Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot access certain websites. Logs inside.


  • This topic is locked This topic is locked
7 replies to this topic

#1 commonwealths

commonwealths

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 02 April 2014 - 06:50 PM

Hello all,

 

My original post about this issue is here:

 

http://www.bleepingcomputer.com/forums/t/529210/cannot-access-certain-websites-possible-infection/

 

Since then, I have been able to browse some of those websites. But this is certainly not normal.

 

ComboFix log:

 

ComboFix 14-03-24.01 - Nietzsche Jung 03/28/2014  23:36:07.3.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8143.6317 [GMT -4:00]
Running from: c:\users\Nietzsche Jung\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-28 to 2014-03-29  )))))))))))))))))))))))))))))))
.
.
2014-03-29 03:39 . 2014-03-29 03:39    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-03-29 03:39 . 2014-03-29 03:39    --------    d-----w-    c:\users\Nietzsche\AppData\Local\temp
2014-03-29 03:39 . 2014-03-29 03:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-03-29 01:33 . 2014-03-29 03:33    94656    ----a-w-    c:\windows\system32\WPRO_41_2001woem.tmp
2014-03-29 01:23 . 2014-03-17 14:16    10521840    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{018B6FD1-9082-4D49-9E61-541DF07AA65B}\mpengine.dll
2014-03-29 00:28 . 2014-03-29 00:28    --------    d-----w-    c:\users\Nietzsche Jung\AppData\Roaming\Wireshark
2014-03-29 00:21 . 2014-03-29 01:09    --------    d-----w-    c:\program files\Wireshark
2014-03-23 21:26 . 2014-03-23 21:27    --------    d-----w-    c:\users\Nietzsche Jung\AppData\Local\ArmA 2 OA
2014-03-23 14:11 . 2013-07-21 20:31    --------    d-----w-    C:\A3D005_Affect3D_Girlfriends4Ever_v1
2014-03-20 21:39 . 2014-03-20 21:39    43152    ----a-w-    c:\windows\avastSS.scr
2014-03-19 21:36 . 2014-03-25 02:04    --------    d-----r-    c:\users\Nietzsche Jung\Dropbox
2014-03-15 01:01 . 2014-03-29 01:55    --------    d-----w-    c:\users\Nietzsche Jung\AppData\Local\assembly
2014-03-15 00:08 . 2014-03-15 00:08    --------    d-----w-    c:\program files (x86)\Microsoft Sync Framework
2014-03-15 00:07 . 2014-03-15 00:07    --------    d-----w-    c:\program files (x86)\Microsoft Analysis Services
2014-03-15 00:07 . 2014-03-15 00:07    --------    d-----r-    C:\MSOCache
2014-03-12 18:56 . 2014-03-12 18:56    --------    d-----w-    c:\programdata\Microsoft Visual Studio
2014-03-12 18:52 . 2014-03-12 18:52    --------    d-----w-    c:\programdata\PreEmptive Solutions
2014-03-12 18:48 . 2014-03-12 18:48    --------    d-----w-    c:\programdata\VS
2014-03-12 16:10 . 2011-09-23 01:07    105832    ----a-w-    c:\windows\system32\SQSRVRES.DLL
2014-03-12 16:10 . 2011-09-23 01:06    109416    ----a-w-    c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2014-03-12 16:10 . 2011-09-22 21:18    73064    ----a-w-    c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2014-03-12 16:09 . 2014-03-12 16:09    --------    d-----w-    c:\program files\Microsoft.NET
2014-03-12 15:54 . 2009-07-22 08:17    78872    ----a-w-    c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2014-03-12 15:54 . 2009-07-22 08:17    50200    ----a-w-    c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2014-03-12 15:54 . 2014-03-12 15:54    --------    d-----w-    c:\windows\system32\RsFx
2014-03-12 15:49 . 2014-03-12 18:51    --------    d-----w-    c:\program files (x86)\Common Files\Merge Modules
2014-03-12 15:49 . 2014-03-12 15:50    --------    d-----w-    c:\program files (x86)\Microsoft F#
2014-03-12 15:49 . 2014-03-12 15:50    --------    d-----w-    c:\program files (x86)\HTML Help Workshop
2014-03-12 15:49 . 2014-03-12 18:54    --------    d-----w-    c:\program files (x86)\Microsoft Visual Studio 10.0
2014-03-12 15:48 . 2014-03-12 15:48    --------    d-----w-    c:\program files (x86)\Microsoft Visual Studio 9.0
2014-03-12 15:48 . 2014-03-12 18:48    --------    d-----w-    c:\program files (x86)\Microsoft SDKs
2014-03-12 15:48 . 2014-03-12 15:54    --------    d-----w-    c:\windows\system32\1033
2014-03-12 15:48 . 2014-03-12 15:53    --------    d-----w-    c:\program files\Microsoft Visual Studio 10.0
2014-03-12 15:48 . 2014-03-12 15:48    --------    d-----w-    c:\windows\symbols
2014-03-12 15:48 . 2014-03-12 15:48    --------    d-----w-    c:\program files\Microsoft Help Viewer
2014-03-12 14:36 . 2014-03-12 14:36    --------    d-----w-    c:\users\Nietzsche Jung\AppData\Roaming\e-academy Inc
2014-03-12 14:36 . 2014-03-12 14:36    --------    d-----w-    c:\users\Nietzsche Jung\AppData\Local\e-academy Inc
2014-03-12 10:38 . 2014-03-29 01:13    94656    ----a-w-    c:\windows\system32\WPRO_41_2001woem(49).tmp
2014-03-12 01:11 . 2014-03-01 22:02    808152    ----a-w-    c:\program files (x86)\Internet Explorer\iexplore.exe
2014-03-07 19:39 . 2014-03-07 19:39    --------    d-----w-    c:\users\Nietzsche Jung\AppData\Roaming\LibreOffice
2014-03-07 19:39 . 2014-03-07 19:39    --------    d-----w-    c:\program files (x86)\LibreOffice 4
2014-03-02 16:00 . 2014-03-02 16:00    --------    d-----w-    c:\users\Nietzsche Jung\AppData\Local\Skype
2014-02-28 23:06 . 2014-02-28 23:07    --------    d-----w-    c:\program files (x86)\Google
2014-02-28 23:06 . 2014-02-28 23:07    --------    d-----w-    c:\users\Nietzsche Jung\AppData\Local\Google
2014-02-28 19:50 . 2014-02-28 19:50    --------    d-----w-    c:\program files (x86)\PuTTY
2014-02-27 21:00 . 2014-03-24 22:53    --------    d-----w-    c:\users\Nietzsche Jung\Cisco Packet Tracer 6.0.1
2014-02-27 20:48 . 2014-02-27 20:49    --------    d-----w-    c:\program files (x86)\Cisco Packet Tracer 6.0.1
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-29 03:33 . 2012-10-30 13:39    34752    ----a-w-    c:\windows\system32\drivers\WPRO_41_2001.sys
2014-03-20 21:39 . 2013-12-28 23:59    84816    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-03-20 21:39 . 2013-03-02 01:23    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-03-20 21:39 . 2013-03-02 01:23    208928    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-03-20 21:39 . 2012-09-22 00:00    423240    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-03-20 21:39 . 2012-09-22 00:00    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-03-20 21:39 . 2012-09-22 00:00    1039096    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-03-20 21:39 . 2012-09-22 00:00    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-03-20 21:39 . 2012-09-22 00:00    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2014-03-15 00:10 . 2013-06-18 20:10    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-15 00:10 . 2013-06-18 20:10    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 14:49 . 2013-06-14 21:42    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2014-03-12 10:44 . 2012-09-21 19:41    90015360    ----a-w-    c:\windows\system32\MRT.exe
2014-01-14 01:53 . 2014-01-14 01:53    88576    ----a-w-    c:\windows\SysWow64\rzdevinfo.dll
2014-01-14 01:53 . 2014-01-14 01:53    296448    ----a-w-    c:\windows\SysWow64\rzaudiodll.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-03-07 444760]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"IME14 CHS Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-14 81200]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-20 3854640]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
   IME File    REG_SZ             IMSC14.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\NIETZS~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\NIETZS~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 BioNTDrv;BioNTDrv;c:\program files (x86)\Paragon Software\Migrate OS to SSD\program\BioNTDrv.SYS;c:\program files (x86)\Paragon Software\Migrate OS to SSD\program\BioNTDrv.SYS [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_1;NTIOLib_1_0_1;c:\program files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys;c:\program files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7758v2B0\NTIOLib_X64.sys;c:\program files (x86)\Setup Files\Ms7758v2B0\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 14:11    1150280    ----a-w-    c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-28 23:06]
.
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-28 23:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-20 21:39    290888    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IME14 CHS Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-14 110896]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-01-16 6963272]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-02-27 8294680]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 118.97.95.174:80
TCP: DhcpNameServer = 24.201.245.76 24.200.241.37 24.200.210.241
FF - ProfilePath - c:\users\Nietzsche Jung\AppData\Roaming\Mozilla\Firefox\Profiles\qipyq8z4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-Steam App 211420 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 212630 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 218 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 220 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 221380 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 238960 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 250180 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 41000 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 41010 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 41070 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 41080 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 41090 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 49520 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 550 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 570 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 8140 - c:\program files (x86)\Steam\steam.exe
AddRemove-Surface Tension Uncut - c:\program files (x86)\Steam\steamapps\sourcemods\BMS\STUncutUninstaller.exe
AddRemove-Updated Unofficial Fallout 3 Patch_is1 - c:\program files (x86)\Steam\steamapps\common\Fallout 3 goty\unins000.exe
AddRemove-{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1 - f:\winki\unins000.exe
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1770776579-222009582-4141949720-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1770776579-222009582-4141949720-1000\Software\SecuROM\License information*]
"datasecu"=hex:36,7a,76,78,fc,4c,e2,d6,75,56,8b,38,2d,40,74,c6,24,b0,df,a8,67,
   70,cd,1d,22,4b,40,8a,88,88,89,57,25,f9,75,05,6f,9d,f4,3c,31,de,c3,e6,80,66,\
"rkeysecu"=hex:79,da,6a,d3,bb,4b,b2,6b,e3,3f,d2,58,78,b1,28,8e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-28  23:41:20
ComboFix-quarantined-files.txt  2014-03-29 03:41
ComboFix2.txt  2014-03-29 01:57
ComboFix3.txt  2014-01-01 17:39
.
Pre-Run: 139,068,805,120 bytes free
Post-Run: 138,779,136,000 bytes free
.
- - End Of File - - F289038A90ECC18D2DCCF3C10470B3A9
A36C5E4F47E84449FF07ED3517B43A31
 

DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by Nietzsche Jung at 19:49:23 on 2014-04-02
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8143.5754 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
H:\Steam\Steam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = 118.97.95.174:80
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IME14 CHS Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHS /Log
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: NameServer = 24.201.245.76 24.200.241.37 24.200.210.241
TCP: Interfaces\{BE23405A-D2B3-4115-9F82-693D21FAD0DF} : DHCPNameServer = 24.201.245.76 24.200.241.37 24.200.210.241
TCP: Interfaces\{EA53357E-233C-407B-8318-A0A4148448AD} : DHCPNameServer = 7.254.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [IME14 CHS Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHS /Log
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nietzsche Jung\AppData\Roaming\Mozilla\Firefox\Profiles\qipyq8z4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-1 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-1 208928]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-10-14 19264]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-30 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-9-21 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-9-21 423240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-19 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-9-21 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-20 50344]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-7 629984]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-21 165144]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2013-9-24 70768]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-21 363800]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-28 84816]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-10-14 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-10-14 789824]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-4-20 32344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-4-19 805088]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-11-15 39080]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-11-15 149160]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-21 31232]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-10-30 34752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-9-22 160256]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7758v2B0\NTIOLib_X64.sys [2011-1-6 11888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2013-5-16 25600]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2013-9-17 40696]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2013-5-16 23040]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-14 5341536]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-9-21 759192]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-13 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-04-01 19:43:45    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2DD395D-0804-4918-BAD2-D29D1B3BF290}\mpengine.dll
2014-04-01 02:19:45    --------    d-----w-    C:\Users\Nietzsche Jung\AppData\Local\Nem's Tools
2014-04-01 02:19:41    --------    d-----w-    C:\Program Files\Nem's Tools
2014-03-30 01:48:45    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-30 01:48:14    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-29 03:41:23    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-03-29 01:33:03    94656    ----a-w-    C:\Windows\System32\WPRO_41_2001woem.tmp
2014-03-29 00:28:38    --------    d-----w-    C:\Users\Nietzsche Jung\AppData\Roaming\Wireshark
2014-03-29 00:21:14    --------    d-----w-    C:\Program Files\Wireshark
2014-03-28 09:19:12    856064    ----a-w-    C:\Windows\SysWow64\rzdevicedll.dll
2014-03-23 21:26:45    --------    d-----w-    C:\Users\Nietzsche Jung\AppData\Local\ArmA 2 OA
2014-03-23 14:11:26    --------    d-----w-    C:\A3D005_Affect3D_Girlfriends4Ever_v1
2014-03-20 21:39:43    43152    ----a-w-    C:\Windows\avastSS.scr
2014-03-19 21:36:57    --------    d-----r-    C:\Users\Nietzsche Jung\Dropbox
2014-03-15 01:01:39    --------    d-----w-    C:\Users\Nietzsche Jung\AppData\Local\assembly
2014-03-15 00:07:41    --------    d-----w-    C:\Program Files (x86)\Microsoft Analysis Services
2014-03-12 18:56:23    --------    d-----w-    C:\ProgramData\Microsoft Visual Studio
2014-03-12 18:52:55    --------    d-----w-    C:\ProgramData\PreEmptive Solutions
2014-03-12 18:48:04    --------    d-----w-    C:\ProgramData\VS
2014-03-12 16:10:00    73064    ----a-w-    C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2014-03-12 16:10:00    109416    ----a-w-    C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2014-03-12 16:10:00    105832    ----a-w-    C:\Windows\System32\SQSRVRES.DLL
2014-03-12 15:54:55    78872    ----a-w-    C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2014-03-12 15:54:55    50200    ----a-w-    C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2014-03-12 15:54:41    --------    d-----w-    C:\Windows\System32\RsFx
2014-03-12 15:53:25    --------    d-----w-    C:\Program Files\Microsoft SQL Server
2014-03-12 15:53:22    --------    d-----w-    C:\Program Files (x86)\Microsoft SQL Server
2014-03-12 15:53:14    --------    d-----w-    C:\Program Files\Microsoft Synchronization Services
2014-03-12 15:53:14    --------    d-----w-    C:\Program Files\Microsoft SQL Server Compact Edition
2014-03-12 15:53:13    --------    d-----w-    C:\Program Files (x86)\Microsoft Synchronization Services
2014-03-12 15:53:13    --------    d-----w-    C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-03-12 15:51:45    --------    d-----w-    C:\Program Files (x86)\Microsoft ASP.NET
2014-03-12 15:51:44    --------    d-----w-    C:\Program Files\IIS
2014-03-12 15:51:43    --------    d-----w-    C:\Program Files (x86)\IIS
2014-03-12 15:51:33    2480064    ----a-w-    C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2014-03-12 15:49:59    --------    d-----w-    C:\Windows\SysWow64\1033
2014-03-12 15:49:51    --------    d-----w-    C:\Program Files (x86)\Microsoft F#
2014-03-12 15:49:51    --------    d-----w-    C:\Program Files (x86)\HTML Help Workshop
2014-03-12 15:49:51    --------    d-----w-    C:\Program Files (x86)\Common Files\Merge Modules
2014-03-12 15:49:50    --------    d-----w-    C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-03-12 15:48:47    --------    d-----w-    C:\Windows\System32\1033
2014-03-12 15:48:47    --------    d-----w-    C:\Program Files\Microsoft Visual Studio 10.0
2014-03-12 15:48:47    --------    d-----w-    C:\Program Files\Microsoft Help Viewer
2014-03-12 14:36:14    --------    d-----w-    C:\Users\Nietzsche Jung\AppData\Roaming\e-academy Inc
2014-03-12 14:36:14    --------    d-----w-    C:\Users\Nietzsche Jung\AppData\Local\e-academy Inc
2014-03-12 10:38:43    94656    ----a-w-    C:\Windows\System32\WPRO_41_2001woem(49).tmp
2014-03-12 01:11:59    808152    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-03-07 19:39:29    --------    d-----w-    C:\Users\Nietzsche Jung\AppData\Roaming\LibreOffice
2014-03-07 19:39:02    --------    d-----w-    C:\Program Files (x86)\LibreOffice 4
.
==================== Find3M  ====================
.
2014-04-02 19:35:06    34752    ----a-w-    C:\Windows\System32\drivers\WPRO_41_2001.sys
2014-03-29 03:51:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-29 03:51:20    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-20 21:39:43    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-03-20 21:39:43    84816    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-03-20 21:39:43    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-20 21:39:43    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-03-20 21:39:43    208928    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-03-20 21:39:43    1039096    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-03-12 14:49:07    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2014-03-01 05:17:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-04 02:32:22    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-04 02:04:22    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-01-14 01:53:50    88576    ----a-w-    C:\Windows\SysWow64\rzdevinfo.dll
2014-01-14 01:53:44    296448    ----a-w-    C:\Windows\SysWow64\rzaudiodll.dll
.
============= FINISH: 19:49:35.93 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 PM

Posted 07 April 2014 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 commonwealths

commonwealths
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 07 April 2014 - 10:20 AM

Alright NASDAQ. Here are the logs.

 

The problem appears to have resolved itself during the last several days.

 

MiniToolbox log:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Nietzsche Jung (administrator) on 07-04-2014 at 11:12:49
Running from "I:\DL"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 118.97.95.174:80

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
TAP-Win32 Adapter V9 (Tunngle) = Tunngle (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="ethernet_12" forwarding=disabled advertise=disabled metric=1 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : NietzscheJung
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Tunngle:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle)
   Physical Address. . . . . . . . . : 00-FF-EA-53-35-7E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D4-3D-7E-00-E3-D0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd1a:55aa:6521:0:e883:694f:ba8a:604f(Preferred)
   Temporary IPv6 Address. . . . . . : fd1a:55aa:6521:0:5c2d:23d3:6865:76c(Preferred)
   Link-local IPv6 Address . . . . . : fe80::e883:694f:ba8a:604f%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.130(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, April 07, 2014 8:27:08 AM
   Lease Expires . . . . . . . . . . : Tuesday, April 08, 2014 8:27:07 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 248790398
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-EE-7E-19-D4-3D-7E-00-E3-D0
   DNS Servers . . . . . . . . . . . : 24.201.245.76
                                       24.200.241.37
                                       24.200.210.241
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{EA53357E-233C-407B-8318-A0A4148448AD}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:4e4:3afa:e7ca:c365(Preferred)
   Link-local IPv6 Address . . . . . : fe80::4e4:3afa:e7ca:c365%12(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{BE23405A-D2B3-4115-9F82-693D21FAD0DF}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  24.201.245.76

Name:    google.com
Addresses:  2607:f8b0:4006:806::100e
      74.125.226.6
      74.125.226.14
      74.125.226.8
      74.125.226.1
      74.125.226.3
      74.125.226.5
      74.125.226.9
      74.125.226.7
      74.125.226.0
      74.125.226.4
      74.125.226.2


Pinging google.com [74.125.226.1] with 32 bytes of data:
Reply from 74.125.226.1: bytes=32 time=86ms TTL=48
Reply from 74.125.226.1: bytes=32 time=116ms TTL=48

Ping statistics for 74.125.226.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 86ms, Maximum = 116ms, Average = 101ms
Server:  UnKnown
Address:  24.201.245.76

Name:    yahoo.com
Addresses:  98.138.253.109
      206.190.36.45
      98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=140ms TTL=53
Reply from 206.190.36.45: bytes=32 time=137ms TTL=53

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 137ms, Maximum = 140ms, Average = 138ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...00 ff ea 53 35 7e ......TAP-Win32 Adapter V9 (Tunngle)
 11...d4 3d 7e 00 e3 d0 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.130     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.130    276
    192.168.1.130  255.255.255.255         On-link     192.168.1.130    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.130    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.130    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.130    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:6ab8:4e4:3afa:e7ca:c365/128
                                    On-link
 11     28 fd1a:55aa:6521::/64      On-link
 11    276 fd1a:55aa:6521:0:5c2d:23d3:6865:76c/128
                                    On-link
 11    276 fd1a:55aa:6521:0:e883:694f:ba8a:604f/128
                                    On-link
 11    276 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::4e4:3afa:e7ca:c365/128
                                    On-link
 11    276 fe80::e883:694f:ba8a:604f/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/07/2014 09:20:13 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/07/2014 08:28:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2014 08:27:09 AM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/07/2014 08:19:46 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/07/2014 08:19:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2014 08:17:31 AM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/06/2014 11:58:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmprph.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd018
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004e4e4
Faulting process id: 0x630
Faulting application start time: 0xwmprph.exe0
Faulting application path: wmprph.exe1
Faulting module path: wmprph.exe2
Report Id: wmprph.exe3

Error: (04/06/2014 07:07:54 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/06/2014 06:24:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 06:22:20 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2


System errors:
=============
Error: (04/05/2014 10:59:17 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/28/2014 11:39:56 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/28/2014 11:37:30 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/28/2014 11:07:30 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/28/2014 11:07:30 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/28/2014 11:07:30 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/28/2014 10:05:34 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147467243

Error: (03/28/2014 09:55:28 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/28/2014 09:55:07 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/28/2014 09:55:07 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (04/07/2014 09:20:13 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/07/2014 08:28:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2014 08:27:09 AM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/07/2014 08:19:46 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/07/2014 08:19:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2014 08:17:31 AM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (04/06/2014 11:58:41 PM) (Source: Application Error)(User: )
Description: wmprph.exe12.0.7600.163854a5bd018ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e463001cf5215a90d0002C:\Program Files\Windows Media Player\wmprph.exeC:\Windows\SYSTEM32\ntdll.dlle760b26e-be08-11e3-8404-d43d7e00e3d0

Error: (04/06/2014 07:07:54 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/06/2014 06:24:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 06:22:20 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2


CodeIntegrity Errors:
===================================
  Date: 2014-03-28 21:55:07.716
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-28 21:55:07.673
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-28 21:55:07.632
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-28 21:55:07.591
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-01 12:37:47.415
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-01 12:37:47.376
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-27 13:57:35.348
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-27 13:57:35.307
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-27 13:57:35.264
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-27 13:57:35.222
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


**** End of log ****
 

 

FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Nietzsche Jung (administrator) on NIETZSCHEJUNG on 07-04-2014 11:14:49
Running from I:\DL
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) H:\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IME14 CHS Setup] - C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6963272 2013-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-07] (Razer Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IME14 CHS Setup] - C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-20] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-1770776579-222009582-4141949720-1000\...\Policies\system: [DisableLockWorkstation] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E82D795B14BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 24.201.245.76 24.200.241.37 24.200.210.241

FireFox:
========
FF ProfilePath: C:\Users\Nietzsche Jung\AppData\Roaming\Mozilla\Firefox\Profiles\qipyq8z4.default
FF Homepage: hxxp://www.cnn.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: HTTPS-Everywhere - C:\Users\Nietzsche Jung\AppData\Roaming\Mozilla\Firefox\Profiles\qipyq8z4.default\Extensions\https-everywhere@eff.org [2014-01-04]
FF Extension: Exif Viewer - C:\Users\Nietzsche Jung\AppData\Roaming\Mozilla\Firefox\Profiles\qipyq8z4.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2013-06-06]
FF Extension: ExHentai Easy 2 - C:\Users\Nietzsche Jung\AppData\Roaming\Mozilla\Firefox\Profiles\qipyq8z4.default\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2014-01-01]
FF Extension: Adblock Plus - C:\Users\Nietzsche Jung\AppData\Roaming\Mozilla\Firefox\Profiles\qipyq8z4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-29]
FF Extension: DownThemAll! - C:\Users\Nietzsche Jung\AppData\Roaming\Mozilla\Firefox\Profiles\qipyq8z4.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-09-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-21]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Nietzsche Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-28]
CHR Extension: (Google Drive) - C:\Users\Nietzsche Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-28]
CHR Extension: (YouTube) - C:\Users\Nietzsche Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-28]
CHR Extension: (Google Search) - C:\Users\Nietzsche Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-28]
CHR Extension: (avast! Online Security) - C:\Users\Nietzsche Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\Nietzsche Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28]
CHR Extension: (Gmail) - C:\Users\Nietzsche Jung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-20]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-20] (AVAST Software)
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-20] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-20] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-19] (DT Soft Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 NTIOLib_1_0_6; C:\Program Files (x86)\Setup Files\Ms7758v2B0\NTIOLib_X64.sys [11888 2011-01-06] (MSI)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2013-05-16] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-09-17] (Windows ® Win 7 DDK provider)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [23040 2013-05-16] (Razer Inc)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [969696 2014-04-07] (TENCENT)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-04-07] ()
S3 ALSysIO; \??\C:\Users\NIETZS~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 BioNTDrv; \??\C:\Program Files (x86)\Paragon Software\Migrate OS to SSD\program\BioNTDrv.SYS [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CT20XUT; system32\drivers\CT20XUT.SYS [X]
S3 CT20XUT.SYS; \SystemRoot\System32\drivers\CT20XUT.SYS [X]
S3 ctac32k; system32\drivers\ctac32k.sys [X]
S3 ctaud2k; system32\drivers\ctaud2k.sys [X]
S3 CTEXFIFX; system32\drivers\CTEXFIFX.SYS [X]
S3 CTEXFIFX.SYS; \SystemRoot\System32\drivers\CTEXFIFX.SYS [X]
S3 CTHWIUT; system32\drivers\CTHWIUT.SYS [X]
S3 CTHWIUT.SYS; \SystemRoot\System32\drivers\CTHWIUT.SYS [X]
S3 ctprxy2k; system32\drivers\ctprxy2k.sys [X]
S3 ctsfm2k; system32\drivers\ctsfm2k.sys [X]
S3 emupia; system32\drivers\emupia2k.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 ha20x22k; system32\drivers\ha20x22k.sys [X]
S3 ha20x2k; system32\drivers\ha20x2k.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X]
S3 NTIOLib_1_0_1; \??\C:\Program Files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 ossrv; system32\drivers\ctoss2k.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 11:14 - 2014-04-07 11:14 - 00022429 _____ () C:\Users\Nietzsche Jung\Desktop\Result.txt
2014-04-07 11:14 - 2014-04-07 11:14 - 00000000 ____D () C:\FRST
2014-04-07 08:49 - 2014-04-07 08:49 - 00000000 ____D () C:\Users\Nietzsche Jung\Documents\Tencent Files
2014-04-07 08:49 - 2014-04-07 08:49 - 00000000 ____D () C:\Users\Nietzsche Jung\Documents\BnS
2014-04-07 08:49 - 2014-04-07 08:49 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Roaming\Awesomium
2014-04-07 08:47 - 2014-04-07 08:53 - 00000000 ____D () C:\ProgramData\Tencent
2014-04-07 08:46 - 2014-04-07 09:58 - 00969696 _____ (TENCENT) C:\Windows\system32\TesSafe.sys
2014-04-07 08:43 - 2014-04-07 08:43 - 00001187 _____ () C:\Users\Nietzsche Jung\Desktop\剑灵_腾讯.lnk
2014-04-07 08:43 - 2014-04-07 08:43 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯游戏
2014-04-07 08:27 - 2014-04-07 08:28 - 00000000 ____D () C:\Program Files (x86)\B & S
2014-04-06 19:10 - 2014-04-06 19:10 - 00000010 _____ () C:\Users\Nietzsche Jung\Desktop\QQ.txt
2014-04-06 18:41 - 2014-04-07 08:49 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Roaming\Tencent
2014-04-05 20:40 - 2014-04-05 20:40 - 00025330 _____ () C:\Users\Nietzsche Jung\AppData\Local\recently-used.xbel
2014-04-03 16:24 - 2014-04-03 16:24 - 00000010 _____ () C:\Users\Nietzsche Jung\Desktop\BH order 3 Apr 14.txt
2014-04-02 18:59 - 2014-04-02 18:59 - 00001219 _____ () C:\Users\Nietzsche Jung\Desktop\Crysis 2 MaLDoHDv4.lnk
2014-03-31 22:20 - 2014-03-31 22:20 - 00697828 _____ () C:\Users\Nietzsche Jung\Desktop\press_cast.wav
2014-03-31 22:19 - 2014-03-31 22:19 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Local\Nem's Tools
2014-03-31 22:19 - 2014-03-31 22:19 - 00000000 ____D () C:\Program Files\Nem's Tools
2014-03-30 16:57 - 2014-03-30 17:24 - 00091858 _____ () C:\Users\Nietzsche Jung\Desktop\5.3.3.5_Nietzsche_Jung_2.pka
2014-03-30 11:58 - 2014-03-30 11:58 - 02042607 _____ () C:\Users\Nietzsche Jung\Downloads\ITN_Chapitre5.pptx
2014-03-29 23:34 - 2014-03-29 23:34 - 00026133 _____ () C:\Users\Nietzsche Jung\Desktop\The lost one's weeping.mid
2014-03-29 21:48 - 2014-03-29 21:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-29 21:48 - 2014-03-29 21:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-29 21:17 - 2014-03-29 21:18 - 00056771 _____ () C:\JavaRa.log
2014-03-28 23:41 - 2014-03-28 23:41 - 00028478 _____ () C:\ComboFix.txt
2014-03-28 23:34 - 2014-03-28 23:33 - 05192353 ____R (Swearware) C:\Users\Nietzsche Jung\Desktop\ComboFix.exe
2014-03-28 23:08 - 2014-03-28 23:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 21:33 - 2014-04-07 08:27 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-03-28 20:28 - 2014-03-28 20:28 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Roaming\Wireshark
2014-03-28 20:21 - 2014-03-28 21:09 - 00000000 ____D () C:\Program Files\Wireshark
2014-03-28 05:19 - 2014-03-28 05:19 - 00856064 _____ (Razer Inc) C:\Windows\SysWOW64\rzdevicedll.dll
2014-03-24 21:32 - 2014-03-24 21:39 - 00000599 _____ () C:\Users\Nietzsche Jung\Desktop\Playlist.txt
2014-03-24 18:43 - 2014-03-24 18:53 - 00127997 _____ () C:\Users\Nietzsche Jung\Desktop\4.2.4.5_Nietzsche_Jung.pka
2014-03-24 09:51 - 2014-03-24 09:51 - 00000807 _____ () C:\Users\Nietzsche Jung\Desktop\Steam.exe - Shortcut.lnk
2014-03-23 17:26 - 2014-03-23 17:27 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Local\ArmA 2 OA
2014-03-23 12:39 - 2014-03-28 21:19 - 00000000 ____D () C:\Users\Nietzsche Jung\Desktop\TP1 Prog
2014-03-23 10:11 - 2013-07-21 16:31 - 00000000 ____D () C:\A3D005_Affect3D_Girlfriends4Ever_v1
2014-03-20 17:39 - 2014-03-20 17:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-19 17:36 - 2014-03-24 22:04 - 00000000 ___RD () C:\Users\Nietzsche Jung\Dropbox
2014-03-14 20:08 - 2014-03-14 20:08 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-03-14 20:08 - 2014-03-14 20:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-03-14 20:07 - 2014-03-14 20:07 - 00000000 __RHD () C:\MSOCache
2014-03-14 20:07 - 2014-03-14 20:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-03-12 14:56 - 2014-03-12 14:56 - 00000000 ____D () C:\ProgramData\Microsoft Visual Studio
2014-03-12 14:52 - 2014-03-12 14:52 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
2014-03-12 14:52 - 2014-03-12 14:52 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
2014-03-12 14:52 - 2014-03-12 14:52 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2014-03-12 14:48 - 2014-03-12 14:48 - 00000000 ____D () C:\ProgramData\VS
2014-03-12 12:10 - 2011-09-22 21:07 - 00105832 _____ (Microsoft Corporation) C:\Windows\system32\SQSRVRES.DLL
2014-03-12 12:10 - 2011-09-22 21:06 - 00109416 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2014-03-12 12:10 - 2011-09-22 17:18 - 00073064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2014-03-12 12:07 - 2014-03-12 12:07 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-03-12 12:07 - 2014-03-12 12:07 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-03-12 11:54 - 2014-03-12 11:54 - 00000000 ____D () C:\Windows\system32\RsFx
2014-03-12 11:54 - 2014-03-12 11:54 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-03-12 11:54 - 2009-07-22 04:17 - 00078872 _____ (Microsoft Corporation) C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2014-03-12 11:54 - 2009-07-22 04:17 - 00050200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2014-03-12 11:53 - 2014-03-12 12:09 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-03-12 11:53 - 2014-03-12 12:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-03-12 11:53 - 2014-03-12 11:53 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-03-12 11:53 - 2014-03-12 11:53 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-03-12 11:53 - 2014-03-12 11:53 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-03-12 11:53 - 2014-03-12 11:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-03-12 11:53 - 2014-03-12 11:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-03-12 11:51 - 2014-03-23 13:50 - 00000000 ____D () C:\Users\Nietzsche Jung\Documents\Visual Studio 2010
2014-03-12 11:51 - 2014-03-12 11:51 - 00000000 ____D () C:\Users\Nietzsche Jung\Documents\Visual Studio 2008
2014-03-12 11:51 - 2014-03-12 11:51 - 00000000 ____D () C:\Program Files\IIS
2014-03-12 11:51 - 2014-03-12 11:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-03-12 11:51 - 2014-03-12 11:51 - 00000000 ____D () C:\Program Files (x86)\IIS
2014-03-12 11:49 - 2014-03-12 14:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-03-12 11:49 - 2014-03-12 11:54 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-03-12 11:49 - 2014-03-12 11:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft F#
2014-03-12 11:49 - 2014-03-12 11:50 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
2014-03-12 11:48 - 2014-03-12 14:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-03-12 11:48 - 2014-03-12 11:54 - 00000000 ____D () C:\Windows\system32\1033
2014-03-12 11:48 - 2014-03-12 11:53 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-03-12 11:48 - 2014-03-12 11:48 - 00000000 ____D () C:\Windows\symbols
2014-03-12 11:48 - 2014-03-12 11:48 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-03-12 11:48 - 2014-03-12 11:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2014-03-12 11:43 - 2014-03-12 11:43 - 00051970 _____ () C:\Users\Nietzsche Jung\Desktop\TP 1.zip
2014-03-12 11:19 - 2014-03-12 11:19 - 00000029 _____ () C:\Users\Nietzsche Jung\Desktop\VC2010 key.txt
2014-03-12 10:43 - 2014-03-12 10:43 - 00000000 ____D () C:\Users\Nietzsche Jung\Desktop\VS_2010
2014-03-12 10:36 - 2014-03-12 10:36 - 00003197 _____ () C:\Users\Nietzsche Jung\Desktop\Secure Download Manager.lnk
2014-03-12 10:36 - 2014-03-12 10:36 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Roaming\e-academy Inc
2014-03-12 10:36 - 2014-03-12 10:36 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Local\e-academy Inc
2014-03-12 06:38 - 2014-03-28 21:13 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem(49).tmp
2014-03-11 21:12 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 21:12 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 21:12 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-11 21:12 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-11 21:12 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-11 21:12 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-11 21:12 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-11 21:12 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-11 21:12 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 21:12 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 21:12 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 21:12 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 21:11 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 21:11 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 21:11 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 21:11 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-11 21:11 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 21:11 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 21:11 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 21:11 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 21:11 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-11 21:11 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-11 21:11 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 21:11 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 21:11 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-11 21:11 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 21:11 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 21:11 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-11 21:11 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-11 21:11 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 21:11 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-11 21:11 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-11 21:11 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-11 21:11 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 21:11 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 21:11 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-11 21:11 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-11 21:11 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 21:11 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-11 21:11 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-11 21:11 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 21:11 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-11 21:11 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 21:11 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-11 21:11 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 21:11 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 21:11 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-11 21:11 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-07 11:14 - 2014-04-07 11:14 - 00022429 _____ () C:\Users\Nietzsche Jung\Desktop\Result.txt
2014-04-07 11:14 - 2014-04-07 11:14 - 00000000 ____D () C:\FRST
2014-04-07 11:10 - 2012-11-23 20:59 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Roaming\Skype
2014-04-07 10:20 - 2014-02-28 19:06 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 09:58 - 2014-04-07 08:46 - 00969696 _____ (TENCENT) C:\Windows\system32\TesSafe.sys
2014-04-07 08:53 - 2014-04-07 08:47 - 00000000 ____D () C:\ProgramData\Tencent
2014-04-07 08:49 - 2014-04-07 08:49 - 00000000 ____D () C:\Users\Nietzsche Jung\Documents\Tencent Files
2014-04-07 08:49 - 2014-04-07 08:49 - 00000000 ____D () C:\Users\Nietzsche Jung\Documents\BnS
2014-04-07 08:49 - 2014-04-07 08:49 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Roaming\Awesomium
2014-04-07 08:49 - 2014-04-06 18:41 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Roaming\Tencent
2014-04-07 08:43 - 2014-04-07 08:43 - 00001187 _____ () C:\Users\Nietzsche Jung\Desktop\剑灵_腾讯.lnk
2014-04-07 08:43 - 2014-04-07 08:43 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯游戏
2014-04-07 08:41 - 2013-08-03 01:26 - 00582478 _____ () C:\Windows\DirectX.log
2014-04-07 08:34 - 2009-07-14 00:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 08:34 - 2009-07-14 00:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 08:33 - 2009-07-14 01:13 - 00890442 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 08:30 - 2012-09-21 15:43 - 01670701 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 08:28 - 2014-04-07 08:27 - 00000000 ____D () C:\Program Files (x86)\B & S
2014-04-07 08:27 - 2014-03-28 21:33 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-04-07 08:27 - 2014-02-28 19:06 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 08:27 - 2013-06-15 10:50 - 00504844 _____ () C:\Windows\PFRO.log
2014-04-07 08:27 - 2013-06-15 10:50 - 00045115 _____ () C:\Windows\setupact.log
2014-04-07 08:27 - 2012-10-30 09:39 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-04-07 08:27 - 2012-09-21 16:00 - 00122944 _____ () C:\Users\Nietzsche Jung\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-07 08:27 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 08:27 - 2009-07-14 00:45 - 00498144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-07 08:19 - 2012-09-21 20:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-07 00:03 - 2013-12-30 20:41 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Roaming\Audacity
2014-04-06 23:58 - 2012-11-06 02:43 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Local\CrashDumps
2014-04-06 19:10 - 2014-04-06 19:10 - 00000010 _____ () C:\Users\Nietzsche Jung\Desktop\QQ.txt
2014-04-05 20:40 - 2014-04-05 20:40 - 00025330 _____ () C:\Users\Nietzsche Jung\AppData\Local\recently-used.xbel
2014-04-05 20:40 - 2013-10-26 13:46 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Local\gtk-2.0
2014-04-05 20:40 - 2013-10-13 23:18 - 00000000 ____D () C:\Users\Nietzsche Jung\.gimp-2.8
2014-04-05 20:20 - 2013-11-23 00:03 - 00000000 __HDC () C:\ProgramData\{AFFFFE8C-B56A-4E3C-A174-4FBD3E4DA650}
2014-04-05 16:51 - 2014-01-13 14:19 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Roaming\Azureus
2014-04-03 16:24 - 2014-04-03 16:24 - 00000010 _____ () C:\Users\Nietzsche Jung\Desktop\BH order 3 Apr 14.txt
2014-04-02 18:59 - 2014-04-02 18:59 - 00001219 _____ () C:\Users\Nietzsche Jung\Desktop\Crysis 2 MaLDoHDv4.lnk
2014-04-02 06:45 - 2013-06-27 09:43 - 00505686 _____ () C:\Windows\DPINST.LOG
2014-03-31 22:20 - 2014-03-31 22:20 - 00697828 _____ () C:\Users\Nietzsche Jung\Desktop\press_cast.wav
2014-03-31 22:19 - 2014-03-31 22:19 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Local\Nem's Tools
2014-03-31 22:19 - 2014-03-31 22:19 - 00000000 ____D () C:\Program Files\Nem's Tools
2014-03-30 21:15 - 2014-02-28 19:06 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 21:15 - 2014-02-28 19:06 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-30 17:35 - 2014-02-27 17:00 - 00000000 ____D () C:\Users\Nietzsche Jung\Cisco Packet Tracer 6.0.1
2014-03-30 17:24 - 2014-03-30 16:57 - 00091858 _____ () C:\Users\Nietzsche Jung\Desktop\5.3.3.5_Nietzsche_Jung_2.pka
2014-03-30 17:19 - 2014-02-27 17:00 - 00000206 _____ () C:\Users\Nietzsche Jung\.packettracer
2014-03-30 11:58 - 2014-03-30 11:58 - 02042607 _____ () C:\Users\Nietzsche Jung\Downloads\ITN_Chapitre5.pptx
2014-03-29 23:35 - 2013-12-21 19:51 - 00000000 ____D () C:\Program Files (x86)\KCP
2014-03-29 23:34 - 2014-03-29 23:34 - 00026133 _____ () C:\Users\Nietzsche Jung\Desktop\The lost one's weeping.mid
2014-03-29 21:59 - 2014-03-29 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-29 21:48 - 2014-03-29 21:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-29 21:18 - 2014-03-29 21:17 - 00056771 _____ () C:\JavaRa.log
2014-03-29 19:36 - 2014-01-01 13:42 - 00000000 ____D () C:\AdwCleaner
2014-03-29 19:36 - 2009-07-14 01:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-28 23:51 - 2013-06-18 16:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-28 23:51 - 2013-06-18 16:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-28 23:41 - 2014-03-28 23:41 - 00028478 _____ () C:\ComboFix.txt
2014-03-28 23:41 - 2014-01-01 13:33 - 00000000 ____D () C:\Qoobox
2014-03-28 23:39 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-28 23:33 - 2014-03-28 23:34 - 05192353 ____R (Swearware) C:\Users\Nietzsche Jung\Desktop\ComboFix.exe
2014-03-28 23:33 - 2012-09-21 16:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-28 23:10 - 2012-09-21 15:42 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Local\VirtualStore
2014-03-28 23:09 - 2014-03-28 23:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 21:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-03-28 21:20 - 2014-01-19 01:09 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-03-28 21:20 - 2013-03-17 20:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-28 21:20 - 2012-12-16 13:38 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Roaming\Winamp
2014-03-28 21:20 - 2012-09-21 18:33 - 00000000 ____D () C:\Program Files (x86)\uTorrent
2014-03-28 21:20 - 2012-09-21 15:42 - 00000000 ____D () C:\Users\Nietzsche Jung
2014-03-28 21:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-28 21:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-28 21:19 - 2014-03-23 12:39 - 00000000 ____D () C:\Users\Nietzsche Jung\Desktop\TP1 Prog
2014-03-28 21:19 - 2013-10-09 08:00 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-28 21:13 - 2014-03-12 06:38 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem(49).tmp
2014-03-28 21:09 - 2014-03-28 20:21 - 00000000 ____D () C:\Program Files\Wireshark
2014-03-28 20:28 - 2014-03-28 20:28 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Roaming\Wireshark
2014-03-28 19:44 - 2012-09-22 07:36 - 00000000 ____D () C:\Windows\Panther
2014-03-28 19:15 - 2013-10-09 08:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-28 05:19 - 2014-03-28 05:19 - 00856064 _____ (Razer Inc) C:\Windows\SysWOW64\rzdevicedll.dll
2014-03-24 22:04 - 2014-03-19 17:36 - 00000000 ___RD () C:\Users\Nietzsche Jung\Dropbox
2014-03-24 21:39 - 2014-03-24 21:32 - 00000599 _____ () C:\Users\Nietzsche Jung\Desktop\Playlist.txt
2014-03-24 18:53 - 2014-03-24 18:43 - 00127997 _____ () C:\Users\Nietzsche Jung\Desktop\4.2.4.5_Nietzsche_Jung.pka
2014-03-24 09:51 - 2014-03-24 09:51 - 00000807 _____ () C:\Users\Nietzsche Jung\Desktop\Steam.exe - Shortcut.lnk
2014-03-23 17:27 - 2014-03-23 17:26 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Local\ArmA 2 OA
2014-03-23 17:26 - 2014-01-19 01:09 - 00000000 ____D () C:\Users\Nietzsche Jung\Documents\ArmA 2
2014-03-23 13:50 - 2014-03-12 11:51 - 00000000 ____D () C:\Users\Nietzsche Jung\Documents\Visual Studio 2010
2014-03-20 17:39 - 2014-03-20 17:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-20 17:39 - 2014-02-10 14:00 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-20 17:39 - 2013-12-28 19:59 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-03-20 17:39 - 2013-03-01 21:23 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-20 17:39 - 2013-03-01 21:23 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-20 17:39 - 2012-09-21 20:00 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-20 17:39 - 2012-09-21 20:00 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-03-20 17:39 - 2012-09-21 20:00 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-20 17:39 - 2012-09-21 20:00 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-20 17:39 - 2012-09-21 20:00 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-20 06:51 - 2012-09-21 15:42 - 00000000 ___RD () C:\Users\Nietzsche Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-19 17:48 - 2012-09-21 16:41 - 00000000 ____D () C:\Users\Nietzsche Jung\Documents\My Games
2014-03-19 17:48 - 2012-09-21 16:26 - 00000000 ____D () C:\Users\Nietzsche Jung\Documents\My Received Files
2014-03-14 21:00 - 2014-01-26 20:22 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-03-14 20:59 - 2012-09-23 11:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 20:59 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2014-03-14 20:10 - 2013-06-16 21:21 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Local\Adobe
2014-03-14 20:08 - 2014-03-14 20:08 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-03-14 20:08 - 2014-03-14 20:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-03-14 20:08 - 2012-09-23 11:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-14 20:08 - 2010-11-21 03:16 - 00000000 ____D () C:\Windows\ShellNew
2014-03-14 20:08 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-03-14 20:07 - 2014-03-14 20:07 - 00000000 __RHD () C:\MSOCache
2014-03-14 20:07 - 2014-03-14 20:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-03-14 20:07 - 2012-09-23 11:13 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-14 20:07 - 2012-09-23 11:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-03-14 20:07 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-14 20:04 - 2012-09-23 11:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-03-13 21:09 - 2012-09-23 11:13 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Local\Microsoft Help
2014-03-12 15:18 - 2013-06-14 17:42 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-03-12 14:56 - 2014-03-12 14:56 - 00000000 ____D () C:\ProgramData\Microsoft Visual Studio
2014-03-12 14:54 - 2014-03-12 11:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-03-12 14:54 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-03-12 14:52 - 2014-03-12 14:52 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
2014-03-12 14:52 - 2014-03-12 14:52 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
2014-03-12 14:52 - 2014-03-12 14:52 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2014-03-12 14:48 - 2014-03-12 14:48 - 00000000 ____D () C:\ProgramData\VS
2014-03-12 14:48 - 2014-03-12 11:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-03-12 12:09 - 2014-03-12 11:53 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-03-12 12:09 - 2014-03-12 11:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-03-12 12:07 - 2014-03-12 12:07 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2014-03-12 12:07 - 2014-03-12 12:07 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2014-03-12 11:54 - 2014-03-12 11:54 - 00000000 ____D () C:\Windows\system32\RsFx
2014-03-12 11:54 - 2014-03-12 11:54 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-03-12 11:54 - 2014-03-12 11:49 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-03-12 11:54 - 2014-03-12 11:48 - 00000000 ____D () C:\Windows\system32\1033
2014-03-12 11:53 - 2014-03-12 11:53 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-03-12 11:53 - 2014-03-12 11:53 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-03-12 11:53 - 2014-03-12 11:53 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-03-12 11:53 - 2014-03-12 11:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-03-12 11:53 - 2014-03-12 11:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-03-12 11:53 - 2014-03-12 11:48 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-03-12 11:51 - 2014-03-12 11:51 - 00000000 ____D () C:\Users\Nietzsche Jung\Documents\Visual Studio 2008
2014-03-12 11:51 - 2014-03-12 11:51 - 00000000 ____D () C:\Program Files\IIS
2014-03-12 11:51 - 2014-03-12 11:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-03-12 11:51 - 2014-03-12 11:51 - 00000000 ____D () C:\Program Files (x86)\IIS
2014-03-12 11:50 - 2014-03-12 11:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft F#
2014-03-12 11:50 - 2014-03-12 11:49 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
2014-03-12 11:48 - 2014-03-12 11:48 - 00000000 ____D () C:\Windows\symbols
2014-03-12 11:48 - 2014-03-12 11:48 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-03-12 11:48 - 2014-03-12 11:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2014-03-12 11:43 - 2014-03-12 11:43 - 00051970 _____ () C:\Users\Nietzsche Jung\Desktop\TP 1.zip
2014-03-12 11:19 - 2014-03-12 11:19 - 00000029 _____ () C:\Users\Nietzsche Jung\Desktop\VC2010 key.txt
2014-03-12 10:49 - 2013-08-10 16:30 - 00001552 _____ () C:\Windows\LkmdfCoInst.log
2014-03-12 10:49 - 2013-06-14 17:42 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-03-12 10:43 - 2014-03-12 10:43 - 00000000 ____D () C:\Users\Nietzsche Jung\Desktop\VS_2010
2014-03-12 10:36 - 2014-03-12 10:36 - 00003197 _____ () C:\Users\Nietzsche Jung\Desktop\Secure Download Manager.lnk
2014-03-12 10:36 - 2014-03-12 10:36 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Roaming\e-academy Inc
2014-03-12 10:36 - 2014-03-12 10:36 - 00000000 ____D () C:\Users\Nietzsche Jung\AppData\Local\e-academy Inc
2014-03-12 06:45 - 2013-07-16 18:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-12 06:44 - 2012-09-21 15:41 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-12 06:38 - 2012-09-23 01:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 06:38 - 2012-09-23 01:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\Nietzsche Jung\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nietzsche Jung\AppData\Local\Temp\Quarantine.exe
C:\Users\Nietzsche Jung\AppData\Local\Temp\TXPltSafeInit.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 11:22

==================== End Of Log ============================

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 PM

Posted 07 April 2014 - 12:51 PM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKLM-x32\...\Run: [] - [X]
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
S3 ALSysIO; \??\C:\Users\NIETZS~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Nietzsche Jung\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nietzsche Jung\AppData\Local\Temp\TXPltSafeInit.dl
AlternateDataStreams: C:\ProgramData\TEMP:BC359956

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

Restart the computer normally to complete the fix.
====

One last check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

#5 commonwealths

commonwealths
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 07 April 2014 - 04:01 PM

Alright, thank you.

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Nietzsche Jung at 2014-04-07 16:58:12 Run:1
Running from I:\DL
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKLM-x32\...\Run: [] - [X]
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
S3 ALSysIO; \??\C:\Users\NIETZS~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Nietzsche Jung\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nietzsche Jung\AppData\Local\Temp\TXPltSafeInit.dl
AlternateDataStreams: C:\ProgramData\TEMP:BC359956

end

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk => Key deleted successfully.
C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll not found.
ALSysIO => Service deleted successfully.
catchme => Service deleted successfully.
C:\Users\Nietzsche Jung\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
"C:\Users\Nietzsche Jung\AppData\Local\Temp\TXPltSafeInit.dl" => File/Directory not found.
C:\ProgramData\TEMP => ":BC359956" ADS removed successfully.

==== End of Fixlog ====

 

Checkup.txt:

 

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
 Adobe Reader XI  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 system32 AvastSvc.exe -?-   
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 PM

Posted 08 April 2014 - 06:54 AM

Looking good.

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#7 commonwealths

commonwealths
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 08 April 2014 - 09:35 AM

Alright, thank you very much!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 PM

Posted 09 April 2014 - 06:39 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users