jlthrash Posted May 16, 2013 ID:680163 Share Posted May 16, 2013 Hi there,I'm having so much trouble with the Funmoods/Babylon malware and I haven't been able to rid myself of it. I have the Pro version of Malwarebytes and have performed a full scan of my drives, and no threats have been detected. In the past I have tried ADWcleaner and yet Funmoods/Babylon always gets associated with my Google chrome browser on this computer. It doesn't infect Firefox, as I have had to use instead in order to subside it but it does Chrome every time I login to my google account and use the browser.Here are my log files, starting with Attach.txt:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume3Install Date: 5/6/2012 8:22:21 PMSystem Uptime: 5/15/2013 6:36:30 PM (0 hours ago).Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH Z77Processor: Intel® Core i5-3570K CPU @ 3.40GHz | LGA1155 | 3401/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 119 GiB total, 17.011 GiB free.D: is CDROM (CDFS)E: is FIXED (NTFS) - 2794 GiB total, 2607.575 GiB free.F: is CDROM ()G: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP181: 5/7/2013 6:47:45 PM - Windows UpdateRP182: 5/10/2013 10:11:38 PM - Windows UpdateRP184: 5/11/2013 11:00:06 AM - Revo Uninstaller Pro's restore point - Samsung KiesRP185: 5/11/2013 11:07:05 AM - Removed Samsung KiesRP186: 5/14/2013 10:47:24 PM - Windows Update.==== Installed Programs ======================.7-Zip 9.22betaAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.6) MUIAI Suite IIAntec CCAntec CC Driver x64Apple Application SupportApple Mobile Device SupportApple Software UpdateAsmedia ASM104x USB 3.0 Host Controller DriverAsmedia ASM106x SATA Host Controller DriverAssassin's Creed ® IIIASUS E-Green UninstallAT&T Connect Participant Application v9.0.82Autodesk Material Library 2013Autodesk Material Library Base Resolution Image Library 2013Autodesk Material Library Low Resolution Image Library 2013Autodesk Material Library Medium Resolution Image Library 2013Autodesk Revit Architecture 2013Big Fish Games: Game ManagerBioShock InfiniteBonjourBOSScalibre 64bitCPUID CPU-Z 1.60.1Crysis®3DAEMON Tools LiteDiablo IIDiablo IIIDishonored © Bethesda Softworks version 1DivX SetupDota 2E-HammerESET Online Scanner v3EVGA Precision X 3.0.2FARO LS 1.1.408.2FARO LS 4.8.2.25521FrapsGameFlyGameSpy ComradeGoogle ChromeGoogle SketchUp 8Google Talk PluginGoogle Update HelperGrabIt 1.7.2 Beta 6 (build 1008)Guitar Pro 6Half-Life® 2HandBrake 0.9.8Heaven DX11 Benchmark version 3.0Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)ImgBurnIntel® Control CenterIntel® Management Engine ComponentsIntel® Network Connections 16.6.126.0Intel® OpenCL CPU RuntimeIntel® Processor GraphicsIntel® Rapid Storage TechnologyIntel® USB 3.0 eXtensible Host Controller DriverIntel® Trusted Connect Service ClientIntel® Watchdog Timer Driver (Intel® WDT)iTunesMalwarebytes Anti-Malware version 1.75.0.1300Mass Effect™ 3Microsoft .NET Framework 1.1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WSE 3.0 RuntimeMozilla Firefox 20.0.1 (x86 en-US)Mozilla Maintenance ServiceMPC-HC 1.6.6.6428 (f788cc5)Lite (64-bit)MSI Afterburner 2.3.1Nexus Mod ManagerNVIDIA 3D Vision Controller Driver 314.22NVIDIA 3D Vision Driver 314.22NVIDIA Control Panel 314.22NVIDIA Graphics Driver 314.22NVIDIA HD Audio Driver 1.3.23.1NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.12.1031NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.12.12NVIDIA Update ComponentsOriginPeggle NightsPortal 2Portal 2 Authoring Tools - BetaPunkBuster ServicesRealtek High Definition Audio DriverRevit Architecture 2013Revit Architecture 2013 Language Pack - EnglishRevo Uninstaller Pro 3.0.5SAMSUNG USB Driver for Mobile PhonesSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)SimCity™Source SDK Base 2007StarCraft IISteamTeam Fortress 2TeamSpeak 3 ClientThe Elder Scrolls V Skyrim - High Resolution Texture PackThe Sims™ 3The Walking Dead © 3 version 1The Walking Dead Episode 2 - Starved for HelpThe Walking Dead Episode 3 © TellTale Games version 1Tomb RaiderUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)UplayVC80CRTRedist - 8.0.50727.6195Ventrilo Client for Windows x64VIRTU MVP 2.1.112Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177VLC media player 2.0.3Win7codecsWorms Revolutionx64 Components v3.9.3.==== Event Viewer Messages From Past Week ========.5/15/2013 8:03:29 AM, Error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.5/15/2013 6:38:42 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).5/15/2013 6:38:42 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.5/15/2013 6:36:34 PM, Error: volmgr [46] - Crash dump initialization failed!.==== End Of File ===========================And here is DDS.txt:DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16576Run by JL at 18:48:30 on 2013-05-15Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8145.5912 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exeC:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exeC:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exeC:\Program Files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Windows\system32\IProsetMonitor.