Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirect trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirect trojan

Unread postby iowabucks » January 31st, 2013, 11:28 am

Hey everyone, somewhere along the line i picked up a redirect trojan. Trojan:JS/Medfos.B to be exact.

I had my MSE keep popping up saying it has quaranteened the risk. If i open the box it looks like it catches it about 8 times every minute. Also has this in with the Trojan name. "Exploit:Java/CVE-2012-4681.AOJ"

I immediately ran MBAM and MSE. They both found and deleted it. SO i thought. MBAM now picks up nothing and neither does MSE when i do the scans. But the MSE popup box constantly tells me it's still there and was quaranteened.

I did a little research and found that my Java needed updating. So i am now running Version 7 update 11, the most current version. I was a few behind.

I would love some help when anyone has some time. It doesn't seem to be affecting the computer other than the popup boxes telling me it's still there.

Here are my DDS logs.


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Jerry at 9:14:42 on 2013-01-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16332.12491 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Windows\explorer.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.archerytalk.com/vb
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [emelcf] "C:\Windows\System32\rundll32.exe" "C:\Users\Jerry\AppData\Roaming\emelcf.dll",StringARepr
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
TCP: DhcpNameServer = 66.207.0.3 66.207.0.2 192.168.1.1
TCP: Interfaces\{D34FC8C3-7FD1-4BA6-AFA5-F6EE5BF4709D} : DhcpNameServer = 66.207.0.3 66.207.0.2 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\system32\DRIVERS\asahci64.sys --> C:\Windows\system32\DRIVERS\asahci64.sys [?]
R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
R1 EUFDDISK;EUFDDISK;\??\C:\Windows\system32\drivers\EuFdDisk.sys --> C:\Windows\system32\drivers\EuFdDisk.sys [?]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\system32\DRIVERS\ndisrd.sys --> C:\Windows\system32\DRIVERS\ndisrd.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-8-20 918448]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-8-20 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-8-20 149120]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe [2012-8-20 1470592]
R2 EaseUS Agent;EaseUS Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-12-14 69192]
R2 Guard Agent;Guard Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-12-14 23624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-12 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-12 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-12 682344]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-12 363800]
R3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\fxxandroidusb.sys --> C:\Windows\system32\Drivers\fxxandroidusb.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 GenericMount;Generic Mount Driver;C:\Windows\system32\DRIVERS\GenericMount.sys --> C:\Windows\system32\DRIVERS\GenericMount.sys [?]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;C:\Windows\system32\DRIVERS\FXX\qcusbser.sys --> C:\Windows\system32\DRIVERS\FXX\qcusbser.sys [?]
R3 SymSnapService;SymSnapService;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-9-21 2963960]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-13 116648]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-12 1258856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-12 251400]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-8-13 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-8-13 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-8-20 21712]
S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-9-21 1571336]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-13 116648]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2012-8-16 93848]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\System32\dllhost.exe [2009-7-13 7168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2013-01-30 15:15:53 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{788A7CD9-85FD-4849-B1BC-FAC2DA65428C}\offreg.dll
2013-01-30 15:14:29 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{788A7CD9-85FD-4849-B1BC-FAC2DA65428C}\mpengine.dll
2013-01-30 15:13:44 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-29 15:13:06 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-28 15:16:55 615424 ----a-w- C:\Users\Jerry\AppData\Roaming\emelcf.dll
2013-01-16 07:03:26 42880 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2013-01-16 07:03:26 28544 ----a-w- C:\Windows\System32\xfcodec64.dll
2013-01-09 17:36:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-09 17:36:55 3149824 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2013-01-30 15:13:41 859552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-01-30 15:13:41 780192 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-30 11:57:44 1048576 ----a-w- C:\Windows\PE_Rom.dll
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-21 07:39:13 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-01-21 07:39:13 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-01-08 21:47:17 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 21:47:17 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-07 02:48:22 281872 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-30 23:48:17 13607 ----a-w- C:\ProgramData\xml4BBE.tmp
2012-12-30 23:48:17 0 ----a-w- C:\ProgramData\xml6438.tmp
2012-12-30 23:48:17 0 ----a-w- C:\ProgramData\xml6189.tmp
2012-12-30 23:48:16 9573 ----a-w- C:\ProgramData\xml4A28.tmp
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 9:14:51.60 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/12/2012 10:41:53 AM
System Uptime: 1/30/2013 5:57:10 AM (28 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-V PRO
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/103mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 477 GiB total, 350.254 GiB free.
D: is CDROM (UDF)
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP118: 1/4/2013 9:21:01 AM - Windows Update
RP119: 1/6/2013 2:45:27 AM - DMX_DriverMax Driver Installation
RP120: 1/6/2013 2:45:46 AM - Device Driver Package Install: Creative Sound, video and game controllers
RP121: 1/6/2013 2:46:02 AM - Installed Creative Audio Control Panel
RP122: 1/6/2013 2:48:24 AM - DMX_DriverMax Driver Installation
RP123: 1/6/2013 2:48:33 AM - Device Driver Package Install: Matrox Graphics Inc. System devices
RP124: 1/6/2013 12:29:01 PM - Installed Creative ALchemy
RP125: 1/6/2013 12:37:23 PM - Restore Operation
RP126: 1/6/2013 12:48:39 PM - Windows Update
RP127: 1/9/2013 5:19:08 PM - Windows Update
RP128: 1/10/2013 3:00:19 AM - Windows Update
RP129: 1/14/2013 6:58:57 AM - Windows Update
RP130: 1/17/2013 4:40:55 PM - Windows Update
RP131: 1/21/2013 4:34:47 PM - Windows Update
RP132: 1/25/2013 8:44:37 AM - Windows Update
RP133: 1/28/2013 5:59:08 PM - Windows Update
RP134: 1/30/2013 9:13:34 AM - Installed Java 7 Update 11
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.01)
Adobe Shockwave Player 11.6
AI Suite II
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Call of Duty(R) - World at War(TM) 1.6 Patch
Call of Duty(R) - World at War(TM) 1.7 Patch
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
EaseUS Todo Backup Free 5.3
ESET Online Scanner v3
Free PDF to Word Doc Converter v1.1
Google Earth
Google Update Helper
Image Plugin
Image Resizer for Windows
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Internet TV for Windows Media Center
Java 7 Update 11
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Choice Guard
Microsoft Office Word Viewer 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
Norton Ghost
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
PandoraRecovery (Remove Only)
Phone F USB Driver
Photo-grapher 1
PIXresizer
PunkBuster Services
Qualcomm Atheros WiFi Driver Installation
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Steam
swMSM
TeamSpeak 3 Client
TechPowerUp GPU-Z
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Center Add-in for Flash
World of Tanks
Xfire (remove only)
Z Engine
.
==== Event Viewer Messages From Past Week ========
.
1/30/2013 5:59:36 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/30/2013 5:59:36 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
1/30/2013 5:57:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
1/30/2013 5:57:15 AM, Error: volmgr [46] - Crash dump initialization failed!
1/30/2013 10:12:03 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
1/28/2013 6:52:57 PM, Error: nvlddmkm [14] -
.
==== End Of File ===========================
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am
Advertisement
Register to Remove

