Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove proxy port in settings


  • This topic is locked This topic is locked
11 replies to this topic

#1 eftuh24

eftuh24

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 05 June 2014 - 11:33 PM

prox.png

 

I tried checking and removing the port 80 and unchecking it again but it always keeps on appearing.

 

DDS LOG:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.55.2
Run by Eftuh at 12:16:58 on 2014-06-06
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.7986.5403 [GMT 8:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\My WIFI Router\bmser.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Garena Plus\ggdllhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{4EE4FFA3-4FEB-411E-B194-5C928DBB6C88} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{59A6F9F1-D332-4541-8636-AD1C0F6B7714} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{CCFB72DB-D3EC-4A02-8093-B0FABF2FEBA1} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{CCFB72DB-D3EC-4A02-8093-B0FABF2FEBA1} : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{CCFB72DB-D3EC-4A02-8093-B0FABF2FEBA1}\3475D283139363 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{CCFB72DB-D3EC-4A02-8093-B0FABF2FEBA1}\44F6E6025466475786 : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{CCFB72DB-D3EC-4A02-8093-B0FABF2FEBA1}\A455A4545412 : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{CCFB72DB-D3EC-4A02-8093-B0FABF2FEBA1}\C414C414C414C414C414 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{CCFB72DB-D3EC-4A02-8093-B0FABF2FEBA1}\C414C414C414C414C414 : DHCPNameServer = 192.168.43.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eftuh\AppData\Roaming\Mozilla\Firefox\Profiles\fr7rrv0a.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2014-1-21 82048]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2014-1-21 42624]
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswndisflt.sys [2014-5-11 447888]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-2-16 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-2-16 208416]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-2-16 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-2-16 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-2-16 423240]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2014-5-20 44744]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-11 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-2-16 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-2-16 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-11 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-5-11 109048]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-2-9 175480]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-5 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-5 860472]
R2 WIFIGXENDHCPSER;WIFIGXENDHCPSER;C:\Program Files (x86)\My WIFI Router\bmser.exe [2014-4-23 1656416]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2014-1-21 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-1-21 96896]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-5 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-5 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-5 63704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-1-21 676968]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2014-5-14 42184]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-1-21 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2011-11-25 14448]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-6-6 32512]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 wovad_micarray;WO Mic Device;C:\Windows\System32\drivers\womic.sys [2014-5-6 59856]
.
=============== Created Last 30 ================
.
2014-06-06 04:02:13 -------- d-sh--w- C:\$RECYCLE.BIN
2014-06-06 03:54:42 98816 ----a-w- C:\Windows\sed.exe
2014-06-06 03:54:42 256000 ----a-w- C:\Windows\PEV.exe
2014-06-06 03:54:42 208896 ----a-w- C:\Windows\MBR.exe
2014-06-06 03:29:02 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-06-06 03:24:33 -------- d-----w- C:\ProgramData\HitmanPro
2014-06-06 03:10:10 -------- d-----w- C:\FRST
2014-06-05 15:04:51 126464 ----a-w- C:\Windows\System32\audiodg.exe
2014-06-05 02:45:35 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-05 02:45:13 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-05 02:45:13 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-05 02:45:13 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-05 02:45:13 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-05 02:45:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 02:46:08 -------- d-----w- C:\Program Files (x86)\My WIFI Router
2014-06-01 02:37:50 -------- d-----w- C:\Windows\ERUNT
2014-06-01 02:33:03 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-06-01 02:32:35 -------- d-----w- C:\AdwCleaner
2014-05-25 14:57:10 -------- d-----w- C:\Users\Eftuh\AppData\Local\MyRouter
2014-05-25 14:56:58 -------- d-----w- C:\Program Files (x86)\WiFi HotSpot Creator
2014-05-25 04:23:23 -------- d-----w- C:\Users\Eftuh\AppData\Local\Chris_Pietschmann_(http__
2014-05-25 04:12:16 -------- d-----w- C:\Program Files (x86)\Virtual Router
2014-05-24 09:14:32 -------- d-----w- C:\Program Files (x86)\WOMic
2014-05-22 10:50:32 -------- d-----w- C:\Users\Eftuh\AppData\Roaming\LolClient
2014-05-22 10:50:11 -------- d-----w- C:\Users\Eftuh\AppData\Roaming\Garena
2014-05-22 10:50:11 -------- d-----w- C:\ProgramData\Garena
2014-05-22 10:49:36 -------- d-----w- C:\Users\Eftuh\AppData\Roaming\GarenaPlus
2014-05-22 10:41:32 -------- d-----w- C:\Program Files (x86)\Garena Plus
2014-05-22 10:41:29 -------- d-----w- C:\Program Files (x86)\GarenaLoLPH
2014-05-22 10:37:48 -------- d-----w- C:\ProgramData\GarenaMessenger
2014-05-22 05:01:51 -------- d-----w- C:\Users\Eftuh\AppData\Local\Garena
2014-05-20 08:05:31 44744 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
2014-05-13 19:57:20 42184 ----a-w- C:\Windows\System32\drivers\taphss6.sys
2014-05-11 15:42:01 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-05-11 15:41:54 43152 ----a-w- C:\Windows\avastSS.scr
2014-05-11 15:41:39 447888 ----a-w- C:\Windows\System32\drivers\aswndisflt.sys.1400149370723
2014-05-11 15:41:39 447888 ----a-w- C:\Windows\System32\drivers\aswndisflt.sys
2014-05-11 15:31:22 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-11 01:00:28 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.3
2014-05-08 13:48:42 227704 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-05-16 07:01:23 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-16 07:01:23 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-15 10:22:50 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-05-15 10:22:50 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-05-11 15:41:55 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-05-11 15:41:54 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-05-11 15:41:54 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-11 15:41:54 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-05-11 15:41:44 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-05-06 09:20:34 59856 ----a-w- C:\Windows\System32\drivers\womic.sys
.
============= FINISH: 12:17:20.02 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 06 June 2014 - 02:45 AM

Hi,

this is normal behaviour and absolutely nothing to worry about. :)
There is no open connection to a proxy server and for some reason IE just displays "80" there instead of leaving it blank. And it gets indeed reset after deletion. I've just checked and confirmed it on my own computer.

Is this your only concern or are there other problems?

#3 eftuh24

eftuh24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 06 June 2014 - 02:58 AM

Thank you for your response. The reason why I doubted that proxy port is because I can't access facebook for a week now. I can access every other sites normally. It doesn't work on any browsers. I've tried deleting my browser data and I also hard reset my modem and router but nothing seems to solve it. I tried changing my DNS but it still doesn't work.

 

image.png



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 06 June 2014 - 04:03 AM

Have you already tried to open a comand prompt and enter "ipconfig /flushdns" ?

#5 eftuh24

eftuh24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 06 June 2014 - 05:20 AM

Yes. That doesn't solve it either.



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 06 June 2014 - 05:39 AM

What happens when you enter "173.252.110.27" in your browser's address bar?

#7 eftuh24

eftuh24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 06 June 2014 - 06:26 AM

123123.png

Same thing happened.



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 06 June 2014 - 01:00 PM

Ok.


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#9 eftuh24

eftuh24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 06 June 2014 - 09:52 PM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Eftuh (administrator) on BATCAVE on 07-06-2014 10:50:41
Running from C:\Users\Eftuh\Desktop
Platform: Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
() C:\Program Files (x86)\My WIFI Router\bmser.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-2686953752-2587215062-2293089642-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3812944 2014-02-06] (Tonec Inc.)
HKU\S-1-5-21-2686953752-2587215062-2293089642-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9936176 2014-04-29] ()
HKU\S-1-5-21-2686953752-2587215062-2293089642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3812944 2014-02-06] (Tonec Inc.)
HKU\S-1-5-21-2686953752-2587215062-2293089642-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9936176 2014-04-29] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x47C407A83681CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{CCFB72DB-D3EC-4A02-8093-B0FABF2FEBA1}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Eftuh\AppData\Roaming\Mozilla\Firefox\Profiles\fr7rrv0a.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-16]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Eftuh\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Eftuh\AppData\Roaming\IDM\idmmzcc5 [2014-02-09]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Eftuh\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Eftuh\AppData\Roaming\IDM\idmmzcc5 [2014-02-09]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR DefaultSearchKeyword: google.com.ph
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Extension: (Missing e) - C:\Users\Eftuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid [2014-02-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Eftuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Eftuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-21]
CHR Extension: (Google Search) - C:\Users\Eftuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-21]
CHR Extension: (Chromebleed) - C:\Users\Eftuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-11]
CHR Extension: (AdBlock) - C:\Users\Eftuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-22]
CHR Extension: (avast! Online Security) - C:\Users\Eftuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-16]
CHR Extension: (Website Blocker (Beta)) - C:\Users\Eftuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2014-02-25]
CHR Extension: (IDM Integration Module) - C:\Users\Eftuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-02-09]
CHR Extension: (Google Wallet) - C:\Users\Eftuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Gmail) - C:\Users\Eftuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-11]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-02-09]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-11] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 WIFIGXENDHCPSER; C:\Program Files (x86)\My WIFI Router\bmser.exe [1656416 2014-04-23] ()
 
==================== Drivers (Whitelisted) ====================
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-05-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-11] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-11] ()
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-06-06] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-14] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-14] (Anchorfree Inc.)
S3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [59856 2014-05-06] (Windows ® Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-07 10:48 - 2014-06-07 10:49 - 02072576 _____ (Farbar) C:\Users\Eftuh\Desktop\FRST64.exe
2014-06-06 12:19 - 2014-06-06 12:19 - 00003044 _____ () C:\Users\Eftuh\Desktop\attach.zip
2014-06-06 12:17 - 2014-06-06 12:17 - 00016283 _____ () C:\Users\Eftuh\Desktop\dds.txt
2014-06-06 12:17 - 2014-06-06 12:17 - 00007460 _____ () C:\Users\Eftuh\Desktop\attach.txt
2014-06-06 12:16 - 2014-06-06 12:15 - 00688992 ____R (Swearware) C:\Users\Eftuh\Desktop\dds.com
2014-06-06 12:15 - 2014-06-06 12:15 - 00688992 _____ (Swearware) C:\Users\Eftuh\Downloads\dds.com
2014-06-06 12:02 - 2014-06-06 12:02 - 00015205 _____ () C:\ComboFix.txt
2014-06-06 12:02 - 2014-06-06 12:02 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-06 12:02 - 2014-06-06 12:02 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 12:02 - 2014-06-06 12:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 11:54 - 2014-06-06 12:02 - 00000000 ____D () C:\Qoobox
2014-06-06 11:54 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-06 11:54 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-06 11:54 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-06 11:54 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-06 11:54 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-06 11:54 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-06 11:54 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-06 11:54 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-06 11:52 - 2014-06-06 11:52 - 05205146 ____R (Swearware) C:\Users\Eftuh\Desktop\ComboFix.exe
2014-06-06 11:41 - 2014-06-06 11:43 - 10971424 _____ (SurfRight B.V.) C:\Users\Eftuh\Desktop\HitmanPro_x64.exe
2014-06-06 11:29 - 2014-06-06 11:39 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-06-06 11:24 - 2014-06-06 11:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-06 11:10 - 2014-06-07 10:50 - 00013950 _____ () C:\Users\Eftuh\Desktop\FRST.txt
2014-06-06 11:10 - 2014-06-07 10:50 - 00000000 ____D () C:\FRST
2014-06-06 10:23 - 2014-06-06 10:24 - 01333465 _____ () C:\Users\Eftuh\Desktop\AdwCleaner.exe
2014-06-06 10:21 - 2014-06-06 10:21 - 00000126 _____ () C:\Users\Eftuh\Desktop\asd.txt
2014-06-05 23:04 - 2014-06-05 23:06 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-06-05 10:48 - 2014-06-05 10:42 - 00000665 _____ () C:\Users\Eftuh\Desktop\Instructions and Keys.txt
2014-06-05 10:45 - 2014-06-07 10:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 10:45 - 2014-06-05 10:45 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-05 10:45 - 2014-06-05 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-05 10:45 - 2014-06-05 10:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 10:45 - 2014-06-05 10:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-05 10:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 10:45 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 10:45 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 10:42 - 2014-06-05 10:42 - 00000665 _____ () C:\Users\Eftuh\Downloads\Instructions and Keys.txt
2014-06-05 10:25 - 2014-06-05 10:25 - 00000000 ____D () C:\Users\Eftuh\Downloads\Gravity (2013) [1080p]
2014-06-04 23:59 - 2014-06-04 23:59 - 00000000 ____D () C:\Users\Eftuh\Desktop\M
2014-06-04 23:53 - 2014-06-04 23:53 - 06691804 _____ () C:\Users\Eftuh\Desktop\dSploit-1.0.31b.apk
2014-06-04 13:34 - 2014-06-04 13:35 - 00000000 ____D () C:\Users\Eftuh\Desktop\LOLO
2014-06-04 12:42 - 2014-06-04 12:42 - 00000000 ____D () C:\Users\Eftuh\Desktop\New folder
2014-06-04 10:46 - 2014-06-04 11:02 - 00000000 ____D () C:\Program Files (x86)\My WIFI Router
2014-06-04 10:46 - 2014-06-04 10:46 - 00001113 _____ () C:\Users\Eftuh\Desktop\My WIFI Router.lnk
2014-06-04 10:46 - 2014-06-04 10:46 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My WIFI Router
2014-06-04 09:00 - 2014-06-04 09:00 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-04 09:00 - 2014-06-04 09:00 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-04 09:00 - 2014-06-04 09:00 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\Mozilla
2014-06-04 09:00 - 2014-06-04 09:00 - 00000000 ____D () C:\Users\Eftuh\AppData\Local\Mozilla
2014-06-04 09:00 - 2014-06-04 09:00 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-04 09:00 - 2014-06-04 09:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-04 09:00 - 2014-06-04 09:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-02 07:16 - 2014-06-02 07:16 - 00275920 _____ () C:\Windows\Minidump\060214-13104-01.dmp
2014-06-01 10:44 - 2014-06-06 11:54 - 00000000 ____D () C:\Windows\erdnt
2014-06-01 10:44 - 2014-06-01 10:44 - 00000873 _____ () C:\Users\Eftuh\Desktop\JRT.txt
2014-06-01 10:37 - 2014-06-01 10:37 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 10:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-01 10:32 - 2014-06-06 10:29 - 00000000 ____D () C:\AdwCleaner
2014-06-01 10:26 - 2014-06-01 10:27 - 01016261 _____ (Thisisu) C:\Users\Eftuh\Desktop\JRT.exe
2014-06-01 10:25 - 2014-06-01 10:26 - 01327971 _____ () C:\Users\Eftuh\Desktop\adwcleaner_3.211.exe
2014-05-30 01:58 - 2014-05-30 01:58 - 00345520 _____ () C:\Windows\Minidump\053014-13431-01.dmp
2014-05-25 22:57 - 2014-05-25 22:57 - 00000000 ____D () C:\Users\Eftuh\AppData\Local\MyRouter
2014-05-25 22:56 - 2014-05-25 22:57 - 00000000 ____D () C:\Program Files (x86)\WiFi HotSpot Creator
2014-05-25 22:56 - 2014-05-25 22:56 - 00001163 _____ () C:\Users\Eftuh\Desktop\WiFi HotSpot Creator.lnk
2014-05-25 22:56 - 2014-05-25 22:56 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WiFi HotSpot Creator
2014-05-25 12:46 - 2014-05-25 12:46 - 00067839 _____ () C:\Users\Eftuh\Desktop\Untitled (2).wma
2014-05-25 12:41 - 2014-05-25 12:41 - 00013343 _____ () C:\Users\Eftuh\Desktop\cmd - Shortcut.lnk
2014-05-25 12:23 - 2014-05-25 12:23 - 00000000 ____D () C:\Users\Eftuh\AppData\Local\Chris_Pietschmann_(http__
2014-05-25 12:12 - 2014-06-04 11:01 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-05-25 12:12 - 2014-06-01 11:07 - 00000000 ____D () C:\Program Files (x86)\Virtual Router
2014-05-24 17:14 - 2014-05-25 12:37 - 00001009 _____ () C:\Users\Eftuh\Desktop\WO Mic Client.lnk
2014-05-24 17:14 - 2014-05-25 12:23 - 00000000 ____D () C:\Program Files (x86)\WOMic
2014-05-24 17:14 - 2014-05-24 17:14 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WO Mic Client
2014-05-24 16:58 - 2014-05-24 16:58 - 00045389 _____ () C:\Users\Eftuh\Documents\Untitled.wma
2014-05-22 18:50 - 2014-05-22 18:50 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\LolClient
2014-05-22 18:50 - 2014-05-22 18:50 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\Garena
2014-05-22 18:50 - 2014-05-22 18:50 - 00000000 ____D () C:\ProgramData\Garena
2014-05-22 18:49 - 2014-06-07 10:51 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\GarenaPlus
2014-05-22 18:48 - 2014-05-22 18:48 - 00001065 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-05-22 18:41 - 2014-06-07 10:47 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Eftuh
2014-05-22 18:41 - 2014-05-30 08:29 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2014-05-22 18:41 - 2014-05-22 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2014-05-22 18:41 - 2014-05-22 18:48 - 00000000 ____D () C:\Program Files (x86)\GarenaLoLPH
2014-05-22 18:41 - 2014-05-22 18:41 - 00001075 _____ () C:\Users\Public\Desktop\Garena Plus.lnk
2014-05-22 18:37 - 2014-06-07 10:51 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-05-22 18:31 - 2014-05-22 18:32 - 00000000 ____D () C:\Users\Eftuh\Desktop\Droid bleep
2014-05-22 15:55 - 2014-05-22 15:55 - 2069282816 _____ () C:\Users\Eftuh\Downloads\LoLPH_Install_140513.1.dat
2014-05-22 13:06 - 2014-05-22 18:26 - 00000000 ____D () C:\Users\Eftuh\Desktop\LOL
2014-05-22 13:01 - 2014-05-22 13:01 - 02745136 _____ () C:\Users\Eftuh\Desktop\LoLInstaller.exe
2014-05-22 13:01 - 2014-05-22 13:01 - 00000000 ____D () C:\Users\Eftuh\AppData\Local\Garena
2014-05-21 12:39 - 2014-05-21 12:39 - 00262144 _____ () C:\Windows\Minidump\052114-14523-01.dmp
2014-05-20 17:55 - 2014-05-20 17:55 - 00275728 _____ () C:\Windows\Minidump\052014-12542-01.dmp
2014-05-20 16:05 - 2014-05-14 03:54 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2014-05-19 20:28 - 2014-05-19 20:28 - 00000222 _____ () C:\Users\Eftuh\Desktop\Solstice Arena.url
2014-05-14 03:57 - 2014-05-14 03:57 - 00042184 _____ (Anchorfree Inc.) C:\Windows\system32\Drivers\taphss6.sys
2014-05-12 21:37 - 2014-05-21 14:31 - 00000000 ____D () C:\Users\Eftuh\Desktop\MEMES
2014-05-11 23:42 - 2014-05-11 23:41 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-11 23:41 - 2014-05-15 18:22 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys
2014-05-11 23:41 - 2014-05-11 23:41 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys.1400149370723
2014-05-11 23:41 - 2014-05-11 23:41 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-11 23:31 - 2014-05-11 23:31 - 00004030 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-11 23:31 - 2014-05-11 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-11 23:31 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-11 23:31 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-11 23:31 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-11 23:31 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-11 09:00 - 2014-05-11 09:00 - 00001097 _____ () C:\Users\Eftuh\Desktop\Cheat Engine.lnk
2014-05-11 09:00 - 2014-05-11 09:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
2014-05-11 09:00 - 2014-05-11 09:00 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.3
2014-05-11 08:48 - 2014-05-11 08:48 - 00000000 ____D () C:\Users\Eftuh\Documents\My Cheat Tables
 
==================== One Month Modified Files and Folders =======
 
2014-06-07 10:51 - 2014-05-22 18:49 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\GarenaPlus
2014-06-07 10:51 - 2014-05-22 18:37 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-06-07 10:50 - 2014-06-06 11:10 - 00013950 _____ () C:\Users\Eftuh\Desktop\FRST.txt
2014-06-07 10:50 - 2014-06-06 11:10 - 00000000 ____D () C:\FRST
2014-06-07 10:50 - 2014-01-21 20:52 - 01439748 _____ () C:\Windows\WindowsUpdate.log
2014-06-07 10:50 - 2014-01-21 20:50 - 00000000 ____D () C:\Users\Eftuh\AppData\Local\Temp
2014-06-07 10:49 - 2014-06-07 10:48 - 02072576 _____ (Farbar) C:\Users\Eftuh\Desktop\FRST64.exe
2014-06-07 10:48 - 2014-06-05 10:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-07 10:47 - 2014-05-22 18:41 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Eftuh
2014-06-07 10:47 - 2014-01-21 21:01 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-07 10:47 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-07 10:47 - 2009-07-14 12:51 - 00054963 _____ () C:\Windows\setupact.log
2014-06-07 04:22 - 2014-01-21 21:35 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\DMCache
2014-06-07 04:00 - 2014-01-21 22:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-07 03:35 - 2014-01-21 21:01 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-07 00:23 - 2009-07-14 12:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-07 00:23 - 2009-07-14 12:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 21:12 - 2014-02-20 22:58 - 00000000 ____D () C:\Users\Eftuh\Desktop\MMBA files
2014-06-06 16:31 - 2014-01-22 00:32 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\vlc
2014-06-06 12:19 - 2014-06-06 12:19 - 00003044 _____ () C:\Users\Eftuh\Desktop\attach.zip
2014-06-06 12:17 - 2014-06-06 12:17 - 00016283 _____ () C:\Users\Eftuh\Desktop\dds.txt
2014-06-06 12:17 - 2014-06-06 12:17 - 00007460 _____ () C:\Users\Eftuh\Desktop\attach.txt
2014-06-06 12:15 - 2014-06-06 12:16 - 00688992 ____R (Swearware) C:\Users\Eftuh\Desktop\dds.com
2014-06-06 12:15 - 2014-06-06 12:15 - 00688992 _____ (Swearware) C:\Users\Eftuh\Downloads\dds.com
2014-06-06 12:03 - 2014-01-21 21:15 - 00140860 _____ () C:\Windows\PFRO.log
2014-06-06 12:02 - 2014-06-06 12:02 - 00015205 _____ () C:\ComboFix.txt
2014-06-06 12:02 - 2014-06-06 12:02 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-06 12:02 - 2014-06-06 12:02 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 12:02 - 2014-06-06 12:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 12:02 - 2014-06-06 11:54 - 00000000 ____D () C:\Qoobox
2014-06-06 12:00 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-06 11:54 - 2014-06-01 10:44 - 00000000 ____D () C:\Windows\erdnt
2014-06-06 11:52 - 2014-06-06 11:52 - 05205146 ____R (Swearware) C:\Users\Eftuh\Desktop\ComboFix.exe
2014-06-06 11:43 - 2014-06-06 11:41 - 10971424 _____ (SurfRight B.V.) C:\Users\Eftuh\Desktop\HitmanPro_x64.exe
2014-06-06 11:39 - 2014-06-06 11:29 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-06-06 11:29 - 2014-06-06 11:24 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-06 10:57 - 2009-07-14 10:34 - 62914560 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-06-06 10:57 - 2009-07-14 10:34 - 19922944 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-06-06 10:57 - 2009-07-14 10:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-06-06 10:57 - 2009-07-14 10:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-06-06 10:57 - 2009-07-14 10:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-06-06 10:29 - 2014-06-01 10:32 - 00000000 ____D () C:\AdwCleaner
2014-06-06 10:24 - 2014-06-06 10:23 - 01333465 _____ () C:\Users\Eftuh\Desktop\AdwCleaner.exe
2014-06-06 10:21 - 2014-06-06 10:21 - 00000126 _____ () C:\Users\Eftuh\Desktop\asd.txt
2014-06-06 08:55 - 2014-02-16 08:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-05 23:06 - 2014-06-05 23:04 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-06-05 20:41 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-05 10:45 - 2014-06-05 10:45 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-05 10:45 - 2014-06-05 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-05 10:45 - 2014-06-05 10:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 10:45 - 2014-06-05 10:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-05 10:42 - 2014-06-05 10:48 - 00000665 _____ () C:\Users\Eftuh\Desktop\Instructions and Keys.txt
2014-06-05 10:42 - 2014-06-05 10:42 - 00000665 _____ () C:\Users\Eftuh\Downloads\Instructions and Keys.txt
2014-06-05 10:29 - 2014-02-07 22:02 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\uTorrent
2014-06-05 10:25 - 2014-06-05 10:25 - 00000000 ____D () C:\Users\Eftuh\Downloads\Gravity (2013) [1080p]
2014-06-04 23:59 - 2014-06-04 23:59 - 00000000 ____D () C:\Users\Eftuh\Desktop\M
2014-06-04 23:59 - 2014-01-21 21:35 - 00000000 ____D () C:\Users\Eftuh\Downloads\Compressed
2014-06-04 23:53 - 2014-06-04 23:53 - 06691804 _____ () C:\Users\Eftuh\Desktop\dSploit-1.0.31b.apk
2014-06-04 22:57 - 2014-03-31 16:34 - 00000600 _____ () C:\Users\Eftuh\PUTTY.RND
2014-06-04 13:35 - 2014-06-04 13:34 - 00000000 ____D () C:\Users\Eftuh\Desktop\LOLO
2014-06-04 12:42 - 2014-06-04 12:42 - 00000000 ____D () C:\Users\Eftuh\Desktop\New folder
2014-06-04 11:02 - 2014-06-04 10:46 - 00000000 ____D () C:\Program Files (x86)\My WIFI Router
2014-06-04 11:01 - 2014-05-25 12:12 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-04 10:46 - 2014-06-04 10:46 - 00001113 _____ () C:\Users\Eftuh\Desktop\My WIFI Router.lnk
2014-06-04 10:46 - 2014-06-04 10:46 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My WIFI Router
2014-06-04 09:00 - 2014-06-04 09:00 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-04 09:00 - 2014-06-04 09:00 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-04 09:00 - 2014-06-04 09:00 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\Mozilla
2014-06-04 09:00 - 2014-06-04 09:00 - 00000000 ____D () C:\Users\Eftuh\AppData\Local\Mozilla
2014-06-04 09:00 - 2014-06-04 09:00 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-04 09:00 - 2014-06-04 09:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-04 09:00 - 2014-06-04 09:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-02 07:16 - 2014-06-02 07:16 - 00275920 _____ () C:\Windows\Minidump\060214-13104-01.dmp
2014-06-02 07:16 - 2014-02-06 00:29 - 560563784 _____ () C:\Windows\MEMORY.DMP
2014-06-02 07:16 - 2014-02-06 00:29 - 00000000 ____D () C:\Windows\Minidump
2014-06-01 22:35 - 2014-01-21 21:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-01 11:07 - 2014-05-25 12:12 - 00000000 ____D () C:\Program Files (x86)\Virtual Router
2014-06-01 11:07 - 2009-07-14 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-01 10:54 - 2009-07-14 10:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2014-06-01 10:44 - 2014-06-01 10:44 - 00000873 _____ () C:\Users\Eftuh\Desktop\JRT.txt
2014-06-01 10:37 - 2014-06-01 10:37 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 10:27 - 2014-06-01 10:26 - 01016261 _____ (Thisisu) C:\Users\Eftuh\Desktop\JRT.exe
2014-06-01 10:26 - 2014-06-01 10:25 - 01327971 _____ () C:\Users\Eftuh\Desktop\adwcleaner_3.211.exe
2014-05-31 22:33 - 2009-07-14 13:08 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-30 16:44 - 2014-04-27 18:56 - 00000000 ____D () C:\Users\Eftuh\Desktop\Musics
2014-05-30 08:29 - 2014-05-22 18:41 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2014-05-30 01:58 - 2014-05-30 01:58 - 00345520 _____ () C:\Windows\Minidump\053014-13431-01.dmp
2014-05-29 09:02 - 2014-01-21 21:49 - 00000440 _____ () C:\Users\Eftuh\AppData\Local\UserProducts.xml
2014-05-29 09:02 - 2014-01-21 21:49 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2014-05-25 22:57 - 2014-05-25 22:57 - 00000000 ____D () C:\Users\Eftuh\AppData\Local\MyRouter
2014-05-25 22:57 - 2014-05-25 22:56 - 00000000 ____D () C:\Program Files (x86)\WiFi HotSpot Creator
2014-05-25 22:56 - 2014-05-25 22:56 - 00001163 _____ () C:\Users\Eftuh\Desktop\WiFi HotSpot Creator.lnk
2014-05-25 22:56 - 2014-05-25 22:56 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WiFi HotSpot Creator
2014-05-25 12:46 - 2014-05-25 12:46 - 00067839 _____ () C:\Users\Eftuh\Desktop\Untitled (2).wma
2014-05-25 12:41 - 2014-05-25 12:41 - 00013343 _____ () C:\Users\Eftuh\Desktop\cmd - Shortcut.lnk
2014-05-25 12:37 - 2014-05-24 17:14 - 00001009 _____ () C:\Users\Eftuh\Desktop\WO Mic Client.lnk
2014-05-25 12:23 - 2014-05-25 12:23 - 00000000 ____D () C:\Users\Eftuh\AppData\Local\Chris_Pietschmann_(http__
2014-05-25 12:23 - 2014-05-24 17:14 - 00000000 ____D () C:\Program Files (x86)\WOMic
2014-05-24 17:14 - 2014-05-24 17:14 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WO Mic Client
2014-05-24 16:58 - 2014-05-24 16:58 - 00045389 _____ () C:\Users\Eftuh\Documents\Untitled.wma
2014-05-22 19:08 - 2014-01-21 21:01 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-22 18:50 - 2014-05-22 18:50 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\LolClient
2014-05-22 18:50 - 2014-05-22 18:50 - 00000000 ____D () C:\Users\Eftuh\AppData\Roaming\Garena
2014-05-22 18:50 - 2014-05-22 18:50 - 00000000 ____D () C:\ProgramData\Garena
2014-05-22 18:48 - 2014-05-22 18:48 - 00001065 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-05-22 18:48 - 2014-05-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2014-05-22 18:48 - 2014-05-22 18:41 - 00000000 ____D () C:\Program Files (x86)\GarenaLoLPH
2014-05-22 18:41 - 2014-05-22 18:41 - 00001075 _____ () C:\Users\Public\Desktop\Garena Plus.lnk
2014-05-22 18:32 - 2014-05-22 18:31 - 00000000 ____D () C:\Users\Eftuh\Desktop\Droid bleep
2014-05-22 18:32 - 2014-04-27 18:56 - 00000000 ____D () C:\Users\Eftuh\Desktop\Vids
2014-05-22 18:32 - 2014-04-27 18:56 - 00000000 ____D () C:\Users\Eftuh\Desktop\Pics
2014-05-22 18:26 - 2014-05-22 13:06 - 00000000 ____D () C:\Users\Eftuh\Desktop\LOL
2014-05-22 15:55 - 2014-05-22 15:55 - 2069282816 _____ () C:\Users\Eftuh\Downloads\LoLPH_Install_140513.1.dat
2014-05-22 13:01 - 2014-05-22 13:01 - 02745136 _____ () C:\Users\Eftuh\Desktop\LoLInstaller.exe
2014-05-22 13:01 - 2014-05-22 13:01 - 00000000 ____D () C:\Users\Eftuh\AppData\Local\Garena
2014-05-21 14:31 - 2014-05-12 21:37 - 00000000 ____D () C:\Users\Eftuh\Desktop\MEMES
2014-05-21 12:39 - 2014-05-21 12:39 - 00262144 _____ () C:\Windows\Minidump\052114-14523-01.dmp
2014-05-20 17:55 - 2014-05-20 17:55 - 00275728 _____ () C:\Windows\Minidump\052014-12542-01.dmp
2014-05-20 16:04 - 2014-02-07 22:25 - 00001056 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-05-19 20:28 - 2014-05-19 20:28 - 00000222 _____ () C:\Users\Eftuh\Desktop\Solstice Arena.url
2014-05-16 15:01 - 2014-01-21 22:50 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 15:01 - 2014-01-21 22:50 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 15:01 - 2014-01-21 22:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 18:22 - 2014-05-11 23:41 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys
2014-05-15 18:22 - 2014-02-16 08:42 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 18:22 - 2014-02-16 08:03 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 18:22 - 2014-02-16 08:03 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-14 19:15 - 2014-01-22 20:13 - 00040859 _____ () C:\Users\Eftuh\Desktop\FLUSHER DNS.rar
2014-05-14 08:28 - 2014-04-21 16:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 03:57 - 2014-05-14 03:57 - 00042184 _____ (Anchorfree Inc.) C:\Windows\system32\Drivers\taphss6.sys
2014-05-14 03:54 - 2014-05-20 16:05 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2014-05-12 21:40 - 2014-02-06 10:06 - 00000000 ____D () C:\Users\Eftuh\Desktop\HIMYM
2014-05-12 19:30 - 2014-02-16 08:43 - 00002024 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-05-12 07:26 - 2014-06-05 10:45 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-05 10:45 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-05 10:45 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 23:41 - 2014-05-11 23:42 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-11 23:41 - 2014-05-11 23:41 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys.1400149370723
2014-05-11 23:41 - 2014-05-11 23:41 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-11 23:41 - 2014-02-16 08:41 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-11 23:41 - 2014-02-16 08:03 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400149370723
2014-05-11 23:41 - 2014-02-16 08:03 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400149370723
2014-05-11 23:41 - 2014-02-16 08:03 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-11 23:41 - 2014-02-16 08:03 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-11 23:41 - 2014-02-16 08:03 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-11 23:41 - 2014-02-16 08:03 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-11 23:41 - 2014-02-16 08:03 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-11 23:31 - 2014-05-11 23:31 - 00004030 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-11 23:31 - 2014-05-11 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-11 23:31 - 2014-01-26 13:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-11 09:00 - 2014-05-11 09:00 - 00001097 _____ () C:\Users\Eftuh\Desktop\Cheat Engine.lnk
2014-05-11 09:00 - 2014-05-11 09:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
2014-05-11 09:00 - 2014-05-11 09:00 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.3
2014-05-11 08:48 - 2014-05-11 08:48 - 00000000 ____D () C:\Users\Eftuh\Documents\My Cheat Tables
2014-05-09 18:30 - 2014-01-21 21:01 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 18:30 - 2014-01-21 21:01 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-29 10:02
 
==================== End Of Log ============================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by Eftuh at 2014-06-07 10:51:11
Running from C:\Users\Eftuh\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30544 - BitTorrent Inc.)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM-x32\...\Adobe Photoshop CS4_is1) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70727.2220 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.10.1 - Androxyde)
Garena - League of Legends (HKLM-x32\...\LoLPH) (Version:  - Garena Online Pte Ltd.)
Globe Broadband (HKLM-x32\...\Globe Broadband) (Version: 11.300.05.20.158 - Huawei Technologies Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Gtk# for .Net 2.12.10 (HKLM-x32\...\{550B72C4-F404-4812-971F-947E835A877E}) (Version: 2.12.10 - Novell, Inc.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kepard (HKLM-x32\...\Kepard) (Version:  - Kepard)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My WIFI Router 2014.05.20.001 (HKLM-x32\...\My WIFI Router) (Version: 2014.05.20.001 - TX Network Inc.)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.14.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Solstice Arena (HKLM-x32\...\Steam App 240380) (Version:  - Zynga)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{A27FDB06-60C8-4D5A-BB2F-8038FD151E3C}) (Version: 11.0.3 - Red Giant Software)
Trapcode Suite 64-bit (Version: 11.0.3 - Red Giant Software) Hidden
USB Game Controller (HKLM-x32\...\{D3DF3D05-DE2A-476A-A384-08FCD58D9FE7}) (Version: 2007.01.01 - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WiFi HotSpot Creator (HKLM-x32\...\WiFi HotSpot Creator) (Version:  - )
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WO Mic Client (HKLM-x32\...\WOMic) (Version:  - )
YTD Video Downloader 4.8 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8 - GreenTree Applications SRL)
 
==================== Restore Points  =========================
 
06-06-2014 03:07:17 ComboFix created restore point
06-06-2014 04:04:44 Installed Microsoft Fix it 50267
 
==================== Hosts content: ==========================
 
2009-07-14 10:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0136576F-69C7-4AA4-A36C-80B8EFD05CCD} - \update-sys No Task File <==== ATTENTION
Task: {0CA969E6-5494-4CA0-A9B6-F94F881FCA98} - System32\Tasks\gg_uac_daemon_Eftuh => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2014-04-29] ()
Task: {48240055-F9C9-4DA6-A1C7-EDE81A67359A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4B5DC8C8-0709-43E7-8BBC-B3E4A8B0DDA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {CF4C5297-617E-4FFA-9EB3-300680AF423D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-11] (AVAST Software)
Task: {E562DE0D-9F2D-4E8F-916E-31767A2122E7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16] (Adobe Systems Incorporated)
Task: {F757460C-B887-4948-9DAC-F8B8C86EC578} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-06 12:24 - 2012-08-06 12:24 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-04-29 17:28 - 2014-04-29 17:28 - 00049456 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2014-04-23 10:58 - 2014-04-23 10:58 - 01656416 _____ () C:\Program Files (x86)\My WIFI Router\bmser.exe
2014-04-29 17:28 - 2014-04-29 17:28 - 09936176 _____ () C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
2012-08-06 12:24 - 2012-08-06 12:24 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-06 12:07 - 2012-08-06 12:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-06-07 04:17 - 2014-06-07 04:17 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060601\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-29 17:28 - 2014-04-29 17:28 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2014-04-23 10:58 - 2014-04-23 10:58 - 00193392 _____ () C:\Program Files (x86)\My WIFI Router\bmupdex.dll
2014-04-29 17:28 - 2014-04-29 17:28 - 00104752 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll
2014-04-29 17:28 - 2014-04-29 17:28 - 00033584 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll
2014-04-29 17:28 - 2014-05-29 16:32 - 00027952 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll
2014-04-29 17:28 - 2014-04-29 17:28 - 00051504 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll
2014-04-29 17:28 - 2014-04-29 17:28 - 00087344 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll
2014-04-29 17:28 - 2014-04-29 17:28 - 00487216 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll
2014-04-29 17:28 - 2014-04-29 17:28 - 00025392 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll
2014-04-29 17:29 - 2014-04-29 17:29 - 00170800 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
2014-04-29 17:29 - 2014-04-29 17:29 - 00374064 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll
2014-04-29 17:29 - 2014-04-29 17:29 - 00184624 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL
2014-04-29 17:29 - 2014-04-29 17:29 - 00219952 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
2014-04-29 17:29 - 2014-04-29 17:29 - 00106288 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
2014-04-29 17:29 - 2014-04-29 17:29 - 00958256 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll
2014-04-29 17:29 - 2014-04-29 17:29 - 00055088 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll
2014-04-29 17:29 - 2014-04-29 17:29 - 00224560 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
2014-04-29 17:28 - 2014-05-27 15:23 - 00919856 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
2014-04-29 17:28 - 2014-04-29 17:28 - 00192816 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll
2014-04-29 17:28 - 2014-04-29 17:28 - 00155440 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll
2014-04-29 17:28 - 2014-04-29 17:28 - 02941232 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll
2014-04-29 17:29 - 2014-04-29 17:29 - 00065840 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
2014-04-29 17:29 - 2014-04-29 17:29 - 00016688 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
2014-04-29 17:29 - 2014-04-29 17:29 - 01545520 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll
2014-04-29 17:29 - 2014-04-29 17:29 - 00956208 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
2014-04-29 17:29 - 2014-04-29 17:29 - 00245040 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
2014-04-29 17:28 - 2014-04-29 17:28 - 00026416 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
2014-04-29 17:29 - 2014-04-29 17:29 - 00516912 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
2014-04-29 17:29 - 2014-04-29 17:29 - 00068400 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
2014-02-16 08:03 - 2014-02-16 08:03 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-22 19:08 - 2014-05-14 07:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-22 19:08 - 2014-05-14 07:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-22 19:08 - 2014-05-14 07:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-22 19:08 - 2014-05-14 07:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-22 19:08 - 2014-05-14 07:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Microsoft:aZmuDrTr4uVYlbLbIvbczq
AlternateDataStreams: C:\ProgramData\Microsoft:QvgU68W85g4LIZskz6Z
AlternateDataStreams: C:\Users\Eftuh\AppData\Local\CivgWvsMHY9dn:nPCdRB4Q3EsSaP0yKQZaooO
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Problem: : This device is disabled because the firmware of the device did not give it the required resources. (Code 29)
Resolution: Enable the device in the BIOS of the device.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/07/2014 00:20:27 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (06/06/2014 00:12:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (06/06/2014 11:47:47 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program HitmanPro 3.7 because of this error.
 
Program: HitmanPro 3.7
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (06/06/2014 11:47:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro_x64.exe, version: 3.7.9.216, time stamp: 0x5335b5bf
Faulting module name: HitmanPro_x64.exe, version: 3.7.9.216, time stamp: 0x5335b5bf
Exception code: 0xc000001d
Fault offset: 0x00000000002b2151
Faulting process id: 0xe60
Faulting application start time: 0xHitmanPro_x64.exe0
Faulting application path: HitmanPro_x64.exe1
Faulting module path: HitmanPro_x64.exe2
Report Id: HitmanPro_x64.exe3
 
Error: (06/06/2014 11:47:30 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program HitmanPro 3.7 because of this error.
 
Program: HitmanPro 3.7
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (06/06/2014 11:47:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro_x64.exe, version: 3.7.9.216, time stamp: 0x5335b5bf
Faulting module name: HitmanPro_x64.exe, version: 3.7.9.216, time stamp: 0x5335b5bf
Exception code: 0xc000001d
Fault offset: 0x00000000002b2151
Faulting process id: 0x2f8
Faulting application start time: 0xHitmanPro_x64.exe0
Faulting application path: HitmanPro_x64.exe1
Faulting module path: HitmanPro_x64.exe2
Report Id: HitmanPro_x64.exe3
 
Error: (06/06/2014 11:47:10 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program HitmanPro 3.7 because of this error.
 
Program: HitmanPro 3.7
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (06/06/2014 11:47:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro_x64.exe, version: 3.7.9.216, time stamp: 0x5335b5bf
Faulting module name: HitmanPro_x64.exe, version: 3.7.9.216, time stamp: 0x5335b5bf
Exception code: 0xc000001d
Fault offset: 0x00000000002b2151
Faulting process id: 0xf90
Faulting application start time: 0xHitmanPro_x64.exe0
Faulting application path: HitmanPro_x64.exe1
Faulting module path: HitmanPro_x64.exe2
Report Id: HitmanPro_x64.exe3
 
Error: (06/06/2014 11:46:57 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program HitmanPro 3.7 because of this error.
 
Program: HitmanPro 3.7
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (06/06/2014 11:46:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HitmanPro_x64.exe, version: 3.7.9.216, time stamp: 0x5335b5bf
Faulting module name: HitmanPro_x64.exe, version: 3.7.9.216, time stamp: 0x5335b5bf
Exception code: 0xc000001d
Fault offset: 0x00000000002b2151
Faulting process id: 0xe14
Faulting application start time: 0xHitmanPro_x64.exe0
Faulting application path: HitmanPro_x64.exe1
Faulting module path: HitmanPro_x64.exe2
Report Id: HitmanPro_x64.exe3
 
 
System errors:
=============
Error: (06/07/2014 01:09:22 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer EFTUH-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CCFB72DB-D3EC-4A02-8093-B0FABF2FEBA1}.
The master browser is stopping or an election is being forced.
 
Error: (06/06/2014 00:00:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/06/2014 11:58:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/06/2014 11:34:35 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:30:38 AM on ‎6/‎6/‎2014 was unexpected.
 
Error: (06/06/2014 10:56:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/06/2014 10:56:55 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/06/2014 10:56:24 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/06/2014 10:56:24 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/06/2014 10:50:45 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/05/2014 05:43:41 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer EFTUH-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CCFB72DB-D3EC-4A02-8093-B0FABF2FEBA1}.
The master browser is stopping or an election is being forced.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-07 10:47:17.894
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-07 10:47:17.894
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-07 00:15:45.861
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-07 00:15:45.861
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-06 12:05:55.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-06 12:05:55.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-06 12:03:35.549
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-06 12:03:35.534
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-06 11:34:30.970
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-06 11:34:30.970
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 27%
Total physical RAM: 7985.88 MB
Available physical RAM: 5788.36 MB
Total Pagefile: 15969.91 MB
Available Pagefile: 13464.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (Windows7) (Fixed) (Total:257.54 GB) (Free:135.15 GB) NTFS
Drive y: () (Fixed) (Total:150 GB) (Free:149.48 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7372F79E)
Partition 1: (Active) - (Size=58 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=258 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#10 eftuh24

eftuh24
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 07 June 2014 - 10:54 PM

up



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 08 June 2014 - 03:32 PM

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 03 September 2014 - 06:57 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users