Robtormar

Hey, Unfortunately running my computer in normal mode is nearly impossible. Ran both tools in safe mode with networking and i Hope that suffices. Here are the logs: RKill: Rkill 2.8.4 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2016 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 08/19/2016 05:06:45 PM in x64 mode. (Safe Mode) Windows Version: Windows 7 Professional Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * COM+ Event System (EventSystem) is not Running. Startup Type set to: Automatic * Security Center (wscsvc) is not Running. Startup Type set to: Automatic (Delayed Start) * Windows Update (wuauserv) is not Running. Startup Type set to: Disabled * TBS [Missing Service] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 08/19/2016 05:07:00 PM Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s) FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-08-2016 Ran by Roberto (administrator) on ROBERTO-PC (19-08-2016 17:10:31) Running from C:\Users\Roberto\Desktop Loaded Profiles: Roberto & (Available Profiles: Roberto) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2162864 2016-08-10] (Hola Networks Ltd.) <===== ATTENTION HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6709008 2016-07-28] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [1707080 2016-08-18] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation) HKLM-x32\...\Run: [mbot_ca_141] => [X] HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [593216 2015-08-11] (Razer Inc.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-07-20] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Run: [uTorrent] => C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe [1972224 2016-08-15] (BitTorrent Inc.) HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-16] (Valve Corporation) HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Run: [Google Update] => C:\Users\Roberto\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.) HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Run: [Facebook Update] => C:\Users\Roberto\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-10] (Facebook Inc.) HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Run: [Spotify Web Helper] => C:\Users\Roberto\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-24] (Spotify Ltd) HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.) HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\MountPoints2: {f5409847-e838-11e2-b752-806e6f6e6963} - D:\autorun.exe HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe [1972224 2016-08-15] (BitTorrent Inc.) HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-16] (Valve Corporation) HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Roberto\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.) HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Roberto\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-10] (Facebook Inc.) HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Roberto\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-24] (Spotify Ltd) HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.) HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f5409847-e838-11e2-b752-806e6f6e6963} - D:\autorun.exe HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe [1972224 2016-08-15] (BitTorrent Inc.) HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2857248 2016-08-16] (Valve Corporation) HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.) HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f5409847-e838-11e2-b752-806e6f6e6963} - D:\start.exe HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [177952 2016-07-10] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [155768 2016-07-10] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-03-13] ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) Startup: C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2014-11-16] () Startup: C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2013-01-06] ShortcutTarget: IMVU.lnk -> C:\Users\Roberto\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File) Startup: C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-10-01] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:62562;https=127.0.0.1:62562 Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122 Tcpip\..\Interfaces\{3126BC1B-489A-44AA-9163-F8EC82DC57E4}: [NameServer] 10.8.0.1 Tcpip\..\Interfaces\{3126BC1B-489A-44AA-9163-F8EC82DC57E4}: [DhcpNameServer] 10.8.0.1 Tcpip\..\Interfaces\{D2D02A2C-8857-42FB-BFA8-FC3F7963B8EB}: [NameServer] 64.178.142.10,24.207.0.167 Tcpip\..