Re: Redirect trojan

Unread postby Cypher » February 2nd, 2013, 2:01 pm

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirect trojan

Unread postby Cypher » February 2nd, 2013, 2:09 pm

Hi and welcome back to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirect trojan

Unread postby iowabucks » February 2nd, 2013, 3:07 pm

Thank you Cypher for giving this a try.

# AdwCleaner v2.109 - Logfile created 02/02/2013 at 13:00:18
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Jerry - JERRY-PC
# Boot Mode : Normal
# Running from : C:\Users\Jerry\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Jerry\AppData\Local\SwvUpdater
Folder Found : C:\Users\Jerry\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [910 octets] - [02/02/2013 13:00:18]

########## EOF - C:\AdwCleaner[R1].txt - [969 octets] ##########


OTL logfile created on: 2/2/2013 1:02:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jerry\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.95 Gb Total Physical Memory | 13.93 Gb Available Physical Memory | 87.35% Memory free
15.95 Gb Paging File | 13.73 Gb Available in Paging File | 86.08% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 476.84 Gb Total Space | 350.42 Gb Free Space | 73.49% Space Free | Partition Type: NTFS
Drive D: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JERRY-PC | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/02 12:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
PRC - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/30 18:10:44 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2012/10/19 23:02:36 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/20 19:31:01 | 001,470,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe
PRC - [2012/08/20 19:31:01 | 000,951,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
PRC - [2012/08/20 19:31:01 | 000,918,448 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
PRC - [2012/08/20 19:31:01 | 000,149,120 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
PRC - [2012/08/16 05:56:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/03/13 11:34:12 | 002,935,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2012/02/08 13:05:50 | 003,111,552 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
PRC - [2012/02/06 20:11:14 | 000,658,048 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe
PRC - [2012/02/02 16:55:22 | 003,484,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
PRC - [2012/02/02 14:20:32 | 000,889,984 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
PRC - [2012/01/20 15:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/01/20 15:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/01/20 10:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/10 08:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2012/01/04 13:13:24 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2011/12/30 17:42:50 | 001,153,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
PRC - [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/10/31 08:57:48 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
PRC - [2011/09/08 20:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2009/10/01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/28 09:16:57 | 000,615,424 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\emelcf.dll
MOD - [2012/08/20 19:30:45 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
MOD - [2012/04/05 10:38:34 | 000,883,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2012/03/21 11:07:44 | 000,972,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2012/02/03 09:12:22 | 001,122,304 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
MOD - [2012/02/02 14:12:48 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll
MOD - [2012/02/02 10:11:56 | 001,494,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\WiFiGO.dll
MOD - [2012/02/01 17:20:36 | 000,507,904 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\MirrorOpSender.dll
MOD - [2012/01/30 12:57:26 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\DLCapPP.dll
MOD - [2012/01/20 09:17:16 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll
MOD - [2012/01/19 08:39:30 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll
MOD - [2012/01/18 21:39:26 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\IsSupported.dll
MOD - [2012/01/12 15:44:02 | 000,475,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFiGO_HookKey.dll
MOD - [2012/01/11 19:36:24 | 000,708,608 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiMoveHelp.dll
MOD - [2011/12/29 19:45:12 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2011/12/04 00:28:36 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\PhoneCtrlAPI.dll
MOD - [2011/10/14 19:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2011/09/26 18:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
MOD - [2011/09/26 17:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011/09/19 19:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2011/08/16 18:31:36 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\AudioProjection.dll
MOD - [2011/08/09 13:52:50 | 000,425,984 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\awiscale.dll
MOD - [2011/07/21 08:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2011/07/12 18:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2010/12/14 16:46:32 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\CoreAudioCap.dll
MOD - [2010/10/05 07:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2010/10/05 07:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll
MOD - [2010/10/05 07:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2009/08/12 19:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/01/10 20:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2011/08/15 16:38:50 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2009/08/17 22:19:24 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/08 15:47:17 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/23 18:37:28 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/30 18:10:44 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2012/10/19 23:02:36 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/20 19:31:01 | 001,470,592 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2012/08/20 19:31:01 | 000,951,936 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)
SRV - [2012/08/20 19:31:01 | 000,918,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc)
SRV - [2012/08/20 19:31:01 | 000,149,120 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2012/08/16 05:56:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/08/13 03:56:52 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/08/13 03:38:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/01/20 15:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 15:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/20 10:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2009/09/21 20:25:34 | 001,571,336 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009/09/21 20:19:22 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/19 23:02:16 | 000,189,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV:64bit: - [2012/10/19 23:02:12 | 000,048,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)
DRV:64bit: - [2012/10/19 23:02:06 | 000,018,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)
DRV:64bit: - [2012/10/19 23:02:04 | 000,058,952 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/18 11:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/06 09:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2012/01/04 13:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/04 13:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/04 13:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/11/29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/03 10:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/11/03 10:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/10/27 14:34:32 | 002,791,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/08/12 04:13:36 | 000,032,360 | R--- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd)
DRV:64bit: - [2011/07/19 19:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/05/05 20:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/05/05 20:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/05/05 20:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/05/05 20:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/05/05 20:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/05/05 20:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/05/05 20:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/03/30 12:31:50 | 000,364,288 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FXX\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2010/03/30 12:31:50 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxxandroidusb.sys -- (androidusb)
