kyzight12
Members-
Posts
10 -
Joined
-
Last visited
Reputation
0 Neutral-
I could use some help with Trojan.Zekos.Patched
kyzight12 replied to kyzight12's topic in Resolved Malware Removal Logs
I was mistaken here is the TDSSKILLER logs. 2 threats, neither would it let me cure. TDSSKILLERSCANLOG.zip -
I could use some help with Trojan.Zekos.Patched
kyzight12 replied to kyzight12's topic in Resolved Malware Removal Logs
ADWCLEANER - All results are clean. -
I could use some help with Trojan.Zekos.Patched
kyzight12 replied to kyzight12's topic in Resolved Malware Removal Logs
TDSSKiller - scanned with all options selected.. -- nothing bad showed there -
I could use some help with Trojan.Zekos.Patched
kyzight12 replied to kyzight12's topic in Resolved Malware Removal Logs
Rogue Killer RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Kyzight [Admin rights] Mode : Scan -- Date : 04/19/2014 02:17:26 | ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [7] -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ [Address] EAT @explorer.exe (DllCanUnloadNow) : npmproxy.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xFB3B3D60) [Address] EAT @explorer.exe (DllGetClassObject) : npmproxy.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xFB3B1A74) [Address] EAT @explorer.exe (DllRegisterServer) : npmproxy.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xFB3B6070) [Address] EAT @explorer.exe (DllUnregisterServer) : npmproxy.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xFB3B6278) [Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0xEE593330) [Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xFFB7FB70) [Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x772346E9) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts -
I could use some help with Trojan.Zekos.Patched
kyzight12 replied to kyzight12's topic in Resolved Malware Removal Logs
okay and again thank you. btw i'm hitting the sack. Before I go though here were some other log files(IDK if they will be useful) COMBOFIX ComboFix 14-04-17.01 - Kyzight 04/19/2014 3:21.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4198 [GMT -5:00] Running from: c:\users\Kyzight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09OKVQBX\ComboFix.exe AV: AVG AntiVirus 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2014-03-19 to 2014-04-19 ))))))))))))))))))))))))))))))) . . 2014-04-19 08:27 . 2014-04-19 08:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-19 07:38 . 2014-04-19 07:40 -------- d-----w- C:\FRST 2014-04-19 07:21 . 2014-04-19 07:21 -------- d-----w- c:\programdata\VirtualizedApplications 2014-04-19 07:02 . 2014-04-19 07:27 -------- d-----w- C:\AdwCleaner 2014-04-19 05:20 . 2014-04-19 05:20 -------- d-----w- c:\users\Kyzight\AppData\Roaming\AVG2014 2014-04-19 05:19 . 2014-04-19 05:19 -------- d-----w- c:\users\Kyzight\AppData\Roaming\TuneUp Software 2014-04-19 05:19 . 2014-04-19 05:20 -------- d-----w- c:\programdata\AVG2014 2014-04-19 05:19 . 2014-04-19 05:19 -------- d-----w- C:\$AVG 2014-04-19 05:19 . 2014-04-19 05:19 -------- d-----w- c:\program files (x86)\AVG 2014-04-19 05:17 . 2014-04-19 06:12 -------- d--h--w- c:\programdata\Common Files 2014-04-19 05:17 . 2014-04-19 05:31 -------- d-----w- c:\programdata\MFAData 2014-04-19 05:17 . 2014-04-19 05:22 -------- d-----w- c:\users\Kyzight\AppData\Local\Avg2014 2014-04-19 05:17 . 2014-04-19 05:17 -------- d-----w- c:\users\Kyzight\AppData\Local\MFAData 2014-04-19 04:38 . 2014-04-19 04:38 12872 ----a-w- c:\windows\system32\bootdelete.exe 2014-04-19 04:35 . 2014-04-19 04:38 -------- d-----w- c:\programdata\HitmanPro 2014-04-18 22:49 . 2014-04-18 22:49 -------- d-----w- c:\program files\CCleaner 2014-04-18 22:42 . 2014-04-19 08:23 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-18 22:41 . 2014-04-18 22:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-04-18 22:41 . 2014-04-18 22:41 -------- d-----w- c:\programdata\Malwarebytes 2014-04-18 22:41 . 2014-04-03 14:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-04-18 22:41 . 2014-04-03 14:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-18 22:41 . 2014-04-03 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-04-07 13:18 . 2014-04-07 13:19 -------- d-----w- c:\users\Kyzight\TAXYEAR2013 2014-04-02 02:03 . 2014-04-02 02:03 236824 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2014-03-31 21:20 . 2014-03-31 21:20 274200 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2014-03-31 21:06 . 2014-03-31 21:06 130840 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2014-03-29 08:40 . 2014-03-29 08:41 -------- d-----w- c:\users\Kyzight\AppData\Local\WinZip 2014-03-29 08:40 . 2014-03-29 08:41 -------- d-----w- c:\programdata\WinZip 2014-03-29 08:40 . 2014-03-29 08:40 -------- d-----w- c:\program files\WinZip 2014-03-29 01:55 . 2014-03-29 01:55 -------- d-----w- c:\users\Kyzight\AppData\Local\Skype 2014-03-29 01:55 . 2014-03-30 05:28 -------- d-----w- c:\users\Kyzight\AppData\Roaming\Skype 2014-03-29 01:55 . 2014-04-19 04:38 -------- d-----r- c:\program files (x86)\Skype 2014-03-29 01:55 . 2014-03-29 01:55 -------- d-----w- c:\program files (x86)\Common Files\Skype 2014-03-29 01:55 . 2014-03-29 01:55 -------- d-----w- c:\programdata\Skype 2014-03-28 03:14 . 2014-03-28 03:14 192792 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2014-03-28 03:14 . 2014-03-28 03:14 153368 ----a-w- c:\windows\system32\drivers\avgdiska.sys 2014-03-28 03:07 . 2014-03-28 03:07 236824 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2014-03-28 03:05 . 2014-03-28 03:05 324376 ----a-w- c:\windows\system32\drivers\avgloga.sys 2014-03-28 03:03 . 2014-03-28 03:03 32536 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2014-03-27 07:20 . 2014-03-27 07:20 -------- d-----w- c:\programdata\Hi-Rez Studios 2014-03-27 07:20 . 2014-03-27 07:20 -------- d-----w- c:\program files (x86)\Hi-Rez Studios 2014-03-26 10:35 . 2014-03-26 10:35 -------- d-----w- c:\program files (x86)\LG Electronics 2014-03-26 10:13 . 2014-03-26 10:13 -------- d-----w- c:\program files (x86)\Notepad++ 2014-03-26 10:13 . 2014-03-26 10:13 -------- d-----w- c:\users\Kyzight\AppData\Roaming\Notepad++ 2014-03-26 10:04 . 2014-03-26 10:04 312744 ----a-w- c:\windows\system32\javaws.exe 2014-03-26 10:04 . 2014-03-26 10:04 189352 ----a-w- c:\windows\system32\javaw.exe 2014-03-26 10:04 . 2014-03-26 10:04 189352 ----a-w- c:\windows\system32\java.exe 2014-03-26 10:04 . 2014-03-26 10:04 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2014-03-26 10:04 . 2014-03-26 10:04 -------- d-----w- c:\program files\Java 2014-03-26 09:18 . 2014-03-29 10:36 -------- d-----w- C:\Programing Box 2014-03-26 03:17 . 2014-03-26 03:17 -------- d-----w- c:\users\Kyzight\AppData\Roaming\OBS 2014-03-26 03:17 . 2014-03-26 03:17 -------- d-----w- c:\program files\OBS 2014-03-26 03:17 . 2014-03-26 03:17 -------- d-----w- c:\program files (x86)\OBS 2014-03-26 03:07 . 2014-03-29 11:26 -------- d-----w- c:\users\Kyzight\.android . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-27 07:46 . 2014-01-21 21:33 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-07 19:08 . 2014-01-21 21:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-04 14:35 . 2014-03-11 16:43 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll 2014-03-04 14:35 . 2014-03-11 16:43 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll 2014-03-04 14:35 . 2014-03-11 16:43 892704 ----a-w- c:\windows\system32\NvIFR64.dll 2014-03-04 14:35 . 2014-03-11 16:43 877856 ----a-w- c:\windows\system32\NvFBC64.dll 2014-03-04 14:35 . 2014-03-11 16:43 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll 2014-03-04 14:35 . 2014-03-11 16:43 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll 2014-03-04 14:35 . 2014-03-11 16:43 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2014-03-04 14:35 . 2014-03-11 16:43 353504 ----a-w- c:\windows\system32\nvoglshim64.dll 2014-03-04 14:35 . 2014-03-11 16:43 31474976 ----a-w- c:\windows\system32\nvoglv64.dll 2014-03-04 14:35 . 2014-03-11 16:43 3143456 ----a-w- c:\windows\system32\nvcuvid.dll 2014-03-04 14:35 . 2014-03-11 16:43 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll 2014-03-04 14:35 . 2014-03-11 16:43 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2014-03-04 14:35 . 2014-03-11 16:43 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll 2014-03-04 14:35 . 2014-03-11 16:43 25255256 ----a-w- c:\windows\system32\nvcompiler.dll 2014-03-04 14:35 . 2014-03-11 16:43 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2014-03-04 14:35 . 2014-03-11 16:43 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2014-03-04 14:35 . 2014-03-11 16:43 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll 2014-03-04 14:35 . 2014-03-11 16:43 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll 2014-03-04 14:35 . 2014-03-11 16:43 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2014-03-04 14:35 . 2014-03-11 16:43 174296 ----a-w- c:\windows\system32\nvinitx.dll 2014-03-04 14:35 . 2014-03-11 16:43 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll 2014-03-04 14:35 . 2014-03-11 16:43 148016 ----a-w- c:\windows\SysWow64\nvinit.dll 2014-03-04 14:35 . 2014-03-11 16:43 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2014-03-04 14:35 . 2014-03-11 16:43 11636176 ----a-w- c:\windows\system32\nvcuda.dll 2014-03-04 14:35 . 2014-03-11 16:43 11589272 ----a-w- c:\windows\system32\nvopencl.dll 2014-03-04 14:35 . 2014-01-23 01:09 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2014-03-04 14:35 . 2014-01-21 22:53 947808 ----a-w- c:\windows\system32\nvumdshimx.dll 2014-03-04 14:35 . 2014-01-21 22:53 3093280 ----a-w- c:\windows\system32\nvapi64.dll 2014-03-04 14:35 . 2014-01-21 22:53 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll 2014-03-04 14:35 . 2014-01-21 22:53 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll 2014-03-04 14:35 . 2014-01-21 22:53 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2014-03-04 13:06 . 2014-01-21 22:54 6714312 ----a-w- c:\windows\system32\nvcpl.dll 2014-03-04 13:06 . 2014-01-21 22:54 3497816 ----a-w- c:\windows\system32\nvsvc64.dll 2014-03-04 13:05 . 2014-01-21 22:54 922968 ----a-w- c:\windows\system32\nvvsvc.exe 2014-03-04 13:05 . 2014-01-21 22:54 64968 ----a-w- c:\windows\system32\nvshext.dll 2014-03-04 13:05 . 2014-01-21 22:54 386336 ----a-w- c:\windows\system32\nvmctray.dll 2014-03-04 13:05 . 2014-01-21 22:54 3649185 ----a-w- c:\windows\system32\nvcoproc.bin 2014-03-04 11:32 . 2014-03-11 16:45 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2014-02-08 18:34 . 2014-03-07 19:01 1885472 ----a-w- c:\windows\system32\nvdispco6433489.dll 2014-02-08 18:34 . 2014-03-07 19:01 1515296 ----a-w- c:\windows\system32\nvdispgenco6433489.dll 2014-02-08 00:33 . 2014-02-08 00:33 466520 ----a-w- c:\windows\system32\wrap_oal.dll 2014-02-08 00:33 . 2014-02-08 00:33 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2014-02-08 00:33 . 2014-02-08 00:33 123480 ----a-w- c:\windows\system32\OpenAL32.dll 2014-02-08 00:33 . 2014-02-08 00:33 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2014-01-22 10:59 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-01-22 04:26 . 2014-01-22 04:26 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-01-22 04:26 . 2014-01-22 04:26 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2014-01-22 04:26 . 2014-01-22 04:26 942592 ----a-w- c:\windows\system32\jsIntl.dll 2014-01-22 04:26 . 2014-01-22 04:26 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2014-01-22 04:26 . 2014-01-22 04:26 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2014-01-22 04:26 . 2014-01-22 04:26 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2014-01-22 04:26 . 2014-01-22 04:26 84992 ----a-w- c:\windows\system32\mshtmled.dll 2014-01-22 04:26 . 2014-01-22 04:26 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-01-22 04:26 . 2014-01-22 04:26 817664 ----a-w- c:\windows\system32\ieapfltr.dll 2014-01-22 04:26 . 2014-01-22 04:26 81408 ----a-w- c:\windows\system32\icardie.dll 2014-01-22 04:26 . 2014-01-22 04:26 774144 ----a-w- c:\windows\system32\jscript.dll 2014-01-22 04:26 . 2014-01-22 04:26 77312 ----a-w- c:\windows\system32\tdc.ocx 2014-01-22 04:26 . 2014-01-22 04:26 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2014-01-22 04:26 . 2014-01-22 04:26 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2014-01-22 04:26 . 2014-01-22 04:26 708608 ----a-w- c:\windows\system32\jscript9diag.dll 2014-01-22 04:26 . 2014-01-22 04:26 66048 ----a-w- c:\windows\system32\iesetup.dll 2014-01-22 04:26 . 2014-01-22 04:26 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2014-01-22 04:26 . 2014-01-22 04:26 626176 ----a-w- c:\windows\system32\msfeeds.dll 2014-01-22 04:26 . 2014-01-22 04:26 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2014-01-22 04:26 . 2014-01-22 04:26 62464 ----a-w- c:\windows\system32\pngfilt.dll 2014-01-22 04:26 . 2014-01-22 04:26 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-01-22 04:26 . 2014-01-22 04:26 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-01-22 04:26 . 2014-01-22 04:26 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2014-01-22 04:26 . 2014-01-22 04:26 5765120 ----a-w- c:\windows\system32\jscript9.dll 2014-01-22 04:26 . 2014-01-22 04:26 574976 ----a-w- c:\windows\system32\ieui.dll 2014-01-22 04:26 . 2014-01-22 04:26 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-01-22 04:26 . 2014-01-22 04:26 548352 ----a-w- c:\windows\system32\vbscript.dll 2014-01-22 04:26 . 2014-01-22 04:26 53760 ----a-w- c:\windows\system32\jsproxy.dll 2014-01-22 04:26 . 2014-01-22 04:26 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2014-01-22 04:26 . 2014-01-22 04:26 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-01-22 04:26 . 2014-01-22 04:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2014-01-22 04:26 . 2014-01-22 04:26 48640 ----a-w- c:\windows\system32\mshtmler.dll 2014-01-22 04:26 . 2014-01-22 04:26 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-01-22 04:26 . 2014-01-22 04:26 48128 ----a-w- c:\windows\system32\imgutil.dll 2014-01-22 04:26 . 2014-01-22 04:26 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-01-22 04:26 . 2014-01-22 04:26 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2014-01-22 04:26 . 2014-01-22 04:26 4240384 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-01-22 04:26 . 2014-01-22 04:26 413696 ----a-w- c:\windows\system32\html.iec 2014-01-22 04:26 . 2014-01-22 04:26 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-01-22 04:26 . 2014-01-22 04:26 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-01-22 04:26 . 2014-01-22 04:26 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2014-01-22 04:26 . 2014-01-22 04:26 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2014-01-22 04:26 . 2014-01-22 04:26 33792 ----a-w- c:\windows\system32\iernonce.dll 2014-01-22 04:26 . 2014-01-22 04:26 337408 ----a-w- c:\windows\SysWow64\html.iec 2014-01-22 04:26 . 2014-01-22 04:26 30208 ----a-w- c:\windows\system32\licmgr10.dll 2014-01-22 04:26 . 2014-01-22 04:26 296960 ----a-w- c:\windows\system32\dxtrans.dll 2014-01-22 04:26 . 2014-01-22 04:26 2764288 ----a-w- c:\windows\system32\iertutil.dll 2014-01-22 04:26 . 2014-01-22 04:26 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-01-22 04:26 . 2014-01-22 04:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-01-22 04:26 . 2014-01-22 04:26 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2014-01-22 04:26 . 2014-01-22 04:26 247808 ----a-w- c:\windows\system32\msls31.dll 2014-01-22 04:26 . 2014-01-22 04:26 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2014-01-22 04:26 . 2014-01-22 04:26 243200 ----a-w- c:\windows\system32\webcheck.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-21 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll [-] 2010-11-21 . DF44D05039EE04B878F69172313E2DAE . 515072 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-03-08 506864] "AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-04-07 5180432] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ UltraMon.lnk - c:\windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico /auto [2014-1-21 29310] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 37878304 *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - NTIOLIB_1_0_3 *Deregistered* - 37878304 . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-08-20 7202520] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . SafeBoot-37878304.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-04-19 03:28:56 ComboFix-quarantined-files.txt 2014-04-19 08:28 . Pre-Run: 857,434,132,480 bytes free Post-Run: 857,442,938,880 bytes free . - - End Of File - - B9A4E781C7DC84E925E681D47B0DB78F A36C5E4F47E84449FF07ED3517B43A31 -
I could use some help with Trojan.Zekos.Patched
kyzight12 replied to kyzight12's topic in Resolved Malware Removal Logs
Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01 Ran by Kyzight at 2014-04-19 02:47:52 Running from C:\Users\Kyzight\Downloads Boot Mode: Normal ================== Search: "rpcss.dll" =================== C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll [2010-11-20 22:24] - [2010-11-20 22:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 C:\Windows\System32\rpcss.dll [2010-11-20 22:24] - [2010-11-20 22:24] - 0515072 ____N (Microsoft Corporation) DF44D05039EE04B878F69172313E2DAE ====== End Of Search ====== ALSO, I want to say Thank you for taking the time to help me Georgi. -
I could use some help with Trojan.Zekos.Patched
kyzight12 replied to kyzight12's topic in Resolved Malware Removal Logs
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01 Ran by Kyzight at 2014-04-19 02:39:40 Running from C:\Users\Kyzight\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.14 - Adobe Systems Incorporated) Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated) AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.8.000 - Asmedia Technology) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4569 - AVG Technologies) AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4569 - AVG Technologies) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Catalyst Control Center (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games) League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics) Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation) NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation) NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation) NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) Pox Nora 1.8 (HKLM-x32\...\3055-2232-0137-3195) (Version: 1.8 - Desert Owl Games) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version: - Ubisoft - San Francisco) SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2070.0 - Hi-Rez Studios) Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.018 - MSI) Tenda Wireless LAN Card (HKLM-x32\...\{C26CF23B-8EAC-401C-96F8-1064EC7CE039}) (Version: 1.5.6.0 - Tenda) The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - ) The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version: - Ubisoft Montreal) UltraMon (HKLM\...\{9069EE0A-7615-4D86-AD80-CA263E936DA6}) (Version: 3.2.2 - Realtime Soft Ltd) Uplay (HKLM-x32\...\Uplay) (Version: 3.2 - Ubisoft) Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.131 - MSI) WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. ) ==================== Restore Points ========================= 18-04-2014 22:43:18 Removed Renesas Electronics USB 3.0 Host Controller Driver 18-04-2014 22:45:30 Removed File Association Helper 18-04-2014 22:45:55 Removed Asmedia ASM106x SATA Host Controller Driver. 18-04-2014 22:46:24 Removed Creative System Information 19-04-2014 05:18:47 Installed AVG 2014 19-04-2014 05:19:12 Installed AVG 2014 19-04-2014 07:20:48 Removed Windows Live Mesh ActiveX Control for Remote Connections 19-04-2014 07:24:29 Removed Windows Live Mesh ActiveX Control for Remote Connections ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {EBCBFD74-8B82-4EB1-B49D-D0F58A9A3453} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd) ==================== Loaded Modules (whitelisted) ============= 2014-01-21 17:54 - 2014-03-04 08:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-05-04 16:41 - 2012-05-04 16:41 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2011-11-13 15:30 - 2011-11-13 15:30 - 00676864 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2011-11-13 15:31 - 2011-11-13 15:31 - 03643392 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37878304.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37878304.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Users^Kyzight^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun ==================== Faulty Device Manager Devices ============= Name: 802.11n Wireless LAN Card Description: 802.11n Wireless LAN Card Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Ralink Technology, Corp. Service: netr28x Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Universal Serial Bus (USB) Controller Description: Universal Serial Bus (USB) Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/19/2014 02:33:01 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 02:12:21 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 02:09:42 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (04/19/2014 00:11:27 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 11:38:36 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Skype Click to Call -- Error 1923. Service 'Skype Click to Call Updater' (c2cautoupdatesvc) could not be installed. Verify that you have sufficient privileges to install system services. Error: (04/18/2014 05:24:03 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 05:09:13 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 05:05:14 PM) (Source: Application Error) (User: ) Description: Faulting application name: taskmgr.exe, version: 6.1.7601.17514, time stamp: 0x4ce79737 Faulting module name: RTSUltraMonHook.dll_unloaded, version: 0.0.0.0, time stamp: 0x50d64abb Exception code: 0xc0000005 Fault offset: 0x0000000070597f84 Faulting process id: 0x1a84 Faulting application start time: 0xtaskmgr.exe0 Faulting application path: taskmgr.exe1 Faulting module path: taskmgr.exe2 Report Id: taskmgr.exe3 Error: (04/18/2014 05:01:29 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 03:41:45 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. System errors: ============= Error: (04/19/2014 02:31:48 AM) (Source: Service Control Manager) (User: ) Description: The Power service terminated with the following error: %%4203 Error: (04/19/2014 02:11:04 AM) (Source: Service Control Manager) (User: ) Description: The Power service terminated with the following error: %%4203 Error: (04/19/2014 00:10:06 AM) (Source: Service Control Manager) (User: ) Description: The Power service terminated with the following error: %%4203 Error: (04/19/2014 00:10:03 AM) (Source: EventLog) (User: ) Description: The previous system shutdown at 12:08:18 AM on 4/19/2014 was unexpected. Error: (04/18/2014 11:38:36 PM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for Type with the following error: %%5 Error: (04/18/2014 06:00:57 PM) (Source: BROWSER) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{A78EF3F9-C10C-4050-9B9B-091246B5AEFD}. The backup browser is stopping. Error: (04/18/2014 05:22:30 PM) (Source: Service Control Manager) (User: ) Description: The Power service terminated with the following error: %%4203 Error: (04/18/2014 05:22:26 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 5:20:30 PM on 4/18/2014 was unexpected. Error: (04/18/2014 05:10:26 PM) (Source: BROWSER) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{A78EF3F9-C10C-4050-9B9B-091246B5AEFD}. The backup browser is stopping. Error: (04/18/2014 05:07:40 PM) (Source: Service Control Manager) (User: ) Description: The Power service terminated with the following error: %%4203 Microsoft Office Sessions: ========================= Error: (04/19/2014 02:33:01 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 02:12:21 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 02:09:42 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (04/19/2014 00:11:27 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 11:38:36 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Skype Click to Call -- Error 1923. Service 'Skype Click to Call Updater' (c2cautoupdatesvc) could not be installed. Verify that you have sufficient privileges to install system services.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/18/2014 05:24:03 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 05:09:13 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 05:05:14 PM) (Source: Application Error)(User: ) Description: taskmgr.exe6.1.7601.175144ce79737RTSUltraMonHook.dll_unloaded0.0.0.050d64abbc00000050000000070597f841a8401cf5b52426531faC:\Windows\system32\taskmgr.exeRTSUltraMonHook.dll84619eff-c745-11e3-97ed-448a5b2fc3d2 Error: (04/18/2014 05:01:29 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 03:41:45 AM) (Source: SideBySide)(User: ) Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2 ==================== Memory info =========================== Percentage of memory in use: 38% Total physical RAM: 8191.17 MB Available physical RAM: 5037.85 MB Total Pagefile: 16380.52 MB Available Pagefile: 13018.96 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:798.93 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 5DCA1996) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ==================== End Of Log ============================ -
I could use some help with Trojan.Zekos.Patched
kyzight12 replied to kyzight12's topic in Resolved Malware Removal Logs
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01 Ran by Kyzight (administrator) on KYZIGHT-PC on 19-04-2014 02:39:07 Running from C:\Users\Kyzight\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Kaspersky Lab ZAO) C:\Users\Kyzight\AppData\Local\Temp\{0F19A1A0-5C96-4D7B-9B6E-163DA1D4F3C8}.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe (MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe (Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation) HKLM-x32\...\Run: [super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-3712323702-2871766201-4247296825-1001\...\MountPoints2: {3ce1792f-ae40-11e3-92fc-448a5b2fc3d2} - E:\LG_PC_Programs.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) Chrome: ======= ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3655184 2014-04-01] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-07-03] (Google Inc) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices) R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236824 2014-04-01] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2011-07-15] (Creative Technology Ltd.) S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-19 02:39 - 2014-04-19 02:39 - 00010966 _____ () C:\Users\Kyzight\Downloads\FRST.txt 2014-04-19 02:38 - 2014-04-19 02:39 - 00000000 ____D () C:\FRST 2014-04-19 02:38 - 2014-04-19 02:38 - 02158592 _____ (Farbar) C:\Users\Kyzight\Downloads\FRST64.exe 2014-04-19 02:21 - 2014-04-19 02:21 - 00000000 ____D () C:\ProgramData\VirtualizedApplications 2014-04-19 02:17 - 2014-04-19 02:17 - 00002660 _____ () C:\Users\Kyzight\Desktop\RKreport[0]_S_04192014_021726.txt 2014-04-19 02:13 - 2014-04-19 02:17 - 00000000 ____D () C:\Users\Kyzight\Desktop\RK_Quarantine 2014-04-19 02:02 - 2014-04-19 02:27 - 00000000 ____D () C:\AdwCleaner 2014-04-19 00:20 - 2014-04-19 00:20 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\AVG2014 2014-04-19 00:19 - 2014-04-19 00:20 - 00000000 ____D () C:\ProgramData\AVG2014 2014-04-19 00:19 - 2014-04-19 00:19 - 00000972 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ___HD () C:\$AVG 2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\TuneUp Software 2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-04-19 00:17 - 2014-04-19 00:31 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-19 00:17 - 2014-04-19 00:22 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\Avg2014 2014-04-19 00:17 - 2014-04-19 00:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\MFAData 2014-04-19 00:10 - 2014-04-19 02:31 - 00000504 _____ () C:\Windows\setupact.log 2014-04-19 00:10 - 2014-04-19 00:10 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-19 00:09 - 2014-04-19 00:10 - 00283168 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-18 23:55 - 2014-04-18 23:55 - 00061736 _____ () C:\Users\Kyzight\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-18 23:38 - 2014-04-18 23:38 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2014-04-18 23:35 - 2014-04-18 23:38 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-04-18 18:10 - 2014-04-18 18:10 - 00000000 ____D () C:\Windows\pss 2014-04-18 17:49 - 2014-04-18 17:49 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-04-18 17:49 - 2014-04-18 17:49 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-18 17:42 - 2014-04-19 02:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-18 17:41 - 2014-04-18 17:41 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-18 17:41 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-18 17:41 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-18 17:41 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-18 17:03 - 2014-04-19 01:08 - 00007597 _____ () C:\Users\Kyzight\AppData\Local\Resmon.ResmonCfg 2014-04-18 03:22 - 2014-04-19 02:20 - 00000077 _____ () C:\Windows\system32\xdqrfkx.mix 2014-04-18 03:12 - 2014-04-19 02:36 - 00037888 _____ () C:\Windows\system32\yenumt.opb 2014-04-18 03:12 - 2014-04-19 02:36 - 00000106 _____ () C:\Windows\system32\vfgrxtf.tgk 2014-04-18 03:12 - 2014-04-18 03:12 - 00000064 _____ () C:\Windows\system32\aevw.ouq 2014-04-18 02:56 - 2014-04-18 02:56 - 00301959 ____S () C:\Windows\system32\nunb.nhv 2014-04-16 03:16 - 2014-04-16 03:16 - 00064216 _____ () C:\Users\Kyzight\Documents\report.txt 2014-04-16 02:16 - 2014-04-16 02:16 - 00000050 _____ () C:\Users\Kyzight\Desktop\Authors....txt 2014-04-07 08:18 - 2014-04-07 08:19 - 00000000 ____D () C:\Users\Kyzight\TAXYEAR2013 2014-04-06 08:26 - 2014-04-06 08:49 - 00000000 ____D () C:\Users\Kyzight\Downloads\ESOADD 2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-03-29 03:40 - 2014-03-29 03:41 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\WinZip 2014-03-29 03:40 - 2014-03-29 03:41 - 00000000 ____D () C:\ProgramData\WinZip 2014-03-29 03:40 - 2014-03-29 03:40 - 00000000 ____D () C:\Program Files\WinZip 2014-03-28 20:55 - 2014-04-18 23:38 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-28 20:55 - 2014-03-30 00:28 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Skype 2014-03-28 20:55 - 2014-03-28 20:55 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-28 20:55 - 2014-03-28 20:55 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\Skype 2014-03-28 20:55 - 2014-03-28 20:55 - 00000000 ____D () C:\ProgramData\Skype 2014-03-28 16:12 - 2014-04-18 17:51 - 00000000 ____D () C:\Windows\Minidump 2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2014-03-27 02:46 - 2014-03-27 02:46 - 00000000 ____D () C:\Users\Kyzight\Documents\My Games 2014-03-27 02:20 - 2014-03-27 02:20 - 00002035 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-03-27 02:20 - 2014-03-27 02:20 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios 2014-03-27 02:20 - 2014-03-27 02:20 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios 2014-03-26 20:39 - 2014-03-26 20:39 - 00001156 _____ () C:\Users\Kyzight\Desktop\eclipse - Shortcut.lnk 2014-03-26 05:42 - 2014-03-26 05:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf 2014-03-26 05:35 - 2014-03-26 05:35 - 00000000 ____D () C:\Program Files (x86)\LG Electronics 2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Notepad++ 2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-03-26 05:04 - 2014-03-26 05:04 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-03-26 05:04 - 2014-03-26 05:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-03-26 05:04 - 2014-03-26 05:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-03-26 05:04 - 2014-03-26 05:04 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-03-26 05:04 - 2014-03-26 05:04 - 00000000 ____D () C:\Program Files\Java 2014-03-26 04:18 - 2014-03-29 05:36 - 00000000 ____D () C:\Programing Box 2014-03-25 22:17 - 2014-03-25 22:17 - 00000946 _____ () C:\Users\Kyzight\Desktop\Open Broadcaster Software.lnk 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\OBS 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Program Files\OBS 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Program Files (x86)\OBS 2014-03-25 22:07 - 2014-03-29 06:26 - 00000000 ____D () C:\Users\Kyzight\.android 2014-03-25 22:02 - 2014-03-27 08:19 - 00000000 ____D () C:\Users\Kyzight\Desktop\censoredup ==================== One Month Modified Files and Folders ======= 2014-04-19 02:39 - 2014-04-19 02:39 - 00010966 _____ () C:\Users\Kyzight\Downloads\FRST.txt 2014-04-19 02:39 - 2014-04-19 02:38 - 00000000 ____D () C:\FRST 2014-04-19 02:38 - 2014-04-19 02:38 - 02158592 _____ (Farbar) C:\Users\Kyzight\Downloads\FRST64.exe 2014-04-19 02:38 - 2009-07-13 23:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-19 02:38 - 2009-07-13 23:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-19 02:36 - 2014-04-18 03:12 - 00037888 _____ () C:\Windows\system32\yenumt.opb 2014-04-19 02:36 - 2014-04-18 03:12 - 00000106 _____ () C:\Windows\system32\vfgrxtf.tgk 2014-04-19 02:36 - 2009-07-14 00:13 - 00782164 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-19 02:34 - 2014-01-15 12:19 - 00119985 _____ () C:\Windows\WindowsUpdate.log 2014-04-19 02:33 - 2014-04-18 17:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-19 02:31 - 2014-04-19 00:10 - 00000504 _____ () C:\Windows\setupact.log 2014-04-19 02:31 - 2014-01-15 12:27 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-19 02:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-19 02:27 - 2014-04-19 02:02 - 00000000 ____D () C:\AdwCleaner 2014-04-19 02:24 - 2011-11-22 11:43 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-04-19 02:21 - 2014-04-19 02:21 - 00000000 ____D () C:\ProgramData\VirtualizedApplications 2014-04-19 02:20 - 2014-04-18 03:22 - 00000077 _____ () C:\Windows\system32\xdqrfkx.mix 2014-04-19 02:17 - 2014-04-19 02:17 - 00002660 _____ () C:\Users\Kyzight\Desktop\RKreport[0]_S_04192014_021726.txt 2014-04-19 02:17 - 2014-04-19 02:13 - 00000000 ____D () C:\Users\Kyzight\Desktop\RK_Quarantine 2014-04-19 01:08 - 2014-04-18 17:03 - 00007597 _____ () C:\Users\Kyzight\AppData\Local\Resmon.ResmonCfg 2014-04-19 00:31 - 2014-04-19 00:17 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-19 00:22 - 2014-04-19 00:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\Avg2014 2014-04-19 00:20 - 2014-04-19 00:20 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\AVG2014 2014-04-19 00:20 - 2014-04-19 00:19 - 00000000 ____D () C:\ProgramData\AVG2014 2014-04-19 00:19 - 2014-04-19 00:19 - 00000972 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ___HD () C:\$AVG 2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\TuneUp Software 2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-04-19 00:17 - 2014-04-19 00:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\MFAData 2014-04-19 00:10 - 2014-04-19 00:10 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-19 00:10 - 2014-04-19 00:09 - 00283168 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-19 00:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-18 23:55 - 2014-04-18 23:55 - 00061736 _____ () C:\Users\Kyzight\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-18 23:38 - 2014-04-18 23:38 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2014-04-18 23:38 - 2014-04-18 23:35 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-04-18 23:38 - 2014-03-28 20:55 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-04-18 23:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep 2014-04-18 18:10 - 2014-04-18 18:10 - 00000000 ____D () C:\Windows\pss 2014-04-18 18:10 - 2014-01-22 05:59 - 00000000 ___RD () C:\Users\Kyzight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-18 17:51 - 2014-03-28 16:12 - 00000000 ____D () C:\Windows\Minidump 2014-04-18 17:51 - 2014-01-21 23:36 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Ventrilo 2014-04-18 17:51 - 2014-01-21 17:03 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-18 17:51 - 2011-11-21 20:24 - 00000000 ____D () C:\Windows\panther 2014-04-18 17:49 - 2014-04-18 17:49 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-04-18 17:49 - 2014-04-18 17:49 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-18 17:46 - 2014-02-07 19:33 - 00000000 ____D () C:\Program Files (x86)\Creative 2014-04-18 17:43 - 2014-01-15 12:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-18 17:41 - 2014-04-18 17:41 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-18 03:12 - 2014-04-18 03:12 - 00000064 _____ () C:\Windows\system32\aevw.ouq 2014-04-18 03:00 - 2014-01-21 18:05 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\Battle.net 2014-04-18 02:56 - 2014-04-18 02:56 - 00301959 ____S () C:\Windows\system32\nunb.nhv 2014-04-18 00:19 - 2014-01-21 16:51 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\PMB Files 2014-04-18 00:19 - 2014-01-21 16:51 - 00000000 ____D () C:\ProgramData\PMB Files 2014-04-17 19:47 - 2014-02-28 18:51 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Awesomium 2014-04-16 03:16 - 2014-04-16 03:16 - 00064216 _____ () C:\Users\Kyzight\Documents\report.txt 2014-04-16 02:16 - 2014-04-16 02:16 - 00000050 _____ () C:\Users\Kyzight\Desktop\Authors....txt 2014-04-14 18:31 - 2014-01-21 18:07 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-04-14 18:31 - 2014-01-21 18:05 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-04-14 10:12 - 2014-01-21 17:23 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\.minecraft 2014-04-07 08:19 - 2014-04-07 08:18 - 00000000 ____D () C:\Users\Kyzight\TAXYEAR2013 2014-04-07 08:19 - 2014-01-22 05:58 - 00000000 ____D () C:\Users\Kyzight 2014-04-06 08:49 - 2014-04-06 08:26 - 00000000 ____D () C:\Users\Kyzight\Downloads\ESOADD 2014-04-03 09:51 - 2014-04-18 17:41 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-18 17:41 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-18 17:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-03-30 00:28 - 2014-03-28 20:55 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Skype 2014-03-29 06:26 - 2014-03-25 22:07 - 00000000 ____D () C:\Users\Kyzight\.android 2014-03-29 05:36 - 2014-03-26 04:18 - 00000000 ____D () C:\Programing Box 2014-03-29 03:41 - 2014-03-29 03:40 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\WinZip 2014-03-29 03:41 - 2014-03-29 03:40 - 00000000 ____D () C:\ProgramData\WinZip 2014-03-29 03:40 - 2014-03-29 03:40 - 00000000 ____D () C:\Program Files\WinZip 2014-03-28 20:55 - 2014-03-28 20:55 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-28 20:55 - 2014-03-28 20:55 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\Skype 2014-03-28 20:55 - 2014-03-28 20:55 - 00000000 ____D () C:\ProgramData\Skype 2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2014-03-27 08:19 - 2014-03-25 22:02 - 00000000 ____D () C:\Users\Kyzight\Desktop\censoredup 2014-03-27 02:46 - 2014-03-27 02:46 - 00000000 ____D () C:\Users\Kyzight\Documents\My Games 2014-03-27 02:46 - 2014-01-21 16:33 - 00404640 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-27 02:20 - 2014-03-27 02:20 - 00002035 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-03-27 02:20 - 2014-03-27 02:20 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios 2014-03-27 02:20 - 2014-03-27 02:20 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios 2014-03-26 20:39 - 2014-03-26 20:39 - 00001156 _____ () C:\Users\Kyzight\Desktop\eclipse - Shortcut.lnk 2014-03-26 05:42 - 2014-03-26 05:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf 2014-03-26 05:35 - 2014-03-26 05:35 - 00000000 ____D () C:\Program Files (x86)\LG Electronics 2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Notepad++ 2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-03-26 05:04 - 2014-03-26 05:04 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-03-26 05:04 - 2014-03-26 05:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-03-26 05:04 - 2014-03-26 05:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-03-26 05:04 - 2014-03-26 05:04 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-03-26 05:04 - 2014-03-26 05:04 - 00000000 ____D () C:\Program Files\Java 2014-03-25 22:17 - 2014-03-25 22:17 - 00000946 _____ () C:\Users\Kyzight\Desktop\Open Broadcaster Software.lnk 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\OBS 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Program Files\OBS 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Program Files (x86)\OBS Some content of TEMP: ==================== C:\Users\Kyzight\AppData\Local\Temp\ntdll_dump.dll C:\Users\Kyzight\AppData\Local\Temp\{0F19A1A0-5C96-4D7B-9B6E-163DA1D4F3C8}.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2010-11-20 22:24] - [2010-11-20 22:24] - 0515072 ____N (Microsoft Corporation) DF44D05039EE04B878F69172313E2DAE ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-18 03:41 ==================== End Of Log ============================ -
I could use some help with Trojan.Zekos.Patched
kyzight12 replied to kyzight12's topic in Resolved Malware Removal Logs
Oh also MB keeps popping up that it has Blocked the threat about once every 40 seconds to a minute. -
Hey I downloaded Malwarebytes because my friend said it was pretty good. The problem is I keep hearing what sounds to be ads in my speakers/headset. I run a scan with MB(Malwarebytes) and, gives me the to quarantine the file C:\Windows\System32\rpcss.dll . Unfortunately that doesn't stop the ads from coming up. Any suggestions?