\Interfaces\{D2D02A2C-8857-42FB-BFA8-FC3F7963B8EB}: [DhcpNameServer] 192.168.1.254 75.153.171.122 Tcpip\..\Interfaces\{F2287F3C-0ACE-428B-BC3C-A5043AF1D383}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/ HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={557499F3-6E69-4A19-BF11-9E79688F013F}&mid=02d3c78add7747d3846a4597c65431cf-7ae707645e7131f8255a4b1877eafd56a035a744&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=pr&d=2014-02-05 18:58:38&v=19.6.0.592&pid=safeguard&sg=0&sap=hp HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/ HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={557499F3-6E69-4A19-BF11-9E79688F013F}&mid=02d3c78add7747d3846a4597c65431cf-7ae707645e7131f8255a4b1877eafd56a035a744&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=pr&d=2014-02-05 18:58:38&v=19.6.0.592&pid=safeguard&sg=0&sap=hp HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/ SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = SearchScopes: HKLM-x32 -> DefaultScope {390C7E9F-F2A9-4FEC-9166-FB7A7E24C652} URL = SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA73B61C0-4B0E-4978-8AC8-4F01AB335E12&q={searchTerms}&SSPV=SE1CG2_sp_ie SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={557499F3-6E69-4A19-BF11-9E79688F013F}&mid=02d3c78add7747d3846a4597c65431cf-7ae707645e7131f8255a4b1877eafd56a035a744&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=pr&d=2014-02-05 18:58:38&v=19.4.0.508&pid=safeguard&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA73B61C0-4B0E-4978-8AC8-4F01AB335E12&q={searchTerms}&SSPV=SE1CG2_sp_ie SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA73B61C0-4B0E-4978-8AC8-4F01AB335E12&q={searchTerms}&SSPV=SE1CG2_sp_ie SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={557499F3-6E69-4A19-BF11-9E79688F013F}&mid=02d3c78add7747d3846a4597c65431cf-7ae707645e7131f8255a4b1877eafd56a035a744&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=pr&d=2014-02-05 18:58:38&v=19.4.0.508&pid=safeguard&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA73B61C0-4B0E-4978-8AC8-4F01AB335E12&q={searchTerms}&SSPV=SE1CG2_sp_ie SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation) BHO-x32: No Name -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-18] (Oracle Corporation) BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-08-18] (AVG Secure Search) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-18] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-08-18] (AVG Secure Search) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007 Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-08-18] (AVG Secure Search) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-08] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-08] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-18] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-22] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.) FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Roberto\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-04-06] () FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Roberto\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-04-06] (Hola) FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Roberto\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Roberto\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001: @talk.google.com/O1DPlugin -> C:\Users\Roberto\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Roberto\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Roberto\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Roberto\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Roberto\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Roberto\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-05] [not signed] Chrome: ======= CHR Profile: C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (AdBlock) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-28] CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-08-18] CHR Extension: (entrusted) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk [2016-02-07] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3281675&extensionData=\u003Cextension_data>] <==== ATTENTION CHR Extension: (Skype) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Chrome Media Router) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18] CHR HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\Roberto\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [2013-12-31] CHR HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Roberto\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx <not found> CHR HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\Roberto\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [2013-12-31] CHR HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Roberto\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\Roberto\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [2013-12-31] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Roberto\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx <not found> ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed] S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-07-28] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5267456 2016-07-28] (AVG Technologies CZ, s.r.o.) S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-07-20] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-07-28] (AVG Technologies CZ, s.r.o.) S2 BufferedService; C:\Program Files (x86)\Buffered VPN\cacher.exe [636184 2016-04-24] () S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation) S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation) S2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [5618864 2016-08-10] (Hola Networks Ltd.) <==== ATTENTION S2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [8104576 2015-10-25] (Hola Networks Ltd.) <==== ATTENTION S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation) S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation) S2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed] S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] () S2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-03-13] (RealNetworks, Inc.) S2 vToolbarUpdater19.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe [1277512 2016-08-18] (AVG Secure Search) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation) [File not signed] S3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation) [File not signed] S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [314112 2016-06-30] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.) S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [261888 2016-07-19] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [298752 2016-07-12] (AVG Technologies CZ, s.r.o.) S0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.) S3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-27] (Intel Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S1 ElRawDisk; C:\windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-19] (Malwarebytes) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc) S2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.) S2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.) R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc) R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-11] () S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X] S3 xhunter1; \??\C:\windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-19 17:10 - 2016-08-19 17:10 - 00035432 _____ C:\Users\Roberto\Desktop\FRST.txt 2016-08-19 17:10 - 2016-08-19 17:10 - 00000000 ____D C:\FRST 2016-08-19 17:08 - 2016-08-19 17:08 - 02395648 _____ (Farbar) C:\Users\Roberto\Desktop\FRST64.exe 2016-08-19 17:06 - 2016-08-19 17:07 - 00002612 _____ C:\Users\Roberto\Desktop\Rkill.txt 2016-08-19 17:03 - 2016-08-19 17:03 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Roberto\Desktop\rkill.exe 2016-08-19 17:03 - 2016-08-19 17:03 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Roberto\Desktop\rkill64.exe 2016-08-19 16:33 - 2016-08-19 16:35 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2016-08-19 16:33 - 2016-08-19 16:33 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-08-19 16:33 - 2016-08-19 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-08-19 16:33 - 2016-08-19 16:33 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-08-19 16:33 - 2016-08-19 16:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-08-19 16:33 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2016-08-19 16:33 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys 2016-08-19 16:33 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys 2016-08-19 16:32 - 2016-08-19 16:32 - 22851472 _____ (Malwarebytes ) C:\Users\Roberto\Downloads\mbam-setup-2.2.1.1043.exe 2016-08-19 16:24 - 2016-08-19 16:30 - 00000000 ____D C:\AdwCleaner 2016-08-19 16:24 - 2016-08-19 16:24 - 03784256 _____ C:\Users\Roberto\Downloads\adwcleaner_6.000.exe 2016-08-19 07:56 - 2016-08-19 16:06 - 00000000 ____D C:\Users\Roberto\AppData\LocalLow\uTorrent 2016-08-18 19:11 - 2016-08-18 19:11 - 00000000 ____D C:\Users\Roberto\AppData\Local\CrashDumps 2016-08-18 