DRV:64bit: - [2009/10/01 22:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009/09/21 20:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009/09/21 20:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2009/09/21 20:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/07/23 08:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/20 10:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV - [2012/08/20 12:33:45 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.archerytalk.com/vb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 72 E4 84 1E 79 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {319F5DCC-AD4F-4D81-B3D6-C2E86D39E375}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{319F5DCC-AD4F-4D81-B3D6-C2E86D39E375}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKCU..\Run: [emelcf] C:\Users\Jerry\AppData\Roaming\emelcf.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.207.0.3 66.207.0.2 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D34FC8C3-7FD1-4BA6-AFA5-F6EE5BF4709D}: DhcpNameServer = 66.207.0.3 66.207.0.2 192.168.1.1
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/15 18:53:55 | 000,000,142 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0227b0d1-e4a2-11e1-8ccc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0227b0d1-e4a2-11e1-8ccc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{1d41e62f-e49a-11e1-b2a4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1d41e62f-e49a-11e1-b2a4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\rsrc\AUTORUN.EXE -- [2007/08/15 19:55:00 | 000,051,048 | R--- | M] (Activision)
O33 - MountPoints2\{1d41e62f-e49a-11e1-b2a4-806e6f6e6963}\Shell\dinstall\command - "" = D:\DirectX\DXSETUP.exe -- [2008/05/30 16:34:50 | 000,528,392 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{ce61a092-2c70-11e2-9c13-c86000dd8f44}\Shell - "" = AutoRun
O33 - MountPoints2\{ce61a092-2c70-11e2-9c13-c86000dd8f44}\Shell\AutoRun\command - "" = I:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/02 12:59:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
[2013/01/31 09:14:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jerry\Desktop\dds.scr
[2013/01/30 09:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/01/30 08:48:12 | 000,000,000 | ---D | C] -- C:\Users\Jerry\Desktop\NVIDIA Corporation
[2013/01/20 11:05:34 | 000,000,000 | ---D | C] -- C:\Users\Jerry\Desktop\New folder
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/02 12:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
[2013/02/02 12:58:25 | 000,580,235 | ---- | M] () -- C:\Users\Jerry\Desktop\adwcleaner.exe
[2013/02/02 12:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/02 12:43:13 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/02 12:43:13 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/02 12:43:13 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/02 12:41:53 | 000,032,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/02 12:41:53 | 000,032,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/02 12:34:58 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/02/02 12:34:57 | 001,048,576 | ---- | M] () -- C:\Windows\PE_Rom.dll
[2013/02/02 12:34:38 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/02 12:34:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/02 03:39:09 | 000,060,640 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000001-00001102-00000005-00221102}.rfx
[2013/02/02 03:39:09 | 000,060,640 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000001-00001102-00000005-00221102}.rfx
[2013/02/02 03:39:09 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000001-00001102-00000005-00221102}.rfx
[2013/02/02 03:22:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/29 09:31:43 | 000,002,820 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2013/01/28 09:16:57 | 000,615,424 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\emelcf.dll
[2013/01/28 08:37:02 | 000,002,752 | ---- | M] () -- C:\Windows\MB.idx
[2013/01/28 08:35:43 | 000,000,551 | ---- | M] () -- C:\Windows\Path.idx
[2013/01/24 23:23:38 | 000,042,880 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2013/01/24 23:23:36 | 000,028,544 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2013/01/22 20:44:35 | 000,101,133 | ---- | M] () -- C:\Users\Jerry\Desktop\DSC01158 (Medium).JPG
[2013/01/22 19:04:45 | 000,676,368 | ---- | M] () -- C:\Users\Jerry\Desktop\Pits - New county property.jpg
[2013/01/21 01:39:13 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/01/21 01:39:13 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/01/10 17:03:44 | 000,069,506 | ---- | M] () -- C:\Users\Jerry\Desktop\p8IWx.jpg
[2013/01/10 03:18:41 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/07 16:23:03 | 000,498,815 | ---- | M] () -- C:\Users\Jerry\Desktop\Pat at Weise.jpg
[2013/01/07 16:20:54 | 000,490,057 | ---- | M] () -- C:\Users\Jerry\Desktop\4 Wheelin with Pat at Weise.jpg
[2013/01/07 16:09:01 | 000,425,493 | ---- | M] () -- C:\Users\Jerry\Desktop\Bronco tire quote.jpg
[2013/01/06 20:48:22 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/02 12:58:25 | 000,580,235 | ---- | C] () -- C:\Users\Jerry\Desktop\adwcleaner.exe
[2013/01/29 09:31:33 | 000,002,820 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2013/01/28 09:16:55 | 000,615,424 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\emelcf.dll
[2013/01/24 23:23:38 | 000,042,880 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2013/01/24 23:23:36 | 000,028,544 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2013/01/22 20:44:35 | 000,101,133 | ---- | C] () -- C:\Users\Jerry\Desktop\DSC01158 (Medium).JPG
[2013/01/22 19:04:45 | 000,676,368 | ---- | C] () -- C:\Users\Jerry\Desktop\Pits - New county property.jpg
[2013/01/10 17:03:54 | 000,069,506 | ---- | C] () -- C:\Users\Jerry\Desktop\p8IWx.jpg
[2013/01/07 16:23:03 | 000,498,815 | ---- | C] () -- C:\Users\Jerry\Desktop\Pat at Weise.jpg
[2013/01/07 16:20:54 | 000,490,057 | ---- | C] () -- C:\Users\Jerry\Desktop\4 Wheelin with Pat at Weise.jpg
[2013/01/07 16:09:01 | 000,425,493 | ---- | C] () -- C:\Users\Jerry\Desktop\Bronco tire quote.jpg
[2012/09/30 09:50:55 | 001,048,576 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012/08/20 19:31:01 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/08/20 19:31:01 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/08/17 18:58:45 | 000,007,597 | ---- | C] () -- C:\Users\Jerry\AppData\Local\Resmon.ResmonCfg
[2012/08/16 08:02:44 | 014,835,712 | ---- | C] () -- C:\ProgramData\sandra.mda
[2012/08/15 04:22:13 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/15 04:22:12 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/08/15 04:22:12 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/08/13 03:38:01 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/08/13 03:38:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/08/12 10:36:52 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/12 09:46:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/08/12 09:46:47 | 000,040,528 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/01/10 19:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/31 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/12/07 10:36:03 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\FileOpen
[2012/08/15 05:49:07 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Ideazon
[2012/12/07 10:36:03 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Nitro
[2012/12/07 10:36:22 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Nitro PDF
[2012/12/07 10:34:27 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\OpenCandy
[2012/08/23 19:42:02 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\PandoraRecovery
[2012/12/07 10:35:26 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\PrimoPDF
[2012/08/28 06:13:45 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\SuperAdBlocker.com
[2013/01/07 21:30:44 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\TS3Client
[2012/11/25 08:35:13 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Wargaming.net
[2012/12/11 09:31:22 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 2/2/2013 1:02:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jerry\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.95 Gb Total Physical Memory | 13.93 Gb Available Physical Memory | 87.35% Memory free
15.95 Gb Paging File | 13.73 Gb Available in Paging File | 86.08% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 476.84 Gb Total Space | 350.42 Gb Free Space | 73.49% Space Free | Partition Type: NTFS
Drive D: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JERRY-PC | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08356790-660B-4486-B518-D9EE528DA4C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{101F2513-9390-437A-923F-F51AD3D186DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18F8C08E-2A0C-41E9-B2CE-3D33C2931553}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AFB31AC-4527-4C9A-A7E5-B91B82D0FEC9}" = lport=139 | protocol=6 | dir=in | app=system |
"{1BD04BE6-8630-41C1-BE78-CF86D2604928}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1E5133B8-1136-4AE0-BAB7-31B8153B4BD4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{22B61536-09F0-4A71-9DAA-0F5489B38321}" = rport=445 | protocol=6 | dir=out | app=system |
"{285BD28A-22B4-41F7-8D59-CDAA4911AE7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D70653C-9A04-473C-94C8-29521407D7F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32DD3B24-FE74-44FB-AA3E-19E58BBE069B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{357953C8-FFA9-492A-B94F-976DE4A433F1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{56707FF5-8D38-4A5C-A33A-E05CAEFB9586}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011\wnt500x64\rpcsandrasrv.exe |
"{6A2D28AD-67DD-49A1-9C59-64AD10E9AC89}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{71F79D9E-E0AF-4D37-88EA-33676B9E70E7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7C9626D7-0D01-41A0-9D86-272B8E46CBF4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{874D8C76-450C-414F-AF2A-696FDEF4D96B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E138BC4-5F39-4DEF-99A9-DA3FD9BEE686}" = rport=138 | protocol=17 | dir=out | app=system |
"{8E79783F-DB13-4F21-AE31-97079971A7EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{936CC89F-6EE1-4702-A33B-7E7F43E491F9}" = lport=2869 | protocol=6 | dir=in | name=upnp tcp 2869 |
"{96E02E88-92BD-4053-BEC8-6DF97ED9437C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9C75BCF8-9C61-4065-99A2-AFCDE7D7A8D2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A3CEC1D9-D655-45E3-83CA-4A8855A2AD91}" = lport=137 | protocol=17 | dir=in | app=system |
"{A4AF3C6B-6CAA-4296-8CAE-A025D369B4D0}" = lport=2869 | protocol=6 | dir=in | name=upnp tcp 2869 |
"{A83401D5-DDA7-40DF-9FC7-932DB6960B9A}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C7ED87F0-95E3-4266-A374-25327B938975}" = lport=1900 | protocol=17 | dir=in | name=upnp udp 1900 |
"{D16088D4-6F3E-45EA-95A5-6A03F156CD8E}" = lport=445 | protocol=6 | dir=in | app=system |
"{D73229D6-C080-4F37-AA4B-1716F6A87727}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD7899BF-AF84-46D9-A100-1C86F1C5FA08}" = lport=1900 | protocol=17 | dir=in | name=upnp udp 1900 |
"{E991C8A2-D968-4129-AE46-F925C61B3746}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011\rpcagentsrv.exe |
"{EA9738FE-7077-4B28-B6DD-2FFC174055BF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ECD0EC39-719B-4491-A881-FDBF57B70B45}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EF1A5FD4-0526-4B07-994D-18CEEBD4AAB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F232965F-37AA-4B91-B03E-02E5E1A1E805}" = rport=137 | protocol=17 | dir=out | app=system |
"{F578B665-DE73-48F8-BA87-A8814567D0FF}" = lport=138 | protocol=17 | dir=in | app=system |
"{FC94D2CB-B88C-47B8-8CFB-04EF75F2E981}" = rport=2869 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02172C6D-1AAF-4183-999B-82FB27CF4211}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\wi-fi go!\assisttools\wifi go! server.exe |
"{04480D82-EFAA-4941-AF71-A3D585F7963A}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |
"{06E2D802-C3E0-47C8-AC6F-2F1F56A5B04A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{08AE73F9-AF3A-4B7C-AEE3-F31169008248}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CD007B2-FB7A-44B7-B3E5-2415937ADF92}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{0ED88361-7AE0-47DB-A138-73B97C5D5D64}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{306E4056-134A-41F6-8EC4-B26A8533CEEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31AD1B0E-BDD8-4448-88C2-70369DEF626D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3D47B5F9-5AC3-43CD-840E-872BC318D43B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4026DAFE-0DE9-48CD-A156-9628683B7931}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{419E570C-E85C-4684-B9BF-8A32BFA3D445}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{47768C46-4B58-479C-BB09-EC181ACF5BFA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{48D17354-9368-4BF7-ACBF-19C85DCFDD4D}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |
"{4B53BEFC-AD9C-4705-BB1A-389520866B1C}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |
"{4D85C7F5-4BDE-4571-8A56-42D3AEE6CC1B}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{4E36AD25-4F4B-48D1-9FBB-7FC0D3E07DFF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{51E818D6-9513-42F5-98A9-DD0C3D341ECB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{546343DE-0741-4550-BE27-458AEAA0C622}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{58732490-A17C-4F6F-BD72-E4EBE037C991}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{67A66D59-F2AF-4712-B00F-5136D5B5AEF5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{68474134-92AB-4B72-BAFB-C93072D023EE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B5B8A20-B0C2-4AA5-A851-B1866DCE496D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{73EB8C2C-B509-4521-B92A-A164C2D5864B}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{86488A1F-F26B-4011-B087-02F05C3ADEDC}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{874A6CE3-1971-4AEA-8AA7-EFFB4CD12FFC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{95B36F81-50A4-4A81-ACB1-B6B0892B2D23}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{9AC27A12-4FB6-4C16-874B-15E22256E959}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{A8A8D477-48D5-4414-991E-52342DA845B1}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\wi-fi go!\assisttools\wifi go! server.exe |
"{A8B6B5CB-BB4E-466D-813E-1C7435D49688}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |
"{AD7E1E16-8EF8-4870-A0FE-D56AD1291A7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{AEF81D71-ACB7-4FD9-9586-F06120227E2F}" = protocol=6 | dir=out | app=system |
"{B12374D8-924A-419C-A07B-38E864C8EE0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{B427F1AE-096B-4C08-9E15-F979C67EEB63}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B565B487-C153-46FB-939E-E660A2A3B378}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B5937952-EF32-44EF-BD04-F5BC5917049C}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{BDF3017F-B2E6-4DF0-80FB-AA9226A87342}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BFE81327-E0C6-4CD7-9524-EA7180C829F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C4CEE026-FF56-473D-8A7B-E3956096A267}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7E64F80-EF50-4F73-89EE-2134B4D63041}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC067588-ABDC-4D25-9EF0-B15467373D0C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D8F80B08-73F4-481C-AA3B-A5032E64B013}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DD5BB4B5-1DA5-493B-B5DE-7DC209330E94}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DD97ACA7-5055-4EA4-81F0-FA5641BA5A0D}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{DF76E255-3E66-483D-8F40-C936984FDE6B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{E071B1BF-7DAD-4ED5-AE02-0FC658D4480A}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{EA80CDA7-F87B-4926-AE3D-4EC92D4EABB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EACF539F-83D5-46A4-9176-6305E1465F3D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBF3F475-447C-460B-8CFD-6FBC977B9F6D}" = dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"TCP Query User{1E1DAC7E-6712-477C-88E1-488769BBCB64}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{2DC672F9-2073-4116-A24E-14C1C3455A86}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{A1ACA0E2-FF9A-4CDA-BC30-C3861DE79F79}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{1E4CB219-F566-4F36-9659-E19B3ED8E35F}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{5485B3C9-6C8A-427D-A547-612FFCA88FF6}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{8988C0F4-A7E2-4EEA-8718-8E7C3601407B}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B1D3C64-EEBC-4807-93FF-DB71719E77F7}" = Image Resizer for Windows (64 bit)
"{357A82F9-B5FF-46C8-ABA2-104695E0F1D1}" = Intel(R) Network Connections 16.6.126.0
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.3
"DriverAgent.exe" = DriverAgent by eSupport.com
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PROSetDX" = Intel(R) Network Connections 16.6.126.0
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1" = World of Tanks
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}" = Z Engine
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{992E7A5F-2A06-459E-9E9A-E8BA0222969C}" = Phone F USB Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}" = Image Resizer for Windows
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FDC8065B-80DE-4466-B90B-2581F6D77DFF}" = Image Plugin
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"EaseUS Todo Backup Free 5.3_is1" = EaseUS Todo Backup Free 5.3
"ESET Online Scanner" = ESET Online Scanner v3
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Photo-grapher_is1" = Photo-grapher 1
"PIXresizer_is1" = PIXresizer
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/30/2013 11:51:32 PM | Computer Name = Jerry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\ASUS\ai
suite ii\wi-fi engine\SoftAP.exe". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/1/2013 1:30:27 PM | Computer Name = Jerry-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 2/1/2013 1:30:35 PM | Computer Name = Jerry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\ASUS\ai
suite ii\wi-fi engine\SoftAP.exe". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/2/2013 2:35:11 PM | Computer Name = Jerry-PC | Source = PerfOS | ID = 2011
Description =

Error - 2/2/2013 2:35:12 PM | Computer Name = Jerry-PC | Source = PerfOS | ID = 2011
Description =

Error - 2/2/2013 2:36:24 PM | Computer Name = Jerry-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/2/2013 2:37:13 PM | Computer Name = Jerry-PC | Source = PerfOS | ID = 2011
Description =

Error - 2/2/2013 2:37:13 PM | Computer Name = Jerry-PC | Source = PerfOS | ID = 2011
Description =

Error - 2/2/2013 2:39:13 PM | Computer Name = Jerry-PC | Source = PerfOS | ID = 2011
Description =

Error - 2/2/2013 2:43:13 PM | Computer Name = Jerry-PC | Source = PerfOS | ID = 2011
Description =

[ System Events ]
Error - 1/30/2013 7:57:35 AM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SABKUTIL

Error - 1/30/2013 7:59:36 AM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 1/30/2013 7:59:36 AM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 1/30/2013 7:45:33 PM | Computer Name = Jerry-PC | Source = ipnathlp | ID = 31004
Description =

Error - 1/31/2013 12:03:46 AM | Computer Name = Jerry-PC | Source = ipnathlp | ID = 31004
Description =

Error - 1/31/2013 12:12:03 AM | Computer Name = Jerry-PC | Source = ipnathlp | ID = 31004
Description =

Error - 2/2/2013 2:34:29 PM | Computer Name = Jerry-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 2/2/2013 2:34:50 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SABKUTIL

Error - 2/2/2013 2:36:51 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2/2/2013 2:36:51 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069


< End of report >
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Redirect trojan

Unread postby Cypher » February 2nd, 2013, 4:57 pm

Hi,
Thank you Cypher for giving this a try.

No problem it's my pleasure.

Upload File/Files for testing

Please go to Virustotal or jotti.org

Copy/paste this file and path into the white box at the top:
C:\Users\Jerry\AppData\Roaming\emelcf.dll
Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirect trojan

Unread postby iowabucks » February 2nd, 2013, 8:11 pm

https://www.virustotal.com/file/f325073 ... 359850159/

I do see the word medfos refered to in a couple of them.
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Redirect trojan

Unread postby Cypher » February 3rd, 2013, 6:09 am

Hi,
Good work so far, continue with the instructions below please.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Java 7 Update 11

Next.

AdwCleaner
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes,DefaultScope = {319F5DCC-AD4F-4D81-B3D6-C2E86D39E375}
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O4 - HKCU..\Run: [emelcf] C:\Users\Jerry\AppData\Roaming\emelcf.dll ()
    O33 - MountPoints2\{0227b0d1-e4a2-11e1-8ccc-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{0227b0d1-e4a2-11e1-8ccc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
    O33 - MountPoints2\{1d41e62f-e49a-11e1-b2a4-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{1d41e62f-e49a-11e1-b2a4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\rsrc\AUTORUN.EXE -- [2007/08/15 19:55:00 | 000,051,048 | R--- | M] (Activision)
    O33 - MountPoints2\{1d41e62f-e49a-11e1-b2a4-806e6f6e6963}\Shell\dinstall\command - "" = D:\DirectX\DXSETUP.exe -- [2008/05/30 16:34:50 | 000,528,392 | R--- | M] (Microsoft Corporation)
    O33 - MountPoints2\{ce61a092-2c70-11e2-9c13-c86000dd8f44}\Shell - "" = AutoRun
    O33 - MountPoints2\{ce61a092-2c70-11e2-9c13-c86000dd8f44}\Shell\AutoRun\command - "" = I:\Setup.exe
    [2013/01/28 09:16:57 | 000,615,424 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\emelcf.dll
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [emptyjava]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

Please run another OTL scan for me and post the resulting log.
Right click on OTL.exe And select Run as administrator to run it.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • OTL Fix log.
  • OTL Scan log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirect trojan

Unread postby iowabucks » February 3rd, 2013, 12:43 pm

There was no Java version 7 update 11 to delete in the programs. But there was a Java version 7 update 13 that had installed just yesterday i believe. I did get rid of that one.


# AdwCleaner v2.109 - Logfile created 02/03/2013 at 10:22:22
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Jerry - JERRY-PC
# Boot Mode : Normal
# Running from : C:\Users\Jerry\Documents\Computer info\Startup and spyware folder\Maleware removal forum programs\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Jerry\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Jerry\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1035 octets] - [02/02/2013 13:00:18]
AdwCleaner[S1].txt - [1057 octets] - [03/02/2013 10:22:22]

########## EOF - C:\AdwCleaner[S1].txt - [1117 octets] ##########

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\emelcf deleted successfully.
C:\Users\Jerry\AppData\Roaming\emelcf.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0227b0d1-e4a2-11e1-8ccc-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0227b0d1-e4a2-11e1-8ccc-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0227b0d1-e4a2-11e1-8ccc-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0227b0d1-e4a2-11e1-8ccc-806e6f6e6963}\ not found.
File D:\.\Bin\ASSETUP.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d41e62f-e49a-11e1-b2a4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d41e62f-e49a-11e1-b2a4-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d41e62f-e49a-11e1-b2a4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d41e62f-e49a-11e1-b2a4-806e6f6e6963}\ not found.
File move failed. D:\Setup\rsrc\AUTORUN.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d41e62f-e49a-11e1-b2a4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d41e62f-e49a-11e1-b2a4-806e6f6e6963}\ not found.
File move failed. D:\DirectX\DXSETUP.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce61a092-2c70-11e2-9c13-c86000dd8f44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce61a092-2c70-11e2-9c13-c86000dd8f44}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce61a092-2c70-11e2-9c13-c86000dd8f44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce61a092-2c70-11e2-9c13-c86000dd8f44}\ not found.
File I:\Setup.exe not found.
File C:\Users\Jerry\AppData\Roaming\emelcf.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jerry\Documents\Computer info\Startup and spyware folder\Maleware removal forum programs\cmd.bat deleted successfully.
C:\Users\Jerry\Documents\Computer info\Startup and spyware folder\Maleware removal forum programs\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jerry
->Temp folder emptied: 3057196 bytes
->Temporary Internet Files folder emptied: 378486071 bytes
->Java cache emptied: 1315216 bytes
->Flash cache emptied: 69167 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26061239 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 43138 bytes

Total Files Cleaned = 390.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jerry
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02032013_102648

Files\Folders moved on Reboot...
File move failed. D:\Setup\rsrc\AUTORUN.EXE scheduled to be moved on reboot.
File move failed. D:\DirectX\DXSETUP.exe scheduled to be moved on reboot.
C:\Users\Jerry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Jerry\AppData\Local\Temp\~DF05C551D26B3E9CD3.TMP not found!
File\Folder C:\Users\Jerry\AppData\Local\Temp\~DF1C095662179D0290.TMP not found!
File\Folder C:\Users\Jerry\AppData\Local\Temp\~DF28B8308E15D1A30B.TMP not found!
File\Folder C:\Users\Jerry\AppData\Local\Temp\~DF3B948BE12C492A27.TMP not found!
File\Folder C:\Users\Jerry\AppData\Local\Temp\~DF3D20F9C5EE439FC5.TMP not found!
File\Folder C:\Users\Jerry\AppData\Local\Temp\~DF5972B76688CBC7D6.TMP not found!
File\Folder C:\Users\Jerry\AppData\Local\Temp\~DF61F2DF9F2B31F843.TMP not found!
File\Folder C:\Users\Jerry\AppData\Local\Temp\~DF713D8B4B8E88FBDC.TMP not found!
File\Folder C:\Users\Jerry\AppData\Local\Temp\~DF846930C5ACE2E148.TMP not found!
File\Folder C:\Users\Jerry\AppData\Local\Temp\~DFB474A904702157DF.TMP not found!
File\Folder C:\Users\Jerry\AppData\Local\Temp\~DFBB8D10A95CA9FAB3.TMP not found!
File\Folder C:\Users\Jerry\AppData\Local\Temp\~DFDE32FACDF5178D0B.TMP not found!
File\Folder C:\Users\Jerry\AppData\Local\Temp\~DFEE298E35A4034CA6.TMP not found!
File\Folder C:\Users\Jerry\AppData\Local\Temp\~DFF2C2A57B546D0252.TMP not found!
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CA0COLJ5\afr[1].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CA0COLJ5\afr[2].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CA0COLJ5\afr[3].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CA0COLJ5\afr[4].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CA0COLJ5\viewtopic[1].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VRQQLIF\vb[1].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



There was another log that wanted to come up after restart, but instead all i got was an error message "There was a problem starting C:\Users\Jerry\AppData\roaming\emelcf.dll The specified module could not be found"


