Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet Explorer running in Background!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet Explorer running in Background!

Unread postby punkpal » February 4th, 2013, 4:53 pm

Hello there,
Today I've noticed while I was gaming, my computer was running quite slow.
I opened task manager to see if I had anything open that I may have not been aware of. Internet explorer was running twice. I did not have my internet explorer open. Also, when I tried to 'end process' nothing happened, they continued to run and their names (sites) were changing! The names were displaying sites I have never visited before.

Also, I planned to run Windows Defender, but it would not let me! It is still not letting me open Windows Defender.

Please let me know how I can fix this; it would be greatly appreciated. I'm not very knowledgable about computers. Also, please let me know if any more info is required. Thank you so much for any help at all.

Here are the DDS Logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by owner at 15:39:37 on 2013-02-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2399 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msinfo32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Akamai NetSession Interface] "C:\Users\owner\AppData\Local\Akamai\netsession_win.exe"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C1015840-AF1E-4695-993A-03A3069BB560} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C1015840-AF1E-4695-993A-03A3069BB560}\346416D6E45445 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C1015840-AF1E-4695-993A-03A3069BB560}\355707562702830284F64756C6 : DHCPNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{C1015840-AF1E-4695-993A-03A3069BB560}\7666C673 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [ogfdm] "C:\Windows\System32\rundll32.exe" "C:\Users\owner\AppData\Roaming\ogfdm.dll",_AfterFork
x64-Run: [shtitc] "C:\Windows\System32\rundll32.exe" "C:\Users\owner\AppData\Roaming\shtitc.dll",WarnEx
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-6-26 75904]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-6-26 38016]
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-7-2 15928]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-7-2 379520]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-26 203264]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-9-24 116752]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-6-26 129024]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-2-24 131552]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-26 38528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 BS_DEF;BS_DEF;C:\Windows\BS_DEF.sys [2012-6-26 21048]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-14 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-12 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-5 1255736]
.
=============== Created Last 30 ================
.
2013-02-04 20:05:08 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58CB6E63-D558-437B-9343-DBC06665CC5A}\offreg.dll
2013-02-03 22:53:11 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58CB6E63-D558-437B-9343-DBC06665CC5A}\mpengine.dll
2013-02-02 19:00:50 9161176 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-30 16:05:00 332288 ----a-w- C:\Users\owner\AppData\Roaming\shtitc.dll
2013-01-30 16:03:54 607744 ----a-w- C:\Users\owner\AppData\Roaming\ogfdm.dll
2013-01-30 00:35:52 102400 ----a-w- C:\Users\owner\kszkkgdkoufhinhioegmriya.exe
2013-01-29 23:56:28 -------- d-----r- C:\Program Files (x86)\Skype
2013-01-25 04:35:09 -------- d-----w- C:\Users\owner\AppData\Local\Facebook
2013-01-09 19:12:43 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 19:12:42 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 19:10:51 424448 ----a-w- C:\Windows\System32\KernelBase.dll
.
==================== Find3M ====================
.
2013-02-04 19:18:29 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-10 18:29:15 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-10 18:29:15 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-08 16:29:12 1402312 ----a-w- C:\Windows\SysWow64\msxml4.dll
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 15:41:26.64 ===============

.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/5/2010 2:24:35 AM
System Uptime: 2/4/2013 3:02:46 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K52Dr
Processor: AMD Phenom(tm) II N830 Triple-Core Processor | CPU 1 | 798/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 36.208 GiB free.
D: is FIXED (NTFS) - 330 GiB total, 294.616 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP391: 1/26/2013 11:46:54 AM - Removed Facebook Messenger 2.1.4651.0
RP392: 1/26/2013 11:57:20 AM - Removed Facebook Messenger 2.1.4651.0
RP393: 1/27/2013 12:37:18 PM - Windows Update
RP395: 1/29/2013 7:36:13 PM - Microsoft Antimalware Checkpoint
RP396: 1/30/2013 1:37:34 PM - Windows Update
RP398: 1/30/2013 7:40:16 PM - Microsoft Antimalware Checkpoint
RP400: 1/31/2013 7:43:17 PM - Microsoft Antimalware Checkpoint
RP402: 2/1/2013 7:44:47 PM - Microsoft Antimalware Checkpoint
RP403: 2/2/2013 2:00:09 PM - Windows Update
RP405: 2/2/2013 7:45:24 PM - Microsoft Antimalware Checkpoint
RP407: 2/3/2013 7:49:02 PM - Microsoft Antimalware Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.5)
AMD Catalyst Install Manager
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS AI Recovery
ASUS AP Bank
ASUS CopyProtect
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ATK Package
Battle.net
Boingo Wi-Fi
Bonjour
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ControlDeck
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD 9
D3DX10
ETDWare PS/2-x64 7.0.5.16_WHQL
Fast Boot
Internet TV for Windows Media Center
iTunes
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Photo Common
Photo Gallery
PMB
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Skype™ 6.1
SpeedFan (remove only)
SRS Premium Sound Control Panel
StarCraft II
System Requirements Lab
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB 2.0 VGA UVC WebCam
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
1/30/2013 11:12:44 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
1/30/2013 11:12:44 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
1/29/2013 10:59:23 PM, Error: Service Control Manager [7043] - The Microsoft Antimalware Service service did not shut down properly after receiving a preshutdown control.
1/29/2013 10:59:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NisSrv service.
.
==== End Of File ===========================
punkpal
Regular Member
 
Posts: 37
Joined: February 4th, 2013, 4:32 pm
Advertisement
Register to Remove

Re: Internet Explorer running in Background!

