kyzight12

I was mistaken here is the TDSSKILLER logs. 2 threats, neither would it let me cure. TDSSKILLERSCANLOG.zip

ADWCLEANER - All results are clean.

TDSSKiller - scanned with all options selected.. -- nothing bad showed there

Rogue Killer RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Kyzight [Admin rights] Mode : Scan -- Date : 04/19/2014 02:17:26 | ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [7] -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ [Address] EAT @explorer.exe (DllCanUnloadNow) : npmproxy.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xFB3B3D60) [Address] EAT @explorer.exe (DllGetClassObject) : npmproxy.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xFB3B1A74) [Address] EAT @explorer.exe (DllRegisterServer) : npmproxy.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xFB3B6070) [Address] EAT @explorer.exe (DllUnregisterServer) : npmproxy.dll -> HOOKED (C:\Windows\system32\wpdshserviceobj.dll @ 0xFB3B6278) [Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0xEE593330) [Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xFFB7FB70) [Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x772346E9) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts

okay and again thank you. btw i'm hitting the sack. Before I go though here were some other log files(IDK if they will be useful) COMBOFIX ComboFix 14-04-17.01 - Kyzight 04/19/2014 3:21.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4198 [GMT -5:00] Running from: c:\users\Kyzight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09OKVQBX\ComboFix.exe AV: AVG AntiVirus 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2014-03-19 to 2014-04-19 ))))))))))))))))))))))))))))))) . . 2014-04-19 08:27 . 2014-04-19 08:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-19 07:38 . 2014-04-19 07:40 -------- d-----w- C:\FRST 2014-04-19 07:21 . 2014-04-19 07:21 -------- d-----w- c:\programdata\VirtualizedApplications 2014-04-19 07:02 . 2014-04-19 07:27 -------- d-----w- C:\AdwCleaner 2014-04-19 05:20 . 2014-04-19 05:20 -------- d-----w- c:\users\Kyzight\AppData\Roaming\AVG2014 2014-04-19 05:19 . 2014-04-19 05:19 -------- d-----w- c:\users\Kyzight\AppData\Roaming\TuneUp Software 2014-04-19 05:19 . 2014-04-19 05:20 -------- d-----w- c:\programdata\AVG2014 2014-04-19 05:19 . 2014-04-19 05:19 -------- d-----w- C:\$AVG 2014-04-19 05:19 . 2014-04-19 05:19 -------- d-----w- c:\program files (x86)\AVG 2014-04-19 05:17 . 2014-04-19 06:12 -------- d--h--w- c:\programdata\Common Files 2014-04-19 05:17 . 2014-04-19 05:31 -------- d-----w- c:\programdata\MFAData 2014-04-19 05:17 . 2014-04-19 05:22 -------- d-----w- c:\users\Kyzight\AppData\Local\Avg2014 2014-04-19 05:17 . 2014-04-19 05:17 -------- d-----w- c:\users\Kyzight\AppData\Local\MFAData 2014-04-19 04:38 . 2014-04-19 04:38 12872 ----a-w- c:\windows\system32\bootdelete.exe 2014-04-19 04:35 . 2014-04-19 04:38 -------- d-----w- c:\programdata\HitmanPro 2014-04-18 22:49 . 2014-04-18 22:49 -------- d-----w- c:\program files\CCleaner 2014-04-18 22:42 . 2014-04-19 08:23 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-18 22:41 . 2014-04-18 22:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-04-18 22:41 . 2014-04-18 22:41 -------- d-----w- c:\programdata\Malwarebytes 2014-04-18 22:41 . 2014-04-03 14:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-04-18 22:41 . 2014-04-03 14:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-18 22:41 . 2014-04-03 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-04-07 13:18 . 2014-04-07 13:19 -------- d-----w- c:\users\Kyzight\TAXYEAR2013 2014-04-02 02:03 . 2014-04-02 02:03 236824 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2014-03-31 21:20 . 2014-03-31 21:20 274200 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2014-03-31 21:06 . 2014-03-31 21:06 130840 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2014-03-29 08:40 . 2014-03-29 08:41 -------- d-----w- c:\users\Kyzight\AppData\Local\WinZip 2014-03-29 08:40 . 2014-03-29 08:41 -------- d-----w- c:\programdata\WinZip 2014-03-29 08:40 . 2014-03-29 08:40 -------- d-----w- c:\program files\WinZip 2014-03-29 01:55 . 2014-03-29 01:55 -------- d-----w- c:\users\Kyzight\AppData\Local\Skype 2014-03-29 01:55 . 2014-03-30 05:28 -------- d-----w- c:\users\Kyzight\AppData\Roaming\Skype 2014-03-29 01:55 . 2014-04-19 04:38 -------- d-----r- c:\program files (x86)\Skype 2014-03-29 01:55 . 2014-03-29 01:55 -------- d-----w- c:\program files (x86)\Common Files\Skype 2014-03-29 01:55 . 2014-03-29 01:55 -------- d-----w- c:\programdata\Skype 2014-03-28 03:14 . 2014-03-28 03:14 192792 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2014-03-28 03:14 . 2014-03-28 03:14 153368 ----a-w- c:\windows\system32\drivers\avgdiska.sys 2014-03-28 03:07 . 2014-03-28 03:07 236824 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2014-03-28 03:05 . 2014-03-28 03:05 324376 ----a-w- c:\windows\system32\drivers\avgloga.sys 2014-03-28 03:03 . 2014-03-28 03:03 32536 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2014-03-27 07:20 . 2014-03-27 07:20 -------- d-----w- c:\programdata\Hi-Rez Studios 2014-03-27 07:20 . 