OTL logfile created on: 2/3/2013 10:41:25 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jerry\Documents\Computer info\Startup and spyware folder\Maleware removal forum programs
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.95 Gb Total Physical Memory | 13.93 Gb Available Physical Memory | 87.35% Memory free
15.95 Gb Paging File | 13.76 Gb Available in Paging File | 86.27% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 476.84 Gb Total Space | 350.83 Gb Free Space | 73.58% Space Free | Partition Type: NTFS
Drive D: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JERRY-PC | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/02 12:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\My Documents\Computer info\Startup and spyware folder\Maleware removal forum programs\OTL.exe
PRC - [2013/01/08 15:47:16 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/30 18:10:44 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2012/10/19 23:02:36 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/20 19:31:01 | 001,470,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe
PRC - [2012/08/20 19:31:01 | 000,951,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
PRC - [2012/08/20 19:31:01 | 000,918,448 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
PRC - [2012/08/20 19:31:01 | 000,149,120 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
PRC - [2012/08/16 05:56:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/03/13 11:34:12 | 002,935,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2012/02/08 13:05:50 | 003,111,552 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
PRC - [2012/02/06 20:11:14 | 000,658,048 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe
PRC - [2012/02/02 16:55:22 | 003,484,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
PRC - [2012/02/02 14:20:32 | 000,889,984 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
PRC - [2012/01/20 15:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/01/20 15:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/01/20 10:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/10 08:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2012/01/04 13:13:24 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2011/12/30 17:42:50 | 001,153,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
PRC - [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/10/31 08:57:48 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
PRC - [2011/09/08 20:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2010/11/20 21:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/10/01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/20 19:30:45 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
MOD - [2012/04/05 10:38:34 | 000,883,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2012/03/21 11:07:44 | 000,972,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2012/02/03 09:12:22 | 001,122,304 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
MOD - [2012/02/02 14:12:48 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll
MOD - [2012/02/02 10:11:56 | 001,494,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\WiFiGO.dll
MOD - [2012/02/01 17:20:36 | 000,507,904 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\MirrorOpSender.dll
MOD - [2012/01/30 12:57:26 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\DLCapPP.dll
MOD - [2012/01/20 09:17:16 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll
MOD - [2012/01/19 08:39:30 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll
MOD - [2012/01/18 21:39:26 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\IsSupported.dll
MOD - [2012/01/12 15:44:02 | 000,475,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFiGO_HookKey.dll
MOD - [2012/01/11 19:36:24 | 000,708,608 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiMoveHelp.dll
MOD - [2011/12/29 19:45:12 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2011/12/04 00:28:36 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\PhoneCtrlAPI.dll
MOD - [2011/10/14 19:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2011/09/26 18:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
MOD - [2011/09/26 17:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011/09/19 19:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2011/08/16 18:31:36 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\AudioProjection.dll
MOD - [2011/08/09 13:52:50 | 000,425,984 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\awiscale.dll
MOD - [2011/07/21 08:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2011/07/12 18:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2010/12/14 16:46:32 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\CoreAudioCap.dll
MOD - [2010/10/05 07:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2010/10/05 07:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll
MOD - [2010/10/05 07:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2009/08/12 19:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/01/10 20:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2011/08/15 16:38:50 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2009/08/17 22:19:24 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/08 15:47:17 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/23 18:37:28 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/30 18:10:44 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2012/10/19 23:02:36 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/20 19:31:01 | 001,470,592 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2012/08/20 19:31:01 | 000,951,936 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)
SRV - [2012/08/20 19:31:01 | 000,918,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc)
SRV - [2012/08/20 19:31:01 | 000,149,120 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2012/08/16 05:56:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/08/13 03:56:52 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/08/13 03:38:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/01/20 15:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 15:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/20 10:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2009/09/21 20:25:34 | 001,571,336 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009/09/21 20:19:22 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/19 23:02:16 | 000,189,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV:64bit: - [2012/10/19 23:02:12 | 000,048,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)
DRV:64bit: - [2012/10/19 23:02:06 | 000,018,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)
DRV:64bit: - [2012/10/19 23:02:04 | 000,058,952 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/18 11:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/06 09:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2012/01/04 13:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/04 13:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/04 13:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/11/29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/03 10:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/11/03 10:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/10/27 14:34:32 | 002,791,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/08/12 04:13:36 | 000,032,360 | R--- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd)
DRV:64bit: - [2011/07/19 19:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/05/05 20:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/05/05 20:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/05/05 20:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/05/05 20:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/05/05 20:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/05/05 20:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/05/05 20:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/03/30 12:31:50 | 000,364,288 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FXX\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2010/03/30 12:31:50 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxxandroidusb.sys -- (androidusb)
DRV:64bit: - [2009/10/01 22:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009/09/21 20:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009/09/21 20:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2009/09/21 20:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/07/23 08:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/20 10:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV - [2012/08/20 12:33:45 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.archerytalk.com/vb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 72 E4 84 1E 79 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {319F5DCC-AD4F-4D81-B3D6-C2E86D39E375}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{319F5DCC-AD4F-4D81-B3D6-C2E86D39E375}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKCU..\Run: [emelcf] "C:\Windows\System32\rundll32.exe" "C:\Users\Jerry\AppData\Roaming\emelcf.dll",StringARepr File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.207.0.3 66.207.0.2 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D34FC8C3-7FD1-4BA6-AFA5-F6EE5BF4709D}: DhcpNameServer = 66.207.0.3 66.207.0.2 192.168.1.1
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/15 18:53:55 | 000,000,142 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/03 10:26:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/31 09:14:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jerry\Desktop\dds.scr
[2013/01/30 08:48:12 | 000,000,000 | ---D | C] -- C:\Users\Jerry\Desktop\NVIDIA Corporation
[2013/01/20 11:05:34 | 000,000,000 | ---D | C] -- C:\Users\Jerry\Desktop\New folder
[2013/01/09 11:37:39 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 11:37:39 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 11:37:24 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 11:37:22 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 11:37:21 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 11:37:21 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 11:37:21 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 11:37:21 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 11:37:21 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 11:37:21 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 11:37:21 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 11:37:21 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 11:37:21 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 11:37:21 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 11:37:21 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 11:37:21 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 11:37:21 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 11:37:21 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 11:37:21 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 11:37:21 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 11:37:21 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 11:37:21 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 11:37:21 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 11:37:21 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 11:37:21 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 11:37:21 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 11:37:21 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 11:37:21 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 11:37:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 11:37:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 11:37:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 11:37:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 11:37:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 11:37:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 11:37:21 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 11:37:21 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 11:37:05 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 11:37:05 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 11:37:05 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 11:37:05 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 11:37:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 11:37:05 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 11:37:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 11:37:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 11:37:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 11:37:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 11:37:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 11:37:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 11:37:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 11:37:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 11:37:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 11:37:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 11:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 11:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 11:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 11:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 11:37:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 11:37:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 11:37:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 11:37:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 11:37:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 11:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 11:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 11:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 11:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 11:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 11:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 11:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 11:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 11:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 11:37:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 11:37:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 11:37:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 11:37:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 11:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 11:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 11:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 11:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 11:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 11:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 11:37:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 11:36:57 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/03 10:41:06 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/03 10:41:06 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/03 10:41:06 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/03 10:39:45 | 000,032,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 10:39:45 | 000,032,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 10:32:51 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/02/03 10:32:48 | 001,048,576 | ---- | M] () -- C:\Windows\PE_Rom.dll
[2013/02/03 10:32:31 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/03 10:32:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/03 10:32:03 | 000,060,640 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000001-00001102-00000005-00221102}.rfx
[2013/02/03 10:32:03 | 000,060,640 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000001-00001102-00000005-00221102}.rfx
[2013/02/03 10:32:03 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000001-00001102-00000005-00221102}.rfx
[2013/02/03 10:31:07 | 000,001,521 | ---- | M] () -- C:\Users\Jerry\Desktop\New Rich Text Document (2).rtf
[2013/02/03 10:22:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/03 10:16:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/02 23:39:11 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/02/02 23:00:29 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/02/02 23:00:29 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/02/02 14:33:33 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/02/02 14:33:33 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/01/29 09:31:43 | 000,002,820 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2013/01/28 08:37:02 | 000,002,752 | ---- | M] () -- C:\Windows\MB.idx
[2013/01/28 08:35:43 | 000,000,551 | ---- | M] () -- C:\Windows\Path.idx
[2013/01/24 23:23:38 | 000,042,880 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2013/01/24 23:23:36 | 000,028,544 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2013/01/22 20:44:35 | 000,101,133 | ---- | M] () -- C:\Users\Jerry\Desktop\DSC01158 (Medium).JPG
[2013/01/22 19:04:45 | 000,676,368 | ---- | M] () -- C:\Users\Jerry\Desktop\Pits - New county property.jpg
[2013/01/10 17:03:44 | 000,069,506 | ---- | M] () -- C:\Users\Jerry\Desktop\p8IWx.jpg
[2013/01/10 03:18:41 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/08 15:47:17 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/08 15:47:17 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/07 16:23:03 | 000,498,815 | ---- | M] () -- C:\Users\Jerry\Desktop\Pat at Weise.jpg
[2013/01/07 16:20:54 | 000,490,057 | ---- | M] () -- C:\Users\Jerry\Desktop\4 Wheelin with Pat at Weise.jpg
[2013/01/07 16:09:01 | 000,425,493 | ---- | M] () -- C:\Users\Jerry\Desktop\Bronco tire quote.jpg
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/03 10:29:59 | 000,001,521 | ---- | C] () -- C:\Users\Jerry\Desktop\New Rich Text Document (2).rtf
[2013/01/29 09:31:33 | 000,002,820 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2013/01/24 23:23:38 | 000,042,880 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2013/01/24 23:23:36 | 000,028,544 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2013/01/22 20:44:35 | 000,101,133 | ---- | C] () -- C:\Users\Jerry\Desktop\DSC01158 (Medium).JPG
[2013/01/22 19:04:45 | 000,676,368 | ---- | C] () -- C:\Users\Jerry\Desktop\Pits - New county property.jpg
[2013/01/10 17:03:54 | 000,069,506 | ---- | C] () -- C:\Users\Jerry\Desktop\p8IWx.jpg
[2013/01/07 16:23:03 | 000,498,815 | ---- | C] () -- C:\Users\Jerry\Desktop\Pat at Weise.jpg
[2013/01/07 16:20:54 | 000,490,057 | ---- | C] () -- C:\Users\Jerry\Desktop\4 Wheelin with Pat at Weise.jpg
[2013/01/07 16:09:01 | 000,425,493 | ---- | C] () -- C:\Users\Jerry\Desktop\Bronco tire quote.jpg
[2012/09/30 09:50:55 | 001,048,576 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012/08/20 19:31:01 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/08/20 19:31:01 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/08/17 18:58:45 | 000,007,597 | ---- | C] () -- C:\Users\Jerry\AppData\Local\Resmon.ResmonCfg
[2012/08/16 08:02:44 | 014,835,712 | ---- | C] () -- C:\ProgramData\sandra.mda
[2012/08/15 04:22:13 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/15 04:22:12 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/08/15 04:22:12 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/08/13 03:38:01 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/08/13 03:38:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/08/12 10:36:52 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/12 09:46:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/08/12 09:46:47 | 000,040,528 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/01/10 19:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Redirect trojan

