Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8.1 Internet Browser Hijack/Firewall Disabled- Troubleshoot advice?


  • This topic is locked This topic is locked
22 replies to this topic

#1 _Wolfie_

_Wolfie_

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 15 February 2015 - 04:31 PM

So I decided to make an account and post for others with the same problem. I'm still currently trying to fix it, any help and suggestions to speed things up would be greatly appreciated. (My knowledge of comp sc is limited, just researched all this overnight so excuse me).

 

Model: Asus Transformers (yes, luckliy the tablet still works)

 

What I had before the problems occurred:

-Avast!

-Expired McAfee internet security

-Firefiox addons: Ghostery, Blue demon....

 

Symptoms:

1) Any Internet browser I use is slow and the browser frame did not display application name or text when opened. It looked phony.

2) Firewall, Action Centre, Defender all disabled

3) Something is very off about McAfee.(also disabled) Could not extend suscription to internet security

 

What I did:

1) attempted to access restoration point>>> It was corrupt and blue screened a lot.

2) ran DISM ScanHealth command line, it said= operation successful and repairable

3) backedup PC and Reset to factory setting>>> problem's still there

4) ran rKill (renamed) ran as admin. >>>

[HKLM\SOFTWARE\Mircosoft\Windows Defender]

"DisabledAntiSpyware" = dword00000001

then a whole bunch of windows service integrity apps that are not running

5) Command line sfc\scannow>>> blocked again

6) Running ComboFix...

7) RougueKiller didn't pick up much, except for a localhost that I can't delete.

8) Trying Farbar now

 

I'm kinda lost and out of ideas now, can someone help me? I'll post the txt logs in a bit.

 

For others with the same problem:

Good news, everything else still works fine, you can backup your PC but I don't think I needed to reset it.

Bad news, I have no idea what I'm dealing with


Edited by _Wolfie_, 15 February 2015 - 05:44 PM.
Moved to Virus, trojan, etc. logs'


BC AdBot (Login to Remove)

 


m

#2 _Wolfie_

_Wolfie_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 15 February 2015 - 04:39 PM

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 02/14/2015 11:31:19 PM in x64 mode. (Safe Mode)
Windows Version: Windows 8
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * No malware processes found to kill.
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic

 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic

 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic

 * Network Store Interface Service (nsi) is not Running.
   Startup Type set to: Automatic

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Ancillary Function Driver for Winsock (AFD) is not Running.
   Startup Type set to: System

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * NetBT (NetBT) is not Running.
   Startup Type set to: System

 * NSI Proxy Service Driver (nsiproxy) is not Running.
   Startup Type set to: System

 * NetIO Legacy TDI Support Driver (tdx) is not Running.
   Startup Type set to: System


Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 02/14/2015 11:31:56 PM
Execution time: 0 hours(s), 0 minute(s), and 37 seconds(s)
 



#3 _Wolfie_

_Wolfie_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 15 February 2015 - 04:41 PM

ComboFix

 

.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2013-05-01 3187360]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe" [2012-12-19 3576784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R0 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
R0 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
R2 0027101424037159mcinstcleanup;McAfee Application Installer Cleanup (0027101424037159);c:\users\Wolfie\AppData\Local\Temp\002710~1.EXE;c:\users\Wolfie\AppData\Local\Temp\002710~1.EXE [x]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
R2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\ASUS\P4G\InsOnSrv.exe;c:\program files\ASUS\P4G\InsOnSrv.exe [x]
R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [x]
R2 AvrcpService;AvrcpService;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [x]
R2 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x]
R2 DptfParticipantProcessorService;Intel® Dynamic Platform and Thermal Framework Processor Participant Service Application;c:\windows\system32\DptfParticipantProcessorService.exe;c:\windows\SYSNATIVE\DptfParticipantProcessorService.exe [x]
R2 DptfPolicyConfigTDPService;Intel® Dynamic Platform and Thermal Framework Config TDP Service Application;c:\windows\system32\DptfPolicyConfigTDPService.exe;c:\windows\SYSNATIVE\DptfPolicyConfigTDPService.exe [x]
R2 DptfPolicyCriticalService;Intel® Dynamic Platform and Thermal Framework Critical Service Application;c:\windows\system32\DptfPolicyCriticalService.exe;c:\windows\SYSNATIVE\DptfPolicyCriticalService.exe [x]
R2 DptfPolicyLpmService;Intel® Dynamic Platform and Thermal Framework Low Power Mode Service Application;c:\windows\system32\DptfPolicyLpmService.exe;c:\windows\SYSNATIVE\DptfPolicyLpmService.exe [x]
R2 HostedNetworkController;HostednetworkControlService;c:\program files\ASUS\ASUS Console\HostednetworkControlService.exe;c:\program files\ASUS\ASUS Console\HostednetworkControlService.exe [x]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
R2 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
R2 plctrl;plctrl;c:\program files\ASUS\P4G\plctrl.sys;c:\program files\ASUS\P4G\plctrl.sys [x]
R2 Trio Brightness Host;Trio Brightness Host;c:\program files (x86)\ASUS\ASUS Trio Display Control\WinServiceProject.exe;c:\program files (x86)\ASUS\ASUS Trio Display Control\WinServiceProject.exe [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevDram.sys [x]
R3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevPch.sys [x]
R3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevProc.sys [x]
R3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys;c:\windows\SYSNATIVE\DRIVERS\DptfManager.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [x]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
R3 SensorsAlsDriver;UMDF Reflector service for SensorsAlsDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-09-27 07:15    1472512    ----a-w-    c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-09-27 07:15    1472512    ----a-w-    c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-09-27 07:15    1472512    ----a-w-    c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-09-03 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-09-03 771056]
"DptfPolicyLpmServiceHelper"="c:\windows\system32\DptfPolicyLpmServiceHelper.exe" [2013-07-31 79376]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2013-09-11 909016]
"BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2013-09-26 280576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2015-02-15  14:05:16
ComboFix-quarantined-files.txt  2015-02-15 22:05
.
Pre-Run: 165,520,535,552 bytes free
Post-Run: 165,383,987,200 bytes free
.
- - End Of File - - 92754DEE980D57EA7072C83EE8ACEBEC
5FB38429D5D77768867C76DCBDB35194



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:03 AM

Posted 19 February 2015 - 10:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#5 _Wolfie_

_Wolfie_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 19 February 2015 - 06:55 PM

THANK YOU!!! I will try it out asap (after work). :D



#6 _Wolfie_

_Wolfie_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 21 February 2015 - 12:38 AM

****MBAM

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-02-20
Scan Time: 8:02:33 PM
Logfile: mbam_scan_clean.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.20.09
Rootkit Database: v2015.02.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Wolfie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324652
Time Elapsed: 23 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


***AdwCleaner

 

# AdwCleaner v4.111 - Logfile created 20/02/2015 at 20:39:28
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Windows 8  (x64)
# Username : Wolfie - OPTIMUS
# Running from : E:\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.16519


*************************

AdwCleaner[R0].txt - [664 bytes] - [20/02/2015 20:29:38]
AdwCleaner[S0].txt - [592 bytes] - [20/02/2015 20:39:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [650  bytes] ##########
 



#7 _Wolfie_

_Wolfie_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 21 February 2015 - 12:39 AM

***Farbar

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Wolfie (administrator) on OPTIMUS on 20-02-2015 20:47:51
Running from C:\Users\Wolfie\Desktop
Loaded Profiles: Wolfie (Available profiles: Wolfie)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\Trio OS Switcher\AsusSwitcherLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS SuperNote UI Agent\SuperNoteUIAgent.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
() C:\Program Files\ASUS\ASUS Trio Tool\ASUSTrioTool.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
() C:\Program Files\ASUS\ASUS Console\HostednetworkControlService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\ASUS\ASUS Trio Display Control\WinServiceProject.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
() C:\Program Files (x86)\ASUS\ASUS Trio Display Control\TrioBrightnessHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\Trio OS Switcher\AsusSwitcher.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
() C:\Program Files\ASUS\ASUS Console\WiFiSyncAgent.exe
() C:\Program Files\ASUS\ASUS Console\TrioSambaSend.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS Console\ASUS Console.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
() C:\Program Files\ASUS\ASUS Console\CharmBar.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Farbar) C:\Users\Wolfie\Desktop\FRST64(1).exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-07-31] (Intel Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [909016 2013-09-10] (Conexant Systems, Inc.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-25] (Realtek Semiconductor Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [454160 2012-11-30] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-704109706-1750460686-3720769737-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKU\S-1-5-21-704109706-1750460686-3720769737-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [59392 2013-09-26] () [File not signed]
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-07-31] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-07-31] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-07-31] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-07-31] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
R2 HostedNetworkController; C:\Program Files\ASUS\ASUS Console\HostednetworkControlService.exe [9216 2013-10-01] () [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [388240 2012-11-23] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1007288 2012-10-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-11-09] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [177680 2012-11-09] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
R2 Trio Brightness Host; C:\Program Files (x86)\ASUS\ASUS Trio Display Control\WinServiceProject.exe [11264 2013-10-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-05-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-04] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-07-31] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-07-31] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-07-31] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-07-31] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2012-11-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows ® Win 7 DDK provider)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2979544 2013-09-25] (Realtek Semiconductor Corporation                           )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
U0 msahci; No ImagePath

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys E890C46E4754F0DF51BAFCC8D2E07498
C:\Windows\System32\drivers\3ware.sys 4F18D4C7EA14F11A7211F60D553C03DB
C:\Windows\System32\drivers\ACPI.sys 975AABEB243B800C23626D6B652C5A9C
C:\Windows\system32\DRIVERS\acpials.sys E3530CCC4018BBFC39176E579E438BE6
C:\Windows\System32\Drivers\acpiex.sys DC968C37822117E576B933F34A2D130C
C:\Windows\System32\drivers\acpipagr.sys 0CA9F7C3A78227C21A0A7854E245CFB2
C:\Windows\System32\drivers\acpipmi.sys 8EB8DA03B142D3DD1EB9ED8107A76C43
C:\Windows\System32\drivers\acpitime.sys CBCE725C5D86ABA7D2604E22951AA9B8
C:\Windows\System32\drivers\adp94xx.sys 93C6388592B99925C1D1576E465BC80F
C:\Windows\System32\drivers\adpahci.sys D27763E0247292654E7F7D16444C7C72
C:\Windows\System32\drivers\adpu320.sys 67B90070FF48F794AF19F9FCF0080D75
C:\Windows\system32\drivers\afd.sys 36D6A3201721558A8AFBCC09C2DA4C2C
C:\Windows\system32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6
C:\Windows\System32\drivers\agp440.sys 01590377A5AB19E792528C628A2A68F9
C:\Windows\system32\DRIVERS\AiCharger.sys 16F6F6B7903B913AB41AB848C8BB5658
C:\Windows\System32\drivers\amdk8.sys 5A81054B824004B1ECC04F0034A1CDF9
C:\Windows\System32\drivers\amdppm.sys B849D453E644FAB9BC8EF6DC8CA9C4C6
C:\Windows\System32\drivers\amdsata.sys 35A0EB5AECB0FA3C41A2FB514A562304
C:\Windows\System32\drivers\amdsbs.sys 00452671904F5EE94B50BF0219C97164
C:\Windows\System32\drivers\amdxata.sys EA3FFE53E92E59C87E3ECA9BEB20D9B7
C:\Windows\system32\drivers\appid.sys 83B3682CE922FB0F415734B26D9D6233
C:\Windows\System32\drivers\arc.sys E933401B392387F4BE34DE8BAF1722A7
C:\Windows\System32\drivers\arcsas.sys 07CA323EF2E8247A568AB0F3662AD644
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961
C:\Windows\system32\DRIVERS\asyncmac.sys 74DBAEC35366C4EE7670428808715A6A
C:\Windows\System32\drivers\atapi.sys A721FF570C2387E383BDDEA9632863C9
C:\Windows\system32\DRIVERS\athrx.sys DECE3E2832F125A41A02FB59F4C54EEA
C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 41CEAFFCF3550785E59E3EC9BEE8D97A
C:\Windows\System32\drivers\AsusTP.sys B1C8C8570C30DE1C3EC727779700E495
C:\Windows\System32\drivers\bxvbda.sys 87AB5BB072A3F128541D5B815F82FFDD
C:\Windows\System32\drivers\BasicDisplay.sys 81703BC5D68DEDBB086C2368FBE7B334
C:\Windows\System32\drivers\BasicRender.sys 5EC68164E14D25675C98BBB5F09E8606
C:\Windows\System32\Drivers\Beep.sys 9E7AEA59776D904607985AFFE7E5E183
C:\Windows\System32\DRIVERS\bowser.sys B17AC10B47C7FCB44D22A1F06415840E
C:\Windows\System32\drivers\BthAvrcpTg.sys F17DEEAC7D51D44CF1BFF8DD4F0A2B6D
C:\Windows\system32\DRIVERS\BthEnum.sys A8B20D852B07AE19A13B5D47EC4E4C3B
C:\Windows\System32\drivers\bthhfenum.sys 616EB8748C988AEE98D93DA141C3D3B4
C:\Windows\System32\drivers\BthHFHid.sys DCB4EBD928A6FB368BE6CAE522412DE1
C:\Windows\system32\DRIVERS\BthLEEnum.sys 42201C346F0B8C458E1E9CDE04D68A2C
C:\Windows\System32\drivers\bthmodem.sys 033916CE8784A848B9A3D686B7F66D97
C:\Windows\system32\DRIVERS\bthpan.sys 091BB978E9504D0AD14586929431A957
C:\Windows\System32\Drivers\BTHport.sys B2FD839F9AF51B8580C02B89AC6C6C89
C:\Windows\System32\Drivers\BTHUSB.sys 1F715957F5236D30B6020A19A4271F6A
C:\Windows\System32\DRIVERS\cdfs.sys 990B1BABE6E81FB18E65A87EBEFB1772
C:\Windows\System32\drivers\cdrom.sys 339BFF85D788268752DA8C9644B188EE
C:\Windows\System32\drivers\cfwids.sys DF8D07059E7237E0BE9C1421EF5F9482
C:\Windows\System32\drivers\circlass.sys F64B7D1A37CC1D5F421D5359EEC81E2E
C:\Windows\System32\drivers\CLFS.sys 9905168708DB68849B879B5548F68AB3
C:\Windows\System32\drivers\CmBatt.sys 2DC8538A2260647484A6C921CA837313
C:\Windows\System32\Drivers\cng.sys E708BFF0473EC6B271EA46B65B16CA56
C:\Windows\system32\drivers\CHDRT64.sys F974405FB9F68375BD369E0341201F31
C:\Windows\System32\drivers\CompositeBus.sys 0E5B1E9E7122EDAAF1F6CE047965CA92
C:\Windows\System32\drivers\condrv.sys D9CB0782AF819548072AA45B70F8B22D
C:\Windows\System32\drivers\dam.sys C4D01BD86D6B207275FC143EEA951D75
C:\Windows\System32\Drivers\dfsc.sys 09D9EB9E7898F8E6561473A20CC808B9
C:\Windows\System32\drivers\discache.sys 3C736FAE17BA6F91BA37594AAB139CD0
C:\Windows\System32\drivers\disk.sys 560495FF4CA22E1D9B1972FA18F43B6F
C:\Windows\System32\drivers\dmvsc.sys 82A7C72593793FE1EADA7A305BD1567A
C:\Windows\system32\DRIVERS\DptfDevDram.sys 68E2849CF59D54557F5CC6911EE5B26F
C:\Windows\system32\DRIVERS\DptfDevPch.sys 76C91DB88A8CEE7711F41ADF08128522
C:\Windows\system32\DRIVERS\DptfDevProc.sys 82D5BA44F3A32EE7D41D2E8B4361AD9B
C:\Windows\system32\DRIVERS\DptfManager.sys 66AA3E34E06A32B60573926DD861D70E
C:\Windows\system32\drivers\drmkaud.sys 9C7C183F937951AE17C5B8B3259CF3FF
C:\Windows\System32\drivers\dxgkrnl.sys ED120AA770A78B5079F8C7BB5AF8A035
C:\Windows\system32\DRIVERS\e1i63x64.sys 651FBD69A9713D623D456A240F96179C
C:\Windows\System32\drivers\evbda.sys 5AB97B3282D7D6114949D1EB5C8598E4
C:\Windows\System32\drivers\EhStorClass.sys 66D60BD9A4C05616ABECA2A901475098
C:\Windows\System32\drivers\EhStorTcgDrv.sys A61D0F543024E458C0FE32352E1978E2
C:\Windows\System32\drivers\errdev.sys D790D058D67582DB9C84C2D33695FE6B
C:\Windows\System32\Drivers\exfat.sys 7A4D6FEB8C52B3FE855E4DCDF9107E03
C:\Windows\System32\Drivers\fastfat.sys 60996602A7111FD2D086E803F33E4282
C:\Windows\System32\drivers\fdc.sys 73B2D11DF0B6E03A0CB0323218ACB3E4
C:\Windows\System32\drivers\fileinfo.sys 88A9EBACD1058ABB237A6B4E96E7F397
C:\Windows\System32\drivers\filetrace.sys 9E4EE3A0B00FF7D5F42A4AF9744CBA02
C:\Windows\System32\drivers\flpydisk.sys B1D4C168FF7B8579E3745888658FFB1D
C:\Windows\System32\drivers\fltmgr.sys B33EC133AE4E6C1881D2302D93D2467D
C:\Windows\System32\drivers\FsDepends.sys A5F7873A39E4E9FAAAE59B7E9E36B705
C:\Windows\System32\Drivers\Fs_Rec.sys A6DD7D491F587F4BC13FB972977DC8E8
C:\Windows\System32\DRIVERS\fvevol.sys FA228F4BB10DC7ED7E7D131C034E2331
C:\Windows\System32\drivers\fxppm.sys A969D92973DFA895E7776B4BFE36DBB2
C:\Windows\System32\drivers\gagp30kx.sys 52BC441E07A827EBAB70CDC7EAEDB28D
C:\Windows\System32\drivers\vmgencounter.sys 721F8EEF5E9747F32670DEFF7FB92541
C:\Windows\System32\Drivers\msgpioclx.sys CA18ECFCFFDD638ECE80799A9056B238
C:\Windows\system32\drivers\HdAudio.sys C2504AA983B5D411F7D31402E8B57725
C:\Windows\System32\drivers\HDAudBus.sys 7D87B5B6C7188D553E11B59DC7F0B111
C:\Windows\System32\drivers\HidBatt.sys 3F76BBA53D65E85A7F53E7A71082082C
C:\Windows\System32\drivers\hidbth.sys A25BAE8C1F2830C8E5625EC7E4E968BE
C:\Windows\System32\drivers\hidi2c.sys CC4A07E51D89575CAB6F4EB590D87CD4
C:\Windows\System32\drivers\hidir.sys DC96F7DACB777CDEAEF9958A50BFDA06
C:\Windows\System32\drivers\AsHIDSwitch64.sys 894D982CEAB8CD45A56AE2C9988E86C0
C:\Windows\System32\drivers\hidusb.sys 590B6F71BCDA4368B4BF7D8DF22B60F7
C:\Windows\System32\drivers\HipShieldK.sys 852681A14AFEE00C0C3179429A08C868
C:\Windows\System32\drivers\HpSAMD.sys 64DB7A8D97CA53DCCF93D0A1E08342CF
C:\Windows\System32\drivers\HTTP.sys 29CB98187BB5711F7759540976D295FC
C:\Windows\System32\drivers\hwpolicy.sys 2A98301068801700906C06649860FE94
C:\Windows\System32\drivers\hyperkbd.sys DC76901D82097C9E297F20C287CB9A27
C:\Windows\system32\DRIVERS\HyperVideo.sys 716413AB3CA12DE0A7222D28C1C9352C
C:\Windows\System32\drivers\i8042prt.sys C9E9CBF73AFFBFE3E801EFB516787BA3
C:\Windows\System32\drivers\iaStorA.sys 7294C19965ED656DF7AD00FC54EAAC44
C:\Windows\System32\drivers\iaStorV.sys 5E394EBD26FD68AA9300332C46BEDD62
C:\Windows\system32\DRIVERS\igdkmd64.sys BD875DF51F3B5F3B6BBDDC8184D85922
C:\Windows\System32\drivers\iirsp.sys 24847A06B84339FEEDE5CABF3D27D320
C:\Windows\system32\DRIVERS\IntcDAud.sys 56BF61A0F2CB461DFC78AC5260739D5C
C:\Windows\System32\drivers\intelide.sys 4F37726CF764CA18A8A84F85EF3A7F24
C:\Windows\System32\drivers\intelppm.sys E15CDF68DD73423F15D4AC404793AF0D
C:\Windows\System32\DRIVERS\ipfltdrv.sys 8FCA66234A0933D796BB780B7953BAB9
C:\Windows\System32\drivers\IPMIDrv.sys 6E98A046A12AA113F8898AA5D612BD6E
C:\Windows\System32\drivers\ipnat.sys 3969B9C218DD3FAA9F4ED2FFC3651C02
C:\Windows\System32\drivers\irenum.sys 25CD7C4BB2863FFC2B0B311F0AEBF77C
C:\Windows\System32\drivers\isapnp.sys D940C5BB9DC92E588533C19ABCC3D2C2
C:\Windows\System32\drivers\msiscsi.sys 69C8BF0BC2B0EA10F130F4D3104DC2EF
C:\Windows\System32\drivers\kbdclass.sys 8FBD94B69D6423E20ABCD59D86368B21
C:\Windows\System32\drivers\kbdhid.sys E88C932ABDF8185A62C8F2FC7B051FB6
C:\Windows\System32\drivers\kbfiltr.sys A8080BEBCDB7A16495CE1205921DCAC5
C:\Windows\system32\DRIVERS\kdnic.sys FB6C185092E18011EF49989425C2AA87
C:\Windows\System32\Drivers\ksecdd.sys DFA480F6DED551464F3A5B959F437800
C:\Windows\System32\Drivers\ksecpkg.sys 127FB0AAD232BAAD2C9BBACD374F4FC5
C:\Windows\system32\drivers\ksthunk.sys 81492FEEBF2F26455B00EE8DBAE8A1B0
C:\Windows\system32\DRIVERS\lltdio.sys CEEFD29FC551F289810B0B9381B321DC
C:\Windows\System32\drivers\lsi_sas.sys 022CDD12161B063D7852B1075BF3FFF2
C:\Windows\System32\drivers\lsi_sas2.sys 07AD59D669B996F29F91817F0ECFA34F
C:\Windows\System32\drivers\lsi_scsi.sys 216FB796AA4E252ACCE93B1BCB80B5EC
C:\Windows\System32\drivers\lsi_sss.sys 5E80530AF37102488EE980B4A92AF99F
C:\Windows\system32\drivers\luafv.sys 2BDC5D711FA61307CE6190D47C956368
C:\WINDOWS\system32\drivers\mbam.sys CA43F8904E24BBE49982E4C0B29E6579
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3
C:\WINDOWS\system32\drivers\mwac.sys 9D7BFFDB5FA62B600DF1FCB4919D9D79
C:\Windows\System32\drivers\megasas.sys 9B0D829C3BE4E7472DB9DD2B79908E3C
C:\Windows\System32\drivers\MegaSR.sys ECC3F54C7AFC318271C4F0B4606D8DB0
C:\Windows\system32\DRIVERS\TeeDriverx64.sys CFBDB416E1DC172327C099DB122FE15D
C:\Windows\System32\drivers\mfeapfk.sys 2D53234C24B0103FDE0BE06782AA6F80
C:\Windows\System32\drivers\mfeavfk.sys C0EAF4F2367C44157E1DE4817238FEC2
C:\Windows\System32\drivers\mfeelamk.sys 1699EB2331A251CC7175FD1B0DDF3EB7
C:\Windows\System32\drivers\mfefirek.sys 6856931F9F5B757E9D09369CC35096B9
C:\Windows\System32\drivers\mfehidk.sys 62E4C929A4DB48616B1B90143B48C948
C:\Windows\system32\DRIVERS\mfencbdc.sys 9C9FC3770BD600B2D761D666234C244D
C:\Windows\system32\DRIVERS\mfencrk.sys 93241CC8509B622B47EEA1B8505CF511
C:\Windows\System32\drivers\mfewfpk.sys E18162EA85F1531964F8222CC9E25E26
C:\Windows\System32\drivers\modem.sys 780098AD5DA8A4822E2563984C85EF7B
C:\Windows\system32\DRIVERS\monitor.sys 83EB0BF7E6EBD5B1AAC97F9DBD5EB935
C:\Windows\System32\drivers\mouclass.sys 618446B98C79776654340CE27C73485E
C:\Windows\System32\drivers\mouhid.sys CB2527B8B87D83E56FBF3944BBB6F606
C:\Windows\System32\drivers\mountmgr.sys 89D263DBF08119CE16273991C120D6DD
C:\Windows\System32\drivers\mpsdrv.sys 0D1609DD82C7440F5D5BF21A9D4D5C0C
C:\Windows\system32\drivers\mrxdav.sys 3D70147F55F1EC84EB9139ED7FFE48BC
C:\Windows\System32\DRIVERS\mrxsmb.sys 877D60D6E4156EC4A2E0B6871D41BED9
C:\Windows\System32\DRIVERS\mrxsmb10.sys 06D5F2FA3C61E8EA91648EA8E9F99FD3
C:\Windows\System32\DRIVERS\mrxsmb20.sys E078446D4B8622AA6030C7B8A1A08962
C:\Windows\system32\DRIVERS\bridge.sys 98487487D6B3797CA927E9D7B030AE13
C:\Windows\System32\Drivers\Msfs.sys 3886F1F2A4D2900ABAA7E4486BEEE6A2
C:\Windows\System32\drivers\msgpiowin32.sys C32A7A39B960A42BA9D4FBE47213CA03
C:\Windows\System32\drivers\mshidkmdf.sys D3857A767B91A061B408CCAB02DA4F40
C:\Windows\System32\drivers\mshidumdf.sys 839B48910FB1E887635C48F3EC11A05E
C:\Windows\System32\drivers\msisadrv.sys 55C0DB741E3AB7463242B185B1C2997C
C:\Windows\system32\drivers\MSKSSRV.sys 509809566E49F4411055864EA8D437CD
C:\Windows\system32\DRIVERS\mslldp.sys 63145201D6458E4958E572E7D6FC2604
C:\Windows\system32\drivers\MSPCLOCK.sys 99D526E803DB6D7FF290FD98B6204641
C:\Windows\system32\drivers\MSPQM.sys 06FA77C3E2A491ADCD704C5E73006269
C:\Windows\System32\Drivers\MsRPC.sys E134EC4DE11CF78CB01432D180710D84
C:\Windows\System32\drivers\mssmbios.sys B5AECF12F09DEE97C9FCAA5BA016CE1E
C:\Windows\system32\drivers\MSTEE.sys 72D66A05E0F99F2528F6C6204FD22AA1
C:\Windows\System32\drivers\MTConfig.sys 8AAAE399FC255FA105D4158CBA289001
C:\Windows\System32\Drivers\mup.sys 3BCB702F3E6CC622DCAFCAA45D7CDE0A
C:\Windows\System32\drivers\mvumis.sys 3A1E095277BBD406CEA8EA6B76950664
C:\Windows\system32\DRIVERS\nwifi.sys 43D7388A90A4C6EA346A4D6FF0377479
C:\Windows\System32\drivers\ndis.sys 03CFE4108D1DE16D6C59455B5C73319C
C:\Windows\system32\DRIVERS\ndiscap.sys 39C8A1D9D46F5E83A016BCAB72455284
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 762941932B7E4C588E48A577BA9D6440
C:\Windows\system32\DRIVERS\ndistapi.sys 7A6F8A6D0E01432EBA294EF29CDD0FA7
C:\Windows\system32\DRIVERS\ndisuio.sys 79AB68BB3FFF974AD4F41FA559F4EC67
C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8
C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8
C:\Windows\System32\Drivers\NDProxy.sys CE6EBC0AD38CC6482D8FBB744FF15CE2
C:\Windows\System32\drivers\Ndu.sys D3F60A4345FCA9C1BE68AD7D0D6DE770
C:\Windows\System32\DRIVERS\netbios.sys 7C203A76394F9AE68F69EEE5F9612C4A
C:\Windows\System32\DRIVERS\netbt.sys 7CEC25C682D319D484630B3952C31A11
C:\Windows\system32\DRIVERS\NETwNs64.sys 57B9C04D673F236D41FAB03842C8640B
C:\Windows\System32\drivers\nfrd960.sys 12DD2800E4EEA37DC9AE256AD62423B4
C:\Windows\System32\Drivers\Npfs.sys 17E19A742FB30C002F8B43575451DBE1
C:\Windows\System32\drivers\npsvctrig.sys 8ED299C30792544264E558BEA79F0947
C:\Windows\System32\drivers\nsiproxy.sys 689B3B1E95C70ABF7AFF29F9406EF1E0
C:\Windows\System32\Drivers\Ntfs.sys 76929F4A69E425911A63B407E26C2589
C:\Windows\System32\Drivers\Null.sys 4163ADE07DB51843AE31F65B94F5398D
C:\Windows\System32\drivers\nvraid.sys D6D34118263412D3AAA8348A9572B7F2
C:\Windows\System32\drivers\nvstor.sys 27AFC428D1D32ABD04A86763A4EDDEA9
C:\Windows\System32\drivers\nv_agp.sys 051CFB5107BAAE510419BDC41F8C4036
C:\Windows\System32\drivers\parport.sys 4563DAF8C6A740AD7F501E219BD10766
C:\Windows\System32\drivers\partmgr.sys D6ACCF9F2EEEEA711C14EFD976E573F3
C:\Windows\System32\drivers\pci.sys 4A003E8F718C1E6A2050CA98CD53E3E2
C:\Windows\System32\drivers\pciide.sys F9908D274D458220F91E89B54D78D837
C:\Windows\System32\drivers\pcmcia.sys 84D19CB6102627932DCB5DFDF89FE269
C:\Windows\System32\drivers\pcw.sys CEBBAD5391C2644560C55628A40BFD27
C:\Windows\System32\drivers\pdc.sys AECC24430301DBC6A76916E3029B6B83
C:\Windows\System32\drivers\peauth.sys 70DBB6A8B52B3830922F1C5789E1BEEB
C:\Program Files\ASUS\P4G\plctrl.sys 650A060D264FDDB365513A31B0BF31B7
C:\Windows\system32\DRIVERS\raspptp.sys 362D47E5B4D67270DE4B8606036F4ADD
C:\Windows\System32\drivers\processr.sys DD979EB6A7212F60E4AFBE96EDC7AE6D
C:\Windows\system32\DRIVERS\pacer.sys EB8034147D4820CD31BFCB11A2A652DF
C:\Windows\system32\drivers\qwavedrv.sys 13D47BB0CCA2FC51BD15F8E85C6A078E
C:\Windows\System32\DRIVERS\rasacd.sys 873C60F8178100557740A832FCE10B5F
C:\Windows\system32\DRIVERS\AgileVpn.sys 69B93F623B130976243ECA3D84CC99CA
C:\Windows\system32\DRIVERS\rasl2tp.sys A14D625C5AEE5FFE0F47D1A1D419FAAE
C:\Windows\system32\DRIVERS\raspppoe.sys 00695B9C2DB6111064499C529E90C042
C:\Windows\system32\DRIVERS\rassstp.sys A7F24D8CD1956B0A1FDCB86CC5114DE4
C:\Windows\System32\DRIVERS\rdbss.sys B72C33DBD5326B3864CF2091AF8B906B
C:\Windows\System32\drivers\rdpbus.sys CA7DF5EC95D8DE0DD24BE7FF97369F68
C:\Windows\System32\drivers\rdpdr.sys B2A3AD74FF2E2FFA73AF2567108231B3
C:\Windows\System32\drivers\rdpvideominiport.sys 57F4787E4602A3FCA719C0A33137C6DA
C:\Windows\System32\Drivers\RDPWD.sys B3CB0721E81E30419CE7D837EF4EA151
C:\Windows\System32\drivers\rdyboost.sys 62C1F8A0685FE07E998AA296C4F697C4
C:\Windows\system32\DRIVERS\rfcomm.sys 17EF582CBC4809F96B9E6D0543480763
C:\Windows\system32\DRIVERS\rspndr.sys E04E770DD198B9399640717145E79EBF
C:\Windows\system32\DRIVERS\RtkBtfilter.sys 1F453FF2E6373EE1D0C49C967D30145B
C:\Windows\system32\DRIVERS\Rt630x64.sys 15923AA360F7675D3D43C9669316A0BA
C:\Windows\system32\DRIVERS\rtwlane.sys 9C48E4635B3A44A1ADA02C13909A3B41
C:\Windows\System32\drivers\vms3cap.sys 752EC7DCD2F96871A3857EEE6AFE965A
C:\Windows\System32\drivers\sbp2port.sys 9C7B28CE0D136DB226E24DB3BC817F92
C:\Windows\System32\DRIVERS\scfilter.sys 5D7733A12756B267FCA021672B26BC9E
C:\Windows\System32\drivers\sdbus.sys 12F06525912BBEF67837DE47D87C60A9
C:\Windows\System32\drivers\sdstor.sys BB107AA9980B0DA4E19A3A90C3BD4460
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\drivers\SerCx.sys 87C46B239A7EEF30FDFDD5E9BD46130C
C:\Windows\System32\drivers\serenum.sys 7A1F9347C85FD55E39B8A76B3A25C5AD
C:\Windows\System32\drivers\serial.sys F640A0A218BBF857F1D04A15D7D939F6
C:\Windows\System32\drivers\sermouse.sys F1A5F56B2620B862CC28FF96A0A6DAAB
C:\Windows\System32\drivers\sfloppy.sys 7EE65419B29302C795714FF8073969A1
C:\Windows\System32\drivers\SiSRaid2.sys 2560721D6F16D5B611C36A3A9D28C1B2
C:\Windows\System32\drivers\sisraid4.sys 3AA8FDE1DBF65BB8B88B053529554A0D
C:\Windows\System32\drivers\spaceport.sys 465F3C355CE5ED2779B8F460F14C5A78
C:\Windows\System32\drivers\SpbCx.sys 3D8679C8DF52EB26EB7583A4E0A29202
C:\Windows\System32\DRIVERS\srv.sys 0F1FCD575A03ABDE13FCA9D0ADE4DDA6
C:\Windows\System32\DRIVERS\srv2.sys C2106BB710AA34A046126AED7BCA6964
C:\Windows\System32\DRIVERS\srvnet.sys 9400C71F5A1A380B494B6922F007D485
C:\Windows\System32\drivers\stexstor.sys 4E85355B94CFCB67C135F6521A4895A7
C:\Windows\System32\drivers\storahci.sys C588BBD37B432CE3204E5765B459E6B2
C:\Windows\System32\DRIVERS\vmstorfl.sys F74DBC95A57B1EE866D3732EB5F79BE2
C:\Windows\System32\drivers\storvsc.sys 543CD3CC0E05B8D8815E0D4F040B6F59
C:\Windows\System32\drivers\swenum.sys 4AFD66AAE74FFB5986BC240744DC5FC9
C:\Windows\System32\drivers\tcpip.sys F4F78B7F39BD56BD0BFE4C4399398F6F
C:\Windows\system32\DRIVERS\tcpip.sys F4F78B7F39BD56BD0BFE4C4399398F6F
C:\Windows\System32\drivers\tcpipreg.sys 8F2A13A5DF99D72FDDE87F502A66F989
C:\Windows\system32\DRIVERS\tdx.sys 73DC722CE5DF26D7638CE2446F2655C7
C:\Windows\System32\drivers\terminpt.sys F7C8AB5D8AFFAA318D6A21093D139BF4
C:\Windows\system32\drivers\tpm.sys B44EFE254C0B3719E4037088D24FE4B5
C:\Windows\System32\drivers\tsusbflt.sys 4E7C5FB10A50435523DE0CAA37DE2BD3
C:\Windows\System32\drivers\TsUsbGD.sys 16D684A820872EE54F6370703AC0B513
C:\Windows\system32\DRIVERS\tunnel.sys 78C9EE193AC2B4CBDBC48B620314D740
C:\Windows\System32\drivers\uagp35.sys 6D4F67CA56ACA2085DFA2CD89EAFBC1A
C:\Windows\System32\drivers\uaspstor.sys 6FD6D03B7752C78712E5CFF29A305026
C:\Windows\System32\drivers\ucx01000.sys 1ED222DFE6C13DA50FE081ABF90CAFE1
C:\Windows\System32\DRIVERS\udfs.sys DC5A461591C71AF7F19DC048A81E3F88
C:\Windows\System32\drivers\uliagpkx.sys 07FEBCDF24FABA0D47B635D85A0FFB7A
C:\Windows\System32\drivers\umbus.sys 02CEB3FE6152668A7BA420B93B664860
C:\Windows\System32\drivers\umpass.sys 991EE6B5FC41EAEF99C8AF5B92F2CA09
C:\Windows\System32\drivers\usbccgp.sys 2AF9F0E16D75B8F783A1ACE74EF51C9B
C:\Windows\System32\drivers\usbcir.sys B395B62B62F28106218FA6FB17F4C797
C:\Windows\System32\drivers\usbehci.sys 52F267AEE8CA5AA5CEB88C6A71EE1E86
C:\Windows\System32\drivers\usbhub.sys ADBF89B8E0BB372FEFE2E4B84E1E20AE
C:\Windows\System32\drivers\UsbHub3.sys C5986337DE3BF63ABD9ED4D834D34B89
C:\Windows\System32\drivers\usbohci.sys 325F6179009B5A7F6118951A5BA422AB
C:\Windows\System32\drivers\usbprint.sys BA3ABE0CD1C14B3295BAD0F076B84CAC
C:\Windows\System32\drivers\USBSTOR.SYS F77177F6C95B2116EE7AD23B5EF57007
C:\Windows\System32\drivers\usbuhci.sys D25EF4A6EC244C5DE85D88A05B7C149D
C:\Windows\System32\Drivers\usbvideo.sys 09799E701B4327097E9F63D3FE221083
C:\Windows\System32\drivers\USBXHCI.SYS 9CD4259AD15F84DE27B94A956C978D6C
C:\Windows\System32\drivers\vdrvroot.sys BACECBFF9C97F7627A60B0E0F1FE7EE8
C:\Windows\System32\drivers\VerifierExt.sys 74FA2D4368DE6F6CE14393EDF1F342BE
C:\Windows\System32\drivers\vhdmp.sys 8628FA679F0EC4B709CCD1F6B6A3233B
C:\Windows\System32\drivers\viaide.sys F5B4A14B00E89250C50982AC762DDD1D
C:\Windows\System32\drivers\vmbus.sys 78DB50F7329F6D1311658DABFFFC8BE0
C:\Windows\System32\drivers\VMBusHID.sys ECFEE2F2BA3932C7880D1A8F67D68F91
C:\Windows\System32\drivers\volmgr.sys CB60FAAED8B49B812EBBF77EB87D9B18
C:\Windows\System32\drivers\volmgrx.sys A74101DA9809251BCD0E5A26BAE0F824
C:\Windows\System32\drivers\volsnap.sys 2FB3CDFD5EAF4CD9D4AFAF96877D13AE
C:\Windows\System32\drivers\vpci.sys A8DA1C1B52ECEA3726DEBED4FF1B700D
C:\Windows\System32\drivers\vsmraid.sys 38A60CD9C009C55C6D3B5586F8E6A353
C:\Windows\System32\drivers\vstxraid.sys A0F6FE0FC2F647C22BBFD6BD4249DBCC
C:\Windows\System32\drivers\vwifibus.sys 62460A45435A26A334907E3F2EA45611
C:\Windows\system32\DRIVERS\vwififlt.sys 095E943D27025E4D588AF0A72CC2318F
C:\Windows\system32\DRIVERS\vwifimp.sys 73FA1A41A97A5C34ADC03B3577FF1A86
C:\Windows\System32\drivers\wacompen.sys 6B806E893714019969E2B50D7EF6A4D9
C:\Windows\system32\DRIVERS\wanarp.sys 6081CEC9EF9EB145D8B46655C7708D51
C:\Windows\system32\DRIVERS\wanarp.sys 6081CEC9EF9EB145D8B46655C7708D51
C:\Windows\System32\drivers\wd.sys B3A4D918DAB90505B6BC7B70632913CB
C:\Windows\system32\drivers\WdBoot.sys 6F4B5DDDC3B86091E94BC47347A78AF7
C:\Windows\System32\drivers\Wdf01000.sys 2ADC985B85A71BD7D99712EC0C24358B
C:\Windows\system32\drivers\WdFilter.sys 99D404A9A0AFC4734E014EBEBAC13F8F
C:\Windows\System32\DRIVERS\wfplwfs.sys FE762D3498719C3A23471BBA62F747B4
C:\Windows\System32\drivers\wimmount.sys A3C7624A42A3447EF5EDD1ED37FE4E60
C:\Windows\system32\DRIVERS\WinUSB.sys BB20956C424531003F7FA6CD36F11D5D
C:\Windows\System32\drivers\wmiacpi.sys E2A596CACFC6504306CDB7B593B90084
C:\Windows\System32\DRIVERS\wpcfltr.sys C6FF953D5D6F2EAE3B8883474D5076B3
C:\Windows\System32\drivers\WpdUpFltr.sys 0346CAFC181C91C6E2330332EB332ED6
C:\Windows\system32\drivers\ws2ifsl.sys BC8B5CB336E63BB25EAD1CE8EDD34B81
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 20:47 - 2015-02-20 20:48 - 00039308 _____ () C:\Users\Wolfie\Desktop\FRST.txt
2015-02-20 20:47 - 2015-02-20 20:47 - 00000000 ____D () C:\FRST
2015-02-20 20:42 - 2015-02-20 15:10 - 02126848 _____ () C:\Users\Wolfie\Desktop\adwcleaner_4.111.exe
2015-02-20 20:42 - 2015-02-20 15:09 - 02086912 _____ (Farbar) C:\Users\Wolfie\Desktop\FRST64(1).exe
2015-02-20 20:29 - 2015-02-20 20:44 - 00000000 ____D () C:\AdwCleaner
2015-02-20 20:05 - 2015-02-20 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-20 19:59 - 2015-02-20 19:59 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-02-20 19:59 - 2015-02-20 19:59 - 00000000 ____D () C:\temp
2015-02-20 19:57 - 2015-02-20 20:46 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-20 19:57 - 2015-02-20 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-20 19:57 - 2015-02-20 19:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-20 19:57 - 2015-02-20 19:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-20 19:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-20 19:57 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-20 19:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-20 19:49 - 2015-02-20 19:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-02-20 19:49 - 2015-02-20 19:49 - 00000000 ____D () C:\Users\Wolfie\AppData\Roaming\ASUS WebStorage
2015-02-20 19:49 - 2015-02-20 19:49 - 00000000 ____D () C:\Users\Wolfie\AppData\Local\Conexant
2015-02-20 19:48 - 2015-02-20 20:47 - 00000075 _____ () C:\Users\Wolfie\AppData\Roaming\sp_data.sys
2015-02-20 19:48 - 2015-02-20 20:46 - 00000000 ____D () C:\Users\Wolfie\AppData\Roaming\CharmBar
2015-02-20 19:48 - 2015-02-20 20:46 - 00000000 ____D () C:\Users\Public\Documents\TrioData
2015-02-20 19:48 - 2015-02-20 19:48 - 00001432 _____ () C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-20 19:48 - 2015-02-20 19:48 - 00001200 _____ () C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trio OS Switcher.lnk
2015-02-20 19:48 - 2015-02-20 19:48 - 00000196 _____ () C:\WINDOWS\FixPatch.log
2015-02-20 19:48 - 2015-02-20 19:48 - 00000000 ____D () C:\Users\Wolfie\AppData\Roaming\TaichiHome
2015-02-20 19:48 - 2015-02-20 19:48 - 00000000 ____D () C:\Users\Wolfie\AppData\Roaming\Adobe
2015-02-20 19:48 - 2015-02-20 19:48 - 00000000 ____D () C:\Users\Public\ASUSConsoleSetting
2015-02-20 19:47 - 2015-02-20 20:45 - 00070161 _____ () C:\Users\Wolfie\AppData\Local\BTServer.log
2015-02-20 19:47 - 2015-02-20 19:49 - 00000000 ____D () C:\Users\Wolfie
2015-02-20 19:47 - 2015-02-20 19:48 - 00000000 ____D () C:\Users\Wolfie\AppData\Local\Packages
2015-02-20 19:47 - 2015-02-20 19:48 - 00000000 ____D () C:\Users\Wolfie\AppData\Local\ASUS
2015-02-20 19:47 - 2015-02-20 19:47 - 00000020 ___SH () C:\Users\Wolfie\ntuser.ini
2015-02-20 19:47 - 2015-02-20 19:47 - 00000000 ____D () C:\Users\Wolfie\Documents\My Bluetooth
2015-02-20 19:47 - 2015-02-20 19:47 - 00000000 ____D () C:\Users\Wolfie\AppData\Local\VirtualStore
2015-02-20 19:47 - 2013-05-01 02:18 - 00000000 ___RD () C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-20 19:47 - 2013-05-01 01:36 - 00002102 _____ () C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2015-02-20 19:47 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-20 19:47 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-20 19:47 - 2012-07-26 00:13 - 00000000 ____D () C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 20:45 - 2012-07-25 23:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-20 20:44 - 2014-01-15 22:15 - 00052364 _____ () C:\Users\Public\CAFADEBUG.log
2015-02-20 20:40 - 2013-05-01 01:37 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-20 20:15 - 2014-01-15 22:17 - 00038155 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-20 20:08 - 2012-08-02 00:40 - 00451150 _____ () C:\WINDOWS\system32\prfh0804.dat
2015-02-20 20:08 - 2012-08-02 00:40 - 00142664 _____ () C:\WINDOWS\system32\prfc0804.dat
2015-02-20 20:08 - 2012-08-02 00:35 - 00816254 _____ () C:\WINDOWS\system32\perfh00A.dat
2015-02-20 20:08 - 2012-08-02 00:35 - 00172466 _____ () C:\WINDOWS\system32\perfc00A.dat
2015-02-20 20:08 - 2012-08-02 00:31 - 00818330 _____ () C:\WINDOWS\system32\perfh00C.dat
2015-02-20 20:08 - 2012-08-02 00:31 - 00165196 _____ () C:\WINDOWS\system32\perfc00C.dat
2015-02-20 20:08 - 2012-07-25 23:28 - 03299110 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-20 20:03 - 2013-05-01 01:37 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-20 20:03 - 2012-07-25 21:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-20 20:01 - 2014-01-15 22:23 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-02-20 20:01 - 2014-01-15 22:23 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-02-20 20:00 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-20 19:59 - 2012-07-25 23:21 - 00034079 _____ () C:\WINDOWS\setupact.log
2015-02-20 19:58 - 2012-08-01 17:20 - 00003508 _____ () C:\WINDOWS\PFRO.log
2015-02-20 19:58 - 2012-07-25 21:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-20 19:48 - 2012-08-01 17:36 - 00000000 ____D () C:\WINDOWS\Log
2015-02-20 19:47 - 2012-07-26 00:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-02-20 19:47 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\WinStore
2015-02-20 19:45 - 2013-05-01 01:25 - 00281088 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-20 19:33 - 2012-07-26 00:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-02-20 19:33 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery

==================== Files in the root of some directories =======

2015-02-20 19:48 - 2015-02-20 20:47 - 0000075 _____ () C:\Users\Wolfie\AppData\Roaming\sp_data.sys
2015-02-20 19:47 - 2015-02-20 20:45 - 0070161 _____ () C:\Users\Wolfie\AppData\Local\BTServer.log
2013-05-01 01:34 - 2012-09-07 03:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-05-01 01:34 - 2009-07-22 02:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-05-01 01:34 - 2012-09-07 03:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Wolfie\AppData\Local\Temp\Quarantine.exe
C:\Users\Wolfie\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {66b574c4-b97a-11e4-9fc6-d50b0102961c}
                        {66b574c5-b97a-11e4-9fc6-d50b0102961c}
                        {66b574c6-b97a-11e4-9fc6-d50b0102961c}
timeout                 2

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {66b574c7-b97a-11e4-9fc6-d50b0102961c}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Firmware Application (101fffff)
-------------------------------
identifier              {66b574c4-b97a-11e4-9fc6-d50b0102961c}
description             UEFI:CD/DVD Drive

Firmware Application (101fffff)
-------------------------------
identifier              {66b574c5-b97a-11e4-9fc6-d50b0102961c}
description             UEFI:Removable Device

Firmware Application (101fffff)
-------------------------------
identifier              {66b574c6-b97a-11e4-9fc6-d50b0102961c}
description             UEFI:Network Device

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 8
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {66b574c9-b97a-11e4-9fc6-d50b0102961c}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {66b574c7-b97a-11e4-9fc6-d50b0102961c}
nx                      OptIn
bootmenupolicy          Standard
detecthal               Yes

Windows Boot Loader
-------------------
identifier              {66b574c9-b97a-11e4-9fc6-d50b0102961c}
device                  ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{66b574ca-b97a-11e4-9fc6-d50b0102961c}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{66b574ca-b97a-11e4-9fc6-d50b0102961c}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {66b574c7-b97a-11e4-9fc6-d50b0102961c}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {66b574c9-b97a-11e4-9fc6-d50b0102961c}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {66b574ca-b97a-11e4-9fc6-d50b0102961c}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume2
ramdisksdipath          \Recovery\WindowsRE\boot.sdi



LastRegBack: 2012-08-01 17:20

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Wolfie at 2015-02-20 20:48:52
Running from C:\Users\Wolfie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
ASUS Console (HKLM\...\{702961F4-E719-4DD5-95B4-FFE7B16F20A6}) (Version: 1.1.3 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.4 - ASUS)
ASUS PC Tool (HKLM-x32\...\ASUS PC Tool_is1) (Version: 1.5.0.61 - ASUSTEK)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.4 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0014 - ASUS)
ASUS SuperNote UI Agent (HKLM-x32\...\{4271867C-4904-4B4B-9125-DBA4BA7FD98E}) (Version: 1.0.1 - ASUS)
ASUS Trio Display Control (HKLM-x32\...\{FFF93AFD-09C9-4159-8FD1-6000A8784E09}) (Version: 1.0.5 - ASUS)
ASUS Trio Tool (HKLM\...\{E34D5054-5328-4231-ACEF-71E2DF39E670}) (Version: 1.0.1 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.63.63 - Conexant)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.1.282 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.092613 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0229 - REALTEK Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SuperNote (HKLM-x32\...\{958323E1-E6A1-4A3C-994D-89B14BCFFABC}_is1) (Version: 0.2.1.9 - ASUSTeK COMPUTER INC.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Trio OS Switcher (HKLM\...\{3790613B-501E-4AF4-B4A7-22C1DD38C1D9}) (Version: 1.0.9 - ASUS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (08/19/2013 1.0.0.185) (HKLM\...\BEC03F71855D306AE5B6E65FD243A203C2B10782) (Version: 08/19/2013 1.0.0.185 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 21:26 - 2012-07-25 21:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {31F5C250-33B6-4B1D-84B9-ECB200C19BF9} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-07-31] (ASUSTeK Computer Inc.)
Task: {3301DDE8-8B35-40F7-AD87-0FE0A0B81F71} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-03] (ASUS)
Task: {36A789FF-3D6E-4610-9073-CD036E505281} - System32\Tasks\ASUS Console => C:\Program Files\ASUS\ASUS Console\ASUS Console.exe [2013-10-01] (ASUSTeK Computer Inc.)
Task: {4CE471AB-663F-404A-A512-9E074D69BF7A} - System32\Tasks\Trio OS Switcher => C:\Program Files\ASUS\Trio OS Switcher\AsusSwitcherLoader.exe [2013-10-07] (ASUSTek Computer Inc.)
Task: {508D72FD-62D5-450E-82B5-9E58E3307AEF} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {6D0EE1FA-5F88-4E3E-9FA2-775D2340F6DA} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-09] (ASUSTek Computer Inc.)
Task: {6F138F14-18CF-41F2-A6BF-BCAB49A2D35D} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {6F4DBA3A-E87F-4AE4-BAC1-5687EC711143} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-04] (AsusTek)
Task: {821E3822-F2DE-4D2F-A938-4739BF60043B} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
Task: {89AA6717-07A8-4CED-8C0F-E4804119AB85} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {995A98A5-60AF-4984-8452-E1C9507B7683} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {A75F5CEC-16B8-4E98-84AB-A3048C90A8A0} - System32\Tasks\ASUS TrioSamba => C:\Program Files\ASUS\ASUS Console\TrioSambaSend.exe [2013-10-01] ()
Task: {D110C3C6-F4D5-486B-80FC-EBDCD1080E82} - System32\Tasks\ASUS WiFi Sync Agent => C:\Program Files\ASUS\ASUS Console\WiFiSyncAgent.exe [2013-10-01] ()
Task: {D9DAA720-7DB8-4021-8CD5-55644203B2B1} - System32\Tasks\Asus SuperUIAgent => C:\Program Files (x86)\ASUS\ASUS SuperNote UI Agent\SuperNoteUIAgent.exe [2012-12-07] ()
Task: {F128BCD0-9E71-4871-884E-2637A5A5D618} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {F6DC22B8-B414-4608-B757-F99937E2C533} - System32\Tasks\Asus Trio Tool => C:\Program Files\ASUS\ASUS Trio Tool\ASUSTrioTool.exe [2013-09-25] ()
Task: {FAB69434-289C-4FCB-8986-1F40AB687912} - System32\Tasks\ASUS Web Sync Agent => C:\Program Files\ASUS\ASUS Console\WebSyncAgent.exe [2013-10-01] ()

==================== Loaded Modules (whitelisted) ==============

2013-07-23 09:54 - 2013-07-23 09:54 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-12-07 12:33 - 2012-12-07 12:33 - 00026624 _____ () C:\Program Files (x86)\ASUS\ASUS SuperNote UI Agent\SuperNoteUIAgent.exe
2013-09-25 16:00 - 2013-09-25 16:00 - 00015360 _____ () C:\Program Files\ASUS\ASUS Trio Tool\ASUSTrioTool.exe
2012-12-18 22:10 - 2012-12-18 22:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2014-01-15 22:16 - 2013-09-26 10:15 - 00059392 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2013-10-01 19:07 - 2013-10-01 19:07 - 00009216 _____ () C:\Program Files\ASUS\ASUS Console\HostednetworkControlService.exe
2013-10-01 14:53 - 2013-10-01 14:53 - 00011264 _____ () C:\Program Files (x86)\ASUS\ASUS Trio Display Control\WinServiceProject.exe
2013-10-01 14:53 - 2013-10-01 14:53 - 00034816 _____ () C:\Program Files (x86)\ASUS\ASUS Trio Display Control\TrioBrightnessHost.exe
2013-05-01 02:58 - 2013-01-01 22:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-10-01 19:07 - 2013-10-01 19:07 - 00264192 _____ () C:\Program Files\ASUS\ASUS Console\WiFiSyncAgent.exe
2013-10-01 19:07 - 2013-10-01 19:07 - 00028672 _____ () C:\Program Files\ASUS\ASUS Console\Interop.PortableDeviceApiLib.dll
2013-10-01 19:07 - 2013-10-01 19:07 - 00468992 _____ () C:\Program Files\ASUS\ASUS Console\TrioSambaSend.exe
2013-10-01 19:07 - 2013-10-01 19:07 - 00010752 _____ () C:\Program Files\ASUS\ASUS Console\WMIProcX64.dll
2013-10-01 19:07 - 2013-10-01 19:07 - 00093696 _____ () C:\Program Files\ASUS\ASUS Console\CharmBar.exe
2013-04-29 14:17 - 2013-04-29 14:17 - 00587264 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-10-01 14:53 - 2013-10-01 14:53 - 00009216 _____ () C:\Program Files (x86)\ASUS\ASUS Trio Display Control\WMIProc.dll
2014-01-15 22:10 - 2013-05-31 13:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-704109706-1750460686-3720769737-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\asus\wallpapers\asus.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-704109706-1750460686-3720769737-500 - Administrator - Disabled)
Guest (S-1-5-21-704109706-1750460686-3720769737-501 - Limited - Disabled)
Wolfie (S-1-5-21-704109706-1750460686-3720769737-1001 - Administrator - Enabled) => C:\Users\Wolfie

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2015 07:49:56 PM) (Source: Service1) (EventID: 0) (User: )
Description: Failed to process session change. System.IO.DirectoryNotFoundException: Could not find a part of the path 'c:\temp\WindowsService.txt'.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access)
   at WindowsService1.Service1.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, IntPtr eventData)

Error: (02/20/2015 07:47:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80070057
Command-line arguments:
RuleId=379cccfb-d4e0-48fe-b0f2-0136097be147;Action=CleanupState;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;Trigger=TimerEvent

Error: (02/20/2015 07:47:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrioBrightnessHost.exe, version: 1.0.0.0, time stamp: 0x52490800
Faulting module name: KERNEL32.dll, version: 6.2.9200.16384, time stamp: 0x5010a926
Exception code: 0xc00000fd
Fault offset: 0x0004ee39
Faulting process id: 0xe44
Faulting application start time: 0xTrioBrightnessHost.exe0
Faulting application path: TrioBrightnessHost.exe1
Faulting module path: TrioBrightnessHost.exe2
Report Id: TrioBrightnessHost.exe3
Faulting package full name: TrioBrightnessHost.exe4
Faulting package-relative application ID: TrioBrightnessHost.exe5

Error: (02/20/2015 07:47:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrioBrightnessHost.exe, version: 1.0.0.0, time stamp: 0x52490800
Faulting module name: clr.dll, version: 4.0.30319.18010, time stamp: 0x50387691
Exception code: 0xc00000fd
Fault offset: 0x001a0766
Faulting process id: 0x354
Faulting application start time: 0xTrioBrightnessHost.exe0
Faulting application path: TrioBrightnessHost.exe1
Faulting module path: TrioBrightnessHost.exe2
Report Id: TrioBrightnessHost.exe3
Faulting package full name: TrioBrightnessHost.exe4
Faulting package-relative application ID: TrioBrightnessHost.exe5

Error: (02/20/2015 07:44:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrioBrightnessHost.exe, version: 1.0.0.0, time stamp: 0x52490800
Faulting module name: clr.dll, version: 4.0.30319.18010, time stamp: 0x50387691
Exception code: 0xc00000fd
Fault offset: 0x001a0766
Faulting process id: 0x9bc
Faulting application start time: 0xTrioBrightnessHost.exe0
Faulting application path: TrioBrightnessHost.exe1
Faulting module path: TrioBrightnessHost.exe2
Report Id: TrioBrightnessHost.exe3
Faulting package full name: TrioBrightnessHost.exe4
Faulting package-relative application ID: TrioBrightnessHost.exe5


System errors:
=============
Error: (02/20/2015 07:58:10 PM) (Source: DCOM) (EventID: 10005) (User: OPTIMUS)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/20/2015 07:57:36 PM) (Source: DCOM) (EventID: 10005) (User: OPTIMUS)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/20/2015 07:57:27 PM) (Source: DCOM) (EventID: 10005) (User: OPTIMUS)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/20/2015 07:56:28 PM) (Source: DCOM) (EventID: 10005) (User: OPTIMUS)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/20/2015 07:56:20 PM) (Source: DCOM) (EventID: 10005) (User: OPTIMUS)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/20/2015 07:56:15 PM) (Source: DCOM) (EventID: 10005) (User: OPTIMUS)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/20/2015 07:55:43 PM) (Source: DCOM) (EventID: 10005) (User: OPTIMUS)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/20/2015 07:55:37 PM) (Source: DCOM) (EventID: 10005) (User: OPTIMUS)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/20/2015 07:55:31 PM) (Source: DCOM) (EventID: 10005) (User: OPTIMUS)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/20/2015 07:55:17 PM) (Source: DCOM) (EventID: 10005) (User: OPTIMUS)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================
Error: (02/20/2015 07:49:56 PM) (Source: Service1) (EventID: 0) (User: )
Description: Failed to process session change. System.IO.DirectoryNotFoundException: Could not find a part of the path 'c:\temp\WindowsService.txt'.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access)
   at WindowsService1.Service1.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, IntPtr eventData)

Error: (02/20/2015 07:47:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x80070057RuleId=379cccfb-d4e0-48fe-b0f2-0136097be147;Action=CleanupState;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;Trigger=TimerEvent

Error: (02/20/2015 07:47:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrioBrightnessHost.exe1.0.0.052490800KERNEL32.dll6.2.9200.163845010a926c00000fd0004ee39e4401d04d89143f851eC:\Program Files (x86)\ASUS\ASUS Trio Display Control\TrioBrightnessHost.exeC:\WINDOWS\SYSTEM32\KERNEL32.dll5666dfaa-b97c-11e4-be74-6c71d9d6a96c

Error: (02/20/2015 07:47:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrioBrightnessHost.exe1.0.0.052490800clr.dll4.0.30319.1801050387691c00000fd001a076635401d04d8902dc332aC:\Program Files (x86)\ASUS\ASUS Trio Display Control\TrioBrightnessHost.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll4e45750e-b97c-11e4-be74-6c71d9d6a96c

Error: (02/20/2015 07:44:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrioBrightnessHost.exe1.0.0.052490800clr.dll4.0.30319.1801050387691c00000fd001a07669bc01d04d8899559710C:\Program Files (x86)\ASUS\ASUS Trio Display Control\TrioBrightnessHost.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dlle3a32350-b97b-11e4-be73-6c71d9d6a96c


==================== Memory info ===========================

Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 37%
Total physical RAM: 3979.47 MB
Available physical RAM: 2481.47 MB
Total Pagefile: 7563.47 MB
Available Pagefile: 5729 MB
Total Virtual: 8192 MB
Available Virtual: 8191.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:154.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.34 GB) (Free:258.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5B98F280)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Users shortcut scan result (x64) Version: 18-02-2015 01
Ran by Wolfie at 2015-02-20 20:49:30
Running from C:\Users\Wolfie\Desktop
Boot Mode: Normal
==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk -> C:\Program Files\CONEXANT\MaxxAudio\MaxxAudioControl64.exe (Waves Audio Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk -> C:\Windows\WinStore\WinStore.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperNote\SuperNote.lnk -> C:\Program Files (x86)\ASUS\SuperNote\SuperNoteForDesktop.exe (ASUSTeK COMPUTER INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Console.lnk -> C:\Program Files\ASUS\ASUS Console\ASUS Console.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Install.lnk -> C:\eSupport\eDriver\AsInsWiz.exe (ASUSTek Computer INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Live Update.Lnk -> C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS On-Screen Display.lnk -> C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSDMgr.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\eManual.Lnk -> C:\eSupport\Manual\eManual.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Power4Gear Hybrid.lnk -> C:\Windows\Installer\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}\_BD24D5734D9A308DFF1950.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\USB Charger Plus.lnk -> C:\Windows\Installer\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}\_A5929B6DA37196E80E1FF1.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WinFlash.Lnk -> C:\Program Files (x86)\ASUS\WinFlash\WinFlash.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WebStorage Sync Agent\WebStorage Sync Agent.lnk -> C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe (ASUS Cloud Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\MyBitCast\MyBitcast.lnk -> C:\Program Files (x86)\ASUS\MyBitCast\MyBitCast.exe (Asus)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\MyBitCast\Uninstall.lnk -> C:\Program Files (x86)\ASUS\MyBitCast\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AsusVibe\ASUS  Vibe Fun Center.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Splendid Utility\Splendid Utility.Lnk -> C:\Program Files (x86)\ASUS\Splendid\ACVT.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS PC Tool\ASUS PC Tool.lnk -> C:\Program Files (x86)\ASUS\ASUSPCTool\ASUSPCTool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\Links\SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Libraries ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Wolfie\Links\Desktop.lnk -> C:\Users\Wolfie\Desktop ()
Shortcut: C:\Users\Wolfie\Links\Downloads.lnk -> C:\Users\Wolfie\Downloads ()
Shortcut: C:\Users\Wolfie\Links\SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trio OS Switcher.lnk -> C:\Program Files\ASUS\Trio OS Switcher\AsusSwitcher.exe (ASUSTek Computer Inc.)
Shortcut: C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Libraries ()
Shortcut: C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Wolfie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ASUS Console.lnk -> C:\Program Files\ASUS\ASUS Console\ASUS Console.exe (ASUSTeK Computer Inc.)
Shortcut: C:\Users\Wolfie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ASUS Install.lnk -> C:\eSupport\eDriver\AsInsWiz.exe (ASUSTek Computer INC.)
Shortcut: C:\Users\Wolfie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\eManual.Lnk -> C:\eSupport\Manual\eManual.exe (ASUSTek Computer Inc.)
Shortcut: C:\Users\Wolfie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\Libraries ()
Shortcut: C:\Users\Wolfie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE (Microsoft Corporation) -> /OEM
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - asus.lnk -> C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (WildTangent) -> /src gamesmenu /dp asus
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee Internet Security.lnk -> C:\Program Files\mcafee.com\agent\mcagent.exe (McAfee, Inc.) -> /desktopicon /platui
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® HD Graphics Control Panel.lnk -> C:\Windows\System32\GfxUIEx.exe (Intel Corporation) -> Metro
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Family Games.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f405496e-4cd5-4891-a8bc-3e58bd47b25c}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\WildGames\Penguins!\Penguins-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d1bb8655-6ca7-4088-b80a-a1f6484b9d01}\PlayTasks\0\Azteca.lnk -> C:\Program Files (x86)\WildGames\Azteca\Azteca-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{ca9f0082-7f3d-4f78-b4e6-592c73461b8c}\PlayTasks\0\Tales of Lagoona.lnk -> C:\Program Files (x86)\WildGames\Tales of Lagoona\Tales of Lagoona-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b87f2bde-5d44-4e86-bd37-a71616b35ea6}\PlayTasks\0\Bejeweled 3.lnk -> C:\Program Files (x86)\WildGames\Bejeweled 3\bejeweled3-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{49edfae8-e0cc-45fb-96e6-d60571dd122d}\PlayTasks\0\Peggle.lnk -> C:\Program Files (x86)\WildGames\Peggle\Peggle-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3a9dfc3f-0345-4048-8cbf-ac7a444a0ae6}\PlayTasks\0\Cut the Rope.lnk -> C:\Program Files (x86)\WildGames\Cut the Rope\CutTheRopeApp-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Wolfie\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Wolfie\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\Users\Wolfie\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Wolfie\Favorites\ASUS E-Service\ASUS Homepage.url -> hxxp://www.asus.com/
InternetURL: C:\Users\Wolfie\Favorites\ASUS E-Service\ASUS Member.url -> hxxp://member.asus.com/
InternetURL: C:\Users\Wolfie\Favorites\ASUS E-Service\ASUS Software Download.url -> hxxp://support.asus.com/download
InternetURL: C:\Users\Wolfie\Favorites\ASUS E-Service\ASUS Technical Support.url -> hxxp://support.asus.com/

==================== End of log =============================
 



#8 _Wolfie_

_Wolfie_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 21 February 2015 - 12:42 AM

Thanks Nasdaq, my PC is running smoothly since I have reset the whole thing. But it's still there, the phony internet browser frame, all the scans come out clean, but I know it's still there.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:03 AM

Posted 21 February 2015 - 09:38 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U3 mfeavfk01; No ImagePath
U0 msahci; No ImagePath

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

These files are suspicious. If you did not install please delete them.
C:\ProgramData\SetStretch.cmd
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS

If you did and are not sure if they are the cause of the issue rename them with a .old extention like this
C:\ProgramData\SetStretch.cmd.old
C:\ProgramData\SetStretch.exe.old
C:\ProgramData\SetStretch.VBS.old

Restart the computer normally.
Decide if you want to keep them or not.
===
 

RougueKiller didn't pick up much, except for a localhost that I can't delete.

Please post the log for my review.

#10 _Wolfie_

_Wolfie_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 21 February 2015 - 08:42 PM

***RougueKiller

 

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Wolfie [Administrator]
Mode : Scan -- Date : 02/21/2015  18:36:15

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-704109706-1750460686-3720769737-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-704109706-1750460686-3720769737-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5820BCA1-1612-4F39-9FCC-1D44F5DC89A3} | DhcpNameServer : 192.168.1.254 75.153.176.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5820BCA1-1612-4F39-9FCC-1D44F5DC89A3} | DhcpNameServer : 192.168.1.254 75.153.176.1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS545050A7E680 +++++
--- User ---
[MBR] 3db6499a8cfc97133c05db878a40a635
[BSP] 359f7e74cd5bfb32ea89655b1af5cfcd : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_02212015_182150.log



#11 _Wolfie_

_Wolfie_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 21 February 2015 - 08:56 PM

*** from the Fixlog.txt

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by Wolfie at 2015-02-21 18:41:44 Run:2
Running from C:\Users\Wolfie\Desktop\New folder
Loaded Profiles: Wolfie (Available profiles: Wolfie)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U3 mfeavfk01; No ImagePath
U0 msahci; No ImagePath

End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => Key not found.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => Key not found.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => Key not found.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => Key not found.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => Key not found.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => Key not found.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
mfeavfk01 => Service deleted successfully.
msahci => Service not found.


The system needed a reboot.

==== End of Fixlog 18:41:47 ====



#12 _Wolfie_

_Wolfie_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 21 February 2015 - 08:59 PM

It's still there, the phony frame and disabled windows defender/security. I tried to delete the things RougueKiller found on the registry but, they were replaced. :(



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:03 AM

Posted 22 February 2015 - 09:21 AM

Are you saying that you removed these with the RogueKiller and it has returned?

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5820BCA1-1612-4F39-9FCC-1D44F5DC89A3} | DhcpNameServer : 192.168.1.254 75.153.176.1 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5820BCA1-1612-4F39-9FCC-1D44F5DC89A3} | DhcpNameServer : 192.168.1.254 75.153.176.1 -> Found



If that is the case your router may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

Keep me posted.

#14 _Wolfie_

_Wolfie_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 22 February 2015 - 04:18 PM

No I do not think it is my router, because I was fixing it strictly offline without a wireless connection at a different location other than home... do you have any other suggestions?

My last restort was to just wait for windows 10 and hopefully gut the whole thing again before installation....but I have a feeling it's still going to be on there :/



#15 _Wolfie_

_Wolfie_
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 22 February 2015 - 08:14 PM

So I pulled up task manager and opened a folder full of random/phony pixelated files that I can't delete even as admin or rename. (see pictures)

Is there a way to override that and delete them? It's definitely all those ones in the systems folder

Attached Files






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users