Unread postby deltalima » February 4th, 2013, 5:03 pm

checking your log - back soon
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Internet Explorer running in Background!

Unread postby punkpal » February 4th, 2013, 5:04 pm

Thank you SO much <3
punkpal
Regular Member
 
Posts: 37
Joined: February 4th, 2013, 4:32 pm

Re: Internet Explorer running in Background!

Unread postby deltalima » February 4th, 2013, 5:13 pm

Hi punkpal,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\Users\owner\AppData\Roaming\shtitc.dll

Press Scan it - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Repeat the Virustotal scan with the following files and post the results in your reply.

C:\Users\owner\AppData\Roaming\ogfdm.dll
C:\Users\owner\kszkkgdkoufhinhioegmriya.exe
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Internet Explorer running in Background!

Unread postby punkpal » February 4th, 2013, 6:41 pm

Thank you for the welcome.
I removed uTorrent successfully.

Here are the scans you asked for:


C:\Users\owner\AppData\Roaming\shtitc.dll :

SHA256:
bcbcf146958c9da5f9af2c8557fc055758b4581531d28671a3471c5153b9b921
SHA1:

16352073c3005876a72b7550f25e9ab1ea58de3e

MD5:
fd2d6542b7758de1e9f3728a8f28299e

File size:
324.5 KB ( 332288 bytes )
File name:
S3Display (32-bit)
File type:
Win32 DLL

Tags:
pedll

Detection ratio:

16 / 46

Analysis date:

2013-02-04 21:46:54 UTC ( 37 minutes ago )


More details
Analysis
Comments
Votes
Additional information

Antivirus
Result
Update
Agnitum
-
20130204
AhnLab-V3
Trojan/Win32.Medfos
20130204
AntiVir
-
20130204
Antiy-AVL
-
20130204
Avast
20130204
AVG
Win32/Cryptor
20130204
BitDefender
Gen:Variant.Graftor.66469
20130204
ByteHero
-
20130204
CAT-QuickHeal
-
20130204
ClamAV
-
20130204
Commtouch
-
20130204
Comodo
-
20130204
DrWeb
Trojan.Packed
20130204
Emsisoft
-
20130204
eSafe
-
20130204
ESET-NOD32
a variant of Win32/Medfos.JK
20130204
F-Prot
-
20130201
F-Secure
Gen:Variant.Graftor.66469
20130204
Fortinet
W32/Medfos.IQ!tr
20130204
GData
Gen:Variant.Graftor.66469
20130204
Ikarus
-
20130204
Jiangmin
-
20121221
K7AntiVirus
-
20130204
Kaspersky
HEUR:Trojan.Win32.Generic
20130204
Kingsoft
-
20130204
Malwarebytes
-
20130204
McAfee
Medfos-FAWL
20130204
McAfee-GW-Edition
Medfos-FAVG!FD2D6542B775
20130204
Microsoft
-
20130204
MicroWorld-eScan
Gen:Variant.Graftor.66469
20130204
NANO-Antivirus
-
20130204
Norman
-
20130203
nProtect
-
20130204
Panda
Trj/Genetic.gen
20130204
PCTools
-
20130204
Rising
-
20130204
Sophos
Mal/Medfos-M
20130204
SUPERAntiSpyware
-
20130204
Symantec
-
20130204
TheHacker
-
20130204
TotalDefense
-
20130204
TrendMicro
-
20130204
TrendMicro-HouseCall
-
20130204
VBA32
Malware-Cryptor.General.3
20130204
VIPRE
Trojan.Win32.Medfos.o (v)
20130204
ViRobot
-
20130204

C:\Users\owner\AppData\Roaming\ogfdm.dll

SHA256:

e1107846a87fef73c8804c365f273e4677628b79f043f9f7bbf47233c466e9dd

SHA1:

1410f6b00fc180328534c745de02c0b107a4223a

MD5:

a3530a4d0eb60a2615dbb8c8ce745321

File size:
593.5 KB ( 607744 bytes )

File name:
CmiRemoveDriver.EXE

File type:
Win32 DLL
Detection ratio:

11 / 31

Analysis date:

2013-02-04 22:13:46 UTC ( 1 minute ago )


More details
Analysis
Comments
Votes
Additional information
Antivirus
Result
Update
AhnLab-V3
Trojan/Win32.Symmi
20130204
Antiy-AVL
-
20130204
BitDefender
Gen:Variant.Graftor.66421
20130204
ByteHero
-
20130204
CAT-QuickHeal
-
20130204
ClamAV
-
20130204
Commtouch
-
20130204
Comodo
-
20130204
Emsisoft
-
20130204
Fortinet
W32/Medfos.IQ!tr
20130204
GData
Gen:Variant.Graftor.66421
20130204
Ikarus
-
20130204
Jiangmin
-
20121221
K7AntiVirus
-
20130204
Kingsoft
-
20130204
Malwarebytes
-
20130204
McAfee
Medfos-FAWL
20130204
McAfee-GW-Edition
Medfos-FAVB!A3530A4D0EB6
20130204
MicroWorld-eScan
Gen:Variant.Graftor.66421
20130204
NANO-Antivirus
-
20130204
Norman
-
20130203
nProtect
-
20130204
Panda
-
20130204
PCTools
-
20130204
SUPERAntiSpyware
Trojan.Agent/Gen-Medfos
20130204
TheHacker
-
20130204
TotalDefense
-
20130204
TrendMicro
TROJ_MEDFOS.SMI
20130204
TrendMicro-HouseCall
TROJ_MEDFOS.SMI
20130204
VIPRE
Trojan.Win32.Medfos.o (v)
20130204
ViRobot
-
20130204


C:\Users\owner\kszkkgdkoufhinhioegmriya.exe

^There was a problem with this one..I could not copy and paste it and I could not 'browse' and link it because it seems to have disappeared, which makes no sense to me because I did not delete or touch it. When I searched the C: drive it showed that there was info of the file or application in 'Program Data>Microsoft>Microsoft Antimalware but I could not find it to link it from there either! I also do not have Windows Defender running (it won't run!)
punkpal
Regular Member
 
Posts: 37
Joined: February 4th, 2013, 4:32 pm

Re: Internet Explorer running in Background!