2014-03-27 07:20 -------- d-----w- c:\program files (x86)\Hi-Rez Studios 2014-03-26 10:35 . 2014-03-26 10:35 -------- d-----w- c:\program files (x86)\LG Electronics 2014-03-26 10:13 . 2014-03-26 10:13 -------- d-----w- c:\program files (x86)\Notepad++ 2014-03-26 10:13 . 2014-03-26 10:13 -------- d-----w- c:\users\Kyzight\AppData\Roaming\Notepad++ 2014-03-26 10:04 . 2014-03-26 10:04 312744 ----a-w- c:\windows\system32\javaws.exe 2014-03-26 10:04 . 2014-03-26 10:04 189352 ----a-w- c:\windows\system32\javaw.exe 2014-03-26 10:04 . 2014-03-26 10:04 189352 ----a-w- c:\windows\system32\java.exe 2014-03-26 10:04 . 2014-03-26 10:04 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2014-03-26 10:04 . 2014-03-26 10:04 -------- d-----w- c:\program files\Java 2014-03-26 09:18 . 2014-03-29 10:36 -------- d-----w- C:\Programing Box 2014-03-26 03:17 . 2014-03-26 03:17 -------- d-----w- c:\users\Kyzight\AppData\Roaming\OBS 2014-03-26 03:17 . 2014-03-26 03:17 -------- d-----w- c:\program files\OBS 2014-03-26 03:17 . 2014-03-26 03:17 -------- d-----w- c:\program files (x86)\OBS 2014-03-26 03:07 . 2014-03-29 11:26 -------- d-----w- c:\users\Kyzight\.android . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-27 07:46 . 2014-01-21 21:33 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-07 19:08 . 2014-01-21 21:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-04 14:35 . 2014-03-11 16:43 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll 2014-03-04 14:35 . 2014-03-11 16:43 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll 2014-03-04 14:35 . 2014-03-11 16:43 892704 ----a-w- c:\windows\system32\NvIFR64.dll 2014-03-04 14:35 . 2014-03-11 16:43 877856 ----a-w- c:\windows\system32\NvFBC64.dll 2014-03-04 14:35 . 2014-03-11 16:43 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll 2014-03-04 14:35 . 2014-03-11 16:43 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll 2014-03-04 14:35 . 2014-03-11 16:43 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2014-03-04 14:35 . 2014-03-11 16:43 353504 ----a-w- c:\windows\system32\nvoglshim64.dll 2014-03-04 14:35 . 2014-03-11 16:43 31474976 ----a-w- c:\windows\system32\nvoglv64.dll 2014-03-04 14:35 . 2014-03-11 16:43 3143456 ----a-w- c:\windows\system32\nvcuvid.dll 2014-03-04 14:35 . 2014-03-11 16:43 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll 2014-03-04 14:35 . 2014-03-11 16:43 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2014-03-04 14:35 . 2014-03-11 16:43 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll 2014-03-04 14:35 . 2014-03-11 16:43 25255256 ----a-w- c:\windows\system32\nvcompiler.dll 2014-03-04 14:35 . 2014-03-11 16:43 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2014-03-04 14:35 . 2014-03-11 16:43 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2014-03-04 14:35 . 2014-03-11 16:43 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll 2014-03-04 14:35 . 2014-03-11 16:43 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll 2014-03-04 14:35 . 2014-03-11 16:43 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2014-03-04 14:35 . 2014-03-11 16:43 174296 ----a-w- c:\windows\system32\nvinitx.dll 2014-03-04 14:35 . 2014-03-11 16:43 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll 2014-03-04 14:35 . 2014-03-11 16:43 148016 ----a-w- c:\windows\SysWow64\nvinit.dll 2014-03-04 14:35 . 2014-03-11 16:43 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2014-03-04 14:35 . 2014-03-11 16:43 11636176 ----a-w- c:\windows\system32\nvcuda.dll 2014-03-04 14:35 . 2014-03-11 16:43 11589272 ----a-w- c:\windows\system32\nvopencl.dll 2014-03-04 14:35 . 2014-01-23 01:09 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2014-03-04 14:35 . 2014-01-21 22:53 947808 ----a-w- c:\windows\system32\nvumdshimx.dll 2014-03-04 14:35 . 2014-01-21 22:53 3093280 ----a-w- c:\windows\system32\nvapi64.dll 2014-03-04 14:35 . 2014-01-21 22:53 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll 2014-03-04 14:35 . 2014-01-21 22:53 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll 2014-03-04 14:35 . 2014-01-21 22:53 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2014-03-04 13:06 . 2014-01-21 22:54 6714312 ----a-w- c:\windows\system32\nvcpl.dll 2014-03-04 13:06 . 2014-01-21 22:54 3497816 ----a-w- c:\windows\system32\nvsvc64.dll 2014-03-04 13:05 . 2014-01-21 22:54 922968 ----a-w- c:\windows\system32\nvvsvc.exe 2014-03-04 13:05 . 2014-01-21 22:54 64968 ----a-w- c:\windows\system32\nvshext.dll 2014-03-04 13:05 . 2014-01-21 22:54 386336 ----a-w- c:\windows\system32\nvmctray.dll 2014-03-04 13:05 . 2014-01-21 22:54 3649185 ----a-w- c:\windows\system32\nvcoproc.bin 2014-03-04 11:32 . 2014-03-11 16:45 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2014-02-08 18:34 . 2014-03-07 19:01 1885472 ----a-w- c:\windows\system32\nvdispco6433489.dll 2014-02-08 18:34 . 2014-03-07 19:01 1515296 ----a-w- c:\windows\system32\nvdispgenco6433489.dll 2014-02-08 00:33 . 2014-02-08 00:33 466520 ----a-w- c:\windows\system32\wrap_oal.dll 2014-02-08 00:33 . 2014-02-08 00:33 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2014-02-08 00:33 . 2014-02-08 00:33 123480 ----a-w- c:\windows\system32\OpenAL32.dll 2014-02-08 00:33 . 2014-02-08 00:33 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2014-01-22 10:59 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-01-22 04:26 . 2014-01-22 04:26 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-01-22 04:26 . 2014-01-22 04:26 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2014-01-22 04:26 . 2014-01-22 04:26 942592 ----a-w- c:\windows\system32\jsIntl.dll 2014-01-22 04:26 . 2014-01-22 04:26 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2014-01-22 04:26 . 2014-01-22 04:26 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2014-01-22 04:26 . 2014-01-22 04:26 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2014-01-22 04:26 . 2014-01-22 04:26 84992 ----a-w- c:\windows\system32\mshtmled.dll 2014-01-22 04:26 . 2014-01-22 04:26 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-01-22 04:26 . 2014-01-22 04:26 817664 ----a-w- c:\windows\system32\ieapfltr.dll 2014-01-22 04:26 . 2014-01-22 04:26 81408 ----a-w- c:\windows\system32\icardie.dll 2014-01-22 04:26 . 2014-01-22 04:26 774144 ----a-w- c:\windows\system32\jscript.dll 2014-01-22 04:26 . 2014-01-22 04:26 77312 ----a-w- c:\windows\system32\tdc.ocx 2014-01-22 04:26 . 2014-01-22 04:26 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2014-01-22 04:26 . 2014-01-22 04:26 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2014-01-22 04:26 . 2014-01-22 04:26 708608 ----a-w- c:\windows\system32\jscript9diag.dll 2014-01-22 04:26 . 2014-01-22 04:26 66048 ----a-w- c:\windows\system32\iesetup.dll 2014-01-22 04:26 . 2014-01-22 04:26 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2014-01-22 04:26 . 2014-01-22 04:26 626176 ----a-w- c:\windows\system32\msfeeds.dll 2014-01-22 04:26 . 2014-01-22 04:26 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2014-01-22 04:26 . 2014-01-22 04:26 62464 ----a-w- c:\windows\system32\pngfilt.dll 2014-01-22 04:26 . 2014-01-22 04:26 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-01-22 04:26 . 2014-01-22 04:26 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-01-22 04:26 . 2014-01-22 04:26 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2014-01-22 04:26 . 2014-01-22 04:26 5765120 ----a-w- c:\windows\system32\jscript9.dll 2014-01-22 04:26 . 2014-01-22 04:26 574976 ----a-w- c:\windows\system32\ieui.dll 2014-01-22 04:26 . 2014-01-22 04:26 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-01-22 04:26 . 2014-01-22 04:26 548352 ----a-w- c:\windows\system32\vbscript.dll 2014-01-22 04:26 . 2014-01-22 04:26 53760 ----a-w- c:\windows\system32\jsproxy.dll 2014-01-22 04:26 . 2014-01-22 04:26 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2014-01-22 04:26 . 2014-01-22 04:26 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-01-22 04:26 . 2014-01-22 04:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2014-01-22 04:26 . 2014-01-22 04:26 48640 ----a-w- c:\windows\system32\mshtmler.dll 2014-01-22 04:26 . 2014-01-22 04:26 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-01-22 04:26 . 2014-01-22 04:26 48128 ----a-w- c:\windows\system32\imgutil.dll 2014-01-22 04:26 . 2014-01-22 04:26 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-01-22 04:26 . 2014-01-22 04:26 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2014-01-22 04:26 . 2014-01-22 04:26 4240384 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-01-22 04:26 . 2014-01-22 04:26 413696 ----a-w- c:\windows\system32\html.iec 2014-01-22 04:26 . 2014-01-22 04:26 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-01-22 04:26 . 2014-01-22 04:26 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-01-22 04:26 . 2014-01-22 04:26 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2014-01-22 04:26 . 2014-01-22 04:26 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2014-01-22 04:26 . 2014-01-22 04:26 33792 ----a-w- c:\windows\system32\iernonce.dll 2014-01-22 04:26 . 2014-01-22 04:26 337408 ----a-w- c:\windows\SysWow64\html.iec 2014-01-22 04:26 . 2014-01-22 04:26 30208 ----a-w- c:\windows\system32\licmgr10.dll 2014-01-22 04:26 . 2014-01-22 04:26 296960 ----a-w- c:\windows\system32\dxtrans.dll 2014-01-22 04:26 . 2014-01-22 04:26 2764288 ----a-w- c:\windows\system32\iertutil.dll 2014-01-22 04:26 . 2014-01-22 04:26 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-01-22 04:26 . 2014-01-22 04:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-01-22 04:26 . 2014-01-22 04:26 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2014-01-22 04:26 . 2014-01-22 04:26 247808 ----a-w- c:\windows\system32\msls31.dll 2014-01-22 04:26 . 2014-01-22 04:26 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2014-01-22 04:26 . 2014-01-22 04:26 243200 ----a-w- c:\windows\system32\webcheck.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-21 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll [-] 2010-11-21 . DF44D05039EE04B878F69172313E2DAE . 515072 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-03-08 506864] "AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-04-07 5180432] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ UltraMon.lnk - c:\windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico /auto [2014-1-21 29310] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 37878304 *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - NTIOLIB_1_0_3 *Deregistered* - 37878304 . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-08-20 7202520] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . SafeBoot-37878304.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-04-19 03:28:56 ComboFix-quarantined-files.txt 2014-04-19 08:28 . Pre-Run: 857,434,132,480 bytes free Post-Run: 857,442,938,880 bytes free . - - End Of File - - B9A4E781C7DC84E925E681D47B0DB78F A36C5E4F47E84449FF07ED3517B43A31

Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01 Ran by Kyzight at 2014-04-19 02:47:52 Running from C:\Users\Kyzight\Downloads Boot Mode: Normal ================== Search: "rpcss.dll" =================== C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll [2010-11-20 22:24] - [2010-11-20 22:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 C:\Windows\System32\rpcss.dll [2010-11-20 22:24] - [2010-11-20 22:24] - 0515072 ____N (Microsoft Corporation) DF44D05039EE04B878F69172313E2DAE ====== End Of Search ====== ALSO, I want to say Thank you for taking the time to help me Georgi.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01 Ran by Kyzight at 2014-04-19 02:39:40 Running from C:\Users\Kyzight\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.14 - Adobe Systems Incorporated) Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated) AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.8.000 - Asmedia Technology) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4569 - AVG Technologies) AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4569 - AVG Technologies) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Catalyst Control Center (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games) League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics) Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation) NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation) NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation) NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) Pox Nora 1.8 (HKLM-x32\...\3055-2232-0137-3195) (Version: 1.8 - Desert Owl Games) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version: - Ubisoft - San Francisco) SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2070.0 - Hi-Rez Studios) Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.018 - MSI) Tenda Wireless LAN Card (HKLM-x32\...\{C26CF23B-8EAC-401C-96F8-1064EC7CE039}) (Version: 1.5.6.0 - Tenda) The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - ) The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version: - Ubisoft Montreal) UltraMon (HKLM\...\{9069EE0A-7615-4D86-AD80-CA263E936DA6}) (Version: 3.2.2 - Realtime Soft Ltd) Uplay (HKLM-x32\...\Uplay) (Version: 3.2 - Ubisoft) Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.131 - MSI) WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. ) ==================== Restore Points ========================= 18-04-2014 22:43:18 Removed Renesas Electronics USB 3.0 Host Controller Driver 18-04-2014 22:45:30 Removed File Association Helper 18-04-2014 22:45:55 Removed Asmedia ASM106x SATA Host Controller Driver. 18-04-2014 22:46:24 Removed Creative System Information 19-04-2014 05:18:47 Installed AVG 2014 19-04-2014 05:19:12 Installed AVG 2014 19-04-2014 07:20:48 Removed Windows Live Mesh ActiveX Control for Remote Connections 19-04-2014 07:24:29 Removed Windows Live Mesh ActiveX Control for Remote Connections ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {EBCBFD74-8B82-4EB1-B49D-D0F58A9A3453} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd) ==================== Loaded Modules (whitelisted) ============= 2014-01-21 17:54 - 2014-03-04 08:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-05-04 16:41 - 2012-05-04 16:41 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2011-11-13 15:30 - 2011-11-13 15:30 - 00676864 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2011-11-13 15:31 - 2011-11-13 15:31 - 03643392 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37878304.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37878304.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Users^Kyzight^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun ==================== Faulty Device Manager Devices ============= Name: 802.11n Wireless LAN Card Description: 802.11n Wireless LAN Card Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Ralink Technology, Corp. Service: netr28x Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Universal Serial Bus (USB) Controller Description: Universal Serial Bus (USB) Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/19/2014 02:33:01 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 02:12:21 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 02:09:42 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (04/19/2014 00:11:27 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 11:38:36 PM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Skype Click to Call -- Error 1923. Service 'Skype Click to Call Updater' (c2cautoupdatesvc) could not be installed. Verify that you have sufficient privileges to install system services. Error: (04/18/2014 05:24:03 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 05:09:13 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 05:05:14 PM) (Source: Application Error) (User: ) Description: Faulting application name: taskmgr.exe, version: 6.1.7601.17514, time stamp: 0x4ce79737 Faulting module name: RTSUltraMonHook.dll_unloaded, version: 0.0.0.0, time stamp: 0x50d64abb Exception code: 0xc0000005 Fault offset: 0x0000000070597f84 Faulting process id: 0x1a84 Faulting application start time: 0xtaskmgr.exe0 Faulting application path: taskmgr.exe1 Faulting module path: taskmgr.exe2 Report Id: taskmgr.exe3 Error: (04/18/2014 05:01:29 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 03:41:45 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. System errors: ============= Error: (04/19/2014 02:31:48 AM) (Source: Service Control Manager) (User: ) Description: The Power service terminated with the following error: %%4203 Error: (04/19/2014 02:11:04 AM) (Source: Service Control Manager) (User: ) Description: The Power service terminated with the following error: %%4203 Error: (04/19/2014 00:10:06 AM) (Source: Service Control Manager) (User: ) Description: The Power service terminated with the following error: %%4203 Error: (04/19/2014 00:10:03 AM) (Source: EventLog) (User: ) Description: The previous system shutdown at 12:08:18 AM on ‎4/‎19/‎2014 was unexpected. Error: (04/18/2014 11:38:36 PM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for Type with the following error: %%5 Error: (04/18/2014 06:00:57 PM) (Source: BROWSER) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{A78EF3F9-C10C-4050-9B9B-091246B5AEFD}. The backup browser is stopping. Error: (04/18/2014 05:22:30 PM) (Source: Service Control Manager) (User: ) Description: The Power service terminated with the following error: %%4203 Error: (04/18/2014 05:22:26 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 5:20:30 PM on ‎4/‎18/‎2014 was unexpected. Error: (04/18/2014 05:10:26 PM) (Source: BROWSER) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{A78EF3F9-C10C-4050-9B9B-091246B5AEFD}. The backup browser is stopping. Error: (04/18/2014 05:07:40 PM) (Source: Service Control Manager) (User: ) Description: The Power service terminated with the following error: %%4203 Microsoft Office Sessions: ========================= Error: (04/19/2014 02:33:01 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 02:12:21 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 02:09:42 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (04/19/2014 00:11:27 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 11:38:36 PM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Skype Click to Call -- Error 1923. Service 'Skype Click to Call Updater' (c2cautoupdatesvc) could not be installed. Verify that you have sufficient privileges to install system services.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/18/2014 05:24:03 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 05:09:13 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 05:05:14 PM) (Source: Application Error)(User: ) Description: taskmgr.exe6.1.7601.175144ce79737RTSUltraMonHook.dll_unloaded0.0.0.050d64abbc00000050000000070597f841a8401cf5b52426531faC:\Windows\system32\taskmgr.exeRTSUltraMonHook.dll84619eff-c745-11e3-97ed-448a5b2fc3d2 Error: (04/18/2014 05:01:29 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/18/2014 03:41:45 AM) (Source: SideBySide)(User: ) Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2 ==================== Memory info =========================== Percentage of memory in use: 38% Total physical RAM: 8191.17 MB Available physical RAM: 5037.85 MB Total Pagefile: 16380.52 MB Available Pagefile: 13018.96 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:798.93 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 5DCA1996) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01 Ran by Kyzight (administrator) on KYZIGHT-PC on 19-04-2014 02:39:07 Running from C:\Users\Kyzight\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Kaspersky Lab ZAO) C:\Users\Kyzight\AppData\Local\Temp\{0F19A1A0-5C96-4D7B-9B6E-163DA1D4F3C8}.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe (MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe (Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation) HKLM-x32\...\Run: [super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-3712323702-2871766201-4247296825-1001\...\MountPoints2: {3ce1792f-ae40-11e3-92fc-448a5b2fc3d2} - E:\LG_PC_Programs.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) Chrome: ======= ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3655184 2014-04-01] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-07-03] (Google Inc) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices) R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236824 2014-04-01] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2011-07-15] (Creative Technology Ltd.) S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-19 02:39 - 2014-04-19 02:39 - 00010966 _____ () C:\Users\Kyzight\Downloads\FRST.txt 2014-04-19 02:38 - 2014-04-19 02:39 - 00000000 ____D () C:\FRST 2014-04-19 02:38 - 2014-04-19 02:38 - 02158592 _____ (Farbar) C:\Users\Kyzight\Downloads\FRST64.exe 2014-04-19 02:21 - 2014-04-19 02:21 - 00000000 ____D () C:\ProgramData\VirtualizedApplications 2014-04-19 02:17 - 2014-04-19 02:17 - 00002660 _____ () C:\Users\Kyzight\Desktop\RKreport[0]_S_04192014_021726.txt 2014-04-19 02:13 - 2014-04-19 02:17 - 00000000 ____D () C:\Users\Kyzight\Desktop\RK_Quarantine 2014-04-19 02:02 - 2014-04-19 02:27 - 00000000 ____D () C:\AdwCleaner 2014-04-19 00:20 - 2014-04-19 00:20 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\AVG2014 2014-04-19 00:19 - 2014-04-19 00:20 - 00000000 ____D () C:\ProgramData\AVG2014 2014-04-19 00:19 - 2014-04-19 00:19 - 00000972 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ___HD () C:\$AVG 2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\TuneUp Software 2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-04-19 00:17 - 2014-04-19 00:31 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-19 00:17 - 2014-04-19 00:22 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\Avg2014 2014-04-19 00:17 - 2014-04-19 00:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\MFAData 2014-04-19 00:10 - 2014-04-19 02:31 - 00000504 _____ () C:\Windows\setupact.log 2014-04-19 00:10 - 2014-04-19 00:10 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-19 00:09 - 2014-04-19 00:10 - 00283168 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-18 23:55 - 2014-04-18 23:55 - 00061736 _____ () C:\Users\Kyzight\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-18 23:38 - 2014-04-18 23:38 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2014-04-18 23:35 - 2014-04-18 23:38 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-04-18 18:10 - 2014-04-18 18:10 - 00000000 ____D () C:\Windows\pss 2014-04-18 17:49 - 2014-04-18 17:49 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-04-18 17:49 - 2014-04-18 17:49 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-18 17:42 - 2014-04-19 02:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-18 17:41 - 2014-04-18 17:41 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-18 17:41 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-18 17:41 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-18 17:41 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-18 17:03 - 2014-04-19 01:08 - 00007597 _____ () C:\Users\Kyzight\AppData\Local\Resmon.ResmonCfg 2014-04-18 03:22 - 2014-04-19 02:20 - 00000077 _____ () C:\Windows\system32\xdqrfkx.mix 2014-04-18 03:12 - 2014-04-19 02:36 - 00037888 _____ () C:\Windows\system32\yenumt.opb 2014-04-18 03:12 - 2014-04-19 02:36 - 00000106 _____ () C:\Windows\system32\vfgrxtf.tgk 2014-04-18 03:12 - 2014-04-18 03:12 - 00000064 _____ () C:\Windows\system32\aevw.ouq 2014-04-18 02:56 - 2014-04-18 02:56 - 00301959 ____S () C:\Windows\system32\nunb.nhv 2014-04-16 03:16 - 2014-04-16 03:16 - 00064216 _____ () C:\Users\Kyzight\Documents\report.txt 2014-04-16 02:16 - 2014-04-16 02:16 - 00000050 _____ () C:\Users\Kyzight\Desktop\Authors....txt 2014-04-07 08:18 - 2014-04-07 08:19 - 00000000 ____D () C:\Users\Kyzight\TAXYEAR2013 2014-04-06 08:26 - 2014-04-06 08:49 - 00000000 ____D () C:\Users\Kyzight\Downloads\ESOADD 2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-03-29 03:40 - 2014-03-29 03:41 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\WinZip 2014-03-29 03:40 - 2014-03-29 03:41 - 00000000 ____D () C:\ProgramData\WinZip 2014-03-29 03:40 - 2014-03-29 03:40 - 00000000 ____D () C:\Program Files\WinZip 2014-03-28 20:55 - 2014-04-18 23:38 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-28 20:55 - 2014-03-30 00:28 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Skype 2014-03-28 20:55 - 2014-03-28 20:55 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-28 20:55 - 2014-03-28 20:55 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\Skype 2014-03-28 20:55 - 2014-03-28 20:55 - 00000000 ____D () C:\ProgramData\Skype 2014-03-28 16:12 - 2014-04-18 17:51 - 00000000 ____D () C:\Windows\Minidump 2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2014-03-27 02:46 - 2014-03-27 02:46 - 00000000 ____D () C:\Users\Kyzight\Documents\My Games 2014-03-27 02:20 - 2014-03-27 02:20 - 00002035 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-03-27 02:20 - 2014-03-27 02:20 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios 2014-03-27 02:20 - 2014-03-27 02:20 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios 2014-03-26 20:39 - 2014-03-26 20:39 - 00001156 _____ () C:\Users\Kyzight\Desktop\eclipse - Shortcut.lnk 2014-03-26 05:42 - 2014-03-26 05:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf 2014-03-26 05:35 - 2014-03-26 05:35 - 00000000 ____D () C:\Program Files (x86)\LG Electronics 2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Notepad++ 2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-03-26 05:04 - 2014-03-26 05:04 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-03-26 05:04 - 2014-03-26 05:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-03-26 05:04 - 2014-03-26 05:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-03-26 05:04 - 2014-03-26 05:04 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-03-26 05:04 - 2014-03-26 05:04 - 00000000 ____D () C:\Program Files\Java 2014-03-26 04:18 - 2014-03-29 05:36 - 00000000 ____D () C:\Programing Box 2014-03-25 22:17 - 2014-03-25 22:17 - 00000946 _____ () C:\Users\Kyzight\Desktop\Open Broadcaster Software.lnk 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\OBS 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Program Files\OBS 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Program Files (x86)\OBS 2014-03-25 22:07 - 2014-03-29 06:26 - 00000000 ____D () C:\Users\Kyzight\.android 2014-03-25 22:02 - 2014-03-27 08:19 - 00000000 ____D () C:\Users\Kyzight\Desktop\censoredup ==================== One Month Modified Files and Folders ======= 2014-04-19 02:39 - 2014-04-19 02:39 - 00010966 _____ () C:\Users\Kyzight\Downloads\FRST.txt 2014-04-19 02:39 - 2014-04-19 02:38 - 00000000 ____D () C:\FRST 2014-04-19 02:38 - 2014-04-19 02:38 - 02158592 _____ (Farbar) C:\Users\Kyzight\Downloads\FRST64.exe 2014-04-19 02:38 - 2009-07-13 23:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-19 02:38 - 2009-07-13 23:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-19 02:36 - 2014-04-18 03:12 - 00037888 _____ () C:\Windows\system32\yenumt.opb 2014-04-19 02:36 - 2014-04-18 03:12 - 00000106 _____ () C:\Windows\system32\vfgrxtf.tgk 2014-04-19 02:36 - 2009-07-14 00:13 - 00782164 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-19 02:34 - 2014-01-15 12:19 - 00119985 _____ () C:\Windows\WindowsUpdate.log 2014-04-19 02:33 - 2014-04-18 17:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-19 02:31 - 2014-04-19 00:10 - 00000504 _____ () C:\Windows\setupact.log 2014-04-19 02:31 - 2014-01-15 12:27 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-19 02:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-19 02:27 - 2014-04-19 02:02 - 00000000 ____D () C:\AdwCleaner 2014-04-19 02:24 - 2011-11-22 11:43 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-04-19 02:21 - 2014-04-19 02:21 - 00000000 ____D () C:\ProgramData\VirtualizedApplications 2014-04-19 02:20 - 2014-04-18 03:22 - 00000077 _____ () C:\Windows\system32\xdqrfkx.mix 2014-04-19 02:17 - 2014-04-19 02:17 - 00002660 _____ () C:\Users\Kyzight\Desktop\RKreport[0]_S_04192014_021726.txt 2014-04-19 02:17 - 2014-04-19 02:13 - 00000000 ____D () C:\Users\Kyzight\Desktop\RK_Quarantine 2014-04-19 01:08 - 2014-04-18 17:03 - 00007597 _____ () C:\Users\Kyzight\AppData\Local\Resmon.ResmonCfg 2014-04-19 00:31 - 2014-04-19 00:17 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-19 00:22 - 2014-04-19 00:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\Avg2014 2014-04-19 00:20 - 2014-04-19 00:20 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\AVG2014 2014-04-19 00:20 - 2014-04-19 00:19 - 00000000 ____D () C:\ProgramData\AVG2014 2014-04-19 00:19 - 2014-04-19 00:19 - 00000972 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ___HD () C:\$AVG 2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\TuneUp Software 2014-04-19 00:19 - 2014-04-19 00:19 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-04-19 00:17 - 2014-04-19 00:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\MFAData 2014-04-19 00:10 - 2014-04-19 00:10 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-19 00:10 - 2014-04-19 00:09 - 00283168 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-19 00:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-18 23:55 - 2014-04-18 23:55 - 00061736 _____ () C:\Users\Kyzight\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-18 23:38 - 2014-04-18 23:38 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2014-04-18 23:38 - 2014-04-18 23:35 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-04-18 23:38 - 2014-03-28 20:55 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-04-18 23:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep 2014-04-18 18:10 - 2014-04-18 18:10 - 00000000 ____D () C:\Windows\pss 2014-04-18 18:10 - 2014-01-22 05:59 - 00000000 ___RD () C:\Users\Kyzight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-18 17:51 - 2014-03-28 16:12 - 00000000 ____D () C:\Windows\Minidump 2014-04-18 17:51 - 2014-01-21 23:36 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Ventrilo 2014-04-18 17:51 - 2014-01-21 17:03 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-18 17:51 - 2011-11-21 20:24 - 00000000 ____D () C:\Windows\panther 2014-04-18 17:49 - 2014-04-18 17:49 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-04-18 17:49 - 2014-04-18 17:49 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-18 17:46 - 2014-02-07 19:33 - 00000000 ____D () C:\Program Files (x86)\Creative 2014-04-18 17:43 - 2014-01-15 12:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-18 17:41 - 2014-04-18 17:41 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-18 17:41 - 2014-04-18 17:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-18 03:12 - 2014-04-18 03:12 - 00000064 _____ () C:\Windows\system32\aevw.ouq 2014-04-18 03:00 - 2014-01-21 18:05 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\Battle.net 2014-04-18 02:56 - 2014-04-18 02:56 - 00301959 ____S () C:\Windows\system32\nunb.nhv 2014-04-18 00:19 - 2014-01-21 16:51 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\PMB Files 2014-04-18 00:19 - 2014-01-21 16:51 - 00000000 ____D () C:\ProgramData\PMB Files 2014-04-17 19:47 - 2014-02-28 18:51 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Awesomium 2014-04-16 03:16 - 2014-04-16 03:16 - 00064216 _____ () C:\Users\Kyzight\Documents\report.txt 2014-04-16 02:16 - 2014-04-16 02:16 - 00000050 _____ () C:\Users\Kyzight\Desktop\Authors....txt 2014-04-14 18:31 - 2014-01-21 18:07 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-04-14 18:31 - 2014-01-21 18:05 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-04-14 10:12 - 2014-01-21 17:23 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\.minecraft 2014-04-07 08:19 - 2014-04-07 08:18 - 00000000 ____D () C:\Users\Kyzight\TAXYEAR2013 2014-04-07 08:19 - 2014-01-22 05:58 - 00000000 ____D () C:\Users\Kyzight 2014-04-06 08:49 - 2014-04-06 08:26 - 00000000 ____D () C:\Users\Kyzight\Downloads\ESOADD 2014-04-03 09:51 - 2014-04-18 17:41 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-18 17:41 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-18 17:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-03-30 00:28 - 2014-03-28 20:55 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Skype 2014-03-29 06:26 - 2014-03-25 22:07 - 00000000 ____D () C:\Users\Kyzight\.android 2014-03-29 05:36 - 2014-03-26 04:18 - 00000000 ____D () C:\Programing Box 2014-03-29 03:41 - 2014-03-29 03:40 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\WinZip 2014-03-29 03:41 - 2014-03-29 03:40 - 00000000 ____D () C:\ProgramData\WinZip 2014-03-29 03:40 - 2014-03-29 03:40 - 00000000 ____D () C:\Program Files\WinZip 2014-03-28 20:55 - 2014-03-28 20:55 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-28 20:55 - 2014-03-28 20:55 - 00000000 ____D () C:\Users\Kyzight\AppData\Local\Skype 2014-03-28 20:55 - 2014-03-28 20:55 - 00000000 ____D () C:\ProgramData\Skype 2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2014-03-27 08:19 - 2014-03-25 22:02 - 00000000 ____D () C:\Users\Kyzight\Desktop\censoredup 2014-03-27 02:46 - 2014-03-27 02:46 - 00000000 ____D () C:\Users\Kyzight\Documents\My Games 2014-03-27 02:46 - 2014-01-21 16:33 - 00404640 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-27 02:20 - 2014-03-27 02:20 - 00002035 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-03-27 02:20 - 2014-03-27 02:20 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios 2014-03-27 02:20 - 2014-03-27 02:20 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios 2014-03-26 20:39 - 2014-03-26 20:39 - 00001156 _____ () C:\Users\Kyzight\Desktop\eclipse - Shortcut.lnk 2014-03-26 05:42 - 2014-03-26 05:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf 2014-03-26 05:35 - 2014-03-26 05:35 - 00000000 ____D () C:\Program Files (x86)\LG Electronics 2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Notepad++ 2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-03-26 05:13 - 2014-03-26 05:13 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-03-26 05:04 - 2014-03-26 05:04 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-03-26 05:04 - 2014-03-26 05:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-03-26 05:04 - 2014-03-26 05:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-03-26 05:04 - 2014-03-26 05:04 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-03-26 05:04 - 2014-03-26 05:04 - 00000000 ____D () C:\Program Files\Java 2014-03-25 22:17 - 2014-03-25 22:17 - 00000946 _____ () C:\Users\Kyzight\Desktop\Open Broadcaster Software.lnk 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\OBS 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Users\Kyzight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Program Files\OBS 2014-03-25 22:17 - 2014-03-25 22:17 - 00000000 ____D () C:\Program Files (x86)\OBS Some content of TEMP: ==================== C:\Users\Kyzight\AppData\Local\Temp\ntdll_dump.dll C:\Users\Kyzight\AppData\Local\Temp\{0F19A1A0-5C96-4D7B-9B6E-163DA1D4F3C8}.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2010-11-20 22:24] - [2010-11-20 22:24] - 0515072 ____N (Microsoft Corporation) DF44D05039EE04B878F69172313E2DAE ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-18 03:41 ==================== End Of Log ============================

Oh also MB keeps popping up that it has Blocked the threat about once every 40 seconds to a minute.

Hey I downloaded Malwarebytes because my friend said it was pretty good. The problem is I keep hearing what sounds to be ads in my speakers/headset. I run a scan with MB(Malwarebytes) and, gives me the to quarantine the file C:\Windows\System32\rpcss.dll . Unfortunately that doesn't stop the ads from coming up. Any suggestions?