Jump to content

Found a trojan. How can I remove it?


Recommended Posts

So I have used this program for an online game I play. I decided I would try and scan it just because I learned that the programmer who made it had a reputation in the past for using prorgams to steal accounts from users. I ran several online file scans and found this trojan detected by one scanner:

TrojanDrop.Agent.DX.uebe.mg

 

 

 

I have no idea how serious this trojan is. I was hoping someone here can shed light on it and tell me how I can remove this. Thanks

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

Hello Psychotic,

Thank you very much for your swift reply. I really appreciate the help.

 

Here is the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014 01
Ran by S (administrator) on S-DESKTOP on 14-08-2014 02:24:23
Running from C:\Users\S\Desktop
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe
() C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe
() C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe
() C:\Program Files\ASUS\Six Engine\SixEngine.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files (x86)\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Dell Inc.) C:\Program Files (x86)\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Dell Inc.) C:\Program Files (x86)\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Portrait Displays\HP Display Assistant\dthtml.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(magicJack L.P.) C:\Users\S\AppData\Roaming\mjusbsp\magicJack.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6296064 2008-05-20] (Realtek Semiconductor)
HKLM\...\Run: [skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [DLPSP] => C:\Program Files (x86)\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [197120 2006-02-23] (Dell Inc.)
HKLM\...\Run: [intelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2314120 2009-06-01] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Ai Nap] => C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe [1423360 2008-05-21] ()
HKLM-x32\...\Run: [QFan Help] => C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [594432 2008-05-06] ()
HKLM-x32\...\Run: [Cpu Level Up help] => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [881152 2007-11-30] ()
HKLM-x32\...\Run: [Launch Direct Link] => C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe [1209856 2007-11-16] ()
HKLM-x32\...\Run: [Launch As Cmd Runner] => C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe [376832 2007-04-11] ()
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2213160 2007-12-03] (Nero AG)
HKLM-x32\...\Run: [DT HWP] => C:\Program Files (x86)\Portrait Displays\HP Display Assistant\DTHtml.exe [277504 2007-06-29] (Portrait Displays, Inc)
HKLM-x32\...\Run: [Dell MFP Color Laser Printer 3115cn Launcher] => C:\Program Files (x86)\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe [389120 2006-08-10] (Dell Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1010999420-2856162072-425742311-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1010999420-2856162072-425742311-1000\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872 2008-01-14] (Nero AG)
HKU\S-1-5-21-1010999420-2856162072-425742311-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-15] (Valve Corporation)
HKU\S-1-5-21-1010999420-2856162072-425742311-1000\...\Run: [cdloader] => C:\Users\S\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-1010999420-2856162072-425742311-1000\...\Run: [Desktop Software] => C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe [1025320 2009-04-24] (SupportSoft, Inc.)
HKU\S-1-5-21-1010999420-2856162072-425742311-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-1010999420-2856162072-425742311-1000\...\MountPoints2: {08901803-15b7-11de-9154-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1010999420-2856162072-425742311-1000\...\MountPoints2: {39b054dc-0512-11e1-b3f4-0022159533f8} - H:\setup.exe -a
HKU\S-1-5-21-1010999420-2856162072-425742311-1000\...\MountPoints2: {8464c023-a7e5-11df-b91f-0022159533f8} - H:\SamsungSoftware\APPInst.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - Comcast URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler: cdl - No CLSID Value -
Handler: file - No CLSID Value -
Handler: ftp - No CLSID Value -
Handler: local - No CLSID Value -
Handler: mk - No CLSID Value -
Handler-x32: cdl - No CLSID Value -
Handler-x32: file - No CLSID Value -
Handler-x32: ftp - No CLSID Value -
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: local - No CLSID Value -
Handler-x32: mk - No CLSID Value -
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\ka6r9km4.default-1400219003531
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Extension: ConvveertME - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\vxd8kywj.default\Extensions\t.ea@eycohyd.com [2014-05-04]
FF Extension: CooolSaleCOuepono - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\vxd8kywj.default\Extensions\ur_p3q@ymeae-.edu [2014-04-28]
FF Extension: FT SleekDark - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\vxd8kywj.default\Extensions\{a21cd440-41d6-11e0-9207-0800200c9a66} [2012-05-09]
FF Extension: Adblock Plus - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\vxd8kywj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-04]
FF Extension: Adblock Plus - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\ka6r9km4.default-1400219003531\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-08]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-21]

Chrome:
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DLPWD; C:\Program Files (x86)\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [102912 2005-11-10] (Dell Inc.) [File not signed]
R2 DLSDB; C:\Program Files (x86)\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [185856 2005-08-25] (Dell Inc.) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [73728 2007-06-29] () [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [869672 2007-12-03] (Nero AG)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [447784 2008-01-14] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2009-03-22] ()
S2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x64.sys [56320 2008-06-30] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-10-31] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [173096 2008-06-23] (Marvell Semiconductor, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 02:24 - 2014-08-14 02:24 - 00016692 _____ () C:\Users\S\Desktop\FRST.txt
2014-08-14 02:24 - 2014-08-14 02:24 - 00000000 ____D () C:\FRST
2014-08-14 02:23 - 2014-08-14 02:23 - 02100224 _____ (Farbar) C:\Users\S\Desktop\FRST64.exe
2014-08-13 07:32 - 2014-08-13 07:32 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-08-13 07:31 - 2014-08-13 07:31 - 00001838 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-13 07:31 - 2014-08-13 07:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-13 07:31 - 2014-08-13 07:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-13 07:30 - 2010-04-06 03:34 - 00345984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-08-13 07:28 - 2014-08-13 07:28 - 13829304 _____ (Microsoft Corporation) C:\Users\S\Desktop\mseinstall.exe
2014-08-10 22:27 - 2014-08-10 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-10 22:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-10 22:15 - 2014-08-10 22:21 - 00000000 ____D () C:\AdwCleaner
2014-08-08 22:50 - 2014-08-08 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-08 22:49 - 2014-08-10 22:26 - 00000000 ____D () C:\Users\S\Desktop\Antiviruses

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 02:24 - 2014-08-14 02:24 - 00016692 _____ () C:\Users\S\Desktop\FRST.txt
2014-08-14 02:24 - 2014-08-14 02:24 - 00000000 ____D () C:\FRST
2014-08-14 02:23 - 2014-08-14 02:23 - 02100224 _____ (Farbar) C:\Users\S\Desktop\FRST64.exe
2014-08-14 02:23 - 2006-11-02 10:22 - 00003712 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-14 02:23 - 2006-11-02 10:22 - 00003712 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-14 02:19 - 2014-02-08 22:02 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-14 01:51 - 2012-10-02 08:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-14 00:22 - 2009-06-12 12:17 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-14 00:11 - 2008-01-20 20:53 - 01742927 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 23:19 - 2014-02-08 22:02 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-13 19:32 - 2014-01-22 18:56 - 00000000 ____D () C:\Users\S\AppData\Roaming\TS3Client
2014-08-13 19:07 - 2006-11-02 07:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-13 19:03 - 2014-04-08 23:58 - 00000901 _____ () C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2014-08-13 19:03 - 2009-06-21 00:36 - 00000915 _____ () C:\Users\S\Desktop\magicJack.lnk
2014-08-13 19:03 - 2009-06-21 00:34 - 00000000 ____D () C:\Users\S\AppData\Roaming\mjusbsp
2014-08-13 19:01 - 2014-03-08 18:40 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-08-13 19:01 - 2009-03-20 06:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-13 19:01 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 18:59 - 2006-11-02 10:42 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-13 07:32 - 2014-08-13 07:32 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-08-13 07:31 - 2014-08-13 07:31 - 00001838 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-13 07:31 - 2014-08-13 07:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-13 07:31 - 2014-08-13 07:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-13 07:28 - 2014-08-13 07:28 - 13829304 _____ (Microsoft Corporation) C:\Users\S\Desktop\mseinstall.exe
2014-08-13 05:26 - 2008-01-20 22:26 - 00427296 _____ () C:\Windows\PFRO.log
2014-08-12 02:55 - 2009-03-25 18:42 - 00002651 _____ () C:\Users\S\Desktop\Microsoft Office Word 2007.lnk
2014-08-10 22:52 - 2011-11-01 22:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-10 22:52 - 2011-11-01 22:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-10 22:27 - 2014-08-10 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-10 22:26 - 2014-08-08 22:49 - 00000000 ____D () C:\Users\S\Desktop\Antiviruses
2014-08-10 22:23 - 2011-11-02 01:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-10 22:21 - 2014-08-10 22:15 - 00000000 ____D () C:\AdwCleaner
2014-08-09 00:44 - 2011-09-29 21:20 - 00000000 ____D () C:\Users\S\AppData\Roaming\Imoq
2014-08-08 22:50 - 2014-08-08 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-08 22:50 - 2011-11-04 23:04 - 00000912 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-08 22:50 - 2011-11-04 23:04 - 00000900 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-06 17:16 - 2006-11-02 10:27 - 00265192 _____ () C:\Windows\setupact.log
2014-07-29 08:14 - 2013-07-22 06:52 - 00000000 ____D () C:\Users\S\AppData\Roaming\Mumble
2014-07-23 03:20 - 2013-12-28 19:18 - 00000000 ____D () C:\Users\S\AppData\Local\magicJack
2014-07-21 18:34 - 2009-10-05 20:55 - 00000000 ____D () C:\Users\Public\Scanned images

Some content of TEMP:
====================
C:\Users\S\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-13 19:07

==================== End Of Log ============================

 

 

 

 

Here is the Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014 01
Ran by S at 2014-08-14 02:25:21
Running from C:\Users\S\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 6 Update 29 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416029FF}) (Version: 6.0.290 - Oracle)
magicJack (HKCU\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 7.0 (HKLM\...\{C74A84EC-7C5F-4C36-A4A6-381E516D643B}) (Version: 7.0.260.0 - Microsoft)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-07-2014 05:00:02 Scheduled Checkpoint
12-07-2014 05:00:03 Scheduled Checkpoint
13-07-2014 05:00:04 Scheduled Checkpoint
14-07-2014 05:00:03 Scheduled Checkpoint
15-07-2014 05:00:02 Scheduled Checkpoint
15-07-2014 10:00:06 Windows Update
16-07-2014 05:38:11 Scheduled Checkpoint
17-07-2014 05:00:05 Scheduled Checkpoint
18-07-2014 05:00:05 Scheduled Checkpoint
19-07-2014 05:00:04 Scheduled Checkpoint
20-07-2014 07:20:39 Scheduled Checkpoint
21-07-2014 05:21:34 Scheduled Checkpoint
22-07-2014 07:04:59 Windows Update
23-07-2014 05:00:04 Scheduled Checkpoint
24-07-2014 07:46:14 Scheduled Checkpoint
25-07-2014 05:00:03 Scheduled Checkpoint
26-07-2014 07:45:51 Scheduled Checkpoint
27-07-2014 05:10:45 Scheduled Checkpoint
28-07-2014 11:56:55 Scheduled Checkpoint
29-07-2014 05:00:08 Scheduled Checkpoint
29-07-2014 07:05:33 Windows Update
30-07-2014 05:00:03 Scheduled Checkpoint
31-07-2014 05:00:07 Scheduled Checkpoint
01-08-2014 05:00:04 Scheduled Checkpoint
01-08-2014 19:22:33 Scheduled Checkpoint
03-08-2014 05:31:34 Scheduled Checkpoint
04-08-2014 05:10:08 Scheduled Checkpoint
05-08-2014 06:51:55 Windows Update
06-08-2014 05:00:03 Scheduled Checkpoint
06-08-2014 22:48:34 Scheduled Checkpoint
08-08-2014 05:00:02 Scheduled Checkpoint
08-08-2014 07:24:55 Windows Update
09-08-2014 08:12:36 Scheduled Checkpoint
10-08-2014 05:00:06 Scheduled Checkpoint
11-08-2014 03:48:58 AA11
12-08-2014 05:20:53 Scheduled Checkpoint
12-08-2014 07:28:57 Windows Update
13-08-2014 05:14:01 Scheduled Checkpoint
13-08-2014 12:30:16 Windows Update
14-08-2014 01:13:33 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {015A49F5-91BF-4BC3-BB68-426C3A0FD1D3} - System32\Tasks\0.7877742764271989 => \\.\globalroot\Device\HarddiskVolume1\Users\MR5F53~1.SYE\AppData\Local\Temp\0.7877742764271989.exe <==== ATTENTION
Task: {08392045-1C1D-4443-A60E-2D76726D62F2} - \3840068800 No Task File <==== ATTENTION
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1765BE4B-6FBD-4048-B4F9-CC7DEAFBA84B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-08] (Google Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {286421E1-149B-493E-9468-0272913EB2E4} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe [2007-10-11] ()
Task: {2D124C4C-3146-4C04-B6B3-6178C1062FD8} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\Six Engine\SixEngine.exe [2008-06-03] ()
Task: {305CE256-3CDA-4665-8DEC-FD7CA640DF92} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - S => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {3484C0B2-A8DD-4392-ACF2-4EA54D01F4CD} - \3719448384 No Task File <==== ATTENTION
Task: {3B067A91-D218-48E2-91E5-D64B5B65FCD4} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.64\AsLoader.exe [2007-03-22] ()
Task: {3CCC847C-7BB9-49BC-87EC-E8C3465C2288} - \3967651744 No Task File <==== ATTENTION
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {645D3918-1025-4A49-8342-E0C5B8E0FE60} - \583388256 No Task File <==== ATTENTION
Task: {6CB4743A-94B3-4070-A597-DB054D3B71DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {823640A2-C86F-4744-ADD7-7467C0028C69} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {83450B23-6A2C-46E4-B47C-945BC8E9667B} - System32\Tasks\ASUS\ASUS ACPI Service Provider => C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe [2008-05-16] ()
Task: {98E89663-5184-40F5-B6E2-71F0FB24190D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-08] (Google Inc.)
Task: {A231096D-743E-4C1B-906F-83A665720FD7} - \win2119b744 No Task File <==== ATTENTION
Task: {C43744B1-A590-426C-949B-92A640BB4AFF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CEB2A86D-1592-4AB1-A3E9-A5FD308D544C} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {D5351B48-BDEC-4D7A-ABAC-A0DBE2F38971} - \1555873344 No Task File <==== ATTENTION
Task: {DC67B619-5ECD-4DBC-A010-B976C83D38B4} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2009-06-01] (Microsoft Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {ED5F8AF5-500A-4D19-B459-989A9C5CDC96} - System32\Tasks\ASUS\Launch AI Direct Link => C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe [2007-04-11] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-03-20 06:02 - 2007-04-11 17:34 - 00376832 _____ () C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe
2008-05-16 02:57 - 2008-05-16 02:57 - 00615424 ____R () C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe
2009-03-20 06:02 - 2007-11-16 15:12 - 01209856 _____ () C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe
2009-03-20 05:57 - 2008-06-03 01:06 - 05964800 _____ () C:\Program Files\ASUS\Six Engine\SixEngine.exe
2009-11-14 03:19 - 2007-06-29 16:26 - 00073728 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
2009-03-21 19:31 - 2009-03-22 14:37 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-03-20 06:02 - 2008-05-21 13:30 - 01423360 _____ () C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
2009-03-20 06:02 - 2005-06-22 04:39 - 00204851 ____R () C:\Program Files (x86)\ASUS\AASP\1.00.64\PowerDll.dll
2009-03-20 06:02 - 2008-01-17 03:46 - 00053248 ____R () C:\Program Files (x86)\ASUS\AASP\1.00.64\cpuutil.dll
2009-03-20 06:02 - 2007-08-20 11:17 - 00094208 _____ () C:\Program Files (x86)\ASUS\AI Direct Link\AsNetlib.dll
2009-03-20 05:57 - 2005-05-11 16:39 - 00565248 _____ () C:\Program Files\ASUS\Six Engine\pngio.dll
2009-03-20 05:57 - 2008-04-15 10:07 - 00053248 _____ () C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll
2014-05-28 11:12 - 2014-07-11 19:53 - 01116672 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-04-26 12:45 - 2014-07-11 19:53 - 00438784 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-28 11:12 - 2014-07-11 19:53 - 00399360 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-08 04:45 - 2014-07-11 19:53 - 00331264 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-03-12 17:10 - 2014-06-26 17:40 - 00764416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-28 11:12 - 2014-07-15 21:28 - 02139328 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-28 11:12 - 2014-04-28 19:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2011-07-13 03:21 - 2014-07-15 21:28 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.dll
2010-04-28 23:18 - 2014-05-01 18:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2009-03-20 06:02 - 2008-02-25 15:08 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.dll
2009-03-20 06:02 - 2007-01-03 22:25 - 00008704 _____ () C:\Program Files (x86)\ASUS\AI Suite\AiNap\vvc.dll
2009-11-14 03:19 - 2007-06-29 16:26 - 00102400 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
2009-11-14 03:19 - 2007-06-29 16:26 - 00077824 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll
2009-11-14 03:21 - 2007-06-12 12:25 - 00065536 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\drivers\vista.dll
2014-07-04 12:00 - 2014-07-04 12:00 - 00084344 _____ () C:\Users\S\AppData\Roaming\mjusbsp\octvqem_apiw.DLL
2011-11-04 23:04 - 2014-07-17 00:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Public\Documents\Decmber School Calender.docx:AFP_AfpInfo
AlternateDataStreams: C:\Users\Public\Documents\Class Critique.docx:AFP_AfpInfo
AlternateDataStreams: C:\Users\Public\Documents\IR Chart.pdf:AFP_AfpInfo
AlternateDataStreams: C:\Users\Public\Documents\IR Chart.pdf:com.apple.metadatakMDItemDownloadedDate
AlternateDataStreams: C:\Users\Public\Documents\IR Chart.pdf:com.apple.metadatakMDItemWhereFroms
AlternateDataStreams: C:\Users\Public\Documents\IR Chart.pdf:com.apple.quarantine
AlternateDataStreams: C:\Users\Public\Documents\NMR Chart.pdf:AFP_AfpInfo
AlternateDataStreams: C:\Users\Public\Documents\NMR Chart.pdf:com.apple.metadatakMDItemDownloadedDate
AlternateDataStreams: C:\Users\Public\Documents\NMR Chart.pdf:com.apple.metadatakMDItemWhereFroms
AlternateDataStreams: C:\Users\Public\Documents\NMR Chart.pdf:com.apple.quarantine
AlternateDataStreams: C:\Users\Public\Documents\Psyc Book Report.docx:AFP_AfpInfo
AlternateDataStreams: C:\Users\Public\Documents\Psyc chapter 16.docx:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2014 01:54:16 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\S\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KA6R9KM4.DEFAULT-1400219003531\CACHE2\DOOMED> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (08/14/2014 01:54:16 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\S\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KA6R9KM4.DEFAULT-1400219003531\CACHE2\ENTRIES> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (08/13/2014 07:02:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2014 07:02:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/13/2014 06:55:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program hl.exe version 1.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 4c4
Start Time: 01cfb74611dddc60
Termination Time: 60000

Error: (08/13/2014 11:25:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2014 11:24:41 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/13/2014 07:35:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2014 07:35:31 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/13/2014 06:45:38 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.


System errors:
=============
Error: (08/13/2014 07:03:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (08/13/2014 07:03:32 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (08/13/2014 07:02:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Comcast AntiSpyware%%2

Error: (08/13/2014 07:01:23 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Dell MFP Laser 3115cn PCL6 (Copy 1) with shared resource name Dell MFP Laser 3115cn PCL6 (Copy 1). Error 2114. The printer cannot be used by others on the network.

Error: (08/13/2014 11:26:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (08/13/2014 11:26:51 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (08/13/2014 11:25:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Comcast AntiSpyware%%2

Error: (08/13/2014 07:37:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (08/13/2014 07:37:38 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (08/13/2014 07:35:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Comcast AntiSpyware%%2


Microsoft Office Sessions:
=========================
Error: (04/24/2014 10:15:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 923 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (12/09/2012 02:18:42 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 173 seconds with 120 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-08-10 22:37:25.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-10 22:37:24.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-10 22:37:24.549
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-10 22:37:24.298
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-10 22:37:23.506
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-10 22:37:23.254
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-10 22:37:23.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-10 22:37:22.728
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-05 22:13:15.269
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-17 00:44:51.871
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSP.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 57%
Total physical RAM: 4094.12 MB
Available physical RAM: 1726.8 MB
Total Pagefile: 8395.5 MB
Available Pagefile: 5670.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (S Desktop) (Fixed) (Total:931.52 GB) (Free:719.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 7034B007)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

Here is the aswMBR log:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-14 02:27:37
-----------------------------
02:27:37.005    OS Version: Windows x64 6.0.6002 Service Pack 2
02:27:37.006    Number of processors: 4 586 0xF0B
02:27:37.006    ComputerName: S-DESKTOP  UserName: S
02:27:40.598    Initialize success
02:27:40.662    VM: initialized successfully
02:27:40.728    VM: Intel CPU supported
02:28:21.172    VM: disk I/O iaStor.sys
02:29:30.596    AVAST engine defs: 14081301
02:29:35.958    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
02:29:35.960    Disk 0 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8
02:29:36.065    Disk 0 MBR read successfully
02:29:36.068    Disk 0 MBR scan
02:29:36.096    Disk 0 Windows VISTA default MBR code
02:29:36.125    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       953873 MB offset 2048
02:29:36.232    Disk 0 scanning C:\Windows\system32\drivers
02:30:00.055    Service scanning
02:30:37.255    Modules scanning
02:30:37.264    Disk 0 trace - called modules:
02:30:37.613    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
02:30:37.618    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c4e510]
02:30:37.623    3 CLASSPNP.SYS[fffffa600120bc33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80049d3050]
02:30:41.157    AVAST engine scan C:\Windows
02:31:09.043    AVAST engine scan C:\Windows\system32
02:37:50.425    AVAST engine scan C:\Windows\system32\drivers
02:39:35.286    AVAST engine scan C:\Users\S
02:55:00.993    AVAST engine scan C:\ProgramData
02:56:34.980    Scan finished successfully
02:58:34.475    Disk 0 MBR has been saved successfully to "C:\Users\S\Desktop\Antiviruses\Computer cleanup\MBR.dat"
02:58:34.483    The log file has been saved successfully to "C:\Users\S\Desktop\Antiviruses\Computer cleanup\aswMBR.txt"
 

Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

 

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.