770 5316 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:15:26.0803 5316 dmvsc - ok
16:15:26.0833 5316 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:15:26.0872 5316 Dnscache - ok
16:15:26.0902 5316 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:15:26.0966 5316 dot3svc - ok
16:15:26.0993 5316 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:15:27.0060 5316 DPS - ok
16:15:27.0091 5316 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:15:27.0127 5316 drmkaud - ok
16:15:27.0174 5316 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:15:27.0226 5316 DXGKrnl - ok
16:15:27.0263 5316 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:15:27.0330 5316 EapHost - ok
16:15:27.0458 5316 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
16:15:27.0561 5316 ebdrv - ok
16:15:27.0671 5316 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:15:27.0708 5316 EFS - ok
16:15:27.0757 5316 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:15:27.0799 5316 elxstor - ok
16:15:27.0814 5316 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:15:27.0848 5316 ErrDev - ok
16:15:27.0906 5316 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:15:27.0975 5316 EventSystem - ok
16:15:28.0014 5316 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:15:28.0082 5316 exfat - ok
16:15:28.0102 5316 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:15:28.0166 5316 fastfat - ok
16:15:28.0199 5316 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:15:28.0245 5316 Fax - ok
16:15:28.0262 5316 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
16:15:28.0295 5316 fdc - ok
16:15:28.0326 5316 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:15:28.0393 5316 fdPHost - ok
16:15:28.0406 5316 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:15:28.0471 5316 FDResPub - ok
16:15:28.0487 5316 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:15:28.0517 5316 FileInfo - ok
16:15:28.0529 5316 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:15:28.0593 5316 Filetrace - ok
16:15:28.0635 5316 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:15:28.0668 5316 flpydisk - ok
16:15:28.0691 5316 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:15:28.0725 5316 FltMgr - ok
16:15:28.0788 5316 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
16:15:28.0843 5316 FontCache - ok
16:15:28.0893 5316 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:15:28.0917 5316 FontCache3.0.0.0 - ok
16:15:28.0939 5316 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:15:28.0969 5316 FsDepends - ok
16:15:29.0006 5316 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:15:29.0035 5316 Fs_Rec - ok
16:15:29.0062 5316 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:15:29.0105 5316 fvevol - ok
16:15:29.0124 5316 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:15:29.0155 5316 gagp30kx - ok
16:15:29.0196 5316 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:15:29.0218 5316 GEARAspiWDM - ok
16:15:29.0268 5316 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:15:29.0342 5316 gpsvc - ok
16:15:29.0469 5316 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:15:29.0494 5316 gupdate - ok
16:15:29.0510 5316 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:15:29.0534 5316 gupdatem - ok
16:15:29.0564 5316 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:15:29.0596 5316 hcw85cir - ok
16:15:29.0650 5316 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:15:29.0691 5316 HdAudAddService - ok
16:15:29.0721 5316 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:15:29.0760 5316 HDAudBus - ok
16:15:29.0770 5316 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:15:29.0804 5316 HidBatt - ok
16:15:29.0822 5316 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:15:29.0861 5316 HidBth - ok
16:15:29.0900 5316 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:15:29.0936 5316 HidIr - ok
16:15:29.0967 5316 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
16:15:30.0034 5316 hidserv - ok
16:15:30.0054 5316 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:15:30.0089 5316 HidUsb - ok
16:15:30.0121 5316 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:15:30.0185 5316 hkmsvc - ok
16:15:30.0208 5316 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:15:30.0248 5316 HomeGroupListener - ok
16:15:30.0292 5316 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:15:30.0333 5316 HomeGroupProvider - ok
16:15:30.0368 5316 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:15:30.0399 5316 HpSAMD - ok
16:15:30.0432 5316 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:15:30.0501 5316 HTTP - ok
16:15:30.0519 5316 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:15:30.0548 5316 hwpolicy - ok
16:15:30.0582 5316 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:15:30.0617 5316 i8042prt - ok
16:15:30.0672 5316 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:15:30.0710 5316 iaStorV - ok
16:15:30.0775 5316 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:15:30.0825 5316 idsvc - ok
16:15:31.0013 5316 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:15:31.0165 5316 igfx ( UnsignedFile.Multi.Generic ) - warning
16:15:31.0165 5316 igfx - detected UnsignedFile.Multi.Generic (1)
16:15:31.0275 5316 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:15:31.0305 5316 iirsp - ok
16:15:31.0357 5316 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:15:31.0434 5316 IKEEXT - ok
16:15:31.0467 5316 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:15:31.0496 5316 intelide - ok
16:15:31.0535 5316 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:15:31.0568 5316 intelppm - ok
16:15:31.0599 5316 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:15:31.0666 5316 IPBusEnum - ok
16:15:31.0693 5316 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:15:31.0755 5316 IpFilterDriver - ok
16:15:31.0810 5316 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:15:31.0856 5316 iphlpsvc - ok
16:15:31.0888 5316 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:15:31.0924 5316 IPMIDRV - ok
16:15:31.0943 5316 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:15:32.0007 5316 IPNAT - ok
16:15:32.0061 5316 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:15:32.0101 5316 iPod Service - ok
16:15:32.0119 5316 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:15:32.0161 5316 IRENUM - ok
16:15:32.0191 5316 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:15:32.0220 5316 isapnp - ok
16:15:32.0240 5316 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:15:32.0275 5316 iScsiPrt - ok
16:15:32.0316 5316 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:15:32.0346 5316 kbdclass - ok
16:15:32.0371 5316 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:15:32.0405 5316 kbdhid - ok
16:15:32.0428 5316 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:15:32.0464 5316 KeyIso - ok
16:15:32.0492 5316 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:15:32.0522 5316 KSecDD - ok
16:15:32.0535 5316 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:15:32.0568 5316 KSecPkg - ok
16:15:32.0609 5316 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:15:32.0683 5316 KtmRm - ok
16:15:32.0721 5316 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
16:15:32.0790 5316 LanmanServer - ok
16:15:32.0827 5316 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:15:32.0896 5316 LanmanWorkstation - ok
16:15:32.0949 5316 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:15:33.0011 5316 lltdio - ok
16:15:33.0043 5316 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:15:33.0113 5316 lltdsvc - ok
16:15:33.0135 5316 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:15:33.0200 5316 lmhosts - ok
16:15:33.0237 5316 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:15:33.0269 5316 LSI_FC - ok
16:15:33.0294 5316 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:15:33.0325 5316 LSI_SAS - ok
16:15:33.0341 5316 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:15:33.0372 5316 LSI_SAS2 - ok
16:15:33.0403 5316 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:15:33.0435 5316 LSI_SCSI - ok
16:15:33.0449 5316 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:15:33.0513 5316 luafv - ok
16:15:33.0535 5316 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
16:15:33.0565 5316 megasas - ok
16:15:33.0590 5316 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:15:33.0626 5316 MegaSR - ok
16:15:33.0658 5316 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:15:33.0731 5316 MMCSS - ok
16:15:33.0752 5316 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:15:33.0814 5316 Modem - ok
16:15:33.0844 5316 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:15:33.0881 5316 monitor - ok
16:15:33.0905 5316 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:15:33.0936 5316 mouclass - ok
16:15:33.0968 5316 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:15:34.0001 5316 mouhid - ok
16:15:34.0015 5316 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:15:34.0046 5316 mountmgr - ok
16:15:34.0075 5316 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:15:34.0108 5316 mpio - ok
16:15:34.0126 5316 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:15:34.0187 5316 mpsdrv - ok
16:15:34.0240 5316 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:15:34.0316 5316 MpsSvc - ok
16:15:34.0333 5316 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:15:34.0374 5316 MRxDAV - ok
16:15:34.0412 5316 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:15:34.0446 5316 mrxsmb - ok
16:15:34.0465 5316 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:15:34.0501 5316 mrxsmb10 - ok
16:15:34.0526 5316 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:15:34.0562 5316 mrxsmb20 - ok
16:15:34.0586 5316 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:15:34.0615 5316 msahci - ok
16:15:34.0649 5316 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:15:34.0681 5316 msdsm - ok
16:15:34.0713 5316 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:15:34.0754 5316 MSDTC - ok
16:15:34.0785 5316 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:15:34.0847 5316 Msfs - ok
16:15:34.0860 5316 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:15:34.0923 5316 mshidkmdf - ok
16:15:34.0938 5316 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:15:34.0968 5316 msisadrv - ok
16:15:35.0011 5316 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:15:35.0075 5316 MSiSCSI - ok
16:15:35.0084 5316 msiserver - ok
16:15:35.0136 5316 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:15:35.0199 5316 MSKSSRV - ok
16:15:35.0218 5316 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:15:35.0279 5316 MSPCLOCK - ok
16:15:35.0289 5316 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:15:35.0351 5316 MSPQM - ok
16:15:35.0370 5316 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:15:35.0404 5316 MsRPC - ok
16:15:35.0426 5316 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:15:35.0456 5316 mssmbios - ok
16:15:35.0465 5316 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:15:35.0530 5316 MSTEE - ok
16:15:35.0541 5316 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:15:35.0574 5316 MTConfig - ok
16:15:35.0594 5316 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:15:35.0624 5316 Mup - ok
16:15:35.0661 5316 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:15:35.0735 5316 napagent - ok
16:15:35.0803 5316 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:15:35.0846 5316 NativeWifiP - ok
16:15:35.0908 5316 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:15:35.0958 5316 NDIS - ok
16:15:36.0001 5316 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:15:36.0066 5316 NdisCap - ok
16:15:36.0101 5316 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:15:36.0159 5316 NdisTapi - ok
16:15:36.0176 5316 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:15:36.0236 5316 Ndisuio - ok
16:15:36.0264 5316 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:15:36.0323 5316 NdisWan - ok
16:15:36.0362 5316 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:15:36.0420 5316 NDProxy - ok
16:15:36.0443 5316 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:15:36.0507 5316 NetBIOS - ok
16:15:36.0531 5316 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:15:36.0593 5316 NetBT - ok
16:15:36.0605 5316 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:15:36.0643 5316 Netlogon - ok
16:15:36.0694 5316 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:15:36.0768 5316 Netman - ok
16:15:36.0795 5316 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:15:36.0871 5316 netprofm - ok
16:15:36.0908 5316 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:15:36.0934 5316 NetTcpPortSharing - ok
16:15:36.0970 5316 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:15:37.0004 5316 nfrd960 - ok
16:15:37.0042 5316 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:15:37.0085 5316 NlaSvc - ok
16:15:37.0100 5316 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:15:37.0163 5316 Npfs - ok
16:15:37.0193 5316 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:15:37.0262 5316 nsi - ok
16:15:37.0274 5316 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:15:37.0337 5316 nsiproxy - ok
16:15:37.0415 5316 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:15:37.0481 5316 Ntfs - ok
16:15:37.0513 5316 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:15:37.0574 5316 Null - ok
16:15:37.0601 5316 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:15:37.0634 5316 nvraid - ok
16:15:37.0668 5316 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:15:37.0701 5316 nvstor - ok
16:15:37.0733 5316 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:15:37.0766 5316 nv_agp - ok
16:15:37.0791 5316 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:15:37.0825 5316 ohci1394 - ok
16:15:37.0863 5316 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:15:37.0906 5316 p2pimsvc - ok
16:15:37.0934 5316 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:15:37.0979 5316 p2psvc - ok
16:15:37.0999 5316 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
16:15:38.0034 5316 Parport - ok
16:15:38.0058 5316 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:15:38.0089 5316 partmgr - ok
16:15:38.0132 5316 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:15:38.0164 5316 Parvdm - ok
16:15:38.0188 5316 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:15:38.0237 5316 PcaSvc - ok
16:15:38.0256 5316 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:15:38.0290 5316 pci - ok
16:15:38.0306 5316 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:15:38.0336 5316 pciide - ok
16:15:38.0363 5316 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:15:38.0397 5316 pcmcia - ok
16:15:38.0417 5316 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:15:38.0448 5316 pcw - ok
16:15:38.0506 5316 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:15:38.0582 5316 PEAUTH - ok
16:15:38.0633 5316 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:15:38.0693 5316 PeerDistSvc - ok
16:15:38.0789 5316 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:15:38.0888 5316 pla - ok
16:15:38.0939 5316 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:15:38.0986 5316 PlugPlay - ok
16:15:39.0020 5316 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:15:39.0059 5316 PNRPAutoReg - ok
16:15:39.0085 5316 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:15:39.0132 5316 PNRPsvc - ok
16:15:39.0176 5316 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:15:39.0245 5316 PolicyAgent - ok
16:15:39.0290 5316 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:15:39.0360 5316 Power - ok
16:15:39.0399 5316 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:15:39.0462 5316 PptpMiniport - ok
16:15:39.0481 5316 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
16:15:39.0514 5316 Processor - ok
16:15:39.0548 5316 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:15:39.0589 5316 ProfSvc - ok
16:15:39.0605 5316 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:15:39.0643 5316 ProtectedStorage - ok
16:15:39.0675 5316 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:15:39.0738 5316 Psched - ok
16:15:39.0812 5316 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:15:39.0884 5316 ql2300 - ok
16:15:39.0899 5316 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:15:39.0931 5316 ql40xx - ok
16:15:39.0974 5316 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:15:40.0025 5316 QWAVE - ok
16:15:40.0061 5316 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:15:40.0103 5316 QWAVEdrv - ok
16:15:40.0121 5316 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:15:40.0183 5316 RasAcd - ok
16:15:40.0206 5316 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:15:40.0264 5316 RasAgileVpn - ok
16:15:40.0294 5316 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:15:40.0365 5316 RasAuto - ok
16:15:40.0379 5316 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:15:40.0442 5316 Rasl2tp - ok
16:15:40.0480 5316 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:15:40.0551 5316 RasMan - ok
16:15:40.0574 5316 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:15:40.0637 5316 RasPppoe - ok
16:15:40.0665 5316 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:15:40.0725 5316 RasSstp - ok
16:15:40.0748 5316 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:15:40.0813 5316 rdbss - ok
16:15:40.0834 5316 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:15:40.0871 5316 rdpbus - ok
16:15:40.0885 5316 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:15:40.0943 5316 RDPCDD - ok
16:15:40.0987 5316 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:15:41.0020 5316 RDPDR - ok
16:15:41.0056 5316 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:15:41.0115 5316 RDPENCDD - ok
16:15:41.0143 5316 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:15:41.0200 5316 RDPREFMP - ok
16:15:41.0248 5316 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:15:41.0279 5316 RdpVideoMiniport - ok
16:15:41.0309 5316 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:15:41.0345 5316 RDPWD - ok
16:15:41.0379 5316 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:15:41.0412 5316 rdyboost - ok
16:15:41.0442 5316 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:15:41.0507 5316 RemoteAccess - ok
16:15:41.0537 5316 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:15:41.0612 5316 RemoteRegistry - ok
16:15:41.0649 5316 [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
16:15:41.0678 5316 RimUsb - ok
16:15:41.0700 5316 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:15:41.0770 5316 RpcEptMapper - ok
16:15:41.0786 5316 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:15:41.0826 5316 RpcLocator - ok
16:15:41.0859 5316 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:15:41.0932 5316 RpcSs - ok
16:15:41.0970 5316 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:15:42.0033 5316 rspndr - ok
16:15:42.0089 5316 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
16:15:42.0123 5316 RTL8167 - ok
16:15:42.0176 5316 [ CA5A4FBFE341F13733955B8AAC98F0B5 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
16:15:42.0219 5316 RTL8187B - ok
16:15:42.0242 5316 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:15:42.0274 5316 s3cap - ok
16:15:42.0294 5316 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:15:42.0333 5316 SamSs - ok
16:15:42.0377 5316 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:15:42.0408 5316 sbp2port - ok
16:15:42.0437 5316 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:15:42.0506 5316 SCardSvr - ok
16:15:42.0527 5316 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:15:42.0587 5316 scfilter - ok
16:15:42.0624 5316 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:15:42.0706 5316 Schedule - ok
16:15:42.0724 5316 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:15:42.0787 5316 SCPolicySvc - ok
16:15:42.0812 5316 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:15:42.0859 5316 SDRSVC - ok
16:15:42.0888 5316 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:15:42.0950 5316 secdrv - ok
16:15:42.0985 5316 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:15:43.0055 5316 seclogon - ok
16:15:43.0103 5316 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
16:15:43.0173 5316 SENS - ok
16:15:43.0200 5316 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:15:43.0240 5316 SensrSvc - ok
16:15:43.0263 5316 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:15:43.0296 5316 Serenum - ok
16:15:43.0329 5316 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
16:15:43.0363 5316 Serial - ok
16:15:43.0374 5316 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:15:43.0409 5316 sermouse - ok
16:15:43.0460 5316 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:15:43.0528 5316 SessionEnv - ok
16:15:43.0551 5316 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:15:43.0588 5316 sffdisk - ok
16:15:43.0597 5316 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:15:43.0635 5316 sffp_mmc - ok
16:15:43.0674 5316 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:15:43.0709 5316 sffp_sd - ok
16:15:43.0720 5316 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:15:43.0754 5316 sfloppy - ok
16:15:43.0807 5316 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:15:43.0879 5316 SharedAccess - ok
16:15:43.0911 5316 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:15:43.0984 5316 ShellHWDetection - ok
16:15:44.0000 5316 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:15:44.0031 5316 sisagp - ok
16:15:44.0061 5316 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:15:44.0093 5316 SiSRaid2 - ok
16:15:44.0123 5316 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:15:44.0154 5316 SiSRaid4 - ok
16:15:44.0191 5316 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:15:44.0254 5316 Smb - ok
16:15:44.0298 5316 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:15:44.0339 5316 SNMPTRAP - ok
16:15:44.0351 5316 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:15:44.0381 5316 spldr - ok
16:15:44.0417 5316 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
16:15:44.0463 5316 Spooler - ok
16:15:44.0576 5316 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:15:44.0716 5316 sppsvc - ok
16:15:44.0732 5316 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:15:44.0800 5316 sppuinotify - ok
16:15:44.0840 5316 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:15:44.0882 5316 srv - ok
16:15:44.0913 5316 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:15:44.0951 5316 srv2 - ok
16:15:44.0987 5316 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:15:45.0021 5316 srvnet - ok
16:15:45.0051 5316 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:15:45.0125 5316 SSDPSRV - ok
16:15:45.0148 5316 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:15:45.0216 5316 SstpSvc - ok
16:15:45.0247 5316 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:15:45.0276 5316 stexstor - ok
16:15:45.0376 5316 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:15:45.0435 5316 StiSvc - ok
16:15:45.0512 5316 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:15:45.0542 5316 storflt - ok
16:15:45.0562 5316 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:15:45.0593 5316 storvsc - ok
16:15:45.0612 5316 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:15:45.0642 5316 swenum - ok
16:15:45.0684 5316 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:15:45.0761 5316 swprv - ok
16:15:45.0785 5316 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
16:15:45.0817 5316 Synth3dVsc - ok
16:15:45.0861 5316 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:15:45.0934 5316 SysMain - ok
16:15:45.0963 5316 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:15:46.0012 5316 TabletInputService - ok
16:15:46.0041 5316 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:15:46.0122 5316 TapiSrv - ok
16:15:46.0146 5316 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:15:46.0218 5316 TBS - ok
16:15:46.0279 5316 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:15:46.0348 5316 Tcpip - ok
16:15:46.0413 5316 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:15:46.0482 5316 TCPIP6 - ok
16:15:46.0522 5316 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:15:46.0554 5316 tcpipreg - ok
16:15:46.0590 5316 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:15:46.0622 5316 TDPIPE - ok
16:15:46.0649 5316 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:15:46.0681 5316 TDTCP - ok
16:15:46.0698 5316 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:15:46.0758 5316 tdx - ok
16:15:46.0788 5316 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:15:46.0818 5316 TermDD - ok
16:15:46.0838 5316 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys
16:15:46.0871 5316 terminpt - ok
16:15:46.0918 5316 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:15:46.0996 5316 TermService - ok
16:15:47.0015 5316 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:15:47.0065 5316 Themes - ok
16:15:47.0079 5316 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:15:47.0148 5316 THREADORDER - ok
16:15:47.0189 5316 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:15:47.0260 5316 TrkWks - ok
16:15:47.0324 5316 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:15:47.0385 5316 TrustedInstaller - ok
16:15:47.0413 5316 [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:15:47.0445 5316 tssecsrv - ok
16:15:47.0464 5316 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:15:47.0497 5316 TsUsbFlt - ok
16:15:47.0522 5316 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:15:47.0554 5316 TsUsbGD - ok
16:15:47.0596 5316 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
16:15:47.0629 5316 tsusbhub - ok
16:15:47.0657 5316 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:15:47.0719 5316 tunnel - ok
16:15:47.0776 5316 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
16:15:47.0801 5316 TVALZ - ok
16:15:47.0842 5316 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:15:47.0872 5316 uagp35 - ok
16:15:47.0898 5316 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:15:47.0961 5316 udfs - ok
16:15:48.0005 5316 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:15:48.0048 5316 UI0Detect - ok
16:15:48.0075 5316 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:15:48.0106 5316 uliagpkx - ok
16:15:48.0132 5316 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:15:48.0168 5316 umbus - ok
16:15:48.0219 5316 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
16:15:48.0251 5316 UmPass - ok
16:15:48.0287 5316 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
16:15:48.0331 5316 UmRdpService - ok
16:15:48.0409 5316 [ A4EBD4E00551E4DE87BCF466E686ECCC ] Update Web Layers C:\Program Files\Web Layers\updateWebLayers.exe
16:15:48.0438 5316 Update Web Layers - ok
16:15:48.0472 5316 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:15:48.0549 5316 upnphost - ok
16:15:48.0600 5316 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:15:48.0633 5316 USBAAPL - ok
16:15:48.0659 5316 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:15:48.0693 5316 usbccgp - ok
16:15:48.0740 5316 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:15:48.0777 5316 usbcir - ok
16:15:48.0790 5316 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:15:48.0827 5316 usbehci - ok
16:15:48.0867 5316 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:15:48.0904 5316 usbhub - ok
16:15:48.0927 5316 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:15:48.0959 5316 usbohci - ok
16:15:48.0989 5316 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:15:49.0025 5316 usbprint - ok
16:15:49.0041 5316 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:15:49.0076 5316 USBSTOR - ok
16:15:49.0111 5316 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:15:49.0143 5316 usbuhci - ok
16:15:49.0175 5316 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:15:49.0243 5316 UxSms - ok
16:15:49.0261 5316 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:15:49.0298 5316 VaultSvc - ok
16:15:49.0332 5316 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:15:49.0363 5316 vdrvroot - ok
16:15:49.0398 5316 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:15:49.0476 5316 vds - ok
16:15:49.0499 5316 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:15:49.0536 5316 vga - ok
16:15:49.0547 5316 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:15:49.0610 5316 VgaSave - ok
16:15:49.0618 5316 VGPU - ok
16:15:49.0647 5316 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:15:49.0681 5316 vhdmp - ok
16:15:49.0707 5316 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:15:49.0738 5316 viaagp - ok
16:15:49.0760 5316 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:15:49.0794 5316 ViaC7 - ok
16:15:49.0824 5316 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:15:49.0853 5316 viaide - ok
16:15:49.0886 5316 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:15:49.0921 5316 vmbus - ok
16:15:49.0942 5316 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:15:49.0974 5316 VMBusHID - ok
16:15:50.0009 5316 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:15:50.0039 5316 volmgr - ok
16:15:50.0063 5316 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:15:50.0101 5316 volmgrx - ok
16:15:50.0135 5316 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:15:50.0171 5316 volsnap - ok
16:15:50.0205 5316 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:15:50.0239 5316 vsmraid - ok
16:15:50.0298 5316 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:15:50.0388 5316 VSS - ok
16:15:50.0410 5316 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:15:50.0451 5316 vwifibus - ok
16:15:50.0497 5316 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:15:50.0536 5316 vwififlt - ok
16:15:50.0574 5316 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:15:50.0651 5316 W32Time - ok
16:15:50.0671 5316 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:15:50.0709 5316 WacomPen - ok
16:15:50.0740 5316 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:15:50.0800 5316 WANARP - ok
16:15:50.0808 5316 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:15:50.0868 5316 Wanarpv6 - ok
16:15:50.0957 5316 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:15:51.0032 5316 WatAdminSvc - ok
16:15:51.0092 5316 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:15:51.0160 5316 wbengine - ok
16:15:51.0182 5316 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:15:51.0234 5316 WbioSrvc - ok
16:15:51.0269 5316 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:15:51.0322 5316 wcncsvc - ok
16:15:51.0345 5316 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:15:51.0387 5316 WcsPlugInService - ok
16:15:51.0415 5316 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
16:15:51.0445 5316 Wd - ok
16:15:51.0494 5316 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:15:51.0543 5316 Wdf01000 - ok
16:15:51.0566 5316 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:15:51.0614 5316 WdiServiceHost - ok
16:15:51.0621 5316 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:15:51.0670 5316 WdiSystemHost - ok
16:15:51.0702 5316 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:15:51.0755 5316 WebClient - ok
16:15:51.0773 5316 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:15:51.0848 5316 Wecsvc - ok
16:15:51.0862 5316 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:15:51.0931 5316 wercplsupport - ok
16:15:51.0954 5316 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:15:52.0027 5316 WerSvc - ok
16:15:52.0063 5316 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:15:52.0124 5316 WfpLwf - ok
16:15:52.0137 5316 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:15:52.0167 5316 WIMMount - ok
16:15:52.0241 5316 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:15:52.0287 5316 WinDefend - ok
16:15:52.0306 5316 WinHttpAutoProxySvc - ok
16:15:52.0367 5316 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:15:52.0429 5316 Winmgmt - ok
16:15:52.0496 5316 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:15:52.0592 5316 WinRM - ok
16:15:52.0656 5316 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:15:52.0723 5316 Wlansvc - ok
16:15:52.0741 5316 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:15:52.0774 5316 WmiAcpi - ok
16:15:52.0809 5316 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:15:52.0844 5316 wmiApSrv - ok
16:15:52.0873 5316 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:15:52.0914 5316 WPCSvc - ok
16:15:52.0946 5316 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:15:53.0009 5316 ws2ifsl - ok
16:15:53.0026 5316 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
16:15:53.0078 5316 wscsvc - ok
16:15:53.0086 5316 WSearch - ok
16:15:53.0187 5316 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:15:53.0289 5316 wuauserv - ok
16:15:53.0321 5316 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:15:53.0354 5316 WudfPf - ok
16:15:53.0379 5316 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:15:53.0422 5316 wudfsvc - ok
16:15:53.0457 5316 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:15:53.0503 5316 WwanSvc - ok
16:15:53.0558 5316 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
16:15:53.0596 5316 yukonw7 - ok
16:15:53.0632 5316 ================ Scan global ===============================
16:15:53.0657 5316 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:15:53.0696 5316 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
16:15:53.0719 5316 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
16:15:53.0760 5316 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:15:53.0806 5316 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:15:53.0818 5316 [Global] - ok
16:15:53.0819 5316 ================ Scan MBR ==================================
16:15:53.0832 5316 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:15:54.0170 5316 \Device\Harddisk0\DR0 - ok
16:15:54.0171 5316 ================ Scan VBR ==================================
16:15:54.0176 5316 [ 847C0A8801A14265C710948CC5403BA4 ] \Device\Harddisk0\DR0\Partition1
16:15:54.0179 5316 \Device\Harddisk0\DR0\Partition1 - ok
16:15:54.0211 5316 [ ABF0CAE324BEF1080AC0AAC1253605D7 ] \Device\Harddisk0\DR0\Partition2
16:15:54.0213 5316 \Device\Harddisk0\DR0\Partition2 - ok
16:15:54.0217 5316 ============================================================
16:15:54.0217 5316 Scan finished
16:15:54.0217 5316 ============================================================
16:15:54.0241 5212 Detected object count: 1
16:15:54.0241 5212 Actual detected object count: 1
16:16:07.0180 5212 C:\Windows\system32\DRIVERS\igdkmd32.sys - copied to quarantine
16:16:07.0361 5212 HKLM\SYSTEM\ControlSet001\services\igfx - will be deleted on reboot
16:16:07.0449 5212 HKLM\SYSTEM\ControlSet002\services\igfx - will be deleted on reboot
16:16:07.0589 5212 C:\Windows\system32\DRIVERS\igdkmd32.sys - will be deleted on reboot
16:16:07.0589 5212 igfx ( UnsignedFile.Multi.Generic ) - User select action: Delete
16:17:18.0162 4892 Deinitialize success

16:18:54.0957 2832 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:18:56.0127 2832 ============================================================
16:18:56.0127 2832 Current date / time: 2013/09/20 16:18:56.0127
16:18:56.0127 2832 SystemInfo:
16:18:56.0127 2832
16:18:56.0127 2832 OS Version: 6.1.7601 ServicePack: 1.0
16:18:56.0127 2832 Product type: Workstation
16:18:56.0127 2832 ComputerName: TREE-PC
16:18:56.0127 2832 UserName: Tree
16:18:56.0127 2832 Windows directory: C:\Windows
16:18:56.0127 2832 System windows directory: C:\Windows
16:18:56.0127 2832 Processor architecture: Intel x86
16:18:56.0127 2832 Number of processors: 2
16:18:56.0127 2832 Page size: 0x1000
16:18:56.0127 2832 Boot type: Normal boot
16:18:56.0127 2832 ============================================================
16:18:59.0445 2832 BG loaded
16:19:00.0288 2832 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:19:00.0438 2832 ============================================================
16:19:00.0438 2832 \Device\Harddisk0\DR0:
16:19:00.0488 2832 MBR partitions:
16:19:00.0488 2832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:19:00.0488 2832 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
16:19:00.0488 2832 ============================================================
16:19:00.0758 2832 C: <-> \Device\Harddisk0\DR0\Partition2
16:19:00.0758 2832 ============================================================
16:19:00.0758 2832 Initialize success
16:19:00.0758 2832 ============================================================
16:19:07.0256 2792 Deinitialize success

Something happened....my resolution changed.....it almost seems I'm browsing in safe mode now???

my resolution changed.....it almost seems I'm browsing in safe mode now???.

That's because one of the graphic drivers was infected; C:\Windows\system32\DRIVERS\igdkmd32.sys - will be deleted on reboot.
You will have to upgrade you graphics drivers. Do you have your OS disk? You may have to do a Repair.

No, sure don't.....But I can live with it now.....no problems since last scan.......pretty damn happy about it

Thanks.....I knew there was something infecting the computer

That did it my man!!! Awesome

Well, that is good news. Let's do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

********************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*****************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*******************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

You guys are the best.....thanks again