Jump to content

I could use some help with Trojan.Zekos.Patched


Recommended Posts

Hey I downloaded Malwarebytes because my friend said it was pretty good.

 

The problem is I keep hearing what sounds to be ads in my speakers/headset.

I run a scan with MB(Malwarebytes) and, gives me the to quarantine the file C:\Windows\System32\rpcss.dll . Unfortunately that doesn't stop the ads from coming up. Any suggestions?

Link to post
Share on other sites

Hello! Welcome to Malwarebytes Forums! welcome.gif
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

  • Also please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Kyzight (administrator) on KYZIGHT-PC on 19-04-2014 02:39:07
Running from C:\Users\Kyzight\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Users\Kyzight\AppData\Local\Temp\{0F19A1A0-5C96-4D7B-9B6E-163DA1D4F3C8}.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3712323702-2871766201-4247296825-1001\...\MountPoints2: {3ce1792f-ae40-11e3-92fc-448a5b2fc3d2} - E:\LG_PC_Programs.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome:
=======

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3655184 2014-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-07-03] (Google Inc)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236824 2014-04-01] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2011-07-15] (Creative Technology Ltd.)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-19 02:39 - 2014-04-19 02:39 - 00010966 _____ () C:\Users\Kyzight\Downloads\FRST.txt
2014-04-19 02:38 - 2014-04-19 02:39 - 00000000 ____D () C:\FRST
2014-04-19 02:38 - 2014-04-19 02:38 - 02158592 _____ (Farbar) C:\Users\Kyzight\Downloads\FRST64.exe
2014-04-19 02:21 - 2014-04-19 02:21 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-04-19 02:17 - 2014-04-19 02:17 - 00002660 _____ () C:\Users\Kyzight\Desktop\RKreport[0]_S_04192014_021726.txt
2014-04-19 02:13 - 2014-04-19 02:17 - 00000000 ____D () C:\Users\Kyzight\Desktop\RK_Quarantine
2014-04-19 02:02 - 2014-04-19 02:27 - 00000000 ____D () C:\AdwCleaner
2014-04-19 00:20 - 2014-04-19 00:20 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\AVG2014
2014-04-19 00:19 - 2014-04-19 00:20 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-19 00:19 - 2014-04-19 00:19 - 00000972 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ___HD () C:\$AVG
2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\TuneUp Software
2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-19 00:17 - 2014-04-19 00:31 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-19 00:17 - 2014-04-19 00:22 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\Avg2014
2014-04-19 00:17 - 2014-04-19 00:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\MFAData
2014-04-19 00:10 - 2014-04-19 02:31 - 00000504 _____ () C:\Windows\setupact.log
2014-04-19 00:10 - 2014-04-19 00:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 00:09 - 2014-04-19 00:10 - 00283168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-18 23:55 - 2014-04-18 23:55 - 00061736 _____ () C:\Users\Kyzight\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-18 23:38 - 2014-04-18 23:38 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-04-18 23:35 - 2014-04-18 23:38 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-18 18:10 - 2014-04-18 18:10 - 00000000 ____D () C:\Windows\pss
2014-04-18 17:49 - 2014-04-18 17:49 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-18 17:49 - 2014-04-18 17:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-18 17:42 - 2014-04-19 02:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 17:41 - 2014-04-18 17:41 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-18 17:41 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-18 17:41 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-18 17:41 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-18 17:03 - 2014-04-19 01:08 - 00007597 _____ () C:\Users\Kyzight\AppData\Local\Resmon.ResmonCfg
2014-04-18 03:22 - 2014-04-19 02:20 - 00000077 _____ () C:\Windows\system32\xdqrfkx.mix
2014-04-18 03:12 - 2014-04-19 02:36 - 00037888 _____ () C:\Windows\system32\yenumt.opb
2014-04-18 03:12 - 2014-04-19 02:36 - 00000106 _____ () C:\Windows\system32\vfgrxtf.tgk
2014-04-18 03:12 - 2014-04-18 03:12 - 00000064 _____ () C:\Windows\system32\aevw.ouq
2014-04-18 02:56 - 2014-04-18 02:56 - 00301959 ____S () C:\Windows\system32\nunb.nhv
2014-04-16 03:16 - 2014-04-16 03:16 - 00064216 _____ () C:\Users\Kyzight\Documents\report.txt
2014-04-16 02:16 - 2014-04-16 02:16 - 00000050 _____ () C:\Users\Kyzight\Desktop\Authors....txt
2014-04-07 08:18 - 2014-04-07 08:19 - 00000000 ____D () C:\Users\Kyzight\TAXYEAR2013
2014-04-06 08:26 - 2014-04-06 08:49 - 00000000 ____D () C:\Users\Kyzight\Downloads\ESOADD
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-29 03:40 - 2014-03-29 03:41 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\WinZip
2014-03-29 03:40 - 2014-03-29 03:41 - 00000000 ____D () C:\ProgramData\WinZip
2014-03-29 03:40 - 2014-03-29 03:40 - 00000000 ____D () C:\Program Files\WinZip
2014-03-28 20:55 - 2014-04-18 23:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-28 20:55 - 2014-03-30 00:28 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Skype
2014-03-28 20:55 - 2014-03-28 20:55 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-28 20:55 - 2014-03-28 20:55 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\Skype
2014-03-28 20:55 - 2014-03-28 20:55 - 00000000 ____D () C:\ProgramData\Skype
2014-03-28 16:12 - 2014-04-18 17:51 - 00000000 ____D () C:\Windows\Minidump
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-03-27 02:46 - 2014-03-27 02:46 - 00000000 ____D () C:\Users\Kyzight\Documents\My Games
2014-03-27 02:20 - 2014-03-27 02:20 - 00002035 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-03-27 02:20 - 2014-03-27 02:20 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-03-27 02:20 - 2014-03-27 02:20 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-03-26 20:39 - 2014-03-26 20:39 - 00001156 _____ () C:\Users\Kyzight\Desktop\eclipse - Shortcut.lnk
2014-03-26 05:42 - 2014-03-26 05:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf
2014-03-26 05:35 - 2014-03-26 05:35 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Notepad++
2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-03-26 05:04 - 2014-03-26 05:04 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-26 05:04 - 2014-03-26 05:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-26 05:04 - 2014-03-26 05:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-26 05:04 - 2014-03-26 05:04 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-26 05:04 - 2014-03-26 05:04 - 00000000 ____D () C:\Program Files\Java
2014-03-26 04:18 - 2014-03-29 05:36 - 00000000 ____D () C:\Programing Box
2014-03-25 22:17 - 2014-03-25 22:17 - 00000946 _____ () C:\Users\Kyzight\Desktop\Open Broadcaster Software.lnk
2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\OBS
2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Program Files\OBS
2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-03-25 22:07 - 2014-03-29 06:26 - 00000000 ____D () C:\Users\Kyzight\.android
2014-03-25 22:02 - 2014-03-27 08:19 - 00000000 ____D () C:\Users\Kyzight\Desktop\censoredup

==================== One Month Modified Files and Folders =======

2014-04-19 02:39 - 2014-04-19 02:39 - 00010966 _____ () C:\Users\Kyzight\Downloads\FRST.txt
2014-04-19 02:39 - 2014-04-19 02:38 - 00000000 ____D () C:\FRST
2014-04-19 02:38 - 2014-04-19 02:38 - 02158592 _____ (Farbar) C:\Users\Kyzight\Downloads\FRST64.exe
2014-04-19 02:38 - 2009-07-13 23:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-19 02:38 - 2009-07-13 23:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-19 02:36 - 2014-04-18 03:12 - 00037888 _____ () C:\Windows\system32\yenumt.opb
2014-04-19 02:36 - 2014-04-18 03:12 - 00000106 _____ () C:\Windows\system32\vfgrxtf.tgk
2014-04-19 02:36 - 2009-07-14 00:13 - 00782164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-19 02:34 - 2014-01-15 12:19 - 00119985 _____ () C:\Windows\WindowsUpdate.log
2014-04-19 02:33 - 2014-04-18 17:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 02:31 - 2014-04-19 00:10 - 00000504 _____ () C:\Windows\setupact.log
2014-04-19 02:31 - 2014-01-15 12:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-19 02:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-19 02:27 - 2014-04-19 02:02 - 00000000 ____D () C:\AdwCleaner
2014-04-19 02:24 - 2011-11-22 11:43 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-04-19 02:21 - 2014-04-19 02:21 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-04-19 02:20 - 2014-04-18 03:22 - 00000077 _____ () C:\Windows\system32\xdqrfkx.mix
2014-04-19 02:17 - 2014-04-19 02:17 - 00002660 _____ () C:\Users\Kyzight\Desktop\RKreport[0]_S_04192014_021726.txt
2014-04-19 02:17 - 2014-04-19 02:13 - 00000000 ____D () C:\Users\Kyzight\Desktop\RK_Quarantine
2014-04-19 01:08 - 2014-04-18 17:03 - 00007597 _____ () C:\Users\Kyzight\AppData\Local\Resmon.ResmonCfg
2014-04-19 00:31 - 2014-04-19 00:17 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-19 00:22 - 2014-04-19 00:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\Avg2014
2014-04-19 00:20 - 2014-04-19 00:20 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\AVG2014
2014-04-19 00:20 - 2014-04-19 00:19 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-19 00:19 - 2014-04-19 00:19 - 00000972 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ___HD () C:\$AVG
2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\TuneUp Software
2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-19 00:17 - 2014-04-19 00:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\MFAData
2014-04-19 00:10 - 2014-04-19 00:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 00:10 - 2014-04-19 00:09 - 00283168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-19 00:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-18 23:55 - 2014-04-18 23:55 - 00061736 _____ () C:\Users\Kyzight\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-18 23:38 - 2014-04-18 23:38 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-04-18 23:38 - 2014-04-18 23:35 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-18 23:38 - 2014-03-28 20:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-18 23:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-18 18:10 - 2014-04-18 18:10 - 00000000 ____D () C:\Windows\pss
2014-04-18 18:10 - 2014-01-22 05:59 - 00000000 ___RD () C:\Users\Kyzight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-18 17:51 - 2014-03-28 16:12 - 00000000 ____D () C:\Windows\Minidump
2014-04-18 17:51 - 2014-01-21 23:36 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Ventrilo
2014-04-18 17:51 - 2014-01-21 17:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-18 17:51 - 2011-11-21 20:24 - 00000000 ____D () C:\Windows\panther
2014-04-18 17:49 - 2014-04-18 17:49 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-18 17:49 - 2014-04-18 17:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-18 17:46 - 2014-02-07 19:33 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-04-18 17:43 - 2014-01-15 12:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-18 17:41 - 2014-04-18 17:41 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-18 03:12 - 2014-04-18 03:12 - 00000064 _____ () C:\Windows\system32\aevw.ouq