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeE:\Programs\Malwarebytes' Anti-Malware\mbamscheduler.exeE:\Programs\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Windows\system32\svchost.exe -k imgsvcc:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeE:\Programs\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exeC:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exeC:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exeC:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exeC:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exeC:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exeC:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exeC:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exeC:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exeC:\Windows\sysWOW64\wbem\wmiprvse.exeC:\Program Files (x86)\Steam\Steam.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exeC:\Windows\system32\wbem\WmiApSrv.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Users\JL\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dlluRun: [Google Update] "C:\Users\JL\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60uPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0TCP: NameServer = 192.168.1.1TCP: Interfaces\{FC7ED8C4-89D8-408E-B760-D05729A4236D} : DHCPNameServer = 192.168.1.1AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hidex64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\JL\AppData\Roaming\Mozilla\Firefox\Profiles\k0be581h.default-1363458111380\FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Users\JL\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: C:\Users\JL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\JL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Users\JL\AppData\Roaming\Mozilla\plugins\npo1d.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dllFF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dllFF - plugin: E:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dllFF - plugin: E:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll.============= SERVICES / DRIVERS ===============.R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-5-6 16152]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-12-1 283200]R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2012-5-6 32360]R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-28 918448]R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-2-2 951936]R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-5-6 586880]R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exe [2012-5-6 1492912]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-5-8 23816]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-6 13592]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-5-6 178344]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-6 161560]R2 MBAMScheduler;MBAMScheduler;E:\Programs\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-3 418376]R2 MBAMService;MBAMService;E:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-3 701512]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-6 363800]R3 ASEUSBCC;ASEUSBCC;C:\Windows\System32\drivers\AseUSBCC.sys [2011-5-23 16384]R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-5-6 160768]R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-5-6 355096]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-5-6 786200]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-5-8 25928]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2012-5-9 66336]S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2013-4-11 35840]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-12-3 102368]S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-5-10 1432400]S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-6 331264]S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-5-11 31800]S3 RTCore64;RTCore64;E:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-22 13368]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-12-3 203104]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-15 1255736]S3 WinRing0_1_2_0;WinRing0_1_2_0;E:\Users\JL\Downloads\RealTemp_370\WinRing0x64.sys [2008-7-26 14544].=============== Created Last 30 ================.2013-05-15 15:15:09 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FB080E2F-405A-4194-A1F2-43032EDDAFFD}\mpengine.dll2013-05-15 01:30:39 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-05-14 03:34:00 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-05-11 17:57:54 -------- d-----w- C:\Users\JL\AppData\Local\VS Revo Group2013-05-11 17:57:52 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys2013-05-11 17:57:52 -------- d-----w- C:\ProgramData\VS Revo Group2013-05-03 03:29:19 -------- d-----w- C:\ProgramData\dbg2013-04-24 02:25:47 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D7CA7DF8-E2E7-48A8-AB1C-F978BE803DEB}\gapaengine.dll2013-04-24 02:19:26 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys.==================== Find3M ====================.2013-05-16 01:40:12 1048576 ----a-w- C:\Windows\PE_Rom.dll2013-05-15 15:18:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-15 15:18:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe2013-03-15 05:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll.============= FINISH: 18:48:39.49 ===============Your help is immensely appreciated!!!! Link to post Share on other sites More sharing options...
MrCharlie Posted May 16, 2013 ID:680180 Share Posted May 16, 2013 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller 32 Bit to your desktop.RogueKiller 64 Bit <---use this one for 64 bit systemsQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.(please don't put logs in code or quotes)P2P Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.MrCNote:Please read all of my instructions completely including these.Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to InstantlyRemoving malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>The removal of malware isn't instantaneous, please be patient.<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
jlthrash Posted May 16, 2013 Author ID:680224 Share Posted May 16, 2013 Here's the report:ogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : JL [Admin rights]Mode : Scan -- Date : 05/15/2013 22:37:05| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST3000DM001-1CH166 ATA Device +++++--- User ---[MBR] 0086f36f0b7bc8b257f89fc226376c3d[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive1: M4-CT128M4SSD2 ATA Device +++++--- User ---[MBR] f712ac2bc265b165cd53768c31964a5a[bSP] c7af20b33ece30d9893eeb95beafe658 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_05152013_02d2237.txt >>RKreport[1]_S_05152013_02d2237.txt Link to post Share on other sites More sharing options...
MrCharlie Posted May 16, 2013 ID:680253 Share Posted May 16, 2013 Please download OTL from one of the links below:http://oldtimer.geekstogo.com/OTL.exehttp://www.itxassociates.com/OT-Tools/OTL.exehttp://oldtimer.geekstogo.com/OTL.com (<---renamed version)Save it to your desktop.Double click on the icon on your desktop.Click the Scan All Users checkbox.Push the Quick Scan button.The scan will take about 10 minutes...depends on your hard drive size.Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedMrC Link to post Share on other sites More sharing options...
jlthrash Posted May 16, 2013 Author ID:680335 Share Posted May 16, 2013 The OTL.txt is (Extra.txt did not open anywhere or save to desktop/minimize):OTL logfile created on: 5/16/2013 7:53:59 AM - Run 3OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JL\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16576)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy7.95 Gb Total Physical Memory | 6.16 Gb Available Physical Memory | 77.40% Memory free7.95 Gb Paging File | 6.01 Gb Available in Paging File | 75.53% Paging File freePaging file location(s): [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 119.14 Gb Total Space | 16.43 Gb Free Space | 13.79% Space Free | Partition Type: NTFSDrive D: | 235.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive E: | 2794.39 Gb Total Space | 2607.58 Gb Free Space | 93.31% Space Free | Partition Type: NTFSComputer Name: JL-PC | User Name: JL | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2013/05/16 07:34:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JL\Downloads\OTL.exePRC - [2013/05/15 08:18:12 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exePRC - [2013/05/06 16:15:36 | 000,079,384 | ---- | M] (Google) -- C:\Users\JL\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exePRC - [2013/04/12 19:27:07 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- E:\Programs\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- E:\Programs\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- E:\Programs\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exePRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2012/12/01 10:46:18 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exePRC - [2012/02/08 19:10:34 | 001,111,680 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exePRC - [2012/02/08 14:05:50 | 003,111,552 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exePRC - [2012/02/07 21:37:27 | 001,492,912 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exePRC - [2012/02/02 15:20:32 | 000,889,984 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exePRC - [2012/02/02 02:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exePRC - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2012/02/01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2012/01/20 16:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2012/01/20 16:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2012/01/20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exePRC - [2012/01/10 09:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exePRC - [2012/01/04 12:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exePRC - [2011/12/30 18:42:50 | 001,153,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exePRC - [2011/10/28 18:59:26 | 000,918,448 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exePRC - [2011/09/08 21:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exePRC - [2011/05/27 11:07:36 | 000,160,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exePRC - [2010/11/26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exePRC - [2010/11/20 20:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exePRC - [2010/10/21 02:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe========== Modules (No Company Name) ==========MOD - [2013/05/15 08:18:11 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dllMOD - [2013/05/15 08:04:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dllMOD - [2013/05/15 08:04:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dllMOD - [2013/04/12 19:26:56 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dllMOD - [2013/01/11 20:22:29 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c78244854f84b69701fcee19b543645\IAStorUtil.ni.dllMOD - [2013/01/11 19:23:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dllMOD - [2013/01/11 19:23:40 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dllMOD - [2013/01/11 19:23:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dllMOD - [2013/01/11 19:23:29 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dllMOD - [2013/01/11 19:23:27 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dllMOD - [2012/02/03 10:12:22 | 001,122,304 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dllMOD - [2012/02/02 15:12:48 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dllMOD - [2012/01/20 10:17:16 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dllMOD - [2012/01/19 09:39:30 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dllMOD - [2011/12/29 20:45:12 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dllMOD - [2011/12/29 02:13:20 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dllMOD - [2011/12/28 11:18:44 | 000,883,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dllMOD - [2011/10/14 20:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dllMOD - [2011/09/26 19:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dllMOD - [2011/09/26 18:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dllMOD - [2011/09/20 18:11:28 | 000,985,600 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dllMOD - [2011/09/19 20:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dllMOD - [2011/09/08 15:23:54 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dllMOD - [2011/07/21 09:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dllMOD - [2011/07/12 19:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dllMOD - [2011/06/08 11:15:44 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Thermal Radar\ThermalRadar.dllMOD - [2010/10/05 08:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dllMOD - [2010/10/05 08:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dllMOD - [2010/10/05 08:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dllMOD - [2010/09/23 11:51:36 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsIdxParser.dllMOD - [2010/08/22 19:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dllMOD - [2010/02/25 14:01:30 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsZip.dllMOD - [2009/08/12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll========== Services (SafeList) ==========SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2012/05/10 20:40:52 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)SRV:64bit: - [2012/01/10 21:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®SRV:64bit: - [2011/08/15 17:38:50 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2013/05/15 08:18:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/05/03 16:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2013/04/12 19:27:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Programs\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2013/03/14 22:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)SRV - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2012/12/01 10:46:18 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)SRV - [2012/02/07 21:37:27 | 001,492,912 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exe -- (AsusFanControlService)SRV - [2012/02/02 02:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)SRV - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2012/01/20 16:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2012/01/20 16:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2012/01/20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)SRV - [2011/12/21 03:04:42 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)SRV - [2011/10/28 18:59:26 | 000,918,448 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc)SRV - [2011/05/27 11:07:36 | 000,160,768 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)SRV - [2010/10/21 02:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2012/12/18 22:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/12/01 10:43:24 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)DRV:64bit: - [2012/09/19 21:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)DRV:64bit: - [2012/09/19 21:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/03/25 17:55:22 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)DRV:64bit: - [2012/03/09 10:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2012/01/06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)DRV:64bit: - [2012/01/04 12:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)DRV:64bit: - [2012/01/04 12:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)DRV:64bit: - [2012/01/04 12:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)DRV:64bit: - [2011/12/15 02:01:08 | 014,646,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2011/12/05 12:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2011/11/10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2011/11/03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)DRV:64bit: - [2011/11/03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)DRV:64bit: - [2011/08/12 03:13:36 | 000,032,360 | R--- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd)DRV:64bit: - [2011/07/19 18:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)DRV:64bit: - [2011/05/23 08:39:28 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AseUSBCC.sys -- (ASEUSBCC)DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2010/08/17 10:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)DRV:64bit: - [2010/06/30 01:27:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV - [2013/05/02 21:40:35 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- E:\Users\JL\Downloads\RealTemp_370\WinRing0x64.sys -- (WinRing0_1_2_0)DRV - [2013/01/22 23:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0AtCzy0DtC0Dzyzy0EtDtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=425798436IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0AtCzy0DtC0Dzyzy0EtDtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=425798436IE - HKLM\..\SearchScopes\{5046F975-4B67-2AF5-365B-075B1563CDDD}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 02 11 D9 87 2D CD 01 [binary data]IE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\..\SearchScopes,DefaultScope = {5046F975-4B67-2AF5-365B-075B1563CDDD}IE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\..\SearchScopes\{5046F975-4B67-2AF5-365B-075B1563CDDD}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\JL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\JL\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\JL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JL\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JL\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: E:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 19:27:07 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\pluginsFF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 19:27:07 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins[2012/07/28 17:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JL\AppData\Roaming\Mozilla\Extensions[2013/04/12 19:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2013/04/12 19:27:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2012/09/01 21:26:40 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2013/02/19 21:30:48 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://www.google.comCHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Google Talk Plugin (Enabled) = C:\Users\JL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllCHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\JL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllCHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\JL\AppData\Roaming\Mozilla\plugins\npo1d.dllCHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dllCHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllCHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllCHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dllCHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllCHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllCHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dllCHR - plugin: Uplay PC (Enabled) = E:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dllCHR - plugin: iTunes Application Detector (Enabled) = E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dllCHR - Extension: YouTube = C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: Gmail = C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe ()O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC7ED8C4-89D8-408E-B760-D05729A4236D}: DhcpNameServer = 192.168.1.1O20:64bit: - AppInit_DLLs: (C:\Windows\system32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.)O20 - AppInit_DLLs: (C:\Windows\SysWOW64\appinit_dll.dll) - C:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2012/05/10 20:31:39 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]O32 - AutoRun File - [2008/02/21 17:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]O32 - AutoRun File - [2006/09/15 02:17:00 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]O33 - MountPoints2\{3f38a9f1-9b29-11e1-a7b0-806e6f6e6963}\Shell - "" = AutoRunO33 - MountPoints2\{3f38a9f1-9b29-11e1-a7b0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2008/02/21 17:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.)O33 - MountPoints2\{67bc0564-97f3-11e1-b340-806e6f6e6963}\Shell - "" = AutoRunO33 - MountPoints2\{67bc0564-97f3-11e1-b340-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXEO34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2013/05/15 22:34:48 | 000,000,000 | ---D | C] -- C:\Users\JL\Desktop\RK_Quarantine[2013/05/11 10:57:54 | 000,000,000 | ---D | C] -- C:\Users\JL\AppData\Local\VS Revo Group[2013/05/11 10:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro[2013/05/11 10:57:52 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys[2013/05/11 10:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group[2013/05/03 22:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crysis 3[2013/05/02 20:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2013/05/16 07:45:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2564183217-1780356419-2778177185-1000UA.job[2013/05/16 07:39:49 | 000,000,000 | ---- | M] () -- C:\Windows\Path.idx[2013/05/16 07:39:08 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/05/16 07:39:08 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/05/16 07:37:07 | 000,793,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/05/16 07:37:07 | 000,669,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/05/16 07:37:07 | 000,125,514 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/05/16 07:36:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/05/16 07:34:46 | 001,048,576 | ---- | M] () -- C:\Windows\PE_Rom.dll[2013/05/16 07:34:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/05/16 07:32:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/05/15 22:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/05/15 21:55:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2564183217-1780356419-2778177185-1002UA.job[2013/05/15 18:45:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2564183217-1780356419-2778177185-1000Core.job[2013/05/15 08:04:03 | 000,284,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/05/11 10:57:53 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk[2013/05/11 08:55:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2564183217-1780356419-2778177185-1002Core.job[2013/05/09 21:00:13 | 000,000,879 | ---- | M] () -- C:\Users\JL\Desktop\Uplay.lnk[2013/05/03 22:54:00 | 000,000,747 | ---- | M] () -- C:\Users\Public\Desktop\Crysis 3.lnk[2013/04/29 22:47:25 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf[2013/04/29 22:47:25 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf[2013/04/21 11:03:17 | 000,000,222 | ---- | M] () -- C:\Users\JL\Desktop\Worms Revolution.url[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files Created - No Company Name ==========[2013/05/11 10:57:53 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk[2013/05/09 21:00:13 | 000,000,879 | ---- | C] () -- C:\Users\JL\Desktop\Uplay.lnk[2013/05/03 22:54:00 | 000,000,747 | ---- | C] () -- C:\Users\Public\Desktop\Crysis 3.lnk[2013/04/29 22:47:25 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf[2013/04/29 22:47:25 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf[2013/04/21 11:03:17 | 000,000,222 | ---- | C] () -- C:\Users\JL\Desktop\Worms Revolution.url[2012/11/27 06:58:24 | 004,316,160 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll[2012/11/20 15:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe[2012/10/29 13:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll[2012/10/29 13:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll[2012/10/29 13:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll[2012/10/29 13:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll[2012/10/29 13:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe[2012/09/28 12:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll[2012/07/27 22:10:50 | 000,000,258 | RHS- | C] () -- C:\Users\JL\ntuser.pol[2012/07/03 03:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll[2012/06/10 02:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll[2012/06/04 18:35:39 | 000,000,090 | ---- | C] () -- C:\Users\JL\AppData\Local\fusioncache.dat[2012/06/03 11:50:52 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe[2012/06/03 11:50:51 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe[2012/05/22 01:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll[2012/05/16 18:15:43 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini[2012/05/13 17:45:03 | 000,003,072 | ---- | C] () -- C:\Users\JL\AppData\Local\file__0.localstorage[2012/05/10 20:36:50 | 000,786,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2012/05/07 19:39:33 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll[2012/05/07 19:39:33 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll[2012/05/07 19:39:33 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll[2012/05/07 19:26:06 | 000,038,333 | ---- | C] () -- C:\Windows\DIIUnin.dat[2012/05/06 21:24:16 | 012,985,344 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll[2012/05/06 21:24:16 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin[2012/05/06 21:24:16 | 000,479,528 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin[2012/05/06 21:24:16 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll[2012/05/06 21:20:05 | 001,048,576 | ---- | C] () -- C:\Windows\PE_Rom.dll[2012/05/06 20:49:36 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys[2012/05/06 20:49:28 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys[2012/05/06 20:37:03 | 000,054,764 | ---- | C] () -- C:\Windows\Ascd_log.ini[2012/05/06 20:35:11 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini[2012/05/06 20:35:05 | 000,041,687 | ---- | C] () -- C:\Windows\Ascd_tmp.ini[2012/01/10 20:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll[2011/12/08 06:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll========== ZeroAccess Check ==========[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]========== LOP Check ==========[2012/05/06 21:20:05 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\ASUS WebStorage[2012/08/11 16:12:31 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\ATT Connect[2012/05/12 01:19:28 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Autodesk[2012/11/10 10:51:37 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Bioshock[2013/01/17 22:16:22 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\calibre[2012/12/06 22:42:51 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\DAEMON Tools Lite[2012/11/08 22:54:06 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\GameFly[2013/02/10 11:38:06 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\GrabIt[2012/11/21 21:57:33 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Guitar Pro 6[2012/11/12 21:53:32 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\HandBrake[2012/11/29 23:10:06 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\ImgBurn[2013/02/10 13:02:16 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Origin[2013/01/01 20:10:14 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Shark007[2013/05/15 20:53:59 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\TS3Client[2013/05/02 19:56:34 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\ts3overlay[2013/02/10 20:13:14 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\ts3overlay_hook_win64[2013/01/01 20:08:17 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Win7codecs========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:322D2CD3< End of report > Link to post Share on other sites More sharing options...
MrCharlie Posted May 16, 2013 ID:680340 Share Posted May 16, 2013 It's still in IE:IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...tB&cr=425798436IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...tB&cr=425798436~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~For Chrome...........First make sure you have the latest version of Chrome:Open up Chrome > Click on the 3 bars in the upper right hand cornerClick on About Google ChromeIf there's an update available it will automatically updateNext:Go to Tools > Clear Browser DataPut a check next to all of these:Clear browsing historyClear download historyEmpty the cacheClick "Clear Browsing Data"-------------------------------Next:Click the Chrome menu on the browser toolbar.Select Settings.In the "Search" section, click Manage search engines.Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default.Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.-------------------------------------Click the Chrome menu .Select Settings.In the "On startup" section, select Open a specific page or set of pages.Click Set pages. (in blue to the right)Remove any unfamiliar pages.-----------------------Click the Chrome menu .Select Settings.In the "Appearance" section, if the "Show Home button" checkbox is selected, see if the page listed below is the home page you’d like to use.If the page isn't the home page you'd like to use, click Change and select your preferred page.Let me know.....MrC Link to post Share on other sites More sharing options...
LDTate Posted May 20, 2013 ID:681974 Share Posted May 20, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts