Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Audio Playing When Nothing Is Open


  • This topic is locked This topic is locked
7 replies to this topic

#1 WeldedScimitar

WeldedScimitar

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 04 January 2014 - 05:28 PM

A few days ago, while playing a game and Skyping with my friends, my computer restarted by itself. Confused, I ignored it and waited for it to boot. Once it finally booted up, everything seemed normal, so I started up my game again and got on Skype with my friends. A few minutes in, random advertisements, music, etc. started playing. I assumed it was Skype so I closed it. The audio still played. Once my game was over, I closed it and the audio still played. I had no programs open. I ran scans with Malwarebytes, AVG, and Malwarebytes rootkit. I then made a forum post here in an attempt to get help from someone who knows more about this than I do. The link to that can be found here: http://www.bleepingcomputer.com/forums/t/519574/random-audio-playing/

 

I had gotten help from someone named "Broni", who I thank very much for assisting, and I was advised to post here about my issue.

 

Programs that I have scanned with:

  • Malwarebytes
  • Malwarebytes Rootkit
  • FSS
  • Minibox
  • Rkill
  • AVG
  • Security Check

The logs for these can be found in the link I posted above for my previous forum post. Thank you for all your help and thank you for viewing my post.

Attached Files


Edited by WeldedScimitar, 04 January 2014 - 05:52 PM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:33 AM

Posted 04 January 2014 - 06:06 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Also

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi


cXfZ4wS.png


#3 WeldedScimitar

WeldedScimitar
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 04 January 2014 - 07:13 PM

Hey! Thank you for replying and helping me with my problem!

 

FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014

Ran by Balint (administrator) on BALINT-PC on 04-01-2014 18:42:31
Running from C:\Users\Balint\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.196\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.65\deploy\LolClient.exe
(Google Inc.) C:\Users\Balint\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Balint\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Balint\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Balint\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Balint\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Balint\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Balint\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Balint\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Balint\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [] - [x]
HKLM\...\RunOnce: [RPMKickstart] - C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2010-08-23] (Gigabyte Technology CO., LTD.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [PlayNC Launcher] - [x]
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKCU - {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={67FA9B3E-E5EB-4FFC-A4A4-509102F3F804}&mid=d96a98fbd15e47d09c4ecd2623339579-1270ed4231f539685450dcb09019ff5965327f4b&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-09 15:04:44&v=17.1.3.3&pid=safeguard&sg=0&sap=dsp&q={searchTerms}&cmpid=0913a
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: GBHO.BHO - {45d30484-7ded-43d9-957a-d2fd1f046511} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.3\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: ooVoo toolbar, powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - ooVoo toolbar, powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.3\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Balint\AppData\Roaming\Mozilla\Firefox\Profiles\qwqh50zh.default-1365714940001
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://mysearch.avg.com?cid={67FA9B3E-E5EB-4FFC-A4A4-509102F3F804}&mid=d96a98fbd15e47d09c4ecd2623339579-1270ed4231f539685450dcb09019ff5965327f4b&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-09 15:04:44&v=17.1.3.3&pid=safeguard&sg=0&sap=hp&cmpid=0913a
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Balint\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Balint\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Balint\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Balint\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Balint\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Users\Balint\AppData\Roaming\Mozilla\Firefox\Profiles\qwqh50zh.default-1365714940001\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.3.3
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.3.3
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox
 
Chrome: 
=======
CHR HomePage: hxxp://mysearch.avg.com/?cid={67FA9B3E-E5EB-4FFC-A4A4-509102F3F804}&mid=d96a98fbd15e47d09c4ecd2623339579-1270ed4231f539685450dcb09019ff5965327f4b&lang=en&ds=AVG&pr=fr&d=2013-09-09 15:04:44&v=17.1.3.3&pid=safeguard&sg=34&sap=hp
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchProvider: AVG Secure Search
CHR DefaultSearchURL: http://mysearch.avg.com/search?cid={67FA9B3E-E5EB-4FFC-A4A4-509102F3F804}&mid=d96a98fbd15e47d09c4ecd2623339579-1270ed4231f539685450dcb09019ff5965327f4b&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-09 15:04:44&v=17.0.1.4&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\Balint\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Balint\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Balint\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (Google Update) - C:\Users\Balint\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Raidcall plugin) - C:\Users\Balint\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Brushed) - C:\Users\Balint\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_1
CHR Extension: (YouTube) - C:\Users\Balint\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Balint\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0
CHR Extension: (Google Search) - C:\Users\Balint\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Balint\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Google Wallet) - C:\Users\Balint\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Readability) - C:\Users\Balint\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi\3.0.14_0
CHR Extension: (Gmail) - C:\Users\Balint\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [aaaanijiojpcccpkjdjjmjghddcgcbfj] - C:\Users\Balint\AppData\Local\APN\GoogleCRXs\aaaanijiojpcccpkjdjjmjghddcgcbfj_7.15.2.0.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.1.3.3\avg.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Balint\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-07-11] (Adobe Systems)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S4 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4922912 2012-12-03] (INCA Internet Co., Ltd.)
S4 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-09-16] ()
S4 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-11-20] (Razer, Inc.)
S4 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.)
S4 vToolbarUpdater17.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [1643696 2013-11-20] (AVG Secure Search)
S3 xsherlock; C:\Windows\SysWow64\xsherlock.xem [675936 2012-08-01] (Wellbia.com Co., Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-20] (AVG Technologies)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-11-30] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33464 2013-08-20] (Razer Inc)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2013-11-20] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39096 2013-08-20] (Razer Inc)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-11-20] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [30904 2013-08-20] (Razer Inc)
S3 vvftav; C:\Windows\System32\drivers\vvftav.sys [300800 2007-02-02] (Vimicro Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-11-13] (OpenLibSys.org)
S3 ZSMC0305; C:\Windows\System32\Drivers\usbVM305.sys [1541120 2007-03-08] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-04 18:42 - 2014-01-04 18:43 - 00020833 _____ C:\Users\Balint\Downloads\FRST.txt
2014-01-04 18:42 - 2014-01-04 18:42 - 00000000 ____D C:\FRST
2014-01-04 18:41 - 2014-01-04 18:41 - 01931368 _____ (Farbar) C:\Users\Balint\Downloads\FRST64.exe
2014-01-04 18:41 - 2014-01-04 18:41 - 01064761 _____ (Farbar) C:\Users\Balint\Downloads\FRST.exe
2014-01-04 16:58 - 2014-01-04 16:58 - 00688992 ____R (Swearware) C:\Users\Balint\Downloads\dds.com
2014-01-04 11:02 - 2014-01-04 17:58 - 00000000 ____D C:\Users\Balint\Desktop\stuff
2014-01-04 10:48 - 2014-01-04 10:48 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Balint\Downloads\rkill.exe
2014-01-04 10:30 - 2014-01-04 10:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-04 10:30 - 2014-01-04 10:30 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-04 10:27 - 2014-01-04 10:47 - 00000000 ____D C:\Users\Balint\Desktop\mbar
2014-01-04 10:27 - 2014-01-04 10:28 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-04 10:27 - 2014-01-04 10:27 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Balint\Downloads\mbar-1.07.0.1008.exe
2014-01-04 10:15 - 2014-01-04 10:18 - 00028753 _____ C:\Users\Balint\Downloads\Result.txt
2014-01-04 10:15 - 2014-01-04 10:15 - 00760063 _____ (Farbar) C:\Users\Balint\Downloads\MiniToolBox.exe
2014-01-04 10:14 - 2014-01-04 10:14 - 00002186 _____ C:\Users\Balint\Downloads\FSS.txt
2014-01-04 10:13 - 2014-01-04 10:13 - 00708597 _____ (Farbar) C:\Users\Balint\Downloads\FSS.exe
2014-01-04 10:06 - 2014-01-04 10:06 - 00987410 _____ C:\Users\Balint\Downloads\SecurityCheck.exe
2014-01-04 09:46 - 2014-01-04 09:46 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-04 09:44 - 2014-01-04 09:44 - 91412976 _____ (AVAST Software) C:\Users\Balint\Downloads\avast_free_antivirus_setup.exe
2014-01-04 09:44 - 2014-01-04 09:44 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-04 00:56 - 2014-01-04 00:56 - 00005919 _____ C:\Windows\IE11_main.log
2014-01-04 00:55 - 2014-01-04 00:55 - 00004699 _____ C:\Windows\IE10_main.log
2014-01-03 21:26 - 2014-01-03 21:26 - 04101441 _____ C:\Users\Balint\Downloads\tdsskiller.zip
2014-01-03 21:26 - 2013-11-18 00:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Balint\Desktop\TDSSKiller.exe
2014-01-03 21:24 - 2014-01-03 21:24 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Balint\Downloads\tdsskiller.exe
2014-01-03 21:16 - 2014-01-04 16:51 - 00349620 _____ C:\Windows\PFRO.log
2014-01-03 21:16 - 2014-01-04 16:51 - 00000560 _____ C:\Windows\setupact.log
2014-01-03 21:16 - 2014-01-03 21:16 - 00000000 _____ C:\Windows\setuperr.log
2014-01-03 20:49 - 2014-01-03 21:02 - 00000000 ___SD C:\ComboFix
2014-01-03 20:49 - 2014-01-03 20:49 - 05160001 ____R (Swearware) C:\Users\Balint\Downloads\ComboFix.exe
2014-01-03 20:49 - 2014-01-03 20:49 - 00000000 ____D C:\Windows\erdnt
2014-01-03 20:49 - 2014-01-03 20:49 - 00000000 ____D C:\Qoobox
2014-01-03 20:49 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-03 20:49 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-03 20:49 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-03 20:49 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-03 20:49 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-03 20:49 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-03 20:49 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-03 20:49 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-03 11:11 - 2014-01-03 11:11 - 00037376 _____ C:\Windows\system32\tuihcx.arj
2014-01-03 11:01 - 2014-01-04 18:11 - 00000087 _____ C:\Windows\system32\ipkvpxq.aap
2014-01-03 11:01 - 2014-01-03 11:11 - 00000100 _____ C:\Windows\system32\ygybkic.ivg
2014-01-03 11:01 - 2014-01-03 11:01 - 00000064 _____ C:\Windows\system32\tigsai.kgy
2014-01-03 10:44 - 2014-01-03 10:44 - 00219314 ____S C:\Windows\system32\cdcmq.rgh
2013-12-28 10:05 - 2013-12-28 10:05 - 00004237 _____ C:\Users\Balint\reddit.txt
2013-12-26 13:39 - 2013-12-26 13:41 - 00000000 ____D C:\Users\Balint\AppData\Local\Skyrim
2013-12-24 16:38 - 2013-12-24 16:38 - 00000000 ____D C:\Users\Balint\Documents\Eden Games
2013-12-24 16:37 - 2013-12-24 16:37 - 00000000 ____D C:\Users\Balint\AppData\Local\CrashRpt
2013-12-21 16:49 - 2013-12-21 16:49 - 00000222 _____ C:\Users\Balint\Desktop\No More Room in Hell.url
2013-12-21 10:44 - 2013-12-21 10:45 - 00501248 _____ (Facebook Inc.) C:\Users\Balint\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2013-12-18 16:29 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-18 16:29 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-18 16:29 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-18 16:29 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-18 16:27 - 2013-12-18 16:29 - 00004154 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-18 16:26 - 2013-12-18 16:26 - 00915368 _____ (Oracle Corporation) C:\Users\Balint\Downloads\chromeinstall-7u45.exe
2013-12-17 21:41 - 2013-12-17 21:41 - 74577284 _____ C:\Users\Balint\Downloads\Supa_Savage-(DatPiff.com).zip
2013-12-15 17:07 - 2013-12-15 17:07 - 00002220 _____ C:\Users\Public\Desktop\Aion.lnk
2013-12-15 17:06 - 2013-12-15 17:06 - 05003264 _____ (NC Interactive, LLC) C:\Users\Balint\Downloads\AionInstaller.exe
2013-12-15 17:06 - 2013-12-15 17:06 - 04984744 _____ (NC Interactive, LLC) C:\Users\Balint\Downloads\Lineage2Installer.exe
2013-12-15 16:01 - 2013-12-15 16:01 - 00000000 ____D C:\Program Files (x86)\NCWest
2013-12-15 09:46 - 2013-12-15 09:47 - 00000000 ____D C:\Users\Balint\AppData\Roaming\Guild Wars 2
2013-12-07 13:45 - 2013-12-18 16:57 - 00000000 ____D C:\Users\Balint\Documents\RIFT
2013-12-07 13:40 - 2013-12-07 14:19 - 00000000 ____D C:\Users\Balint\AppData\Roaming\RIFT
2013-12-07 13:40 - 2013-12-07 13:40 - 00000221 _____ C:\Users\Balint\Desktop\RIFT.url
2013-12-05 21:38 - 2013-12-05 21:38 - 00000222 _____ C:\Users\Balint\Desktop\Neverwinter.url
2013-12-05 18:00 - 2012-12-03 17:41 - 00000000 ____D C:\Users\Balint\Downloads\guiminer
2013-12-05 05:47 - 2013-12-05 18:01 - 00000000 ____D C:\Users\Balint\AppData\Roaming\Bitcoin
 
==================== One Month Modified Files and Folders =======
 
2014-01-04 18:43 - 2014-01-04 18:42 - 00020833 _____ C:\Users\Balint\Downloads\FRST.txt
2014-01-04 18:42 - 2014-01-04 18:42 - 00000000 ____D C:\FRST
2014-01-04 18:41 - 2014-01-04 18:41 - 01931368 _____ (Farbar) C:\Users\Balint\Downloads\FRST64.exe
2014-01-04 18:41 - 2014-01-04 18:41 - 01064761 _____ (Farbar) C:\Users\Balint\Downloads\FRST.exe
2014-01-04 18:39 - 2012-07-25 22:26 - 01056632 _____ C:\Windows\WindowsUpdate.log
2014-01-04 18:17 - 2012-11-09 14:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-04 18:11 - 2014-01-03 11:01 - 00000087 _____ C:\Windows\system32\ipkvpxq.aap
2014-01-04 17:58 - 2014-01-04 11:02 - 00000000 ____D C:\Users\Balint\Desktop\stuff
2014-01-04 17:58 - 2012-07-25 20:08 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443210977-1416976066-1885221996-1000UA.job
2014-01-04 16:58 - 2014-01-04 16:58 - 00688992 ____R (Swearware) C:\Users\Balint\Downloads\dds.com
2014-01-04 16:58 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-04 16:58 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-04 16:51 - 2014-01-03 21:16 - 00349620 _____ C:\Windows\PFRO.log
2014-01-04 16:51 - 2014-01-03 21:16 - 00000560 _____ C:\Windows\setupact.log
2014-01-04 16:51 - 2012-07-25 20:15 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-01-04 16:51 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 13:50 - 2013-05-27 19:59 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3443210977-1416976066-1885221996-1000UA.job
2014-01-04 10:50 - 2013-05-27 19:59 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3443210977-1416976066-1885221996-1000Core.job
2014-01-04 10:48 - 2014-01-04 10:48 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Balint\Downloads\rkill.exe
2014-01-04 10:47 - 2014-01-04 10:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-04 10:47 - 2014-01-04 10:27 - 00000000 ____D C:\Users\Balint\Desktop\mbar
2014-01-04 10:30 - 2014-01-04 10:30 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-04 10:28 - 2014-01-04 10:27 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-04 10:27 - 2014-01-04 10:27 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Balint\Downloads\mbar-1.07.0.1008.exe
2014-01-04 10:18 - 2014-01-04 10:15 - 00028753 _____ C:\Users\Balint\Downloads\Result.txt
2014-01-04 10:15 - 2014-01-04 10:15 - 00760063 _____ (Farbar) C:\Users\Balint\Downloads\MiniToolBox.exe
2014-01-04 10:14 - 2014-01-04 10:14 - 00002186 _____ C:\Users\Balint\Downloads\FSS.txt
2014-01-04 10:13 - 2014-01-04 10:13 - 00708597 _____ (Farbar) C:\Users\Balint\Downloads\FSS.exe
2014-01-04 10:06 - 2014-01-04 10:06 - 00987410 _____ C:\Users\Balint\Downloads\SecurityCheck.exe
2014-01-04 09:46 - 2014-01-04 09:46 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-04 09:44 - 2014-01-04 09:44 - 91412976 _____ (AVAST Software) C:\Users\Balint\Downloads\avast_free_antivirus_setup.exe
2014-01-04 09:44 - 2014-01-04 09:44 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-04 09:40 - 2013-03-13 19:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-04 09:40 - 2013-03-13 19:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2014-01-04 00:56 - 2014-01-04 00:56 - 00005919 _____ C:\Windows\IE11_main.log
2014-01-04 00:56 - 2012-08-30 14:20 - 00796360 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-04 00:56 - 2012-08-30 14:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-01-04 00:55 - 2014-01-04 00:55 - 00004699 _____ C:\Windows\IE10_main.log
2014-01-04 00:53 - 2009-07-14 00:13 - 00794010 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 22:55 - 2012-07-26 11:55 - 00000000 ____D C:\Users\Balint\AppData\Roaming\Skype
2014-01-03 21:26 - 2014-01-03 21:26 - 04101441 _____ C:\Users\Balint\Downloads\tdsskiller.zip
2014-01-03 21:24 - 2014-01-03 21:24 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Balint\Downloads\tdsskiller.exe
2014-01-03 21:16 - 2014-01-03 21:16 - 00000000 _____ C:\Windows\setuperr.log
2014-01-03 21:15 - 2012-11-23 15:38 - 00000000 ____D C:\Windows\pss
2014-01-03 21:15 - 2012-07-25 19:41 - 00000000 ___RD C:\Users\Balint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-03 21:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-03 21:05 - 2012-09-16 21:19 - 00000000 ____D C:\Users\Balint\AppData\Local\CrashDumps
2014-01-03 21:05 - 2012-09-09 17:58 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-03 21:02 - 2014-01-03 20:49 - 00000000 ___SD C:\ComboFix
2014-01-03 20:58 - 2012-07-25 20:08 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443210977-1416976066-1885221996-1000Core.job
2014-01-03 20:49 - 2014-01-03 20:49 - 05160001 ____R (Swearware) C:\Users\Balint\Downloads\ComboFix.exe
2014-01-03 20:49 - 2014-01-03 20:49 - 00000000 ____D C:\Windows\erdnt
2014-01-03 20:49 - 2014-01-03 20:49 - 00000000 ____D C:\Qoobox
2014-01-03 11:45 - 2012-09-22 14:48 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-03 11:45 - 2012-09-22 14:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-03 11:41 - 2013-11-28 13:22 - 00034816 _____ C:\Users\Balint\AppData\Roaming\RZR_0070af8f449dab2c9ed74d253c7f.db
2014-01-03 11:11 - 2014-01-03 11:11 - 00037376 _____ C:\Windows\system32\tuihcx.arj
2014-01-03 11:11 - 2014-01-03 11:01 - 00000100 _____ C:\Windows\system32\ygybkic.ivg
2014-01-03 11:01 - 2014-01-03 11:01 - 00000064 _____ C:\Windows\system32\tigsai.kgy
2014-01-03 10:44 - 2014-01-03 10:44 - 00219314 ____S C:\Windows\system32\cdcmq.rgh
2014-01-03 10:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
2014-01-03 09:47 - 2012-08-05 16:24 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2014-01-03 09:33 - 2012-12-26 16:59 - 00000000 ____D C:\Users\Balint\AppData\Local\Adobe
2013-12-31 02:00 - 2012-08-30 14:20 - 00000000 ____D C:\Users\Balint\AppData\Roaming\SoftGrid Client
2013-12-30 13:44 - 2013-07-14 23:20 - 00000000 ____D C:\Users\Balint\Desktop\Her
2013-12-28 10:05 - 2013-12-28 10:05 - 00004237 _____ C:\Users\Balint\reddit.txt
2013-12-28 10:05 - 2012-07-25 19:41 - 00000000 ____D C:\Users\Balint
2013-12-27 07:47 - 2012-12-15 12:13 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-27 07:46 - 2012-12-15 12:13 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-26 13:41 - 2013-12-26 13:39 - 00000000 ____D C:\Users\Balint\AppData\Local\Skyrim
2013-12-26 13:37 - 2012-08-12 09:05 - 00000000 ____D C:\Users\Balint\Documents\My Games
2013-12-25 08:25 - 2013-11-20 15:09 - 00000000 ____D C:\Program Files (x86)\PasswordBox
2013-12-24 16:38 - 2013-12-24 16:38 - 00000000 ____D C:\Users\Balint\Documents\Eden Games
2013-12-24 16:37 - 2013-12-24 16:37 - 00000000 ____D C:\Users\Balint\AppData\Local\CrashRpt
2013-12-24 15:56 - 2012-09-15 12:34 - 00000000 ____D C:\Users\Balint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-12-21 16:49 - 2013-12-21 16:49 - 00000222 _____ C:\Users\Balint\Desktop\No More Room in Hell.url
2013-12-21 10:45 - 2013-12-21 10:44 - 00501248 _____ (Facebook Inc.) C:\Users\Balint\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2013-12-21 10:45 - 2013-05-27 19:59 - 00003910 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3443210977-1416976066-1885221996-1000UA
2013-12-21 10:45 - 2013-05-27 19:59 - 00003542 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3443210977-1416976066-1885221996-1000Core
2013-12-21 10:45 - 2013-05-27 19:59 - 00000000 ____D C:\Users\Balint\AppData\Local\Facebook
2013-12-18 16:57 - 2013-12-07 13:45 - 00000000 ____D C:\Users\Balint\Documents\RIFT
2013-12-18 16:29 - 2013-12-18 16:27 - 00004154 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-18 16:29 - 2013-09-30 14:39 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-18 16:26 - 2013-12-18 16:26 - 00915368 _____ (Oracle Corporation) C:\Users\Balint\Downloads\chromeinstall-7u45.exe
2013-12-17 21:41 - 2013-12-17 21:41 - 74577284 _____ C:\Users\Balint\Downloads\Supa_Savage-(DatPiff.com).zip
2013-12-17 14:59 - 2013-11-28 15:19 - 00000003 _____ C:\Windows\system32\HRUPPROG.TXT
2013-12-15 17:07 - 2013-12-15 17:07 - 00002220 _____ C:\Users\Public\Desktop\Aion.lnk
2013-12-15 17:07 - 2013-04-21 13:33 - 00000000 ____D C:\Program Files (x86)\NCSoft
2013-12-15 17:07 - 2012-07-25 19:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-15 17:06 - 2013-12-15 17:06 - 05003264 _____ (NC Interactive, LLC) C:\Users\Balint\Downloads\AionInstaller.exe
2013-12-15 17:06 - 2013-12-15 17:06 - 04984744 _____ (NC Interactive, LLC) C:\Users\Balint\Downloads\Lineage2Installer.exe
2013-12-15 17:02 - 2013-04-21 13:34 - 00000000 ____D C:\Users\Balint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCsoft
2013-12-15 16:01 - 2013-12-15 16:01 - 00000000 ____D C:\Program Files (x86)\NCWest
2013-12-15 09:47 - 2013-12-15 09:46 - 00000000 ____D C:\Users\Balint\AppData\Roaming\Guild Wars 2
2013-12-15 09:47 - 2012-10-29 06:59 - 00000000 ____D C:\Users\Balint\Documents\Guild Wars 2
2013-12-10 22:17 - 2012-11-09 14:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 22:17 - 2012-11-09 14:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 22:17 - 2012-11-09 14:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-08 16:45 - 2013-09-09 14:04 - 00003723 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-12-07 14:19 - 2013-12-07 13:40 - 00000000 ____D C:\Users\Balint\AppData\Roaming\RIFT
2013-12-07 13:40 - 2013-12-07 13:40 - 00000221 _____ C:\Users\Balint\Desktop\RIFT.url
2013-12-05 21:38 - 2013-12-05 21:38 - 00000222 _____ C:\Users\Balint\Desktop\Neverwinter.url
2013-12-05 18:01 - 2013-12-05 05:47 - 00000000 ____D C:\Users\Balint\AppData\Roaming\Bitcoin
 
Files to move or delete:
====================
C:\Users\Balint\jagex_cl_oldschool_LIVE.dat
C:\Users\Balint\jagex_cl_runescape_LIVE.dat
C:\Users\Balint\jagex_cl_runescape_LIVE1.dat
C:\Users\Balint\random.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0512512 ____A (Microsoft Corporation) 8C728F4AA21D56AF93A75E70E90FD156
 
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-30 00:59

 

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:33 AM

Posted 04 January 2014 - 07:34 PM

Hi,

 

Go ahead and uninstall the following programs from the Control Panel:

 

McAfee Security Scan
Ask Toolbar

 

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 04 January 2014 - 07:35 PM.

cXfZ4wS.png


#5 WeldedScimitar

WeldedScimitar
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 04 January 2014 - 08:17 PM

Hey again!

 

I removed McAfee Security Scan. However, the Ask Toolbar was not available. I took a screen shot of the "Remove/Uninstall Programs" window:

 

  • Fixlog: 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2014

Ran by Balint at 2014-01-04 19:57:06 Run:1
Running from C:\Users\Balint\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] - [x]
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: ooVoo toolbar, powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
C:\Program Files (x86)\Ask.com
Toolbar: HKLM-x32 - ooVoo toolbar, powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
CHR HKLM-x32\...\Chrome\Extension: [aaaanijiojpcccpkjdjjmjghddcgcbfj] - C:\Users\Balint\AppData\Local\APN\GoogleCRXs\aaaanijiojpcccpkjdjjmjghddcgcbfj_7.15.2.0.crx
S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
C:\Program Files (x86)\McAfee Security Scan
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
2014-01-03 11:11 - 2014-01-03 11:11 - 00037376 _____ C:\Windows\system32\tuihcx.arj
2014-01-03 11:01 - 2014-01-04 18:11 - 00000087 _____ C:\Windows\system32\ipkvpxq.aap
2014-01-03 11:01 - 2014-01-03 11:11 - 00000100 _____ C:\Windows\system32\ygybkic.ivg
2014-01-03 11:01 - 2014-01-03 11:01 - 00000064 _____ C:\Windows\system32\tigsai.kgy
2014-01-03 10:44 - 2014-01-03 10:44 - 00219314 ____S C:\Windows\system32\cdcmq.rgh
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
C:\Program Files (x86)\Ask.com => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj => Key deleted successfully.
C:\Users\Balint\AppData\Local\APN\GoogleCRXs\aaaanijiojpcccpkjdjjmjghddcgcbfj_7.15.2.0.crx => Moved successfully.
McComponentHostService => Service not found.
"C:\Program Files (x86)\McAfee Security Scan" => File/Directory not found.
catchme => Service deleted successfully.
C:\Windows\system32\tuihcx.arj => Moved successfully.
C:\Windows\system32\ipkvpxq.aap => Moved successfully.
Could not move "C:\Windows\system32\ygybkic.ivg" => Scheduled to move on reboot.
C:\Windows\system32\tigsai.kgy => Moved successfully.
Could not move "C:\Windows\system32\cdcmq.rgh" => Scheduled to move on reboot.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-04 20:01:36)<=
 
C:\Windows\system32\ygybkic.ivg => Is moved successfully.
C:\Windows\system32\cdcmq.rgh => Moved successfully.
 
==== End of Fixlog ====

Attached Files



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:33 AM

Posted 05 January 2014 - 07:20 AM

Hi,

 

How are the things now?

 

 

Regards,

Georgi


cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:33 AM

Posted 08 January 2014 - 03:32 PM

Hello,

 

Are you still with me?

 

 

Regards,

Georgi


cXfZ4wS.png


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:33 AM

Posted 11 January 2014 - 05:23 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users