2014-04-18 03:00 - 2014-01-21 18:05 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\Battle.net
2014-04-18 02:56 - 2014-04-18 02:56 - 00301959 ____S () C:\Windows\system32\nunb.nhv
2014-04-18 00:19 - 2014-01-21 16:51 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\PMB Files
2014-04-18 00:19 - 2014-01-21 16:51 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-17 19:47 - 2014-02-28 18:51 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Awesomium
2014-04-16 03:16 - 2014-04-16 03:16 - 00064216 _____ () C:\Users\Kyzight\Documents\report.txt
2014-04-16 02:16 - 2014-04-16 02:16 - 00000050 _____ () C:\Users\Kyzight\Desktop\Authors....txt
2014-04-14 18:31 - 2014-01-21 18:07 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-14 18:31 - 2014-01-21 18:05 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-14 10:12 - 2014-01-21 17:23 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\.minecraft
2014-04-07 08:19 - 2014-04-07 08:18 - 00000000 ____D () C:\Users\Kyzight\TAXYEAR2013
2014-04-07 08:19 - 2014-01-22 05:58 - 00000000 ____D () C:\Users\Kyzight
2014-04-06 08:49 - 2014-04-06 08:26 - 00000000 ____D () C:\Users\Kyzight\Downloads\ESOADD
2014-04-03 09:51 - 2014-04-18 17:41 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-18 17:41 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-18 17:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-30 00:28 - 2014-03-28 20:55 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Skype
2014-03-29 06:26 - 2014-03-25 22:07 - 00000000 ____D () C:\Users\Kyzight\.android
2014-03-29 05:36 - 2014-03-26 04:18 - 00000000 ____D () C:\Programing Box
2014-03-29 03:41 - 2014-03-29 03:40 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\WinZip
2014-03-29 03:41 - 2014-03-29 03:40 - 00000000 ____D () C:\ProgramData\WinZip
2014-03-29 03:40 - 2014-03-29 03:40 - 00000000 ____D () C:\Program Files\WinZip
2014-03-28 20:55 - 2014-03-28 20:55 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-28 20:55 - 2014-03-28 20:55 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\Skype
2014-03-28 20:55 - 2014-03-28 20:55 - 00000000 ____D () C:\ProgramData\Skype
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-03-27 08:19 - 2014-03-25 22:02 - 00000000 ____D () C:\Users\Kyzight\Desktop\censoredup
2014-03-27 02:46 - 2014-03-27 02:46 - 00000000 ____D () C:\Users\Kyzight\Documents\My Games
2014-03-27 02:46 - 2014-01-21 16:33 - 00404640 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-27 02:20 - 2014-03-27 02:20 - 00002035 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-03-27 02:20 - 2014-03-27 02:20 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-03-27 02:20 - 2014-03-27 02:20 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-03-26 20:39 - 2014-03-26 20:39 - 00001156 _____ () C:\Users\Kyzight\Desktop\eclipse - Shortcut.lnk
2014-03-26 05:42 - 2014-03-26 05:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf
2014-03-26 05:35 - 2014-03-26 05:35 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Notepad++
2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-03-26 05:04 - 2014-03-26 05:04 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-26 05:04 - 2014-03-26 05:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-26 05:04 - 2014-03-26 05:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-26 05:04 - 2014-03-26 05:04 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-26 05:04 - 2014-03-26 05:04 - 00000000 ____D () C:\Program Files\Java
2014-03-25 22:17 - 2014-03-25 22:17 - 00000946 _____ () C:\Users\Kyzight\Desktop\Open Broadcaster Software.lnk
2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\OBS
2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Program Files\OBS
2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Program Files (x86)\OBS

Some content of TEMP:
====================
C:\Users\Kyzight\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Kyzight\AppData\Local\Temp\{0F19A1A0-5C96-4D7B-9B6E-163DA1D4F3C8}.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0515072 ____N (Microsoft Corporation) DF44D05039EE04B878F69172313E2DAE

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-18 03:41

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by Kyzight at 2014-04-19 02:39:40
Running from C:\Users\Kyzight\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.14 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.8.000 - Asmedia Technology)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4569 - AVG Technologies)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4569 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Pox Nora 1.8 (HKLM-x32\...\3055-2232-0137-3195) (Version: 1.8 - Desert Owl Games)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version:  - Ubisoft - San Francisco)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2070.0 - Hi-Rez Studios)
Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.018 - MSI)
Tenda Wireless LAN Card (HKLM-x32\...\{C26CF23B-8EAC-401C-96F8-1064EC7CE039}) (Version: 1.5.6.0 - Tenda)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
UltraMon (HKLM\...\{9069EE0A-7615-4D86-AD80-CA263E936DA6}) (Version: 3.2.2 - Realtime Soft Ltd)
Uplay (HKLM-x32\...\Uplay) (Version: 3.2 - Ubisoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.131 - MSI)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )

==================== Restore Points  =========================

18-04-2014 22:43:18 Removed Renesas Electronics USB 3.0 Host Controller Driver
18-04-2014 22:45:30 Removed File Association Helper
18-04-2014 22:45:55 Removed Asmedia ASM106x SATA Host Controller Driver.
18-04-2014 22:46:24 Removed Creative System Information
19-04-2014 05:18:47 Installed AVG 2014
19-04-2014 05:19:12 Installed AVG 2014
19-04-2014 07:20:48 Removed Windows Live Mesh ActiveX Control for Remote Connections
19-04-2014 07:24:29 Removed Windows Live Mesh ActiveX Control for Remote Connections

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {EBCBFD74-8B82-4EB1-B49D-D0F58A9A3453} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)

==================== Loaded Modules (whitelisted) =============

2014-01-21 17:54 - 2014-03-04 08:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-05-04 16:41 - 2012-05-04 16:41 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2011-11-13 15:30 - 2011-11-13 15:30 - 00676864 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2011-11-13 15:31 - 2011-11-13 15:31 - 03643392 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37878304.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37878304.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Kyzight^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2014 02:33:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 02:12:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 02:09:42 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/19/2014 00:11:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 11:38:36 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1923. Service 'Skype Click to Call Updater' (c2cautoupdatesvc) could not be installed. Verify that you have sufficient privileges to install system services.

Error: (04/18/2014 05:24:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 05:09:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 05:05:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: taskmgr.exe, version: 6.1.7601.17514, time stamp: 0x4ce79737
Faulting module name: RTSUltraMonHook.dll_unloaded, version: 0.0.0.0, time stamp: 0x50d64abb
Exception code: 0xc0000005
Fault offset: 0x0000000070597f84
Faulting process id: 0x1a84
Faulting application start time: 0xtaskmgr.exe0
Faulting application path: taskmgr.exe1
Faulting module path: taskmgr.exe2
Report Id: taskmgr.exe3

Error: (04/18/2014 05:01:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 03:41:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

System errors:
=============
Error: (04/19/2014 02:31:48 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (04/19/2014 02:11:04 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (04/19/2014 00:10:06 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (04/19/2014 00:10:03 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:08:18 AM on ‎4/‎19/‎2014 was unexpected.

Error: (04/18/2014 11:38:36 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5

Error: (04/18/2014 06:00:57 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{A78EF3F9-C10C-4050-9B9B-091246B5AEFD}.
The backup browser is stopping.

Error: (04/18/2014 05:22:30 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (04/18/2014 05:22:26 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:20:30 PM on ‎4/‎18/‎2014 was unexpected.

Error: (04/18/2014 05:10:26 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{A78EF3F9-C10C-4050-9B9B-091246B5AEFD}.
The backup browser is stopping.

Error: (04/18/2014 05:07:40 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Microsoft Office Sessions:
=========================
Error: (04/19/2014 02:33:01 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 02:12:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 02:09:42 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/19/2014 00:11:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 11:38:36 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1923. Service 'Skype Click to Call Updater' (c2cautoupdatesvc) could not be installed. Verify that you have sufficient privileges to install system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/18/2014 05:24:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 05:09:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 05:05:14 PM) (Source: Application Error)(User: )
Description: taskmgr.exe6.1.7601.175144ce79737RTSUltraMonHook.dll_unloaded0.0.0.050d64abbc00000050000000070597f841a8401cf5b52426531faC:\Windows\system32\taskmgr.exeRTSUltraMonHook.dll84619eff-c745-11e3-97ed-448a5b2fc3d2

Error: (04/18/2014 05:01:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 03:41:45 AM) (Source: SideBySide)(User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 8191.17 MB
Available physical RAM: 5037.85 MB
Total Pagefile: 16380.52 MB
Available Pagefile: 13018.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:798.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 5DCA1996)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by Kyzight at 2014-04-19 02:47:52
Running from C:\Users\Kyzight\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0515072 ____N (Microsoft Corporation) DF44D05039EE04B878F69172313E2DAE

====== End Of Search ======

 

 

 

 

 

ALSO, I want to say Thank you for taking the time to help me Georgi.

Link to post
Share on other sites

okay and again thank you. btw i'm hitting the sack. Before I go though here were some other log files(IDK if they will be useful)

 

COMBOFIX

ComboFix 14-04-17.01 - Kyzight 04/19/2014   3:21.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.4198 [GMT -5:00]
Running from: c:\users\Kyzight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09OKVQBX\ComboFix.exe
AV: AVG AntiVirus 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-19 to 2014-04-19  )))))))))))))))))))))))))))))))
.
.
2014-04-19 08:27 . 2014-04-19 08:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-19 07:38 . 2014-04-19 07:40 -------- d-----w- C:\FRST
2014-04-19 07:21 . 2014-04-19 07:21 -------- d-----w- c:\programdata\VirtualizedApplications
2014-04-19 07:02 . 2014-04-19 07:27 -------- d-----w- C:\AdwCleaner
2014-04-19 05:20 . 2014-04-19 05:20 -------- d-----w- c:\users\Kyzight\AppData\Roaming\AVG2014
2014-04-19 05:19 . 2014-04-19 05:19 -------- d-----w- c:\users\Kyzight\AppData\Roaming\TuneUp Software
2014-04-19 05:19 . 2014-04-19 05:20 -------- d-----w- c:\programdata\AVG2014
2014-04-19 05:19 . 2014-04-19 05:19 -------- d-----w- C:\$AVG
2014-04-19 05:19 . 2014-04-19 05:19 -------- d-----w- c:\program files (x86)\AVG
2014-04-19 05:17 . 2014-04-19 06:12 -------- d--h--w- c:\programdata\Common Files
2014-04-19 05:17 . 2014-04-19 05:31 -------- d-----w- c:\programdata\MFAData
2014-04-19 05:17 . 2014-04-19 05:22 -------- d-----w- c:\users\Kyzight\AppData\Local\Avg2014
2014-04-19 05:17 . 2014-04-19 05:17 -------- d-----w- c:\users\Kyzight\AppData\Local\MFAData
2014-04-19 04:38 . 2014-04-19 04:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
2014-04-19 04:35 . 2014-04-19 04:38 -------- d-----w- c:\programdata\HitmanPro
2014-04-18 22:49 . 2014-04-18 22:49 -------- d-----w- c:\program files\CCleaner
2014-04-18 22:42 . 2014-04-19 08:23 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-18 22:41 . 2014-04-18 22:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-18 22:41 . 2014-04-18 22:41 -------- d-----w- c:\programdata\Malwarebytes
2014-04-18 22:41 . 2014-04-03 14:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-18 22:41 . 2014-04-03 14:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-18 22:41 . 2014-04-03 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-07 13:18 . 2014-04-07 13:19 -------- d-----w- c:\users\Kyzight\TAXYEAR2013
2014-04-02 02:03 . 2014-04-02 02:03 236824 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-03-31 21:20 . 2014-03-31 21:20 274200 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-03-31 21:06 . 2014-03-31 21:06 130840 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-03-29 08:40 . 2014-03-29 08:41 -------- d-----w- c:\users\Kyzight\AppData\Local\WinZip
2014-03-29 08:40 . 2014-03-29 08:41 -------- d-----w- c:\programdata\WinZip
2014-03-29 08:40 . 2014-03-29 08:40 -------- d-----w- c:\program files\WinZip
2014-03-29 01:55 . 2014-03-29 01:55 -------- d-----w- c:\users\Kyzight\AppData\Local\Skype
2014-03-29 01:55 . 2014-03-30 05:28 -------- d-----w- c:\users\Kyzight\AppData\Roaming\Skype
2014-03-29 01:55 . 2014-04-19 04:38 -------- d-----r- c:\program files (x86)\Skype
2014-03-29 01:55 . 2014-03-29 01:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-29 01:55 . 2014-03-29 01:55 -------- d-----w- c:\programdata\Skype
2014-03-28 03:14 . 2014-03-28 03:14 192792 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-03-28 03:14 . 2014-03-28 03:14 153368 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-03-28 03:07 . 2014-03-28 03:07 236824 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-03-28 03:05 . 2014-03-28 03:05 324376 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-03-28 03:03 . 2014-03-28 03:03 32536 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2014-03-27 07:20 . 2014-03-27 07:20 -------- d-----w- c:\programdata\Hi-Rez Studios
2014-03-27 07:20 . 2014-03-27 07:20 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2014-03-26 10:35 . 2014-03-26 10:35 -------- d-----w- c:\program files (x86)\LG Electronics
2014-03-26 10:13 . 2014-03-26 10:13 -------- d-----w- c:\program files (x86)\Notepad++
2014-03-26 10:13 . 2014-03-26 10:13 -------- d-----w- c:\users\Kyzight\AppData\Roaming\Notepad++
2014-03-26 10:04 . 2014-03-26 10:04 312744 ----a-w- c:\windows\system32\javaws.exe
2014-03-26 10:04 . 2014-03-26 10:04 189352 ----a-w- c:\windows\system32\javaw.exe
2014-03-26 10:04 . 2014-03-26 10:04 189352 ----a-w- c:\windows\system32\java.exe
2014-03-26 10:04 . 2014-03-26 10:04 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-03-26 10:04 . 2014-03-26 10:04 -------- d-----w- c:\program files\Java
2014-03-26 09:18 . 2014-03-29 10:36 -------- d-----w- C:\Programing Box
2014-03-26 03:17 . 2014-03-26 03:17 -------- d-----w- c:\users\Kyzight\AppData\Roaming\OBS
2014-03-26 03:17 . 2014-03-26 03:17 -------- d-----w- c:\program files\OBS
2014-03-26 03:17 . 2014-03-26 03:17 -------- d-----w- c:\program files (x86)\OBS
2014-03-26 03:07 . 2014-03-29 11:26 -------- d-----w- c:\users\Kyzight\.android
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-27 07:46 . 2014-01-21 21:33 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-07 19:08 . 2014-01-21 21:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 14:35 . 2014-03-11 16:43 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-04 14:35 . 2014-03-11 16:43 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-04 14:35 . 2014-03-11 16:43 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-04 14:35 . 2014-03-11 16:43 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-04 14:35 . 2014-03-11 16:43 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-04 14:35 . 2014-03-11 16:43 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-04 14:35 . 2014-03-11 16:43 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2014-03-11 16:43 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-04 14:35 . 2014-03-11 16:43 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2014-03-11 16:43 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-04 14:35 . 2014-03-11 16:43 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-04 14:35 . 2014-03-11 16:43 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-04 14:35 . 2014-03-11 16:43 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-11 16:43 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-04 14:35 . 2014-03-11 16:43 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-11 16:43 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-04 14:35 . 2014-03-11 16:43 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-03-11 16:43 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2014-03-11 16:43 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-04 14:35 . 2014-03-11 16:43 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2014-03-11 16:43 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 . 2014-03-11 16:43 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-04 14:35 . 2014-03-11 16:43 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35 . 2014-03-11 16:43 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-04 14:35 . 2014-03-11 16:43 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-04 14:35 . 2014-01-23 01:09 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2014-01-21 22:53 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2014-01-21 22:53 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2014-01-21 22:53 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2014-01-21 22:53 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2014-01-21 22:53 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 13:06 . 2014-01-21 22:54 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2014-01-21 22:54 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2014-01-21 22:54 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2014-01-21 22:54 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2014-01-21 22:54 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2014-01-21 22:54 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-04 11:32 . 2014-03-11 16:45 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-02-08 18:34 . 2014-03-07 19:01 1885472 ----a-w- c:\windows\system32\nvdispco6433489.dll
2014-02-08 18:34 . 2014-03-07 19:01 1515296 ----a-w- c:\windows\system32\nvdispgenco6433489.dll
2014-02-08 00:33 . 2014-02-08 00:33 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2014-02-08 00:33 . 2014-02-08 00:33 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-02-08 00:33 . 2014-02-08 00:33 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2014-02-08 00:33 . 2014-02-08 00:33 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-01-22 10:59 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-01-22 04:26 . 2014-01-22 04:26 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-01-22 04:26 . 2014-01-22 04:26 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-01-22 04:26 . 2014-01-22 04:26 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-01-22 04:26 . 2014-01-22 04:26 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-01-22 04:26 . 2014-01-22 04:26 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-01-22 04:26 . 2014-01-22 04:26 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-01-22 04:26 . 2014-01-22 04:26 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-01-22 04:26 . 2014-01-22 04:26 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-01-22 04:26 . 2014-01-22 04:26 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2014-01-22 04:26 . 2014-01-22 04:26 81408 ----a-w- c:\windows\system32\icardie.dll
2014-01-22 04:26 . 2014-01-22 04:26 774144 ----a-w- c:\windows\system32\jscript.dll
2014-01-22 04:26 . 2014-01-22 04:26 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-01-22 04:26 . 2014-01-22 04:26 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-01-22 04:26 . 2014-01-22 04:26 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-01-22 04:26 . 2014-01-22 04:26 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2014-01-22 04:26 . 2014-01-22 04:26 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-01-22 04:26 . 2014-01-22 04:26 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-01-22 04:26 . 2014-01-22 04:26 626176 ----a-w- c:\windows\system32\msfeeds.dll
2014-01-22 04:26 . 2014-01-22 04:26 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-01-22 04:26 . 2014-01-22 04:26 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-01-22 04:26 . 2014-01-22 04:26 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-01-22 04:26 . 2014-01-22 04:26 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-01-22 04:26 . 2014-01-22 04:26 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-01-22 04:26 . 2014-01-22 04:26 5765120 ----a-w- c:\windows\system32\jscript9.dll
2014-01-22 04:26 . 2014-01-22 04:26 574976 ----a-w- c:\windows\system32\ieui.dll
2014-01-22 04:26 . 2014-01-22 04:26 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-01-22 04:26 . 2014-01-22 04:26 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-01-22 04:26 . 2014-01-22 04:26 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-01-22 04:26 . 2014-01-22 04:26 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-01-22 04:26 . 2014-01-22 04:26 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-01-22 04:26 . 2014-01-22 04:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-01-22 04:26 . 2014-01-22 04:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-01-22 04:26 . 2014-01-22 04:26 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-01-22 04:26 . 2014-01-22 04:26 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-01-22 04:26 . 2014-01-22 04:26 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-01-22 04:26 . 2014-01-22 04:26 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-01-22 04:26 . 2014-01-22 04:26 4240384 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-01-22 04:26 . 2014-01-22 04:26 413696 ----a-w- c:\windows\system32\html.iec
2014-01-22 04:26 . 2014-01-22 04:26 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-01-22 04:26 . 2014-01-22 04:26 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-22 04:26 . 2014-01-22 04:26 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-01-22 04:26 . 2014-01-22 04:26 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-01-22 04:26 . 2014-01-22 04:26 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-01-22 04:26 . 2014-01-22 04:26 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-01-22 04:26 . 2014-01-22 04:26 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-01-22 04:26 . 2014-01-22 04:26 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-01-22 04:26 . 2014-01-22 04:26 2764288 ----a-w- c:\windows\system32\iertutil.dll
2014-01-22 04:26 . 2014-01-22 04:26 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-01-22 04:26 . 2014-01-22 04:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-01-22 04:26 . 2014-01-22 04:26 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-01-22 04:26 . 2014-01-22 04:26 247808 ----a-w- c:\windows\system32\msls31.dll
2014-01-22 04:26 . 2014-01-22 04:26 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-01-22 04:26 . 2014-01-22 04:26 243200 ----a-w- c:\windows\system32\webcheck.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[-] 2010-11-21 . DF44D05039EE04B878F69172313E2DAE . 515072 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-03-08 506864]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-04-07 5180432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico /auto [2014-1-21 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 37878304
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - NTIOLIB_1_0_3
*Deregistered* - 37878304
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-08-20 7202520]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-37878304.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-19  03:28:56
ComboFix-quarantined-files.txt  2014-04-19 08:28
.
Pre-Run: 857,434,132,480 bytes free
Post-Run: 857,442,938,880 bytes free
.
- - End Of File - - B9A4E781C7DC84E925E681D47B0DB78F
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

Rogue Killer

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kyzight [Admin rights]
Mode : Scan -- Date : 04/19/2014 02:17:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [7] -> KILLED [TermProc]
[sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (DllCanUnloadNow) : npmproxy.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xFB3B3D60)
[Address] EAT @explorer.exe (DllGetClassObject) : npmproxy.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xFB3B1A74)
[Address] EAT @explorer.exe (DllRegisterServer) : npmproxy.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xFB3B6070)
[Address] EAT @explorer.exe (DllUnregisterServer) : npmproxy.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xFB3B6278)
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0xEE593330)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xFFB7FB70)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x772346E9)

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

Link to post
Share on other sites

Hi,

 

 

You are are going down on the danger road by doing things on your own, You've run powerful tools like TDSSKiller and Combofix without supervision. Doing so can severely cripple or render your computer. Please refrain from doing so.Keep calm, removing malware isn't a quick process.It takes a trained eye to catch the offending code.


Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

Regards,
Georgi

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.