Unread postby Cypher » February 3rd, 2013, 12:58 pm

Hi,
There was no Java version 7 update 11 to delete in the programs.

No problem.
MSE popup box constantly tells me it's still there and was quaranteened.

Are you still getting the MSE alerts?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirect trojan

Unread postby iowabucks » February 3rd, 2013, 1:05 pm

Cypher wrote: Are you still getting the MSE alerts?

Now that you mention it, no i haven't seen one. But i have only been on for maybe 10 minutes since that last post. I will be sure to let you know if i do see one.

Do you mind if i ask what you saw, or what we did to get rid of it?

Thanks so much. Jerry.
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Redirect trojan

Unread postby Cypher » February 3rd, 2013, 1:11 pm

Now that you mention it, no i haven't seen one. But i have only been on for maybe 10 minutes since that last post. I will be sure to let you know if i do see one.
Yes, please let me know know if you get any more alerts.
Do you mind if i ask what you saw, or what we did to get rid of it?

We removed a malicious file from your computer, the one i asked you to upload for testing.
somewhere along the line i picked up a redirect trojan.

Are your searches still redirected? let me know in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirect trojan

Unread postby iowabucks » February 3rd, 2013, 8:15 pm

Looks good so far Cypher.

I haven't yet, but i will be sure to donate.

Thanks. Jerry.
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Redirect trojan

Unread postby Cypher » February 4th, 2013, 6:42 am

Hi Jerry,
I haven't yet, but i will be sure to donate.

Thank you for your offer of a donation, due to a change in policy we no longer accept donations, all the help we offer is free.
Looks good so far Cypher.

Excellent.
I would like you to run another scan for we, just to check for any leftovers .
You ran this scan the last time you were here.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirect trojan

Unread postby iowabucks » February 4th, 2013, 8:25 am

This is all i could find for a log file in the ESET folder.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

But this is the results i copied from the test.

C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll a variant of Win32/Toolbar.CrossRider.A application
C:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll a variant of Win32/TFTPD32.A application
C:\_OTL\MovedFiles\02032013_102648\C_Users\Jerry\AppData\Roaming\emelcf.dll a variant of Win32/Medfos.JK trojan


I do notice that every time i start up my computer, i get an error.
It says "RunDll There was a problem starting C:\Users\Jerry\AppData\Roaming\emelcf.dll The specified module could not be found."
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Redirect trojan

Unread postby Cypher » February 4th, 2013, 11:46 am

Hi Jerry,
Do the following then give me another update please.

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "emelcf"=-
    
    :files
    C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll 
    C:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll 
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware