Jump to content

Funmoods/Babylon Nightmare


Recommended Posts

Hi there,

I'm having so much trouble with the Funmoods/Babylon malware and I haven't been able to rid myself of it. I have the Pro version of Malwarebytes and have performed a full scan of my drives, and no threats have been detected. In the past I have tried ADWcleaner and yet Funmoods/Babylon always gets associated with my Google chrome browser on this computer. It doesn't infect Firefox, as I have had to use instead in order to subside it but it does Chrome every time I login to my google account and use the browser.

Here are my log files, starting with Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 5/6/2012 8:22:21 PM

System Uptime: 5/15/2013 6:36:30 PM (0 hours ago)

.

Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH Z77

Processor: Intel® Core i5-3570K CPU @ 3.40GHz | LGA1155 | 3401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 119 GiB total, 17.011 GiB free.

D: is CDROM (CDFS)

E: is FIXED (NTFS) - 2794 GiB total, 2607.575 GiB free.

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP181: 5/7/2013 6:47:45 PM - Windows Update

RP182: 5/10/2013 10:11:38 PM - Windows Update

RP184: 5/11/2013 11:00:06 AM - Revo Uninstaller Pro's restore point - Samsung Kies

RP185: 5/11/2013 11:07:05 AM - Removed Samsung Kies

RP186: 5/14/2013 10:47:24 PM - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.22beta

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6) MUI

AI Suite II

Antec CC

Antec CC Driver x64

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Asmedia ASM104x USB 3.0 Host Controller Driver

Asmedia ASM106x SATA Host Controller Driver

Assassin's Creed ® III

ASUS E-Green Uninstall

AT&T Connect Participant Application v9.0.82

Autodesk Material Library 2013

Autodesk Material Library Base Resolution Image Library 2013

Autodesk Material Library Low Resolution Image Library 2013

Autodesk Material Library Medium Resolution Image Library 2013

Autodesk Revit Architecture 2013

Big Fish Games: Game Manager

BioShock Infinite

Bonjour

BOSS

calibre 64bit

CPUID CPU-Z 1.60.1

Crysis®3

DAEMON Tools Lite

Diablo II

Diablo III

Dishonored © Bethesda Softworks version 1

DivX Setup

Dota 2

E-Hammer

ESET Online Scanner v3

EVGA Precision X 3.0.2

FARO LS 1.1.408.2

FARO LS 4.8.2.25521

Fraps

GameFly

GameSpy Comrade

Google Chrome

Google SketchUp 8

Google Talk Plugin

Google Update Helper

GrabIt 1.7.2 Beta 6 (build 1008)

Guitar Pro 6

Half-Life® 2

HandBrake 0.9.8

Heaven DX11 Benchmark version 3.0

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

ImgBurn

Intel® Control Center

Intel® Management Engine Components

Intel® Network Connections 16.6.126.0

Intel® OpenCL CPU Runtime

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

Intel® Watchdog Timer Driver (Intel® WDT)

iTunes

Malwarebytes Anti-Malware version 1.75.0.1300

Mass Effect™ 3

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729

Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729

Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729

Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729

Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729

Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729

Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729

Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

MPC-HC 1.6.6.6428 (f788cc5)Lite (64-bit)

MSI Afterburner 2.3.1

Nexus Mod Manager

NVIDIA 3D Vision Controller Driver 314.22

NVIDIA 3D Vision Driver 314.22

NVIDIA Control Panel 314.22

NVIDIA Graphics Driver 314.22

NVIDIA HD Audio Driver 1.3.23.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.12.12

NVIDIA Update Components

Origin

Peggle Nights

Portal 2

Portal 2 Authoring Tools - Beta

PunkBuster Services

Realtek High Definition Audio Driver

Revit Architecture 2013

Revit Architecture 2013 Language Pack - English

Revo Uninstaller Pro 3.0.5

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

SimCity™

Source SDK Base 2007

StarCraft II

Steam

Team Fortress 2

TeamSpeak 3 Client

The Elder Scrolls V Skyrim - High Resolution Texture Pack

The Sims™ 3

The Walking Dead © 3 version 1

The Walking Dead Episode 2 - Starved for Help

The Walking Dead Episode 3 © TellTale Games version 1

Tomb Raider

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Uplay

VC80CRTRedist - 8.0.50727.6195

Ventrilo Client for Windows x64

VIRTU MVP 2.1.112

Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177

Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177

VLC media player 2.0.3

Win7codecs

Worms Revolution

x64 Components v3.9.3

.

==== Event Viewer Messages From Past Week ========

.

5/15/2013 8:03:29 AM, Error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.

5/15/2013 6:38:42 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/15/2013 6:38:42 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

5/15/2013 6:36:34 PM, Error: volmgr [46] - Crash dump initialization failed!

.

==== End Of File ===========================

And here is DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576

Run by JL at 18:48:30 on 2013-05-15

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8145.5912 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

E:\Programs\Malwarebytes' Anti-Malware\mbamscheduler.exe

E:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

E:\Programs\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe

C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe

C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe

C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\JL\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

uRun: [Google Update] "C:\Users\JL\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{FC7ED8C4-89D8-408E-B760-D05729A4236D} : DHCPNameServer = 192.168.1.1

AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\JL\AppData\Roaming\Mozilla\Firefox\Profiles\k0be581h.default-1363458111380\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Users\JL\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Users\JL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\JL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\JL\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: E:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: E:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

.

============= SERVICES / DRIVERS ===============

.

R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-5-6 16152]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-12-1 283200]

R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2012-5-6 32360]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-28 918448]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-2-2 951936]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-5-6 586880]

R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exe [2012-5-6 1492912]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-5-8 23816]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-6 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-5-6 178344]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-6 161560]

R2 MBAMScheduler;MBAMScheduler;E:\Programs\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-3 418376]

R2 MBAMService;MBAMService;E:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-3 701512]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-6 363800]

R3 ASEUSBCC;ASEUSBCC;C:\Windows\System32\drivers\AseUSBCC.sys [2011-5-23 16384]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-5-6 160768]

R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-5-6 355096]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-5-6 786200]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-5-8 25928]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2012-5-9 66336]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2013-4-11 35840]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-12-3 102368]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-5-10 1432400]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-6 331264]

S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-5-11 31800]

S3 RTCore64;RTCore64;E:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-22 13368]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-12-3 203104]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-15 1255736]

S3 WinRing0_1_2_0;WinRing0_1_2_0;E:\Users\JL\Downloads\RealTemp_370\WinRing0x64.sys [2008-7-26 14544]

.

=============== Created Last 30 ================

.

2013-05-15 15:15:09 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FB080E2F-405A-4194-A1F2-43032EDDAFFD}\mpengine.dll

2013-05-15 01:30:39 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-14 03:34:00 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-05-11 17:57:54 -------- d-----w- C:\Users\JL\AppData\Local\VS Revo Group

2013-05-11 17:57:52 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys

2013-05-11 17:57:52 -------- d-----w- C:\ProgramData\VS Revo Group

2013-05-03 03:29:19 -------- d-----w- C:\ProgramData\dbg

2013-04-24 02:25:47 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D7CA7DF8-E2E7-48A8-AB1C-F978BE803DEB}\gapaengine.dll

2013-04-24 02:19:26 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

.

==================== Find3M ====================

.

2013-05-16 01:40:12 1048576 ----a-w- C:\Windows\PE_Rom.dll

2013-05-15 15:18:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 15:18:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-15 05:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe

2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

.

============= FINISH: 18:48:39.49 ===============

Your help is immensely appreciated!!!!

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to
Instantly

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and
Please don't waste my time by leaving before that
.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Here's the report:

ogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : JL [Admin rights]

Mode : Scan -- Date : 05/15/2013 22:37:05

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3000DM001-1CH166 ATA Device +++++

--- User ---

[MBR] 0086f36f0b7bc8b257f89fc226376c3d

[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: M4-CT128M4SSD2 ATA Device +++++

--- User ---

[MBR] f712ac2bc265b165cd53768c31964a5a

[bSP] c7af20b33ece30d9893eeb95beafe658 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05152013_02d2237.txt >>

RKreport[1]_S_05152013_02d2237.txt

Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

The OTL.txt is (Extra.txt did not open anywhere or save to desktop/minimize):

OTL logfile created on: 5/16/2013 7:53:59 AM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JL\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.16 Gb Available Physical Memory | 77.40% Memory free

7.95 Gb Paging File | 6.01 Gb Available in Paging File | 75.53% Paging File free

Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 119.14 Gb Total Space | 16.43 Gb Free Space | 13.79% Space Free | Partition Type: NTFS

Drive D: | 235.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 2794.39 Gb Total Space | 2607.58 Gb Free Space | 93.31% Space Free | Partition Type: NTFS

Computer Name: JL-PC | User Name: JL | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/16 07:34:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JL\Downloads\OTL.exe

PRC - [2013/05/15 08:18:12 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe

PRC - [2013/05/06 16:15:36 | 000,079,384 | ---- | M] (Google) -- C:\Users\JL\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

PRC - [2013/04/12 19:27:07 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- E:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- E:\Programs\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- E:\Programs\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/12/01 10:46:18 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012/02/08 19:10:34 | 001,111,680 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

PRC - [2012/02/08 14:05:50 | 003,111,552 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe

PRC - [2012/02/07 21:37:27 | 001,492,912 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exe

PRC - [2012/02/02 15:20:32 | 000,889,984 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe

PRC - [2012/02/02 02:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

PRC - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2012/02/01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2012/01/20 16:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2012/01/20 16:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2012/01/20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

PRC - [2012/01/10 09:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

PRC - [2012/01/04 12:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

PRC - [2011/12/30 18:42:50 | 001,153,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe

PRC - [2011/10/28 18:59:26 | 000,918,448 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe

PRC - [2011/09/08 21:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

PRC - [2011/05/27 11:07:36 | 000,160,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

PRC - [2010/11/26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

PRC - [2010/11/20 20:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

PRC - [2010/10/21 02:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/15 08:18:11 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

MOD - [2013/05/15 08:04:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll

MOD - [2013/05/15 08:04:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll

MOD - [2013/04/12 19:26:56 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2013/01/11 20:22:29 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c78244854f84b69701fcee19b543645\IAStorUtil.ni.dll

MOD - [2013/01/11 19:23:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll

MOD - [2013/01/11 19:23:40 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013/01/11 19:23:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013/01/11 19:23:29 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013/01/11 19:23:27 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2012/02/03 10:12:22 | 001,122,304 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll

MOD - [2012/02/02 15:12:48 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll

MOD - [2012/01/20 10:17:16 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll

MOD - [2012/01/19 09:39:30 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll

MOD - [2011/12/29 20:45:12 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll

MOD - [2011/12/29 02:13:20 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll

MOD - [2011/12/28 11:18:44 | 000,883,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll

MOD - [2011/10/14 20:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll

MOD - [2011/09/26 19:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll

MOD - [2011/09/26 18:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll

MOD - [2011/09/20 18:11:28 | 000,985,600 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll

MOD - [2011/09/19 20:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll

MOD - [2011/09/08 15:23:54 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll

MOD - [2011/07/21 09:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll

MOD - [2011/07/12 19:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll

MOD - [2011/06/08 11:15:44 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Thermal Radar\ThermalRadar.dll

MOD - [2010/10/05 08:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll

MOD - [2010/10/05 08:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll

MOD - [2010/10/05 08:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll

MOD - [2010/09/23 11:51:36 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsIdxParser.dll

MOD - [2010/08/22 19:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll

MOD - [2010/02/25 14:01:30 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsZip.dll

MOD - [2009/08/12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2012/05/10 20:40:52 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2012/01/10 21:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV:64bit: - [2011/08/15 17:38:50 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/05/15 08:18:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/03 16:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/04/12 19:27:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Programs\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/03/14 22:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/12/01 10:46:18 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/02/07 21:37:27 | 001,492,912 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exe -- (AsusFanControlService)

SRV - [2012/02/02 02:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)

SRV - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2012/01/20 16:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/01/20 16:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012/01/20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)

SRV - [2011/12/21 03:04:42 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2011/10/28 18:59:26 | 000,918,448 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc)

SRV - [2011/05/27 11:07:36 | 000,160,768 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)

SRV - [2010/10/21 02:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/12/18 22:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/12/01 10:43:24 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012/09/19 21:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)

DRV:64bit: - [2012/09/19 21:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)

DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/03/25 17:55:22 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)

DRV:64bit: - [2012/03/09 10:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2012/01/06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)

DRV:64bit: - [2012/01/04 12:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:64bit: - [2012/01/04 12:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

DRV:64bit: - [2012/01/04 12:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)

DRV:64bit: - [2011/12/15 02:01:08 | 014,646,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/12/05 12:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2011/11/10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2011/11/03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)

DRV:64bit: - [2011/11/03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)

DRV:64bit: - [2011/08/12 03:13:36 | 000,032,360 | R--- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd)

DRV:64bit: - [2011/07/19 18:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)

DRV:64bit: - [2011/05/23 08:39:28 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AseUSBCC.sys -- (ASEUSBCC)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/08/17 10:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)

DRV:64bit: - [2010/06/30 01:27:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)

DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2013/05/02 21:40:35 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- E:\Users\JL\Downloads\RealTemp_370\WinRing0x64.sys -- (WinRing0_1_2_0)

DRV - [2013/01/22 23:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0AtCzy0DtC0Dzyzy0EtDtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=425798436

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0AtCzy0DtC0Dzyzy0EtDtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=425798436

IE - HKLM\..\SearchScopes\{5046F975-4B67-2AF5-365B-075B1563CDDD}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 02 11 D9 87 2D CD 01 [binary data]

IE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\..\SearchScopes,DefaultScope = {5046F975-4B67-2AF5-365B-075B1563CDDD}

IE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\..\SearchScopes\{5046F975-4B67-2AF5-365B-075B1563CDDD}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\JL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\JL\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\JL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JL\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JL\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: E:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 19:27:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 19:27:07 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/28 17:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JL\AppData\Roaming\Mozilla\Extensions

[2013/04/12 19:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/04/12 19:27:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/09/01 21:26:40 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013/02/19 21:30:48 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\JL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\JL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\JL\AppData\Roaming\Mozilla\plugins\npo1d.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll

CHR - plugin: Uplay PC (Enabled) = E:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

CHR - plugin: iTunes Application Detector (Enabled) = E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - Extension: YouTube = C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Gmail = C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe ()

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)

O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-2564183217-1780356419-2778177185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC7ED8C4-89D8-408E-B760-D05729A4236D}: DhcpNameServer = 192.168.1.1

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\appinit_dll.dll) - C:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/05/10 20:31:39 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2008/02/21 17:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2006/09/15 02:17:00 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{3f38a9f1-9b29-11e1-a7b0-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{3f38a9f1-9b29-11e1-a7b0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2008/02/21 17:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.)

O33 - MountPoints2\{67bc0564-97f3-11e1-b340-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{67bc0564-97f3-11e1-b340-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/15 22:34:48 | 000,000,000 | ---D | C] -- C:\Users\JL\Desktop\RK_Quarantine

[2013/05/11 10:57:54 | 000,000,000 | ---D | C] -- C:\Users\JL\AppData\Local\VS Revo Group

[2013/05/11 10:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

[2013/05/11 10:57:52 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys

[2013/05/11 10:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group

[2013/05/03 22:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crysis 3

[2013/05/02 20:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/16 07:45:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2564183217-1780356419-2778177185-1000UA.job

[2013/05/16 07:39:49 | 000,000,000 | ---- | M] () -- C:\Windows\Path.idx

[2013/05/16 07:39:08 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/05/16 07:39:08 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/05/16 07:37:07 | 000,793,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/05/16 07:37:07 | 000,669,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/05/16 07:37:07 | 000,125,514 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/05/16 07:36:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/05/16 07:34:46 | 001,048,576 | ---- | M] () -- C:\Windows\PE_Rom.dll

[2013/05/16 07:34:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/05/16 07:32:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/05/15 22:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/05/15 21:55:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2564183217-1780356419-2778177185-1002UA.job

[2013/05/15 18:45:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2564183217-1780356419-2778177185-1000Core.job

[2013/05/15 08:04:03 | 000,284,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/05/11 10:57:53 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2013/05/11 08:55:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2564183217-1780356419-2778177185-1002Core.job

[2013/05/09 21:00:13 | 000,000,879 | ---- | M] () -- C:\Users\JL\Desktop\Uplay.lnk

[2013/05/03 22:54:00 | 000,000,747 | ---- | M] () -- C:\Users\Public\Desktop\Crysis 3.lnk

[2013/04/29 22:47:25 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/04/29 22:47:25 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2013/04/21 11:03:17 | 000,000,222 | ---- | M] () -- C:\Users\JL\Desktop\Worms Revolution.url

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/11 10:57:53 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2013/05/09 21:00:13 | 000,000,879 | ---- | C] () -- C:\Users\JL\Desktop\Uplay.lnk

[2013/05/03 22:54:00 | 000,000,747 | ---- | C] () -- C:\Users\Public\Desktop\Crysis 3.lnk

[2013/04/29 22:47:25 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/04/29 22:47:25 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2013/04/21 11:03:17 | 000,000,222 | ---- | C] () -- C:\Users\JL\Desktop\Worms Revolution.url

[2012/11/27 06:58:24 | 004,316,160 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2012/11/20 15:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2012/10/29 13:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2012/10/29 13:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2012/10/29 13:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2012/10/29 13:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2012/10/29 13:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012/09/28 12:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll

[2012/07/27 22:10:50 | 000,000,258 | RHS- | C] () -- C:\Users\JL\ntuser.pol

[2012/07/03 03:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2012/06/10 02:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012/06/04 18:35:39 | 000,000,090 | ---- | C] () -- C:\Users\JL\AppData\Local\fusioncache.dat

[2012/06/03 11:50:52 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/06/03 11:50:51 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/05/22 01:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll

[2012/05/16 18:15:43 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2012/05/13 17:45:03 | 000,003,072 | ---- | C] () -- C:\Users\JL\AppData\Local\file__0.localstorage

[2012/05/10 20:36:50 | 000,786,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/05/07 19:39:33 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll

[2012/05/07 19:39:33 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll

[2012/05/07 19:39:33 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

[2012/05/07 19:26:06 | 000,038,333 | ---- | C] () -- C:\Windows\DIIUnin.dat

[2012/05/06 21:24:16 | 012,985,344 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll

[2012/05/06 21:24:16 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin

[2012/05/06 21:24:16 | 000,479,528 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin

[2012/05/06 21:24:16 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012/05/06 21:20:05 | 001,048,576 | ---- | C] () -- C:\Windows\PE_Rom.dll

[2012/05/06 20:49:36 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2012/05/06 20:49:28 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2012/05/06 20:37:03 | 000,054,764 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2012/05/06 20:35:11 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2012/05/06 20:35:05 | 000,041,687 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2012/01/10 20:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

[2011/12/08 06:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/06 21:20:05 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\ASUS WebStorage

[2012/08/11 16:12:31 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\ATT Connect

[2012/05/12 01:19:28 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Autodesk

[2012/11/10 10:51:37 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Bioshock

[2013/01/17 22:16:22 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\calibre

[2012/12/06 22:42:51 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\DAEMON Tools Lite

[2012/11/08 22:54:06 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\GameFly

[2013/02/10 11:38:06 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\GrabIt

[2012/11/21 21:57:33 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Guitar Pro 6

[2012/11/12 21:53:32 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\HandBrake

[2012/11/29 23:10:06 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\ImgBurn

[2013/02/10 13:02:16 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Origin

[2013/01/01 20:10:14 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Shark007

[2013/05/15 20:53:59 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\TS3Client

[2013/05/02 19:56:34 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\ts3overlay

[2013/02/10 20:13:14 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\ts3overlay_hook_win64

[2013/01/01 20:08:17 | 000,000,000 | ---D | M] -- C:\Users\JL\AppData\Roaming\Win7codecs

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:322D2CD3

< End of report >

Link to post
Share on other sites

It's still in IE:

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...tB&cr=425798436

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...tB&cr=425798436

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For Chrome...........

First make sure you have the latest version of Chrome:

Open up Chrome > Click on the 3 bars in the upper right hand corner

Click on About Google Chrome

If there's an update available it will automatically update

Next:

Go to Tools > Clear Browser Data

Put a check next to all of these:

  1. Clear browsing history
  2. Clear download history
  3. Empty the cache

Click "Clear Browsing Data"

-------------------------------

Next:

Click the Chrome menu on the browser toolbar.

Select Settings.

In the "Search" section, click Manage search engines.

Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default.

Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.

-------------------------------------

Click the Chrome menu .

Select Settings.

In the "On startup" section, select Open a specific page or set of pages.

Click Set pages. (in blue to the right)

Remove any unfamiliar pages.

-----------------------

Click the Chrome menu .

Select Settings.

In the "Appearance" section, if the "Show Home button" checkbox is selected, see if the page listed below is the home page you’d like to use.

If the page isn't the home page you'd like to use, click Change and select your preferred page.

Let me know.....MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.