Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Name Not Available Audio Ads Constantly Running in Volume Control


  • This topic is locked This topic is locked
24 replies to this topic

#1 Hasbronero

Hasbronero

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 03 January 2014 - 05:40 AM

Hello all:

 

Audio advertisements have been running on my computer for the past day or so under the name of "Name Not Available" as per my volume control. I've tried running anti-malware software, and it seems like nothing has been working. I tried running in clean boot to see if it was a third party program, but nothing turned up either. 
 

I searched and found this forum. Another forum post said to run DDS and follow its steps to post here. I am not sure of what to do as this is my first attempt at any such thing, but I'll leave my chances here. I would greatly appreciate any help possible. Thank you to anyone in advance.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16446  BrowserJavaVersion: 10.7.2
Run by mlalangan at 2:38:29 on 2014-01-03
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.8191.5560 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\SndVol.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mlalangan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uProxyOverride = <local>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623085908.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{73081B24-3EC4-44C7-9D4E-AEF1628B5A02} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{73081B24-3EC4-44C7-9D4E-AEF1628B5A02} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120623085908.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mlalangan\AppData\Roaming\Mozilla\Firefox\Profiles\kk5l27rv.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_07.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\mlalangan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\mlalangan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\mlalangan\AppData\Local\Roblox\Versions\version-037c042a4c1b49fd\NPRobloxProxy.dll
FF - plugin: C:\Users\mlalangan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\System32\npDeployJava1.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-1-16 771536]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-22 46368]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-1-16 340216]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-24 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-16 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-16 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-1-16 182752]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-1-16 70112]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-1-16 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-1-16 515968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-24 196440]
S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2008-7-26 15768]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2008-7-26 790424]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-1-16 106552]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-6-10 23536]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-1 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-6-20 14544]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-1 239616]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]
S4 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2013-10-19 121616]
S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-9-2 227232]
S4 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-24 201304]
S4 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-24 201304]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-11 2666880]
S4 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [?]
.
=============== Created Last 30 ================
.
2014-01-03 10:15:27 -------- d-----w- C:\AdwCleaner
2014-01-03 09:48:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-03 08:54:16 -------- d-----w- C:\Windows\pss
2014-01-03 06:18:41 -------- d-----w- C:\Users\mlalangan\AppData\Local\Programs
2014-01-02 16:05:25 -------- d-----w- C:\Users\mlalangan\AppData\Roaming\ooVoo Details
2013-12-26 18:57:01 -------- d-----w- C:\Users\mlalangan\AppData\Local\PAYDAY
2013-12-24 07:30:15 -------- d-----w- C:\Users\mlalangan\AppData\Roaming\OpenOffice
2013-12-24 07:22:30 -------- d-----w- C:\Program Files (x86)\OpenOffice 4
2013-12-24 07:06:38 -------- d-----w- C:\Users\mlalangan\AppData\Roaming\Greyfirst
2013-12-24 07:06:38 -------- d-----w- C:\Users\mlalangan\AppData\Local\Greyfirst
2013-12-24 07:02:19 -------- d-----w- C:\Program Files (x86)\Celtx
2013-12-24 06:50:35 -------- d-----w- C:\Users\mlalangan\AppData\Roaming\Unity
2013-12-20 00:38:55 -------- d-----w- C:\Users\mlalangan\AppData\Local\CrashRpt
2013-12-20 00:30:24 -------- d-----w- C:\Windows\USB_Vibration
2013-12-15 05:17:06 9293192 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-12-08 06:29:14 -------- d-----w- C:\Users\mlalangan\AppData\Roaming\.minecraft
2013-12-08 06:28:56 -------- d-----w- C:\Users\mlalangan\AppData\Roaming\New folder
2013-12-07 05:01:34 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-12-07 04:57:27 -------- d-----w- C:\ProgramData\Package Cache
2013-12-07 03:10:43 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2013-12-07 02:44:03 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
2013-12-07 02:44:03 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll
2013-12-07 02:44:01 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2013-12-07 02:44:00 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll
2013-12-07 02:44:00 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2013-12-07 02:42:39 238088 ----a-w- C:\Windows\SysWow64\xactengine3_2.dll
2013-12-07 02:42:39 177672 ----a-w- C:\Windows\System32\xactengine3_2.dll
.
==================== Find3M  ====================
.
2013-12-15 05:17:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-15 05:17:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-07 01:43:10 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-12-01 10:15:13 0 ----a-w- C:\Windows\ativpsrm.bin
.
============= FINISH:  2:38:51.49 ===============
 

Edited by Hasbronero, 03 January 2014 - 05:42 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:58 PM

Posted 03 January 2014 - 08:11 AM

Hello, and welcome to Bleepingcomputer! :)
My name is Elise and I'll assist you with this issue.

Lets start with a rootkit scan here.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 Hasbronero

Hasbronero
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 03 January 2014 - 10:56 AM

Thanks for responding, Elise!

I tried running the TDSS, but it didn't seem to find anything malicious. What should I do next?



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:58 PM

Posted 03 January 2014 - 12:00 PM

Lets see if the following scanner shows something.


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

  • -- If you encounter any problems, try running GMER in Safe Mode.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 Hasbronero

Hasbronero
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 03 January 2014 - 12:35 PM

 Ok, this one worked for me.

 

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2014-01-03 09:26:36
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\00000065 WDC_WD10 rev.01.0 931.51GB
Running: 65e0j9qh.exe; Driver: C:\Users\MLALAN~1\AppData\Local\Temp\ugryauow.sys
 
 
---- User code sections - GMER 2.1 ----
 
.text   C:\PROGRA~2\MICROS~2\OFFICE11\OUTLOOK.EXE[5048] C:\Windows\syswow64\ole32.dll!OleLoadFromStream         00000000757a5bf6 5 bytes JMP 000000016b4e2df0
.text   C:\PROGRA~2\MICROS~2\OFFICE11\OUTLOOK.EXE[5048] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString          0000000076d73e59 5 bytes JMP 000000016b245ef0
.text   C:\PROGRA~2\MICROS~2\OFFICE11\OUTLOOK.EXE[5048] C:\Windows\syswow64\OLEAUT32.dll!VariantClear           0000000076d73eae 5 bytes JMP 000000016b2486f1
.text   C:\PROGRA~2\MICROS~2\OFFICE11\OUTLOOK.EXE[5048] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen  0000000076d74731 5 bytes JMP 000000016b24887f
.text   C:\PROGRA~2\MICROS~2\OFFICE11\OUTLOOK.EXE[5048] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType      0000000076d75dee 5 bytes JMP 000000016b25a3d3
 
---- Threads - GMER 2.1 ----
 
Thread  C:\Windows\system32\svchost.exe [832:972]                                                               000000000075a548
Thread  C:\Windows\system32\svchost.exe [832:992]                                                               0000000000751540
Thread  C:\Windows\system32\svchost.exe [832:1008]                                                              00000000010eb898
Thread  C:\Windows\system32\svchost.exe [832:1012]                                                              00000000010eb220
 
---- Disk sectors - GMER 2.1 ----
 
Disk    \Device\Harddisk0\DR0                                                                                   unknown MBR code
Disk    \Device\Harddisk0\DR0                                                                                   unknown MBR code
 
---- EOF - GMER 2.1 ----


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:58 PM

Posted 03 January 2014 - 12:51 PM

I see a few issues here and I'd like to investigate this further outside windows.
  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
    :spacer:
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
    :spacer:
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 Hasbronero

Hasbronero
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 03 January 2014 - 01:41 PM

After selecting Repair your computer should it go immediately to the keyboard options? Every time I try it appears to boot up normally and goes to the log in screen.

 

I am doing this the "Advanced Boot Options" method.


Edited by Hasbronero, 03 January 2014 - 01:42 PM.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:58 PM

Posted 03 January 2014 - 01:47 PM

No, it should show you a window "loading files". If this doesn't work, do you have a Windows disk? If not, can you create one?

We need to create a Windows 7 System Repair Disk. Note that this disk can only be used to access the Recovery Environment, not to reinstall Windows 7.
  • Press Windows Key + R, type recdisc.exe in the runbox and press enter.
  • If you get a UAC prompt, allow the application to run by clicking Yes. You will see the following:

    win7srd1.png

  • Make sure you have a blank CD or DVD in your CD/DVD drive and click Create disc. Note: If AutoPlay comes up, just close it.
  • When the System Repair Disk has been created, click Close and then OK. Your System Repair Disk is now ready for use.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 Hasbronero

Hasbronero
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 03 January 2014 - 01:57 PM

I tried that just now. For some reason is gives me an error message saying:

 

"Windows was unable to parse the requested XML data. (0x800705V9)"


Edited by Hasbronero, 03 January 2014 - 01:58 PM.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:58 PM

Posted 03 January 2014 - 02:03 PM

Then lets go the linux way. :)

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.
This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 Hasbronero

Hasbronero
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 03 January 2014 - 02:24 PM

Ok, I did just that. It sent me to a language select screen. I tried pressing F12, but it only said that it would automatically boot in x seconds. I selected English and now it's on a black screen with text. The last few lines of the text say

 

xinit: No such file or directory (errmo2): unable to connect to X server

xinit: No such process (errmo3): Server error.

xauth: (argv):1: bad display name "(none) :0" in "remove" command

sh: no job control in this shell

sh-4.0# _


Edited by Hasbronero, 03 January 2014 - 02:28 PM.


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:58 PM

Posted 03 January 2014 - 02:31 PM

Okay, lets go for a full iso then. Please download this file and burn it to a DVD (note, you need to burn the iso to DVD, not the file, if you have trouble with this, just let me know).

 

Now repeat the steps in post #6 and see if you can boot in the recovery environment (careful, don't choose the "Install Windows" option!).


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 Hasbronero

Hasbronero
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 03 January 2014 - 03:33 PM

That one worked! Here's the info:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by SYSTEM on MININT-RVCNTG5 on 03-01-2014 12:30:20
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [] - [x]
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\Default\...\Run: [HPADVISOR] - [x]
HKU\Default User\...\Run: [HPADVISOR] - [x]
 
==================== Services (Whitelisted) =================
 
S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-06] (Akamai Technologies, Inc.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-28] (Advanced Micro Devices, Inc.)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [121616 2013-10-02] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [227232 2010-09-02] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3428588 2010-02-10] (INCA Internet Co., Ltd.)
S4 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-12-06] (AVG Technologies)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-21] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-01-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-21] (LG Electronics Inc.)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 dump_wmimmc; \??\C:\Program Files (x86)\NCsoft\Exteel\System\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
S3 X6va005; \??\C:\Users\MLALAN~1\AppData\Local\Temp\0053D1E.tmp [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-03 12:30 - 2014-01-03 12:30 - 00000000 ____D C:\FRST
2014-01-03 11:09 - 2014-01-03 11:09 - 00497272 _____ C:\Users\mlalangan\Desktop\GETxPUD.exe
2014-01-03 11:09 - 2011-05-30 22:29 - 00000000 ____D C:\Users\mlalangan\Desktop\GETxPUD
2014-01-03 10:08 - 2014-01-03 10:08 - 01931750 _____ (Farbar) C:\Users\mlalangan\Desktop\FRST64.exe
2014-01-03 09:26 - 2014-01-03 09:26 - 00001969 _____ C:\Users\mlalangan\Desktop\Results.log
2014-01-03 09:09 - 2014-01-03 09:09 - 00377856 _____ C:\Users\mlalangan\Desktop\65e0j9qh.exe
2014-01-03 07:51 - 2014-01-03 07:52 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\mlalangan\Desktop\tdsskiller.exe
2014-01-03 02:40 - 2014-01-03 02:40 - 00000960 _____ C:\Users\mlalangan\Documents\DDS.txt
2014-01-03 02:28 - 2014-01-03 02:39 - 00000960 _____ C:\Users\mlalangan\Desktop\attach.txt
2014-01-03 02:28 - 2014-01-03 02:38 - 00020822 _____ C:\Users\mlalangan\Desktop\dds.txt
2014-01-03 02:23 - 2014-01-03 02:23 - 00688992 ____R (Swearware) C:\Users\mlalangan\Documents\dds.com
2014-01-03 02:15 - 2014-01-03 02:26 - 00000000 ____D C:\AdwCleaner
2014-01-03 02:14 - 2014-01-03 02:15 - 01233962 _____ C:\Users\mlalangan\Documents\adwcleaner.exe
2014-01-03 01:48 - 2014-01-03 02:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-03 01:45 - 2014-01-03 01:46 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\mlalangan\Documents\mbam-setup-1.75.0.1300 (1).exe
2014-01-03 00:54 - 2014-01-03 00:54 - 00000000 ____D C:\Windows\pss
2014-01-02 22:18 - 2014-01-02 22:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\mlalangan\Documents\mbam-setup-1.75.0.1300.exe
2014-01-02 21:49 - 2014-01-02 21:49 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\mlalangan\Documents\iExplore.exe
2014-01-02 21:48 - 2014-01-02 21:50 - 00001638 _____ C:\Users\mlalangan\Desktop\Rkill.txt
2014-01-02 21:48 - 2014-01-02 21:48 - 00000000 ____D C:\Users\mlalangan\Desktop\rkill
2014-01-02 08:32 - 2014-01-02 08:32 - 00037376 _____ C:\Windows\System32\mcba.ars
2014-01-02 08:22 - 2014-01-03 10:07 - 00000086 _____ C:\Windows\System32\ryei.tbw
2014-01-02 08:22 - 2014-01-02 08:32 - 00000096 _____ C:\Windows\System32\knfjgxp.pwb
2014-01-02 08:22 - 2014-01-02 08:22 - 00000064 _____ C:\Windows\System32\imcd.aha
2014-01-02 08:06 - 2014-01-02 08:06 - 00219314 ____S C:\Windows\System32\jxvcief.pxk
2014-01-02 08:05 - 2014-01-02 08:05 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\ooVoo Details
2014-01-02 08:04 - 2014-01-02 08:04 - 02512960 _____ (ooVoo LLC) C:\Users\mlalangan\Documents\ooVooSetup.exe
2013-12-29 10:30 - 2013-12-29 10:30 - 00033650 _____ C:\Users\mlalangan\Documents\66FAEDAA74796C87851C6435CA1AE2882D06C8B3.torrent
2013-12-28 00:39 - 2013-12-28 00:39 - 00013318 _____ C:\Users\mlalangan\Documents\Write.odt
2013-12-26 10:57 - 2013-12-26 10:57 - 00000000 ____D C:\Users\mlalangan\AppData\Local\PAYDAY
2013-12-25 19:54 - 2013-12-25 20:10 - 00000000 ____D C:\Users\mlalangan\Documents\JoyToKey_en
2013-12-25 19:54 - 2013-12-25 19:54 - 00776412 _____ C:\Users\mlalangan\Documents\JoyToKey_en.zip
2013-12-24 07:05 - 2013-12-24 07:05 - 00001929 _____ C:\Users\mlalangan\Desktop\Skype.lnk
2013-12-23 23:30 - 2013-12-23 23:30 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\OpenOffice
2013-12-23 23:26 - 2013-12-23 23:26 - 00001184 _____ C:\Users\mlalangan\Desktop\OpenOffice 4.0.1.lnk
2013-12-23 23:26 - 2013-12-23 23:26 - 00001140 _____ C:\Users\mlalangan\Desktop\OpenOffice Writer.lnk
2013-12-23 23:22 - 2013-12-23 23:23 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-23 23:11 - 2013-12-23 23:11 - 00000000 ____D C:\Users\mlalangan\Desktop\OpenOffice 4.0.1 (en-US) Installation Files
2013-12-23 23:06 - 2013-12-23 23:06 - 00001809 _____ C:\Users\mlalangan\Desktop\Celtx.lnk
2013-12-23 23:06 - 2013-12-23 23:06 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\Greyfirst
2013-12-23 23:06 - 2013-12-23 23:06 - 00000000 ____D C:\Users\mlalangan\AppData\Local\Greyfirst
2013-12-23 23:02 - 2013-12-23 23:02 - 00001791 _____ C:\Users\Public\Desktop\Celtx.lnk
2013-12-23 23:02 - 2013-12-23 23:02 - 00000000 ____D C:\Program Files (x86)\Celtx
2013-12-23 22:50 - 2013-12-23 22:50 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\Unity
2013-12-23 22:08 - 2013-12-23 22:08 - 00001208 _____ C:\Users\mlalangan\Desktop\Minecraft - Shortcut.lnk
2013-12-20 07:10 - 2013-12-20 07:26 - 00000000 ____D C:\Users\mlalangan\Documents\Bully Scholarship Edition
2013-12-19 16:38 - 2013-12-19 16:38 - 00000000 ____D C:\Users\mlalangan\AppData\Local\CrashRpt
2013-12-19 16:33 - 2013-12-19 16:33 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2013-12-19 16:30 - 2013-12-19 16:30 - 00000000 ____D C:\Windows\USB_Vibration
2013-12-19 16:28 - 2013-12-19 16:28 - 00000000 ____D C:\Users\mlalangan\Documents\Square Enix
2013-12-14 23:10 - 2013-12-22 22:35 - 00000000 ____D C:\Users\mlalangan\Documents\Telltale Games
2013-12-14 21:17 - 2013-12-14 21:17 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-07 22:29 - 2013-12-23 22:15 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\.minecraft
2013-12-07 22:28 - 2013-12-07 22:29 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\New folder
2013-12-07 17:26 - 2014-01-02 13:26 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleFormlalangan
2013-12-07 17:26 - 2014-01-02 13:26 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleFormlalangan.job
2013-12-06 21:01 - 2013-12-06 21:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-06 21:01 - 2013-12-06 21:01 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-06 20:57 - 2013-12-06 20:59 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-06 19:10 - 2013-12-06 19:10 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-12-06 18:44 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-12-06 18:44 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2013-12-06 18:44 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-12-06 18:44 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2013-12-06 18:44 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-12-06 18:43 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2013-12-06 18:43 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-06 18:43 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2013-12-06 18:43 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-12-06 18:43 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2013-12-06 18:43 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-12-06 18:43 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-12-06 18:43 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-12-06 18:43 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2013-12-06 18:43 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-12-06 18:43 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-12-06 18:43 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-12-06 18:43 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2013-12-06 18:43 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-12-06 18:43 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-12-06 18:43 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2013-12-06 18:43 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2013-12-06 18:43 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-12-06 18:43 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2013-12-06 18:43 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-12-06 18:43 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2013-12-06 18:43 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2013-12-06 18:43 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-12-06 18:43 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-12-06 18:43 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2013-12-06 18:43 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-12-06 18:43 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2013-12-06 18:43 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-12-06 18:43 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-12-06 18:43 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2013-12-06 18:43 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2013-12-06 18:43 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-12-06 18:43 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2013-12-06 18:43 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-12-06 18:43 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2013-12-06 18:43 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-12-06 18:43 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2013-12-06 18:43 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-12-06 18:42 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-12-06 18:42 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
 
==================== One Month Modified Files and Folders =======
 
2014-01-03 12:30 - 2014-01-03 12:30 - 00000000 ____D C:\FRST
2014-01-03 11:13 - 2009-10-20 06:04 - 01695498 _____ C:\Windows\WindowsUpdate.log
2014-01-03 11:09 - 2014-01-03 11:09 - 00497272 _____ C:\Users\mlalangan\Desktop\GETxPUD.exe
2014-01-03 11:01 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 11:01 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 11:00 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-03 10:59 - 2012-12-15 07:44 - 00262144 _____ C:\Windows\System32\config\ELAM
2014-01-03 10:54 - 2011-10-08 14:43 - 00000000 ____D C:\Users\mlalangan\AppData\Local\LogMeIn Hamachi
2014-01-03 10:54 - 2010-08-29 10:46 - 00186637 _____ C:\Windows\setupact.log
2014-01-03 10:54 - 2010-01-28 21:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-03 10:54 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-03 10:24 - 2010-08-29 10:46 - 00237764 _____ C:\Windows\PFRO.log
2014-01-03 10:08 - 2014-01-03 10:08 - 01931750 _____ (Farbar) C:\Users\mlalangan\Desktop\FRST64.exe
2014-01-03 10:07 - 2014-01-02 08:22 - 00000086 _____ C:\Windows\System32\ryei.tbw
2014-01-03 09:51 - 2010-05-30 14:17 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2123356483-960131933-3295515452-1000UA.job
2014-01-03 09:26 - 2014-01-03 09:26 - 00001969 _____ C:\Users\mlalangan\Desktop\Results.log
2014-01-03 09:26 - 2010-01-28 21:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-03 09:17 - 2012-04-05 08:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-03 09:09 - 2014-01-03 09:09 - 00377856 _____ C:\Users\mlalangan\Desktop\65e0j9qh.exe
2014-01-03 07:52 - 2014-01-03 07:51 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\mlalangan\Desktop\tdsskiller.exe
2014-01-03 02:43 - 2009-12-05 13:19 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\Skype
2014-01-03 02:40 - 2014-01-03 02:40 - 00000960 _____ C:\Users\mlalangan\Documents\DDS.txt
2014-01-03 02:39 - 2014-01-03 02:28 - 00000960 _____ C:\Users\mlalangan\Desktop\attach.txt
2014-01-03 02:38 - 2014-01-03 02:28 - 00020822 _____ C:\Users\mlalangan\Desktop\dds.txt
2014-01-03 02:26 - 2014-01-03 02:15 - 00000000 ____D C:\AdwCleaner
2014-01-03 02:23 - 2014-01-03 02:23 - 00688992 ____R (Swearware) C:\Users\mlalangan\Documents\dds.com
2014-01-03 02:18 - 2010-08-02 10:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-03 02:15 - 2014-01-03 02:14 - 01233962 _____ C:\Users\mlalangan\Documents\adwcleaner.exe
2014-01-03 02:08 - 2014-01-03 01:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-03 01:46 - 2014-01-03 01:45 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\mlalangan\Documents\mbam-setup-1.75.0.1300 (1).exe
2014-01-03 01:24 - 2012-01-09 22:12 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2123356483-960131933-3295515452-1000UA.job
2014-01-03 00:54 - 2014-01-03 00:54 - 00000000 ____D C:\Windows\pss
2014-01-03 00:44 - 2009-12-07 21:11 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-02 22:18 - 2014-01-02 22:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\mlalangan\Documents\mbam-setup-1.75.0.1300.exe
2014-01-02 21:53 - 2009-12-10 21:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-02 21:50 - 2014-01-02 21:48 - 00001638 _____ C:\Users\mlalangan\Desktop\Rkill.txt
2014-01-02 21:49 - 2014-01-02 21:49 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\mlalangan\Documents\iExplore.exe
2014-01-02 21:48 - 2014-01-02 21:48 - 00000000 ____D C:\Users\mlalangan\Desktop\rkill
2014-01-02 16:24 - 2012-01-09 22:12 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2123356483-960131933-3295515452-1000Core.job
2014-01-02 13:26 - 2013-12-07 17:26 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleFormlalangan
2014-01-02 13:26 - 2013-12-07 17:26 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleFormlalangan.job
2014-01-02 08:32 - 2014-01-02 08:32 - 00037376 _____ C:\Windows\System32\mcba.ars
2014-01-02 08:32 - 2014-01-02 08:22 - 00000096 _____ C:\Windows\System32\knfjgxp.pwb
2014-01-02 08:22 - 2014-01-02 08:22 - 00000064 _____ C:\Windows\System32\imcd.aha
2014-01-02 08:06 - 2014-01-02 08:06 - 00219314 ____S C:\Windows\System32\jxvcief.pxk
2014-01-02 08:05 - 2014-01-02 08:05 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\ooVoo Details
2014-01-02 08:04 - 2014-01-02 08:04 - 02512960 _____ (ooVoo LLC) C:\Users\mlalangan\Documents\ooVooSetup.exe
2013-12-30 19:51 - 2010-05-30 14:17 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2123356483-960131933-3295515452-1000Core.job
2013-12-29 22:18 - 2010-07-24 23:20 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\BitTorrent
2013-12-29 10:30 - 2013-12-29 10:30 - 00033650 _____ C:\Users\mlalangan\Documents\66FAEDAA74796C87851C6435CA1AE2882D06C8B3.torrent
2013-12-28 19:26 - 2011-10-29 10:59 - 00000000 _____ C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-28 19:26 - 2009-12-07 18:31 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-28 19:24 - 2009-12-07 18:30 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\HP Support Assistant
2013-12-28 19:24 - 2009-12-06 12:27 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\HpUpdate
2013-12-28 00:39 - 2013-12-28 00:39 - 00013318 _____ C:\Users\mlalangan\Documents\Write.odt
2013-12-27 10:01 - 2010-03-22 22:53 - 00000000 ____D C:\Users\mlalangan\AppData\Local\Microsoft Games
2013-12-26 10:57 - 2013-12-26 10:57 - 00000000 ____D C:\Users\mlalangan\AppData\Local\PAYDAY
2013-12-26 10:56 - 2011-06-01 16:42 - 00073148 _____ C:\Windows\DirectX.log
2013-12-25 20:10 - 2013-12-25 19:54 - 00000000 ____D C:\Users\mlalangan\Documents\JoyToKey_en
2013-12-25 19:54 - 2013-12-25 19:54 - 00776412 _____ C:\Users\mlalangan\Documents\JoyToKey_en.zip
2013-12-25 12:56 - 2010-07-24 23:16 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\vlc
2013-12-24 07:05 - 2013-12-24 07:05 - 00001929 _____ C:\Users\mlalangan\Desktop\Skype.lnk
2013-12-24 06:42 - 2009-07-13 20:45 - 00422072 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-24 00:33 - 2011-03-19 19:34 - 00000000 ____D C:\Program Files (x86)\Sony
2013-12-23 23:59 - 2009-12-05 11:24 - 00000000 ____D C:\users\mlalangan
2013-12-23 23:52 - 2009-12-05 11:33 - 00105664 _____ C:\Users\mlalangan\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-23 23:30 - 2013-12-23 23:30 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\OpenOffice
2013-12-23 23:26 - 2013-12-23 23:26 - 00001184 _____ C:\Users\mlalangan\Desktop\OpenOffice 4.0.1.lnk
2013-12-23 23:26 - 2013-12-23 23:26 - 00001140 _____ C:\Users\mlalangan\Desktop\OpenOffice Writer.lnk
2013-12-23 23:23 - 2013-12-23 23:22 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-23 23:11 - 2013-12-23 23:11 - 00000000 ____D C:\Users\mlalangan\Desktop\OpenOffice 4.0.1 (en-US) Installation Files
2013-12-23 23:06 - 2013-12-23 23:06 - 00001809 _____ C:\Users\mlalangan\Desktop\Celtx.lnk
2013-12-23 23:06 - 2013-12-23 23:06 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\Greyfirst
2013-12-23 23:06 - 2013-12-23 23:06 - 00000000 ____D C:\Users\mlalangan\AppData\Local\Greyfirst
2013-12-23 23:02 - 2013-12-23 23:02 - 00001791 _____ C:\Users\Public\Desktop\Celtx.lnk
2013-12-23 23:02 - 2013-12-23 23:02 - 00000000 ____D C:\Program Files (x86)\Celtx
2013-12-23 22:50 - 2013-12-23 22:50 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\Unity
2013-12-23 22:15 - 2013-12-07 22:29 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\.minecraft
2013-12-23 22:08 - 2013-12-23 22:08 - 00001208 _____ C:\Users\mlalangan\Desktop\Minecraft - Shortcut.lnk
2013-12-22 22:35 - 2013-12-14 23:10 - 00000000 ____D C:\Users\mlalangan\Documents\Telltale Games
2013-12-22 10:42 - 2009-12-19 20:22 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-12-22 10:21 - 2009-12-21 04:49 - 00000000 ____D C:\Users\mlalangan\AppData\Local\Google
2013-12-20 07:26 - 2013-12-20 07:10 - 00000000 ____D C:\Users\mlalangan\Documents\Bully Scholarship Edition
2013-12-19 16:38 - 2013-12-19 16:38 - 00000000 ____D C:\Users\mlalangan\AppData\Local\CrashRpt
2013-12-19 16:33 - 2013-12-19 16:33 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2013-12-19 16:30 - 2013-12-19 16:30 - 00000000 ____D C:\Windows\USB_Vibration
2013-12-19 16:30 - 2009-09-20 01:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-19 16:28 - 2013-12-19 16:28 - 00000000 ____D C:\Users\mlalangan\Documents\Square Enix
2013-12-14 21:17 - 2013-12-14 21:17 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-14 21:17 - 2012-04-05 08:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-14 21:17 - 2012-04-05 08:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-14 21:17 - 2011-05-22 16:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-14 19:46 - 2010-05-30 14:17 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2123356483-960131933-3295515452-1000UA
2013-12-14 19:46 - 2010-05-30 14:17 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2123356483-960131933-3295515452-1000Core
2013-12-14 19:26 - 2012-09-03 14:14 - 00000000 ____D C:\Windows\SysWOW64\cache
2013-12-07 22:29 - 2013-12-07 22:28 - 00000000 ____D C:\Users\mlalangan\AppData\Roaming\New folder
2013-12-06 23:20 - 2010-01-28 21:01 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 23:20 - 2010-01-28 21:01 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 21:01 - 2013-12-06 21:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-06 21:01 - 2013-12-06 21:01 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-06 20:59 - 2013-12-06 20:57 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-06 19:33 - 2011-11-03 17:14 - 00000000 ____D C:\Users\mlalangan\AppData\Local\Akamai
2013-12-06 19:10 - 2013-12-06 19:10 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-12-06 17:43 - 2012-08-22 14:14 - 00046368 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\mlalangan\AppData\Local\Temp\7za.exe
C:\Users\mlalangan\AppData\Local\Temp\avguidx.dll
C:\Users\mlalangan\AppData\Local\Temp\CommonInstaller.exe
C:\Users\mlalangan\AppData\Local\Temp\contentDATs.exe
C:\Users\mlalangan\AppData\Local\Temp\i4jdel0.exe
C:\Users\mlalangan\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\mlalangan\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\mlalangan\AppData\Local\Temp\NGM.exe
C:\Users\mlalangan\AppData\Local\Temp\NGMDll.dll
C:\Users\mlalangan\AppData\Local\Temp\NGMResource.dll
C:\Users\mlalangan\AppData\Local\Temp\oi_{70042766-D6E4-4D8B-B80F-0A52A792F87B}.exe
C:\Users\mlalangan\AppData\Local\Temp\sfamcc00001.dll
C:\Users\mlalangan\AppData\Local\Temp\sfamcc00002.dll
C:\Users\mlalangan\AppData\Local\Temp\sfamcc00003.dll
C:\Users\mlalangan\AppData\Local\Temp\sfamcc00004.dll
C:\Users\mlalangan\AppData\Local\Temp\sfareca00002.dll
C:\Users\mlalangan\AppData\Local\Temp\sfareca00004.dll
C:\Users\mlalangan\AppData\Local\Temp\sfextra.dll
C:\Users\mlalangan\AppData\Local\Temp\sp58915.exe
C:\Users\mlalangan\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\mlalangan\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\mlalangan\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\mlalangan\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\mlalangan\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\mlalangan\AppData\Local\Temp\utt2F44.tmp.exe
C:\Users\mlalangan\AppData\Local\Temp\YontooIEClient.dll
C:\Users\mlalangan\AppData\Local\Temp\YontooSetup-Silent.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-12-26 10:53:56
Restore point made on: 2014-01-02 09:27:51
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8191.23 MB
Available physical RAM: 7333.74 MB
Total Pagefile: 8189.43 MB
Available Pagefile: 7334.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:919.41 GB) (Free:530.4 GB) NTFS
Drive e: (FACTORY_IMAGE) (Fixed) (Total:12 GB) (Free:1.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (GSP1RMCHPXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
Drive g: (KINGSTON) (Removable) (Total:3.65 GB) (Free:1.17 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)
 
 
LastRegBack: 2013-12-30 08:26
 
==================== End Of Log ============================


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:58 PM

Posted 03 January 2014 - 03:48 PM

Okay, that definitely shows some infected objects. First however I'd like a closer look at the MBR. Please press windows key + R, type notepad and pres senter.

Copy/paste the following text into Notepad and save it as fixlist.txt in the same location as frst (important!).
SaveMbr: drive=0
Now reboot the infected computer with the CD (or reinsert the USB drive if you still were booted up in the recovery environment). Run FRST just like last time, but this time click the Fix button. When the fix is finished you will have an additional file mbrdump.txt on your usb drive. Please attach this file to your next post. Do NOT post its contents, it will look like gibberish.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 Hasbronero

Hasbronero
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 03 January 2014 - 04:05 PM

Alright, here it is.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users