Unread postby deltalima » February 4th, 2013, 6:45 pm

Hi punkpal,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Internet Explorer running in Background!

Unread postby punkpal » February 4th, 2013, 8:02 pm

OTL.TXT
OTL logfile created on: 2/4/2013 5:54:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.09% Memory free
7.99 Gb Paging File | 5.66 Gb Available in Paging File | 70.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.45 Gb Total Space | 36.76 Gb Free Space | 31.57% Space Free | Partition Type: NTFS
Drive D: | 329.78 Gb Total Space | 294.62 Gb Free Space | 89.34% Space Free | Partition Type: NTFS

Computer Name: CHRISCROSS-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Users\owner\AppData\Roaming\ogfdm.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (BS_DEF) -- C:\Windows\BS_DEF.sys (AsusTek Computer Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-76744647-276698571-1013355761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-76744647-276698571-1013355761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-76744647-276698571-1013355761-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-76744647-276698571-1013355761-1000\..\SearchScopes\{C02E13BB-8A8B-4B75-9EEA-1EB7B78588C4}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111041,17118,0,18,0
IE - HKU\S-1-5-21-76744647-276698571-1013355761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-76744647-276698571-1013355761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-76744647-276698571-1013355761-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [ogfdm] C:\Users\owner\AppData\Roaming\ogfdm.dll ()
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [shtitc] C:\Users\owner\AppData\Roaming\shtitc.dll (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-76744647-276698571-1013355761-1000..\Run: [Akamai NetSession Interface] "C:\Users\owner\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-76744647-276698571-1013355761-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-76744647-276698571-1013355761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-76744647-276698571-1013355761-1000\..Trusted Domains: elfwood.com ([www] http in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1015840-AF1E-4695-993A-03A3069BB560}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/04 17:52:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2013/01/30 11:05:00 | 000,332,288 | ---- | C] (S3 Graphics Co., Ltd.) -- C:\Users\owner\AppData\Roaming\shtitc.dll
[2013/01/29 18:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/29 18:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/01/29 18:56:28 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/01/24 23:35:09 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Facebook
[2013/01/09 14:12:43 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 14:12:42 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 14:11:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 14:11:44 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 14:11:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 14:11:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 14:11:39 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 14:11:39 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 14:11:39 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 14:11:39 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 14:11:39 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 14:11:39 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 14:11:39 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 14:11:39 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 14:11:39 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 14:11:39 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 14:11:39 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 14:11:39 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 14:11:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 14:11:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 14:11:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 14:11:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 14:11:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 14:11:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 14:11:38 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 14:11:38 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 14:11:38 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 14:11:37 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 14:11:36 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 14:11:36 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 14:11:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 14:11:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 14:11:36 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 14:11:36 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 14:11:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 14:11:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 14:10:51 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 14:10:50 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 14:10:49 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 14:10:49 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 14:10:49 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 14:10:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 14:10:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 14:10:49 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 14:10:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 14:10:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 14:10:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 14:10:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 14:10:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 14:10:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 14:10:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 14:10:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 14:10:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 14:10:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 14:10:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 14:10:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 14:10:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 14:10:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 14:10:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 14:10:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 14:10:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 14:10:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 14:10:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 14:10:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 14:10:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 14:10:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 14:10:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 14:10:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 14:10:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 14:10:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 14:10:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 14:10:17 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2008/08/11 23:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

========== Files - Modified Within 30 Days ==========

[2013/02/04 17:52:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2013/02/04 17:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/04 15:39:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 15:39:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 15:02:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/04 15:02:51 | 3219,509,248 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/04 14:18:29 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013/01/30 11:05:05 | 000,332,288 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Users\owner\AppData\Roaming\shtitc.dll
[2013/01/30 11:04:37 | 000,607,744 | ---- | M] () -- C:\Users\owner\AppData\Roaming\ogfdm.dll
[2013/01/25 23:49:19 | 000,727,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/25 23:49:19 | 000,624,696 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/25 23:49:19 | 000,107,040 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/25 13:10:20 | 000,001,961 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/01/15 13:27:24 | 000,001,079 | ---- | M] () -- C:\Users\owner\Desktop\Bridgman - Guide To Drawing From Life - Shortcut.lnk
[2013/01/10 13:29:15 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/10 13:29:15 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/09 15:33:48 | 000,277,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/01/30 11:03:54 | 000,607,744 | ---- | C] () -- C:\Users\owner\AppData\Roaming\ogfdm.dll
[2013/01/15 13:27:24 | 000,001,079 | ---- | C] () -- C:\Users\owner\Desktop\Bridgman - Guide To Drawing From Life - Shortcut.lnk
[2012/09/20 10:17:57 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/06/26 20:58:29 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/06/26 20:03:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/04/28 19:33:11 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/04/05 20:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 20:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/12/25 12:38:46 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2011/12/02 23:19:42 | 000,007,666 | ---- | C] () -- C:\Users\owner\AppData\Local\resmon.resmoncfg
[2011/02/08 07:52:39 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/02 08:57:15 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/04/08 12:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 10:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== ZeroAccess Check ==========

[2013/01/29 19:35:55 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$94b8ffb30144308bdb65466d26ae3f1f\L
[2013/01/29 19:35:55 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$94b8ffb30144308bdb65466d26ae3f1f\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


Extras.txt

OTL Extras logfile created on: 2/4/2013 5:54:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.09% Memory free
7.99 Gb Paging File | 5.66 Gb Available in Paging File | 70.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.45 Gb Total Space | 36.76 Gb Free Space | 31.57% Space Free | Partition Type: NTFS
Drive D: | 329.78 Gb Total Space | 294.62 Gb Free Space | 89.34% Space Free | Partition Type: NTFS

Computer Name: CHRISCROSS-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6AEF2FFB-A27B-45B5-85C8-5AB6D991682E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{EE584FEB-CF93-4F98-9C7C-2A0C1E7593A7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"TCP Query User{D8B99D56-81F1-4B8E-A15A-A50B0D87AE1D}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{ECE41ACE-72DB-4B17-A7EE-5217560C53B6}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{82C9101B-36EC-5821-DD8B-05480074A0B8}" = AMD Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6D5A1D7-6E4B-7FE0-790E-864A77AFD773}" = ccc-utility64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Elantech" = ETDWare PS/2-x64 7.0.5.16_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D3FD22-96E4-C77C-1F10-9D126EF51684}" = CCC Help Korean
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{09142540-6D56-5E13-7EE2-6ED42503B02C}" = CCC Help Spanish
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11F156AD-68DC-730D-6A5F-8EE81DD63F27}" = CCC Help Hungarian
"{168E1889-703A-EF39-2A18-43FF5C5E72AE}" = CCC Help Danish
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2374E066-207D-9C1D-1892-37D76B3F9295}" = CCC Help Greek
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{259E06E0-A541-133D-33A1-1F926DA14ED0}" = CCC Help French
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{32E485F0-C156-3CBC-93F9-2A39B3C6F531}" = CCC Help Italian
"{38A50AB9-46E6-BA24-CA50-A70B73AD94CD}" = Catalyst Control Center Localization All
"{3A654621-7FAA-4904-558B-2FFE2CE0D4D6}" = CCC Help Portuguese
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5CAA69CD-9C1B-5604-B14B-8FAC2BC5E228}" = Catalyst Control Center InstallProxy
"{62162058-C7F4-5FFE-3C4A-0203FA2B3ABE}" = CCC Help Dutch
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{67EC6B7D-C7CD-ADCF-E929-DF090304381E}" = CCC Help Polish
"{6A48A232-10DE-2C6C-CD8F-0907B603321B}" = CCC Help Chinese Traditional
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73F03B4E-578E-B858-F9B4-B7758AC73ECC}" = Catalyst Control Center Graphics Previews Vista
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7990CD74-DD24-060A-8016-FA0C78F98E87}" = CCC Help Turkish
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9447F2A6-D7DC-CE76-048A-8516B609EB50}" = CCC Help Russian
"{96CED827-FA06-2D08-77EF-35F30E29BFB5}" = CCC Help Czech
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A3BFAF0-DF21-5F6D-6E31-C546E6DA523B}" = CCC Help Chinese Standard
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A25C3D1A-F5F6-CED5-404D-F152B3A95A51}" = CCC Help Finnish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BCE569F8-0FD7-6D17-4AF0-0C1422C566F0}" = CCC Help German
"{BDB90415-B244-9050-F9FE-0255CE5571FD}" = ccc-core-static
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CBD4DE5E-7525-58CB-A844-7A69C7BF6DE0}" = CCC Help English
"{D08BDF7F-9464-353C-E4D0-6DAB543EEA99}" = CCC Help Thai
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D6450C59-1C04-3E48-0840-913D4D4BD273}" = CCC Help Japanese
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DE80FE1E-79B9-984E-5857-DCF1DBF5B774}" = CCC Help Swedish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7101238-3463-6C3C-50C2-05A3D9C3F780}" = CCC Help Norwegian
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS WebStorage" = ASUS WebStorage
"Battle.net" = Battle.net
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/23/2011 10:24:40 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10386936

Error - 12/23/2011 10:24:56 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/23/2011 10:24:56 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10402536

Error - 12/23/2011 10:24:56 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10402536

Error - 12/23/2011 10:25:09 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.18:5353 4 owner-PC.local.
Addr 192.168.1.18

Error - 12/23/2011 10:25:09 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 owner-PC.local.
Addr 192.168.1.25

Error - 12/23/2011 10:25:09 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname owner-PC.local already in use; will try owner-PC-2.local
instead

Error - 12/23/2011 10:25:12 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.18:5353 4 owner-PC.local.
Addr 192.168.1.18

Error - 12/23/2011 10:25:12 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 owner-PC.local.
Addr 192.168.1.25

Error - 12/23/2011 10:25:12 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname owner-PC.local already in use; will try owner-PC-2.local
instead

[ Media Center Events ]
Error - 1/10/2011 8:05:04 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 4:05:03 PM - Error connecting to the internet. 4:05:04 PM - Unable
to contact server..

Error - 1/10/2011 8:05:15 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 4:05:09 PM - Error connecting to the internet. 4:05:09 PM - Unable
to contact server..

Error - 1/18/2011 11:03:05 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 7:03:04 PM - Error connecting to the internet. 7:03:04 PM - Unable
to contact server..

Error - 1/18/2011 11:03:16 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 7:03:10 PM - Error connecting to the internet. 7:03:10 PM - Unable
to contact server..

Error - 1/19/2011 12:03:20 AM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 8:03:20 PM - Error connecting to the internet. 8:03:20 PM - Unable
to contact server..

Error - 1/19/2011 12:03:27 AM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 8:03:25 PM - Error connecting to the internet. 8:03:25 PM - Unable
to contact server..

Error - 1/20/2011 9:11:30 AM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 5:11:30 AM - Error connecting to the internet. 5:11:30 AM - Unable
to contact server..

Error - 1/20/2011 9:11:40 AM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 5:11:35 AM - Error connecting to the internet. 5:11:35 AM - Unable
to contact server..

Error - 2/4/2011 6:30:36 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 2:30:36 PM - Error connecting to the internet. 2:30:36 PM - Unable
to contact server..

Error - 2/4/2011 6:30:47 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 2:30:42 PM - Error connecting to the internet. 2:30:42 PM - Unable
to contact server..

[ System Events ]
Error - 1/28/2013 9:03:11 PM | Computer Name = Chriscross-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 1/28/2013 9:03:11 PM | Computer Name = Chriscross-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 1/28/2013 9:03:11 PM | Computer Name = Chriscross-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 1/29/2013 11:58:47 PM | Computer Name = Chriscross-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NisSrv service.

Error - 1/29/2013 11:59:17 PM | Computer Name = Chriscross-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NisSrv service.

Error - 1/29/2013 11:59:23 PM | Computer Name = Chriscross-PC | Source = Service Control Manager | ID = 7043
Description = The Microsoft Antimalware Service service did not shut down properly
after receiving a preshutdown control.

Error - 1/30/2013 12:12:43 PM | Computer Name = Chriscross-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 1/30/2013 12:12:43 PM | Computer Name = Chriscross-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 1/30/2013 12:12:44 PM | Computer Name = Chriscross-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 1/30/2013 12:12:44 PM | Computer Name = Chriscross-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.


< End of report >
punkpal
Regular Member
 
Posts: 37
Joined: February 4th, 2013, 4:32 pm

Re: Internet Explorer running in Background!

Unread postby punkpal » February 4th, 2013, 8:04 pm

Gmer.txt

GMER.TXT

GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-02-04 18:56:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005c Hitachi_ rev.JF3O 465.76GB
Running: uzvz23cn.exe; Driver: C:\Users\owner\AppData\Local\Temp\uwddifow.sys


---- User code sections - GMER 2.0 ----

.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077981401 2 bytes [98, 77]
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077981419 2 bytes [98, 77]
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077981431 2 bytes [98, 77]
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007798144a 2 bytes [98, 77]
.text ... * 9
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779814dd 2 bytes [98, 77]
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779814f5 2 bytes [98, 77]
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007798150d 2 bytes [98, 77]
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077981525 2 bytes [98, 77]
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007798153d 2 bytes [98, 77]
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077981555 2 bytes [98, 77]
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007798156d 2 bytes [98, 77]
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077981585 2 bytes [98, 77]
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007798159d 2 bytes [98, 77]
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779815b5 2 bytes [98, 77]
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779815cd 2 bytes [98, 77]
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779816b2 2 bytes [98, 77]
.text C:\Windows\SysWOW64\rundll32.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779816bd 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000761f103d 5 bytes JMP 00000001036143ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\kernel32.dll!WriteFile 00000000761f1282 5 bytes JMP 000000010361223a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000761f3f3c 5 bytes JMP 00000001036127d8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000761f4913 5 bytes JMP 0000000103611e1f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007702c592 5 bytes JMP 00000001036118c6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076822da4 5 bytes JMP 0000000171389eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007683cbf3 5 bytes JMP 00000001714d8fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007683cfca 5 bytes JMP 00000001712e1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007685cb0c 5 bytes JMP 00000001714d8f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007685ce64 5 bytes JMP 00000001714d901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007686fbd1 5 bytes JMP 00000001714d8ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007686fc9d 5 bytes JMP 00000001714d8e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007686fcd6 5 bytes JMP 00000001714d8dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007686fcfa 5 bytes JMP 00000001714d8d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076f093ec 5 bytes JMP 00000001714d91d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077981401 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077981419 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077981431 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007798144a 2 bytes [98, 77]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779814dd 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779814f5 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007798150d 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077981525 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007798153d 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077981555 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007798156d 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077981585 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007798159d 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779815b5 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779815cd 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779816b2 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779816bd 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000723a388e 5 bytes JMP 00000001714d9080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072447922 5 bytes JMP 00000001714d9128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3396] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075382694 5 bytes JMP 00000001714d93c8
? C:\Windows\system32\mssprxy.dll [3396] entry point in ".rdata" section 0000000073d771e6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000779e25fd 6 bytes JMP 00000001713a8042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000779f2a63 6 bytes JMP 0000000171349805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000761f103d 5 bytes JMP 00000001028143ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\kernel32.dll!WriteFile 00000000761f1282 5 bytes JMP 000000010281223a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000761f34b5 5 bytes JMP 00000001713475db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000761f3f3c 5 bytes JMP 00000001028127d8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000761f4913 5 bytes JMP 0000000102811e1f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007702c592 5 bytes JMP 00000001028118c6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076818a29 5 bytes JMP 00000001713b03cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007681d22e 5 bytes JMP 000000017135363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076822da4 5 bytes JMP 0000000171389eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076826285 5 bytes JMP 00000001713a7fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076827603 5 bytes JMP 00000001713825ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007683cbf3 5 bytes JMP 00000001714d8fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007683cfca 5 bytes JMP 00000001712e1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007683f52b 5 bytes JMP 00000001713ced00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007685cb0c 5 bytes JMP 00000001714d8f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007685ce64 5 bytes JMP 00000001714d901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007686fbd1 5 bytes JMP 00000001714d8ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007686fc9d 5 bytes JMP 00000001714d8e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007686fcd6 5 bytes JMP 00000001714d8dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007686fcfa 5 bytes JMP 00000001714d8d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076d46143 5 bytes JMP 00000001714d9784
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076ea3e59 5 bytes JMP 00000001714d987c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076ea3eae 5 bytes JMP 00000001714d98fa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076ea4731 5 bytes JMP 00000001714d97ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076ea5dee 5 bytes JMP 00000001714d989a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076f093ec 5 bytes JMP 00000001714d91d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077981401 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077981419 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077981431 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007798144a 2 bytes [98, 77]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779814dd 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779814f5 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007798150d 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077981525 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007798153d 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077981555 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007798156d 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077981585 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007798159d 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779815b5 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779815cd 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779816b2 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779816bd 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000723a388e 5 bytes JMP 00000001714d9080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072447922 5 bytes JMP 00000001714d9128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3624] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075382694 5 bytes JMP 00000001714d93c8
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077981401 2 bytes [98, 77]
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077981419 2 bytes [98, 77]
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077981431 2 bytes [98, 77]
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007798144a 2 bytes [98, 77]
.text ... * 9
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779814dd 2 bytes [98, 77]
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779814f5 2 bytes [98, 77]
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007798150d 2 bytes [98, 77]
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077981525 2 bytes [98, 77]
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007798153d 2 bytes [98, 77]
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077981555 2 bytes [98, 77]
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007798156d 2 bytes [98, 77]
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077981585 2 bytes [98, 77]
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007798159d 2 bytes [98, 77]
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779815b5 2 bytes [98, 77]
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779815cd 2 bytes [98, 77]
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779816b2 2 bytes [98, 77]
.text C:\Windows\AsScrPro.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779816bd 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000779e25fd 6 bytes JMP 00000001713a8042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000779f2a63 6 bytes JMP 0000000171349805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000761f103d 5 bytes JMP 00000001034143ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\kernel32.dll!WriteFile 00000000761f1282 5 bytes JMP 000000010341223a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000761f34b5 5 bytes JMP 00000001713475db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000761f3f3c 5 bytes JMP 00000001034127d8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000761f4913 5 bytes JMP 0000000103411e1f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007702c592 5 bytes JMP 00000001034118c6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076818a29 5 bytes JMP 00000001713b03cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007681d22e 5 bytes JMP 000000017135363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076822da4 5 bytes JMP 0000000171389eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076826285 5 bytes JMP 00000001713a7fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076827603 5 bytes JMP 00000001713825ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007683cbf3 5 bytes JMP 00000001714d8fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007683cfca 5 bytes JMP 00000001712e1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007683f52b 5 bytes JMP 00000001713ced00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007685cb0c 5 bytes JMP 00000001714d8f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007685ce64 5 bytes JMP 00000001714d901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007686fbd1 5 bytes JMP 00000001714d8ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007686fc9d 5 bytes JMP 00000001714d8e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007686fcd6 5 bytes JMP 00000001714d8dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007686fcfa 5 bytes JMP 00000001714d8d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076d46143 5 bytes JMP 00000001714d9784
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076ea3e59 5 bytes JMP 00000001714d987c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076ea3eae 5 bytes JMP 00000001714d98fa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076ea4731 5 bytes JMP 00000001714d97ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076ea5dee 5 bytes JMP 00000001714d989a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076f093ec 5 bytes JMP 00000001714d91d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077981401 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077981419 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077981431 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007798144a 2 bytes [98, 77]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779814dd 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779814f5 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007798150d 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077981525 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007798153d 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077981555 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007798156d 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077981585 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007798159d 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779815b5 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779815cd 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779816b2 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779816bd 2 bytes [98, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000723a388e 5 bytes JMP 00000001714d9080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072447922 5 bytes JMP 00000001714d9128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[888] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075382694 5 bytes JMP 00000001714d93c8

---- User IAT/EAT - GMER 2.0 ----

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2092] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef8a32750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2092] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef8a32b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2092] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef8a37de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2092] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef8a38130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2092] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef8a31908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2092] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef8a31c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2092] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef8a381d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2092] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef8a32878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2092] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef8a37a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2092] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef8a36c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2092] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef8a377bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2092] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef8a37064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2092] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef8a36544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2092] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef8a35e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmStartUpload] [7fef51681d8] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmWaitForUploadComplete] [7fef51686fc] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmStartSession] [7fef5166544] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmEndSession] [7fef5165e30] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmSetUserId] [7fef5162c90] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmWriteSharedUserId] [7fef5167fcc] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmReadSharedUserId] [7fef51622c8] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmSetMachineId] [7fef5162b98] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmWriteSharedMachineId] [7fef5167de0] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmCreateNewId] [7fef5168130] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmReadSharedMachineId] [7fef5161908] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmSetAppVersion] [7fef5167064] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmSetAppId] [7fef5162750] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmIncrement] [7fef5166c48] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmAddToStreamDWord] [7fef51677bc] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmSetBool] [7fef5166830] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmSet] [7fef5162878] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmAddToStreamString] [7fef5167a5c] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe[sqmapi.dll!SqmGetSession] [7fef5161c00] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll[sqmapi.dll!SqmIncrement] [7fef5166c48] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll[sqmapi.dll!SqmStartUpload] [7fef51681d8] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll[sqmapi.dll!SqmStartSession] [7fef5166544] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll[sqmapi.dll!SqmEndSession] [7fef5165e30] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll[sqmapi.dll!SqmSetUserId] [7fef5162c90] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll[sqmapi.dll!SqmWriteSharedUserId] [7fef5167fcc] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll[sqmapi.dll!SqmReadSharedUserId] [7fef51622c8] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll[sqmapi.dll!SqmSetMachineId] [7fef5162b98] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll[sqmapi.dll!SqmWriteSharedMachineId] [7fef5167de0] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll[sqmapi.dll!SqmCreateNewId] [7fef5168130] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll[sqmapi.dll!SqmReadSharedMachineId] [7fef5161908] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll[sqmapi.dll!SqmSetAppVersion] [7fef5167064] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll[sqmapi.dll!SqmSetAppId] [7fef5162750] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll
IAT C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1360] @ C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll[sqmapi.dll!SqmGetSession] [7fef5161c00] C:\Program Files\Microsoft IntelliPoint\sqmapi.dll

---- Threads - GMER 2.0 ----

Thread C:\Windows\SysWOW64\rundll32.exe [3260:3336] 00000000002b22d3

---- Files - GMER 2.0 ----

File C:\Users\owner\AppData\Local\bb826061-7fc4-4305-90ab-2128632b4aae.crx 6526 bytes

---- EOF - GMER 2.0 ----
punkpal
Regular Member
 
Posts: 37
Joined: February 4th, 2013, 4:32 pm

Re: Internet Explorer running in Background!

Unread postby deltalima » February 5th, 2013, 4:59 am

Hi punkpal,

Run OTL Script

  • Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    :otl
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [ogfdm] C:\Users\owner\AppData\Roaming\ogfdm.dll ()
    O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4:64bit: - HKLM..\Run: [shtitc] C:\Users\owner\AppData\Roaming\shtitc.dll (S3 Graphics Co., Ltd.)
    :files
    C:\Users\owner\kszkkgdkoufhinhioegmriya.exe
    C:\Users\owner\AppData\Local\bb826061-7fc4-4305-90ab-2128632b4aae.crx
    C:\Users\owner\AppData\Roaming\shtitc.dll
    C:\Users\owner\AppData\Roaming\ogfdm.dll
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [RESETHOSTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Internet Explorer running in Background!

Unread postby punkpal » February 5th, 2013, 4:58 pm

Hey there. Thanks for explaining everything wonderfully, by the way. I will do some browsing and a bit of gaming and see how it runs
Here is the file requested:



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ogfdm not found.
File C:\Users\owner\AppData\Roaming\ogfdm.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\shtitc not found.
File C:\Users\owner\AppData\Roaming\shtitc.dll not found.
========== FILES ==========
File\Folder C:\Users\owner\kszkkgdkoufhinhioegmriya.exe not found.
File\Folder C:\Users\owner\AppData\Local\bb826061-7fc4-4305-90ab-2128632b4aae.crx not found.
File\Folder C:\Users\owner\AppData\Roaming\shtitc.dll not found.
File\Folder C:\Users\owner\AppData\Roaming\ogfdm.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: owner
->Temp folder emptied: 5143219 bytes
->Temporary Internet Files folder emptied: 83261274 bytes
->Java cache emptied: 1679486 bytes
->Flash cache emptied: 42126 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 324158197 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 395.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: owner
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 02052013_153940

Files\Folders moved on Reboot...
C:\Users\owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJL76R3O\index[1].htm not found!
File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\962LM80Q\facebook_com[3].htm not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Last edited by punkpal on February 5th, 2013, 5:09 pm, edited 1 time in total.
punkpal
Regular Member
 
Posts: 37
Joined: February 4th, 2013, 4:32 pm

Re: Internet Explorer running in Background!

Unread postby deltalima » February 5th, 2013, 5:06 pm

Hi punkpal,

Have you run any other virus / malware scanners / removal tools since the first OTL scan?

Please run a new scan with OTL

  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, a Notepad file will open.
  • OTL.txt <-- Will be opened
  • Please post the contents of this Notepad files in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Internet Explorer running in Background!

Unread postby punkpal » February 5th, 2013, 7:15 pm

Will do, thank you...I did not use any other scans or virus, malware software since the first OTL scan no.
punkpal
Regular Member
 
Posts: 37
Joined: February 4th, 2013, 4:32 pm

Re: Internet Explorer running in Background!

Unread postby deltalima » February 5th, 2013, 7:17 pm

OK, please post log when ready.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Internet Explorer running in Background!

Unread postby punkpal » February 5th, 2013, 7:25 pm

OTL logfile created on: 2/5/2013 6:14:21 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 64.66% Memory free
7.99 Gb Paging File | 6.24 Gb Available in Paging File | 78.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.45 Gb Total Space | 37.37 Gb Free Space | 32.09% Space Free | Partition Type: NTFS
Drive D: | 329.78 Gb Total Space | 294.62 Gb Free Space | 89.34% Space Free | Partition Type: NTFS

Computer Name: CHRISCROSS-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe (Blizzard Entertainment)
PRC - C:\Users\owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1949\Blizzard Launcher.exe (Blizzard Entertainment)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1949\QtWebKit4.dll ()
MOD - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1949\QtGui4.dll ()
MOD - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1949\QtNetwork4.dll ()
MOD - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1949\QtXml4.dll ()
MOD - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1949\QtCore4.dll ()
MOD - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1949\imageformats\qtiff4.dll ()
MOD - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1949\phonon4.dll ()
MOD - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1949\imageformats\qmng4.dll ()
MOD - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1949\imageformats\qjpeg4.dll ()
MOD - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1949\imageformats\qico4.dll ()
MOD - C:\ProgramData\Battle.net\Client\Blizzard Launcher.1949\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (BS_DEF) -- C:\Windows\BS_DEF.sys (AsusTek Computer Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-76744647-276698571-1013355761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-76744647-276698571-1013355761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-76744647-276698571-1013355761-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-76744647-276698571-1013355761-1000\..\SearchScopes\{C02E13BB-8A8B-4B75-9EEA-1EB7B78588C4}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111041,17118,0,18,0
IE - HKU\S-1-5-21-76744647-276698571-1013355761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-76744647-276698571-1013355761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2013/02/05 15:41:31 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-76744647-276698571-1013355761-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-76744647-276698571-1013355761-1000..\Run: [Akamai NetSession Interface] "C:\Users\owner\AppData\Local\Akamai\netsession_win.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-76744647-276698571-1013355761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-76744647-276698571-1013355761-1000\..Trusted Domains: elfwood.com ([www] http in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1015840-AF1E-4695-993A-03A3069BB560}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/05 15:39:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/04 17:52:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2013/01/29 18:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/29 18:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/01/29 18:56:28 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/01/24 23:35:09 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Facebook
[2013/01/09 14:12:43 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 14:12:42 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 14:11:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 14:11:44 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 14:11:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 14:11:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 14:11:39 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 14:11:39 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 14:11:39 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 14:11:39 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 14:11:39 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 14:11:39 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 14:11:39 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 14:11:39 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 14:11:39 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 14:11:39 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 14:11:39 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 14:11:39 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 14:11:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 14:11:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 14:11:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 14:11:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 14:11:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 14:11:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 14:11:38 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 14:11:38 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 14:11:38 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 14:11:37 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 14:11:36 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 14:11:36 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 14:11:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 14:11:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 14:11:36 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 14:11:36 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 14:11:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 14:11:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 14:10:51 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 14:10:50 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 14:10:49 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 14:10:49 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 14:10:49 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 14:10:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 14:10:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 14:10:49 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 14:10:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 14:10:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 14:10:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 14:10:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 14:10:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 14:10:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 14:10:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 14:10:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 14:10:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 14:10:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 14:10:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 14:10:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 14:10:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 14:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 14:10:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 14:10:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 14:10:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 14:10:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 14:10:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 14:10:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 14:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 14:10:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 14:10:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 14:10:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 14:10:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 14:10:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 14:10:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 14:10:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 14:10:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 14:10:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 14:10:17 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2008/08/11 23:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

========== Files - Modified Within 30 Days ==========

[2013/02/05 18:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/05 16:03:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/05 16:03:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/05 15:56:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/05 15:56:32 | 3219,509,248 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/05 15:41:31 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/02/04 18:06:24 | 000,365,568 | ---- | M] () -- C:\Users\owner\Desktop\uzvz23cn.exe
[2013/02/04 17:52:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2013/02/04 14:18:29 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013/01/25 23:49:19 | 000,727,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/25 23:49:19 | 000,624,696 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/25 23:49:19 | 000,107,040 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/25 13:10:20 | 000,001,961 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/01/15 13:27:24 | 000,001,079 | ---- | M] () -- C:\Users\owner\Desktop\Bridgman - Guide To Drawing From Life - Shortcut.lnk
[2013/01/10 13:29:15 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/10 13:29:15 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/09 15:33:48 | 000,277,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/02/04 18:06:13 | 000,365,568 | ---- | C] () -- C:\Users\owner\Desktop\uzvz23cn.exe
[2013/01/15 13:27:24 | 000,001,079 | ---- | C] () -- C:\Users\owner\Desktop\Bridgman - Guide To Drawing From Life - Shortcut.lnk
[2012/09/20 10:17:57 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/06/26 20:58:29 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/06/26 20:03:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/04/28 19:33:11 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/04/05 20:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 20:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/12/25 12:38:46 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2011/12/02 23:19:42 | 000,007,666 | ---- | C] () -- C:\Users\owner\AppData\Local\resmon.resmoncfg
[2011/02/08 07:52:39 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/02 08:57:15 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/04/08 12:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 10:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== ZeroAccess Check ==========

[2013/01/29 19:35:55 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$94b8ffb30144308bdb65466d26ae3f1f\L
[2013/01/29 19:35:55 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$94b8ffb30144308bdb65466d26ae3f1f\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
punkpal
Regular Member
 
Posts: 37
Joined: February 4th, 2013, 4:32 pm

Re: Internet Explorer running in Background!

Unread postby deltalima » February 6th, 2013, 4:48 am

Hi punkpal,

Strangely, the signs of infection are no longer showing in the OTL log. How is the computer running now?

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware