Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All anitviruses are blocked by group policy and I'm infected with a ad virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 GigaDrill

GigaDrill

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 03 January 2014 - 11:53 AM

AVG and MBAM are blocked by some group policy thing and I am sure I'm infected with the ZEROACCESS rootkit. My comp is also infected with a virus that plays clips of ads (audio only) in the background. I'm running MBAM in safe mode currently. Help pleease

BC AdBot (Login to Remove)

 


#2 GigaDrill

GigaDrill
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 03 January 2014 - 12:07 PM

I saw the other threads, so i also ran Farbar.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by INUNG (administrator) on INUNG-PC on 03-01-2014 09:01:58
Running from C:\Users\INUNG\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [OOTag] - C:\Program Files (x86)\Gateway\OOBEOffer\OOTag.exe [13856 2010-02-22] (Microsoft)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [563744 2010-03-25] ()
HKLM-x32\...\Run: [Gateway Photo Frame] - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [124416 2009-07-20] (IOI)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [MapleStorySuper.exe] - C:\ [0 ] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2471448 2013-12-09] ()
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\INUNG\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)
HKCU\...\Run: [MurGee.com Auto Clicker] - C:\ProgramData\Auto Clicker\AutoClicker.exe [96536 2013-09-22] (MurGee.com)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()
HKU\Mom and Dad\...\Run: [Local AppWizard-Generated Applications Update] - regsvr32.exe "C:\Users\Mom and Dad\AppData\Local\Local AppWizard-Generated Applications\ep0lvr1d.dll"
HKU\Mom and Dad\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\Mom and Dad\...\Run: [czpbeb] - regsvr32.exe /s "C:\ProgramData\czpbeb.dat"
HKU\Mom and Dad\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Users\Mom and Dad\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=2b382fb0d07447d3965c41b2e06e4a18-06ce4fc639803a2e3563922518183d8e94088cb9 /CMPID=1113a
HKU\Mom and Dad\...\Run: [AVG-Secure-Search-Update_1013b] - C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe [2163224 2013-12-17] (AVG Secure Search)
HKU\Others\...\Run: [bxxekeiiotvzigr] - C:\ProgramData\bxxekeii.exe
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: http=;ftp=;https=;
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17361010e206p0475v135k46i1r22p
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17361010e206p0475v135k46i1r22p
URLSearchHook: HKCU - (No Name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
SearchScopes: HKCU - Backup.Old.DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
SearchScopes: HKCU - {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\..\Interfaces\{7B54FECE-622E-49AA-8741-A6E8C4581A06}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF ProfilePath: C:\Users\INUNG\AppData\Roaming\Mozilla\Firefox\Profiles\866csuyn.default
FF Homepage: hxxp://www.google.com/
FF DefaultSearchEngine: Search
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @live.heroesandgenerals.com/npretox - C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.com/NxGame - C:\ProgramData\Nexon\NGM\npnxgame.dll (Nexon)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\INUNG\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: @eximion.com/KalydoPlayer3.08.01 - C:\Users\INUNG\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Program Files (x86)\Roblox\Versions\version-fcf5e8633f75410d\\NPRobloxProxy.dll ( Roblox Corporation)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\INUNG\AppData\Roaming\Mozilla\Firefox\Profiles\866csuyn.default\searchplugins\AIM Search.xml
FF SearchPlugin: C:\Users\INUNG\AppData\Roaming\Mozilla\Firefox\Profiles\866csuyn.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Fasterfox Lite - C:\Users\INUNG\AppData\Roaming\Mozilla\Firefox\Profiles\866csuyn.default\Extensions\FasterFox_Lite@BigRedBrent
FF Extension: FireDownload - C:\Users\INUNG\AppData\Roaming\Mozilla\Firefox\Profiles\866csuyn.default\Extensions\firedownload@mozilla.org
FF Extension: FastestFox - C:\Users\INUNG\AppData\Roaming\Mozilla\Firefox\Profiles\866csuyn.default\Extensions\smarterwiki@wikiatic.com
FF Extension: MochiGames Community Toolbar - C:\Users\INUNG\AppData\Roaming\Mozilla\Firefox\Profiles\866csuyn.default\Extensions\{293e7470-fd3b-4d28-a20f-688ce8292340}
FF Extension: Fasterfox Extra - C:\Users\INUNG\AppData\Roaming\Mozilla\Firefox\Profiles\866csuyn.default\Extensions\{ABD782DD-6EA5-4008-A03D-3FF46E886D38}
FF Extension: BitTorrentControl_v12  - C:\Users\INUNG\AppData\Roaming\Mozilla\Firefox\Profiles\866csuyn.default\Extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
FF Extension: AOL Messaging Toolbar - C:\Users\INUNG\AppData\Roaming\Mozilla\Firefox\Profiles\866csuyn.default\Extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF Extension: Fasterfox - C:\Users\INUNG\AppData\Roaming\Mozilla\Firefox\Profiles\866csuyn.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
FF Extension: Fasterfox (EladKarako Mod) - C:\Users\INUNG\AppData\Roaming\Mozilla\Firefox\Profiles\866csuyn.default\Extensions\{eeeeeeee-aaaa-0000-aaaa-000000000000}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - C:\Users\Mom and Dad\AppData\Local\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Slinky Elegant) - C:\Users\INUNG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_0
CHR Extension: () - C:\Users\INUNG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0
CHR Extension: (Google Dictionary (by Google)) - C:\Users\INUNG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.17_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.2.0.38\avg.crx
 
==================== Services (Whitelisted) =================
 
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-28] (Advanced Micro Devices, Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2011-01-10] ()
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-10] ()
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-09] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-12-08] (AVG Technologies)
S3 DCamUSBVM; C:\Windows\System32\Drivers\usbVM31b.sys [142336 2005-09-19] (Vimicro Corporation)
S3 DCamUSBVM; C:\Windows\SysWow64\Drivers\usbVM31b.sys [94098 2002-12-10] (VM)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
S3 rkhdrv40; C:\Windows\SysWow64\Drivers\rkhdrv40.sys [24448 2014-01-03] ()
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 wolf; C:\Program Files (x86)\SoftnyxGame\WolfTeamIS\wolf64.sys [40056 2011-06-15] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena\safedrv.sys [x]
S3 X6va001; \??\C:\Users\INUNG\AppData\Local\Temp\001E3F8.tmp [x]
S3 X6va003; \??\C:\Users\INUNG\AppData\Local\Temp\003BFA7.tmp [x]
S3 X6va005; \??\C:\Users\INUNG\AppData\Local\Temp\005D401.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-03 09:01 - 2014-01-03 09:02 - 00019033 _____ C:\Users\INUNG\Desktop\FRST.txt
2014-01-03 09:01 - 2014-01-03 09:01 - 00000000 ____D C:\FRST
2014-01-03 08:59 - 2014-01-03 08:59 - 01931750 _____ (Farbar) C:\Users\INUNG\Desktop\FRST64.exe
2014-01-03 08:21 - 2014-01-03 08:21 - 00022606 _____ C:\ComboFix.txt
2014-01-03 07:55 - 2014-01-03 07:55 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\INUNG\Desktop\rkill64-29408.exe
2014-01-03 07:08 - 2014-01-03 07:08 - 00024448 _____ C:\Windows\SysWOW64\Drivers\rkhdrv40.sys
2014-01-03 07:08 - 2014-01-03 07:08 - 00000000 ____D C:\Users\INUNG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
2014-01-03 07:08 - 2014-01-03 07:08 - 00000000 ____D C:\RkUnhooker
2014-01-03 07:08 - 2007-08-27 19:47 - 00169655 _____ C:\Users\INUNG\Desktop\RkU3.7.300.505.exe
2014-01-03 07:07 - 2014-01-03 07:08 - 00158300 _____ C:\Users\INUNG\Downloads\RkU37300505.zip
2014-01-02 22:48 - 2014-01-02 22:48 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\INUNG\Desktop\rkill64.exe
2014-01-02 22:47 - 2014-01-02 22:47 - 00000000 ____D C:\Users\Mom and Dad\Documents\TI-Nspire
2014-01-02 22:47 - 2014-01-02 22:47 - 00000000 ____D C:\Users\Mom and Dad\Documents\AutomaticSolution Software
2014-01-02 22:47 - 2014-01-02 22:47 - 00000000 ____D C:\Users\Mom and Dad\AppData\Roaming\TI-Nspire
2014-01-02 22:46 - 2014-01-02 22:46 - 00000000 ____D C:\Users\Mom and Dad\AppData\Roaming\Texas Instruments
2014-01-02 22:46 - 2014-01-02 22:46 - 00000000 ____D C:\Users\Mom and Dad\.swt
2014-01-02 22:08 - 2014-01-02 22:08 - 00037376 _____ C:\Windows\system32\ntwgviv.caz
2014-01-02 21:58 - 2014-01-03 08:20 - 00000079 _____ C:\Windows\system32\guzyuz.ema
2014-01-02 21:58 - 2014-01-02 22:08 - 00000101 _____ C:\Windows\system32\lcofxsm.rwz
2014-01-02 21:58 - 2014-01-02 21:58 - 00000064 _____ C:\Windows\system32\puxovy.plq
2014-01-02 21:42 - 2014-01-02 21:42 - 00219314 ____S C:\Windows\system32\mtsdz.uma
2014-01-02 08:32 - 2014-01-02 08:32 - 03708809 _____ C:\Users\INUNG\Downloads\ap_motivation3.pptx
2014-01-02 07:58 - 2014-01-02 07:59 - 00030194 _____ C:\Users\INUNG\Downloads\New Cont KC Membs Pts (2013_2014).xlsx
2014-01-02 00:46 - 2014-01-02 00:46 - 00003408 ____N C:\bootsqm.dat
2013-12-31 14:13 - 2013-12-31 14:14 - 04101441 _____ C:\Users\INUNG\Downloads\tdsskiller (1).zip
2013-12-31 14:10 - 2013-11-18 09:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\INUNG\Desktop\TDSSKiller.exe
2013-12-31 11:45 - 2013-12-31 11:45 - 00001076 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-31 11:40 - 2013-12-31 11:45 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\INUNG\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-31 11:22 - 2013-12-31 11:22 - 00022018 _____ C:\Users\INUNG\Desktop\ComboFix.txt
2013-12-31 10:32 - 2013-12-31 10:46 - 00002399 _____ C:\Users\INUNG\Desktop\avgrep.txt
2013-12-30 22:31 - 2013-12-30 22:32 - 03415088 _____ C:\Users\INUNG\Downloads\avg_remover_zeroaccess.exe
2013-12-30 22:26 - 2013-12-30 22:34 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2013-12-30 22:25 - 2013-12-30 22:26 - 01805736 _____ (Symantec Corporation) C:\Users\INUNG\Downloads\FixZeroAccess.exe
2013-12-30 22:23 - 2013-12-30 22:23 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\INUNG\Downloads\rkill64.exe
2013-12-30 22:20 - 2013-12-30 22:31 - 81439184 _____ (Sophos Limited) C:\Users\INUNG\Desktop\Sophos Virus Removal Tool.exe
2013-12-30 22:20 - 2013-12-30 22:21 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\INUNG\Desktop\rkill.exe
2013-12-30 21:25 - 2013-12-30 21:25 - 00003966 _____ C:\Users\INUNG\Desktop\JRT.txt
2013-12-30 21:18 - 2014-01-03 07:57 - 00001638 _____ C:\Users\INUNG\Desktop\Rkill.txt
2013-12-30 21:18 - 2013-12-30 21:18 - 00000000 ____D C:\Users\INUNG\Desktop\RK_Quarantine
2013-12-30 21:17 - 2013-12-30 21:17 - 00634821 _____ (IWR Consultancy                                             ) C:\Users\INUNG\Downloads\SoftwarePolicy03setup.exe
2013-12-30 17:50 - 2013-12-30 17:50 - 00000000 ____D C:\Users\INUNG\Desktop\coops
2013-12-30 15:47 - 2013-12-30 15:47 - 00000000 ____D C:\ProgramData\Wild Tangent
2013-12-21 11:37 - 2013-12-21 11:37 - 05951755 _____ C:\Users\INUNG\Downloads\ap_consciousness4.pptx
2013-12-21 09:26 - 2013-12-21 09:26 - 00035328 _____ C:\Users\INUNG\Downloads\ch_14_1_142 (1).2notespr
2013-12-21 09:26 - 2013-12-21 09:26 - 00027136 _____ C:\Users\INUNG\Downloads\ch_14_3_14.5notespr
2013-12-19 16:48 - 2013-12-19 16:48 - 00001392 _____ C:\Users\Mom and Dad\Desktop\Gateway Games.lnk
2013-12-19 16:45 - 2013-12-19 16:45 - 00000000 ____D C:\Users\Mom and Dad\AppData\Local\Microsoft Games
2013-12-19 16:43 - 2013-12-19 16:43 - 00000000 ____D C:\Users\Mom and Dad\AppData\Roaming\WildTangent
2013-12-17 22:20 - 2014-01-03 07:58 - 00000370 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_1013b_rel.job
2013-12-17 22:20 - 2014-01-03 07:00 - 00000420 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_1013b_rmv.job
2013-12-17 22:20 - 2013-12-17 22:20 - 00002924 _____ C:\Windows\System32\Tasks\AVG-Secure-Search-Update_1013b_rmv
2013-12-17 22:20 - 2013-12-17 22:20 - 00002666 _____ C:\Windows\System32\Tasks\AVG-Secure-Search-Update_1013b_rel
2013-12-16 18:02 - 2013-12-16 18:02 - 00035328 _____ C:\Users\INUNG\Downloads\ch_14_1_142.2notespr
2013-12-16 18:01 - 2013-12-16 18:01 - 00031232 _____ C:\Users\INUNG\Downloads\ch_14_1_14.2notespr
2013-12-15 19:06 - 2013-12-18 07:53 - 00000000 ____D C:\Users\INUNG\Downloads\Cowboy Bebop OSTs
2013-12-15 19:05 - 2013-12-15 19:05 - 00058352 _____ C:\Users\INUNG\Downloads\[BakaBT.128718v0] Cowboy Bebop OSTs.torrent
2013-12-14 12:43 - 2013-12-14 12:44 - 05798570 _____ C:\Users\INUNG\Downloads\Sonic Battle (USA) (En,Ja,Fr,De,Es,It).zip
2013-12-14 12:41 - 2013-12-14 12:42 - 04417747 _____ C:\Users\INUNG\Downloads\Sonic Advance 3 (USA) (En,Ja,Fr,De,Es,It).zip
2013-12-14 12:40 - 2013-12-14 12:41 - 04075252 _____ C:\Users\INUNG\Downloads\Spyro - Season of Ice (USA).zip
2013-12-14 12:35 - 2013-12-14 12:38 - 16667088 _____ C:\Users\INUNG\Downloads\Kingdom Hearts - Chain of Memories (USA).zip
2013-12-09 16:05 - 2013-12-09 16:05 - 00066048 _____ C:\Users\INUNG\Downloads\precipitation_reactions_acid_base_reactions_ap_chem_13_14- (5)
2013-12-09 16:05 - 2013-12-09 16:05 - 00066048 _____ C:\Users\INUNG\Downloads\precipitation_reactions_acid_base_reactions_ap_chem_13_14- (4)
2013-12-09 16:03 - 2013-12-09 16:03 - 00028672 _____ C:\Users\INUNG\Downloads\ch_4_4_4 (1).8notespr
2013-12-09 16:03 - 2013-12-09 16:03 - 00027136 _____ C:\Users\INUNG\Downloads\ch_4_1_4 (3).3notespr
2013-12-09 16:02 - 2013-12-09 16:02 - 00028160 _____ C:\Users\INUNG\Downloads\ch_4.9notespr
2013-12-09 16:02 - 2013-12-09 16:02 - 00028160 _____ C:\Users\INUNG\Downloads\ch_4 (1).9notespr
2013-12-09 15:25 - 2013-12-09 15:26 - 00027136 _____ C:\Users\INUNG\Downloads\ch_4_1_4 (2).3notespr
2013-12-09 14:25 - 2013-12-09 14:25 - 00000000 ____D C:\Users\INUNG\AppData\Local\AVG SafeGuard toolbar
2013-12-08 17:22 - 2013-12-17 22:20 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-12-08 17:22 - 2013-12-09 18:24 - 00003744 _____ C:\Users\Mom and Dad\AppData\Local\Mozilla Firefoxsafeguard-secure-search.xml
2013-12-08 17:22 - 2013-12-09 18:24 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-12-08 17:22 - 2013-12-08 17:22 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-12-08 17:22 - 2013-12-08 17:22 - 00000000 ____D C:\Users\Mom and Dad\AppData\Local\AVG SafeGuard toolbar
2013-12-08 17:22 - 2013-12-08 17:22 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2013-12-08 16:52 - 2013-12-08 16:53 - 04289294 _____ C:\Users\INUNG\Downloads\Megaman Battle Network 3 White (USA).zip
2013-12-08 16:38 - 2013-12-08 16:38 - 00065637 _____ C:\Users\INUNG\Downloads\fire_emblem_sacred_a.sps
2013-12-06 17:16 - 2013-12-06 17:16 - 00066048 _____ C:\Users\INUNG\Downloads\precipitation_reactions_acid_base_reactions_ap_chem_13_14- (3)
2013-12-06 17:15 - 2013-12-06 17:15 - 00070656 _____ C:\Users\INUNG\Downloads\redox_reactions_ap_chem_13_14-
2013-12-06 17:15 - 2013-12-06 17:15 - 00066048 _____ C:\Users\INUNG\Downloads\precipitation_reactions_acid_base_reactions_ap_chem_13_14- (2)
2013-12-06 17:15 - 2013-12-06 17:15 - 00027136 _____ C:\Users\INUNG\Downloads\ch_4_1_4 (1).3notespr
 
==================== One Month Modified Files and Folders =======
 
2014-01-03 09:02 - 2014-01-03 09:01 - 00019033 _____ C:\Users\INUNG\Desktop\FRST.txt
2014-01-03 09:01 - 2014-01-03 09:01 - 00000000 ____D C:\FRST
2014-01-03 08:59 - 2014-01-03 08:59 - 01931750 _____ (Farbar) C:\Users\INUNG\Desktop\FRST64.exe
2014-01-03 08:26 - 2013-07-24 14:40 - 00062284 _____ C:\Windows\setupact.log
2014-01-03 08:25 - 2013-07-24 15:11 - 00011352 _____ C:\Windows\PFRO.log
2014-01-03 08:21 - 2014-01-03 08:21 - 00022606 _____ C:\ComboFix.txt
2014-01-03 08:21 - 2013-07-24 14:50 - 00000000 ____D C:\Qoobox
2014-01-03 08:20 - 2014-01-02 21:58 - 00000079 _____ C:\Windows\system32\guzyuz.ema
2014-01-03 08:18 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2014-01-03 07:58 - 2013-12-17 22:20 - 00000370 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_1013b_rel.job
2014-01-03 07:58 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-03 07:57 - 2013-12-30 21:18 - 00001638 _____ C:\Users\INUNG\Desktop\Rkill.txt
2014-01-03 07:57 - 2013-07-07 17:08 - 01403035 _____ C:\Windows\WindowsUpdate.log
2014-01-03 07:55 - 2014-01-03 07:55 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\INUNG\Desktop\rkill64-29408.exe
2014-01-03 07:47 - 2013-05-10 15:07 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-03 07:31 - 2011-05-18 14:17 - 00000000 ____D C:\Users\INUNG\AppData\Local\LogMeIn Hamachi
2014-01-03 07:13 - 2013-07-27 17:23 - 05160282 ____R (Swearware) C:\Users\INUNG\Desktop\ComboFix.exe
2014-01-03 07:09 - 2012-02-09 21:14 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-03 07:08 - 2014-01-03 07:08 - 00024448 _____ C:\Windows\SysWOW64\Drivers\rkhdrv40.sys
2014-01-03 07:08 - 2014-01-03 07:08 - 00000000 ____D C:\Users\INUNG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
2014-01-03 07:08 - 2014-01-03 07:08 - 00000000 ____D C:\RkUnhooker
2014-01-03 07:08 - 2014-01-03 07:07 - 00158300 _____ C:\Users\INUNG\Downloads\RkU37300505.zip
2014-01-03 07:08 - 2012-04-05 14:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-03 07:08 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 07:08 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 07:06 - 2013-05-16 23:14 - 00000286 _____ C:\Windows\Tasks\PlayFizz.job
2014-01-03 07:01 - 2010-11-14 19:05 - 00000000 ____D C:\Users\INUNG\AppData\Local\CrashDumps
2014-01-03 07:00 - 2013-12-17 22:20 - 00000420 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_1013b_rmv.job
2014-01-03 07:00 - 2013-05-10 15:07 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-02 22:48 - 2014-01-02 22:48 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\INUNG\Desktop\rkill64.exe
2014-01-02 22:47 - 2014-01-02 22:47 - 00000000 ____D C:\Users\Mom and Dad\Documents\TI-Nspire
2014-01-02 22:47 - 2014-01-02 22:47 - 00000000 ____D C:\Users\Mom and Dad\Documents\AutomaticSolution Software
2014-01-02 22:47 - 2014-01-02 22:47 - 00000000 ____D C:\Users\Mom and Dad\AppData\Roaming\TI-Nspire
2014-01-02 22:46 - 2014-01-02 22:46 - 00000000 ____D C:\Users\Mom and Dad\AppData\Roaming\Texas Instruments
2014-01-02 22:46 - 2014-01-02 22:46 - 00000000 ____D C:\Users\Mom and Dad\.swt
2014-01-02 22:46 - 2013-02-27 19:43 - 00000000 ____D C:\Users\Mom and Dad
2014-01-02 22:40 - 2013-02-27 19:43 - 00000000 ____D C:\Users\Mom and Dad\AppData\Local\CrashDumps
2014-01-02 22:39 - 2013-02-27 19:43 - 00000000 ____D C:\Users\Mom and Dad\AppData\Local\LogMeIn Hamachi
2014-01-02 22:08 - 2014-01-02 22:08 - 00037376 _____ C:\Windows\system32\ntwgviv.caz
2014-01-02 22:08 - 2014-01-02 21:58 - 00000101 _____ C:\Windows\system32\lcofxsm.rwz
2014-01-02 21:58 - 2014-01-02 21:58 - 00000064 _____ C:\Windows\system32\puxovy.plq
2014-01-02 21:42 - 2014-01-02 21:42 - 00219314 ____S C:\Windows\system32\mtsdz.uma
2014-01-02 18:45 - 2013-06-26 06:37 - 00000000 ____D C:\ProgramData\MFAData
2014-01-02 14:12 - 2011-05-31 19:56 - 00000000 ____D C:\Users\INUNG\AppData\Roaming\Skype
2014-01-02 08:32 - 2014-01-02 08:32 - 03708809 _____ C:\Users\INUNG\Downloads\ap_motivation3.pptx
2014-01-02 07:59 - 2014-01-02 07:58 - 00030194 _____ C:\Users\INUNG\Downloads\New Cont KC Membs Pts (2013_2014).xlsx
2014-01-02 00:46 - 2014-01-02 00:46 - 00003408 ____N C:\bootsqm.dat
2013-12-31 14:14 - 2013-12-31 14:13 - 04101441 _____ C:\Users\INUNG\Downloads\tdsskiller (1).zip
2013-12-31 13:50 - 2013-10-13 20:41 - 00000000 ____D C:\Users\Mom and Dad\AppData\Local\Local AppWizard-Generated Applications
2013-12-31 11:45 - 2013-12-31 11:45 - 00001076 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-31 11:45 - 2013-12-31 11:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\INUNG\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-31 11:45 - 2013-05-18 16:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-31 11:22 - 2013-12-31 11:22 - 00022018 _____ C:\Users\INUNG\Desktop\ComboFix.txt
2013-12-31 10:46 - 2013-12-31 10:32 - 00002399 _____ C:\Users\INUNG\Desktop\avgrep.txt
2013-12-30 22:47 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-30 22:34 - 2013-12-30 22:26 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2013-12-30 22:32 - 2013-12-30 22:31 - 03415088 _____ C:\Users\INUNG\Downloads\avg_remover_zeroaccess.exe
2013-12-30 22:31 - 2013-12-30 22:20 - 81439184 _____ (Sophos Limited) C:\Users\INUNG\Desktop\Sophos Virus Removal Tool.exe
2013-12-30 22:26 - 2013-12-30 22:25 - 01805736 _____ (Symantec Corporation) C:\Users\INUNG\Downloads\FixZeroAccess.exe
2013-12-30 22:23 - 2013-12-30 22:23 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\INUNG\Downloads\rkill64.exe
2013-12-30 22:21 - 2013-12-30 22:20 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\INUNG\Desktop\rkill.exe
2013-12-30 21:52 - 2013-05-16 23:14 - 00000000 ____D C:\Users\Mom and Dad\AppData\Local\FizzPlatinum
2013-12-30 21:26 - 2009-07-13 21:08 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-30 21:25 - 2013-12-30 21:25 - 00003966 _____ C:\Users\INUNG\Desktop\JRT.txt
2013-12-30 21:18 - 2013-12-30 21:18 - 00000000 ____D C:\Users\INUNG\Desktop\RK_Quarantine
2013-12-30 21:17 - 2013-12-30 21:17 - 00634821 _____ (IWR Consultancy                                             ) C:\Users\INUNG\Downloads\SoftwarePolicy03setup.exe
2013-12-30 21:09 - 2013-10-20 12:28 - 00000932 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-12-30 17:52 - 2013-10-23 16:45 - 00000000 ____D C:\Users\INUNG\Desktop\stuff
2013-12-30 17:52 - 2011-03-27 18:36 - 00000000 ____D C:\Users\INUNG\Desktop\musik
2013-12-30 17:50 - 2013-12-30 17:50 - 00000000 ____D C:\Users\INUNG\Desktop\coops
2013-12-30 17:48 - 2013-09-10 19:11 - 00000000 ____D C:\Users\INUNG\Desktop\calc games
2013-12-30 15:54 - 2010-04-12 00:51 - 00000000 ____D C:\ProgramData\WildTangent
2013-12-30 15:47 - 2013-12-30 15:47 - 00000000 ____D C:\ProgramData\Wild Tangent
2013-12-24 09:47 - 2010-04-12 00:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-21 11:37 - 2013-12-21 11:37 - 05951755 _____ C:\Users\INUNG\Downloads\ap_consciousness4.pptx
2013-12-21 09:26 - 2013-12-21 09:26 - 00035328 _____ C:\Users\INUNG\Downloads\ch_14_1_142 (1).2notespr
2013-12-21 09:26 - 2013-12-21 09:26 - 00027136 _____ C:\Users\INUNG\Downloads\ch_14_3_14.5notespr
2013-12-19 16:48 - 2013-12-19 16:48 - 00001392 _____ C:\Users\Mom and Dad\Desktop\Gateway Games.lnk
2013-12-19 16:45 - 2013-12-19 16:45 - 00000000 ____D C:\Users\Mom and Dad\AppData\Local\Microsoft Games
2013-12-19 16:43 - 2013-12-19 16:43 - 00000000 ____D C:\Users\Mom and Dad\AppData\Roaming\WildTangent
2013-12-18 15:20 - 2011-03-15 15:57 - 00000000 ____D C:\Users\INUNG\AppData\Roaming\BitTorrent
2013-12-18 07:53 - 2013-12-15 19:06 - 00000000 ____D C:\Users\INUNG\Downloads\Cowboy Bebop OSTs
2013-12-17 22:20 - 2013-12-17 22:20 - 00002924 _____ C:\Windows\System32\Tasks\AVG-Secure-Search-Update_1013b_rmv
2013-12-17 22:20 - 2013-12-17 22:20 - 00002666 _____ C:\Windows\System32\Tasks\AVG-Secure-Search-Update_1013b_rel
2013-12-17 22:20 - 2013-12-08 17:22 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-12-16 18:03 - 2009-07-13 21:13 - 00782906 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-16 18:02 - 2013-12-16 18:02 - 00035328 _____ C:\Users\INUNG\Downloads\ch_14_1_142.2notespr
2013-12-16 18:01 - 2013-12-16 18:01 - 00031232 _____ C:\Users\INUNG\Downloads\ch_14_1_14.2notespr
2013-12-15 19:05 - 2013-12-15 19:05 - 00058352 _____ C:\Users\INUNG\Downloads\[BakaBT.128718v0] Cowboy Bebop OSTs.torrent
2013-12-14 12:44 - 2013-12-14 12:43 - 05798570 _____ C:\Users\INUNG\Downloads\Sonic Battle (USA) (En,Ja,Fr,De,Es,It).zip
2013-12-14 12:42 - 2013-12-14 12:41 - 04417747 _____ C:\Users\INUNG\Downloads\Sonic Advance 3 (USA) (En,Ja,Fr,De,Es,It).zip
2013-12-14 12:41 - 2013-12-14 12:40 - 04075252 _____ C:\Users\INUNG\Downloads\Spyro - Season of Ice (USA).zip
2013-12-14 12:38 - 2013-12-14 12:35 - 16667088 _____ C:\Users\INUNG\Downloads\Kingdom Hearts - Chain of Memories (USA).zip
2013-12-14 12:32 - 2013-09-11 06:53 - 00000000 ____D C:\Users\INUNG\Documents\TI-Nspire
2013-12-14 08:29 - 2013-09-30 17:34 - 00000000 ____D C:\Users\INUNG\Desktop\wlpprs
2013-12-12 22:09 - 2012-01-10 21:30 - 00000000 ____D C:\Users\INUNG\AppData\Local\Paint.NET
2013-12-11 00:09 - 2012-04-05 14:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 00:09 - 2012-04-05 14:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 00:09 - 2011-06-01 12:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-09 18:24 - 2013-12-08 17:22 - 00003744 _____ C:\Users\Mom and Dad\AppData\Local\Mozilla Firefoxsafeguard-secure-search.xml
2013-12-09 18:24 - 2013-12-08 17:22 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-12-09 16:05 - 2013-12-09 16:05 - 00066048 _____ C:\Users\INUNG\Downloads\precipitation_reactions_acid_base_reactions_ap_chem_13_14- (5)
2013-12-09 16:05 - 2013-12-09 16:05 - 00066048 _____ C:\Users\INUNG\Downloads\precipitation_reactions_acid_base_reactions_ap_chem_13_14- (4)
2013-12-09 16:03 - 2013-12-09 16:03 - 00028672 _____ C:\Users\INUNG\Downloads\ch_4_4_4 (1).8notespr
2013-12-09 16:03 - 2013-12-09 16:03 - 00027136 _____ C:\Users\INUNG\Downloads\ch_4_1_4 (3).3notespr
2013-12-09 16:02 - 2013-12-09 16:02 - 00028160 _____ C:\Users\INUNG\Downloads\ch_4.9notespr
2013-12-09 16:02 - 2013-12-09 16:02 - 00028160 _____ C:\Users\INUNG\Downloads\ch_4 (1).9notespr
2013-12-09 15:26 - 2013-12-09 15:25 - 00027136 _____ C:\Users\INUNG\Downloads\ch_4_1_4 (2).3notespr
2013-12-09 14:25 - 2013-12-09 14:25 - 00000000 ____D C:\Users\INUNG\AppData\Local\AVG SafeGuard toolbar
2013-12-08 17:22 - 2013-12-08 17:22 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-12-08 17:22 - 2013-12-08 17:22 - 00000000 ____D C:\Users\Mom and Dad\AppData\Local\AVG SafeGuard toolbar
2013-12-08 17:22 - 2013-12-08 17:22 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2013-12-08 17:22 - 2013-11-18 11:31 - 00000000 ____D C:\Users\Mom and Dad\AppData\Local\Mozilla Firefox
2013-12-08 16:53 - 2013-12-08 16:52 - 04289294 _____ C:\Users\INUNG\Downloads\Megaman Battle Network 3 White (USA).zip
2013-12-08 16:38 - 2013-12-08 16:38 - 00065637 _____ C:\Users\INUNG\Downloads\fire_emblem_sacred_a.sps
2013-12-06 17:16 - 2013-12-06 17:16 - 00066048 _____ C:\Users\INUNG\Downloads\precipitation_reactions_acid_base_reactions_ap_chem_13_14- (3)
2013-12-06 17:15 - 2013-12-06 17:15 - 00070656 _____ C:\Users\INUNG\Downloads\redox_reactions_ap_chem_13_14-
2013-12-06 17:15 - 2013-12-06 17:15 - 00066048 _____ C:\Users\INUNG\Downloads\precipitation_reactions_acid_base_reactions_ap_chem_13_14- (2)
2013-12-06 17:15 - 2013-12-06 17:15 - 00027136 _____ C:\Users\INUNG\Downloads\ch_4_1_4 (1).3notespr
2013-12-06 14:42 - 2013-05-10 15:07 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 14:42 - 2013-05-10 15:07 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\INUNG\jagex_runescape_preferences.dat
C:\Users\INUNG\jagex_runescape_preferences2.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-30 10:10
 
==================== End Of Log ============================

Attached Files



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:03 PM

Posted 07 January 2014 - 09:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM-x32\...\Run: [MapleStorySuper.exe] - C:\ [0 ] ()
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKU\Mom and Dad\...\Run: [Local AppWizard-Generated Applications Update] - regsvr32.exe "C:\Users\Mom and Dad\AppData\Local\Local AppWizard-Generated Applications\ep0lvr1d.dll"
HKU\Mom and Dad\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\Mom and Dad\...\Run: [czpbeb] - regsvr32.exe /s "C:\ProgramData\czpbeb.dat"
HKU\Others\...\Run: [bxxekeiiotvzigr] - C:\ProgramData\bxxekeii.exe
URLSearchHook: HKCU - (No Name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzuzytD0F0B0AyCzz0A0AtA0E0BtDyCtD0FtN0D0TzutBtDtCtBtDyDtByC&cr=317128082
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
SearchScopes: HKCU - Backup.Old.DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 X6va001; \??\C:\Users\INUNG\AppData\Local\Temp\001E3F8.tmp [x]
S3 X6va003; \??\C:\Users\INUNG\AppData\Local\Temp\003BFA7.tmp [x]
S3 X6va005; \??\C:\Users\INUNG\AppData\Local\Temp\005D401.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

Restart the computer normally if you can.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ==============

    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

    Please post the logs and will take it from there.

    Let me know if you can boot normally and what are the other issues with this computer.



  • [/list]


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,442 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:03 PM

Posted 07 January 2014 - 10:41 AM

Hello,
Because you are already receiving help here, this topic will be closed. To avoid confusion please do not start multiple topics.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users