14:37 - 2016-08-18 14:37 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search 2016-08-15 18:10 - 2016-07-10 20:13 - 01887800 _____ (NVIDIA Corporation) C:\windows\system32\NvCamera64.dll 2016-08-15 18:10 - 2016-07-10 20:13 - 01595840 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvCamera32.dll 2016-08-15 18:10 - 2016-07-10 16:36 - 00127424 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvStreaming.exe 2016-08-15 18:09 - 2016-08-15 18:09 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-08-15 18:09 - 2016-07-10 17:17 - 00547896 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshext.dll 2016-08-15 18:09 - 2016-07-10 17:17 - 00081856 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshextr.dll 2016-08-15 18:09 - 2016-05-03 20:23 - 00129824 _____ C:\windows\SysWOW64\vulkan-1.dll 2016-08-15 18:09 - 2016-05-03 20:22 - 00130848 _____ C:\windows\system32\vulkan-1.dll 2016-08-15 18:09 - 2016-05-03 20:22 - 00045344 _____ C:\windows\system32\vulkaninfo.exe 2016-08-15 18:09 - 2016-05-03 20:22 - 00040224 _____ C:\windows\SysWOW64\vulkaninfo.exe 2016-08-15 18:07 - 2016-07-15 12:15 - 00214592 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvhda64v.sys 2016-08-15 18:07 - 2016-07-15 12:15 - 00046016 _____ (NVIDIA Corporation) C:\windows\system32\nvhdap64.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 39977920 _____ C:\windows\system32\nvcompiler.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 35115968 _____ C:\windows\SysWOW64\nvcompiler.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 31640512 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 25414080 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 17321352 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 13581880 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys 2016-08-15 18:07 - 2016-07-10 20:13 - 10691632 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 10656112 _____ C:\windows\system32\nvptxJitCompiler.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 10234336 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 09020656 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 08742360 _____ C:\windows\SysWOW64\nvptxJitCompiler.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 08615336 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 03542072 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 03099072 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 01939000 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6436881.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 01571776 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6436881.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 01001016 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 00930360 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 00909880 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 00852024 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 00694672 _____ C:\windows\system32\nvfatbinaryLoader.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 00583736 _____ C:\windows\SysWOW64\nvfatbinaryLoader.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 00544120 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 00490744 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 00459320 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 00444472 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 00406064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 00394808 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 00153416 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 00131584 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll 2016-08-15 18:07 - 2016-07-10 20:13 - 00000594 _____ C:\windows\SysWOW64\nv-vk32.json 2016-08-15 18:07 - 2016-07-10 20:13 - 00000594 _____ C:\windows\system32\nv-vk64.json 2016-08-15 17:59 - 2016-06-14 14:01 - 00112216 _____ C:\windows\system32\NvRtmpStreamer64.dll 2016-08-15 17:58 - 2016-04-13 23:38 - 00102976 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll 2016-08-15 17:58 - 2016-04-13 23:38 - 00056384 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys 2016-08-15 17:56 - 2016-08-15 17:56 - 44984120 _____ (NVIDIA Corporation) C:\Users\Roberto\Downloads\GeForce_Experience_v2.11.4.0.exe 2016-08-15 16:50 - 2016-08-15 16:50 - 00001642 _____ C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk 2016-08-15 16:50 - 2016-08-15 16:50 - 00000000 ____D C:\Program Files (x86)\MonitorDriver 2016-08-05 16:35 - 2016-08-06 22:24 - 00000000 ____D C:\Users\Roberto\AppData\Local\Apps\2.0 2016-08-05 16:35 - 2016-08-05 16:35 - 00003308 _____ C:\windows\System32\Tasks\{7CA4E8DF-EE46-43C0-98AE-1C0BF29226E6} 2016-08-05 16:35 - 2016-08-05 16:35 - 00000318 _____ C:\Users\Roberto\Desktop\Curse Client.appref-ms 2016-08-05 16:35 - 2016-08-05 16:35 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse 2016-08-05 16:34 - 2016-08-05 16:35 - 00402696 _____ () C:\Users\Roberto\Downloads\setup (6).exe 2016-08-05 16:32 - 2016-08-05 16:32 - 00003308 _____ C:\windows\System32\Tasks\{DC443FE1-5562-4D7B-B679-D18C61E63812} 2016-08-05 16:31 - 2016-08-05 16:31 - 00402696 _____ () C:\Users\Roberto\Downloads\setup (5).exe 2016-08-05 16:30 - 2016-08-05 16:30 - 00402696 _____ () C:\Users\Roberto\Downloads\setup (4).exe 2016-08-05 16:30 - 2016-08-05 16:30 - 00003308 _____ C:\windows\System32\Tasks\{F48E18B9-738A-46D4-833F-A0BE67D260EB} 2016-08-05 16:29 - 2016-08-05 16:29 - 00003308 _____ C:\windows\System32\Tasks\{E2936E0D-8AC5-4604-8365-EBB9DC5B7BDA} 2016-08-05 16:28 - 2016-08-05 16:28 - 00402696 _____ () C:\Users\Roberto\Downloads\setup (1).exe 2016-08-04 00:05 - 2016-08-19 16:05 - 00000570 _____ C:\windows\Tasks\AVG-SSU_0716wt.job 2016-08-04 00:05 - 2016-08-19 16:05 - 00000432 _____ C:\windows\Tasks\AVG-SSU_0716wt_DELETE.job 2016-08-04 00:05 - 2016-08-04 00:05 - 00002934 _____ C:\windows\System32\Tasks\AVG-SSU_0716wt_DELETE 2016-08-04 00:05 - 2016-08-04 00:05 - 00002866 _____ C:\windows\System32\Tasks\AVG-SSU_0716wt 2016-08-04 00:05 - 2016-08-04 00:05 - 00000000 ____D C:\ProgramData\Avg_Update_0716wt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-19 16:35 - 2015-05-18 19:10 - 00629712 _____ C:\windows\ntbtlog.txt 2016-08-19 16:17 - 2013-07-22 20:10 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\uTorrent 2016-08-19 16:16 - 2013-07-12 21:52 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-19 16:11 - 2009-07-13 22:45 - 00031904 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-19 16:11 - 2009-07-13 22:45 - 00031904 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-19 16:06 - 2013-08-20 00:09 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\Skype 2016-08-19 16:06 - 2013-07-12 21:45 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2016-08-19 16:06 - 2013-07-12 21:32 - 00000000 ____D C:\ProgramData\MFAData 2016-08-19 16:05 - 2013-07-12 21:52 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-19 16:04 - 2015-05-18 20:22 - 00000000 ____D C:\ProgramData\NVIDIA 2016-08-19 16:04 - 2013-07-28 14:52 - 00000000 ____D C:\Program Files (x86)\Steam 2016-08-19 16:04 - 2009-07-13 23:08 - 00032558 _____ C:\windows\Tasks\SCHEDLGU.TXT 2016-08-19 16:04 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-08-19 09:49 - 2014-02-08 20:50 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001UA.job 2016-08-19 07:57 - 2014-03-10 13:52 - 00000936 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001UA.job 2016-08-19 07:54 - 2015-05-10 20:22 - 00000000 _RSHD C:\Users\Roberto\AppData\Roaming\nvxasync 2016-08-19 07:54 - 2013-11-23 21:10 - 00000000 ____D C:\Users\Roberto\AppData\Local\TBHostSupport 2016-08-18 21:10 - 2015-11-11 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2016-08-18 21:05 - 2014-03-23 09:39 - 00000000 ____D C:\Users\Roberto\AppData\Local\Battle.net 2016-08-18 21:02 - 2015-11-10 10:52 - 00000000 ____D C:\Users\Roberto\AppData\Local\Avg 2016-08-18 20:45 - 2014-10-01 19:39 - 00000000 ____D C:\Program Files (x86)\World of Warcraft 2016-08-18 20:44 - 2014-03-23 09:38 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-08-18 14:49 - 2014-02-08 20:50 - 00000864 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001Core.job 2016-08-18 14:37 - 2016-04-24 14:27 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar 2016-08-18 13:57 - 2014-03-10 13:52 - 00000914 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001Core.job 2016-08-16 22:07 - 2016-05-07 19:39 - 00000000 ____D C:\Program Files (x86)\Overwatch 2016-08-16 17:54 - 2013-07-08 12:40 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-08-16 17:53 - 2013-07-22 21:13 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-08-16 17:36 - 2013-07-12 21:50 - 00000000 ____D C:\Users\Roberto\AppData\Local\Deployment 2016-08-15 19:19 - 2015-01-17 17:55 - 00000000 ____D C:\Users\Roberto\AppData\Local\Spotify 2016-08-15 18:34 - 2015-01-17 17:53 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\Spotify 2016-08-15 18:10 - 2013-07-28 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-08-15 18:10 - 2013-07-28 14:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-08-15 18:10 - 2013-07-28 14:08 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-08-15 18:10 - 2009-07-13 21:20 - 00000000 ____D C:\windows\inf 2016-08-15 18:09 - 2014-12-20 15:37 - 00000000 ____D C:\ProgramData\Package Cache 2016-08-15 17:59 - 2014-04-19 17:51 - 00000000 ____D C:\Users\Roberto\AppData\Local\NVIDIA Corporation 2016-08-15 17:59 - 2013-07-28 14:47 - 00000000 ____D C:\Users\Roberto\AppData\Local\NVIDIA 2016-08-15 17:59 - 2013-07-28 14:43 - 00001383 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2016-08-15 16:50 - 2013-07-08 19:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-08-10 05:00 - 2015-11-03 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2016-08-08 14:16 - 2013-07-12 21:53 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-08 14:16 - 2013-07-12 21:53 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-08-03 21:53 - 2015-11-11 10:26 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk 2016-08-02 19:40 - 2013-08-20 00:09 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-08-02 19:40 - 2013-08-20 00:09 - 00000000 ____D C:\ProgramData\Skype 2016-07-28 14:44 - 2014-02-08 20:50 - 00003890 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001UA 2016-07-28 14:44 - 2014-02-08 20:50 - 00003494 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001Core 2016-07-28 14:10 - 2013-07-12 21:52 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-28 14:10 - 2013-07-12 21:52 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2015-05-10 20:22 - 2015-05-10 20:25 - 53205728 _____ () C:\Users\Roberto\AppData\Roaming\chport.exe 2014-01-06 19:43 - 2014-01-06 19:43 - 0010183 _____ () C:\Users\Roberto\AppData\Local\CleanupUninstall.txt 2013-07-26 10:46 - 2014-07-18 15:29 - 0013312 _____ () C:\Users\Roberto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-11 17:33 - 2014-01-11 17:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Files to move or delete: ==================== C:\Program Files\Hola\app\hola.exe Some files in TEMP: ==================== C:\Users\Roberto\AppData\Local\Temp\31e0d9922d6e2445679182992ebb85ee.dll C:\Users\Roberto\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll C:\Users\Roberto\AppData\Local\Temp\avguirn_081423489783.exe C:\Users\Roberto\AppData\Local\Temp\avguirn_081499081875.exe C:\Users\Roberto\AppData\Local\Temp\avguirn_081580198834.exe C:\Users\Roberto\AppData\Local\Temp\avguirn_08396502048.exe C:\Users\Roberto\AppData\Local\Temp\avguirn_08509008946.exe C:\Users\Roberto\AppData\Local\Temp\avguirn_08632861142.exe C:\Users\Roberto\AppData\Local\Temp\avguirn_08634499362.exe C:\Users\Roberto\AppData\Local\Temp\avguirn_08982942380.exe C:\Users\Roberto\AppData\Local\Temp\Gw2.exe C:\Users\Roberto\AppData\Local\Temp\jre-8u45-windows-au.exe C:\Users\Roberto\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\Roberto\AppData\Local\Temp\jre-8u65-windows-au.exe C:\Users\Roberto\AppData\Local\Temp\jre-8u91-windows-au.exe C:\Users\Roberto\AppData\Local\Temp\libeay32.dll C:\Users\Roberto\AppData\Local\Temp\lowproc.exe C:\Users\Roberto\AppData\Local\Temp\msvcr120.dll C:\Users\Roberto\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Roberto\AppData\Local\Temp\nvStInst.exe C:\Users\Roberto\AppData\Local\Temp\sqlite3.dll C:\Users\Roberto\AppData\Local\Temp\stubhelper.dll C:\Users\Roberto\AppData\Local\Temp\_unps.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-16 00:35 ==================== End of FRST.txt ============================ Addtion.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-08-2016 Ran by Roberto (19-08-2016 17:10:47) Running from C:\Users\Roberto\Desktop Windows 7 Professional Service Pack 1 (X64) (2013-07-13 03:26:05) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2762693780-1719230438-2156667301-500 - Administrator - Disabled) Guest (S-1-5-21-2762693780-1719230438-2156667301-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2762693780-1719230438-2156667301-1002 - Limited - Enabled) Roberto (S-1-5-21-2762693780-1719230438-2156667301-1001 - Administrator - Enabled) => C:\Users\Roberto ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160} AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.3.2.30180 - BitTorrent Inc.) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated) Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated) Ansel (Version: 368.81 - NVIDIA Corporation) Hidden Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.6.8.3 - ASUSTek COMPUTER INC.) ASUS GPU Tweak (x32 Version: 2.6.8.3 - ASUSTek COMPUTER INC.) Hidden ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.) AVG (HKLM\...\AvgZen) (Version: 1.82.2.30772 - AVG Technologies) AVG (Version: 16.101.7752 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4647 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.101.7752 - AVG Technologies) AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.6.0.592 - AVG Technologies) AVG Zen (Version: 1.82.2 - AVG Technologies) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Buffered VPN version 1.0 (HKLM-x32\...\{1F5468A2-96C0-4973-80CA-327DD47ED6E5}_is1) (Version: 1.0 - Buffered Ltd.) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Curse Client (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse) Curse Client (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version: - ) Dota 2 Workshop Tools Alpha (HKLM-x32\...\Steam App 316570) (Version: - ) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FMW 1 (Version: 1.112.3 - AVG Technologies) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS) GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North) Hola™ 1.15.577 - Better Internet (HKLM\...\Hola) (Version: 1.15.577 - Hola Networks Ltd.) <==== ATTENTION Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3165 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation) Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation) Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27405 - Razer Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.2 - Rockstar Games) Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB) Spotify (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) The Lord of the Rings Online™ (HKLM-x32\...\Steam App 212500) (Version: - Turbine, Inc.) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07537D93-581A-43B9-83BA-DECA672A7C25} - System32\Tasks\{DC443FE1-5562-4D7B-B679-D18C61E63812} => pcalua.exe -a C:\Users\Roberto\AppData\Local\Temp\VSD37D7.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\Roberto\Downloads -c /lang:enu /passive /norestart <==== ATTENTION Task: {0EFE155C-1F5F-4176-AE75-09F4BEEB6AF1} - System32\Tasks\RocketTab => /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION Task: {0F6B1C65-FFD9-43B4-9FE7-6ABF482E9CF7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated) Task: {18E6A2FC-54B4-40F1-B238-8FFF5D973024} - System32\Tasks\{3CDB80FE-7E54-47D7-AAEB-E64E6CFCFE7E} => pcalua.exe -a "C:\Program Files (x86)\GoPCPro\gopcpro.exe" -c -u Task: {20158045-2669-411D-B1B2-D0FFFC0FB191} - System32\Tasks\{07DB1AFA-AB33-4BB6-B190-26C7485D8A2F} => pcalua.exe -a C:\Users\Roberto\Downloads\Install_CopyTrans_Suite.exe -d C:\Users\Roberto\Downloads Task: {3219925F-7D5C-43F7-A821-E7B4D83663BD} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-03-25] (ASUSTek Computer Inc.) Task: {3AD2B6A1-1485-401A-8E78-987ECFB0728D} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe <==== ATTENTION Task: {3CA7686F-3504-4B72-BC0A-47F76CF1EA37} - System32\Tasks\{7CA4E8DF-EE46-43C0-98AE-1C0BF29226E6} => pcalua.exe -a C:\Users\Roberto\AppData\Local\Temp\VSD4BD3.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\Roberto\Downloads -c /lang:enu /passive /norestart <==== ATTENTION Task: {515EF47B-9A13-4523-BE79-3786F35BA61D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {56C08549-059C-4A56-95A9-7608975A1DB9} - System32\Tasks\{F48E18B9-738A-46D4-833F-A0BE67D260EB} => pcalua.exe -a C:\Users\Roberto\AppData\Local\Temp\VSDEE1A.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\Roberto\Downloads -c /lang:enu /passive /norestart <==== ATTENTION Task: {58FCF953-A599-46E6-94A6-887527874082} - System32\Tasks\gameo_update => C:\Users\Roberto\AppData\Roaming\Gameo\gameo.exe <==== ATTENTION Task: {5DB4DBFE-7798-4305-8187-77B6D0D0741D} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation) Task: {60754CC5-0ABD-4EC3-9B2D-DFF13FE74AFB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001UA => C:\Users\Roberto\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {6E9CBFA3-13C9-4A9F-B6F4-F3EDB7A9A4AB} - System32\Tasks\AVG-SSU_0716wt => C:\ProgramData\Avg_Update_0716wt\AVG-Secure-Search-Update_0716wt.exe [2016-08-04] () Task: {7518CFA6-3A8B-4F9D-A6E1-4172DC66E2A4} - System32\Tasks\{E2936E0D-8AC5-4604-8365-EBB9DC5B7BDA} => pcalua.exe -a C:\Users\Roberto\AppData\Local\Temp\VSD9419.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\Roberto\Downloads -c /lang:enu /passive /norestart <==== ATTENTION Task: {80689709-1616-47BD-A37C-C7E425D27232} - System32\Tasks\{657E2528-D4A1-4BD2-8041-49AAB469F445} => pcalua.exe -a "C:\Users\Roberto\Downloads\setup (2).exe" -d C:\Users\Roberto\Downloads Task: {815226A2-1ED9-437B-B406-ABC043E36969} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation) Task: {8A766F03-7AAD-4F63-B0A2-5651528F488B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001Core => C:\Users\Roberto\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {8CB48964-7240-4C35-9005-6321AF311053} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2762693780-1719230438-2156667301-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe Task: {9B07EAF4-D7CB-4B1B-98B7-9D68C90F1681} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation) Task: {A40CC3CB-8133-4BBB-BC7D-D9E4F24164A2} - System32\Tasks\{BE36D21E-4911-4254-95A2-941FECABB9B5} => pcalua.exe -a C:\Users\Roberto\AppData\Local\Temp\VSDC765.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\Roberto\Downloads -c /lang:enu /passive /norestart <==== ATTENTION Task: {A673AD5B-905B-4817-8167-100389A9F38A} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe Task: {AD6DEEAC-81AB-4CD4-A8BB-B9BFF184CB13} - System32\Tasks\{A53202E0-F36A-45A6-A8DE-4B0B59330D53} => pcalua.exe -a C:\Users\Roberto\AppData\Local\Temp\VSD30C2.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\Roberto\Downloads -c /lang:enu /passive /norestart <==== ATTENTION Task: {B7C1EDA5-16E2-40D7-A577-EC1CBE60974B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {C33817E3-E1DE-4FCF-B4A5-9131B7370A1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {D5BBCC52-67C2-4A66-BB32-0363EB97A14B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001Core => C:\Users\Roberto\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10] (Facebook Inc.) Task: {D99099D2-3859-4EC6-AD87-C493840C4CF7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001UA => C:\Users\Roberto\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10] (Facebook Inc.) Task: {DA2EFB71-89B4-4560-A1A0-8FD41DFDEB51} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {DCC27406-EA07-46DE-AC48-90C3292166DD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2762693780-1719230438-2156667301-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe Task: {DF81BEFE-ACBB-4139-B394-33A6A7F1ADA9} - System32\Tasks\AVG-SSU_0716wt_DELETE => C:\ProgramData\Avg_Update_0716wt\AVG-Secure-Search-Update_0716wt.exe [2016-08-04] () Task: {E9A74363-89C8-4B99-8A64-1F7A2C7A20FD} - System32\Tasks\{38773827-D4FE-4268-BF01-4F0ABB20EFDF} => pcalua.exe -a C:\Users\Roberto\AppData\Local\Temp\VSD5726.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\Roberto\Downloads -c /lang:enu /passive /norestart <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\AVG-SSU_0716wt.job => C:\ProgramData\Avg_Update_0716wt\AVG-Secure-Search-Update_0716wt.exe Task: C:\windows\Tasks\AVG-SSU_0716wt_DELETE.job => C:\ProgramData\Avg_Update_0716wt\AVG-Secure-Search-Update_0716wt.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001Core.job => C:\Users\Roberto\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001UA.job => C:\Users\Roberto\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001Core.job => C:\Users\Roberto\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001UA.job => C:\Users\Roberto\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-23 12:21 - 2016-05-24 10:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-05-12 03:49 - 2014-05-12 03:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2014-07-30 13:13 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2014-07-30 13:13 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\hola.org -> hxxp://hola.org IE trusted site: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\hola.org -> hxxp://hola.org ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Osvaldo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 64.178.142.10 - 24.207.0.167 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{C419A91E-D752-41BB-B818-1DDA1D312BAE}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{0DBE3E9E-E062-48FF-91E1-2E2BB77392FA}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{C9AE27E6-FAD5-4586-A979-82F10C9C4312}] => (Allow) C:\Users\Roberto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{EFCB97D7-7F4D-46F1-BBD8-AA3AFBA7103D}] => (Allow) C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{143296F6-4171-4EA1-AE88-F31632FCA14F}] => (Allow) C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{127A0B8E-374F-4005-8067-D15DAE44BD37}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{0768337D-5B63-4DE2-8943-FD0D618B46F1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{1816B206-0C83-48B0-9F64-5E4431B6CD3E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{7C503B7D-BDC1-4421-971E-ECFD523E263E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{059809EC-1CE0-4E03-A195-BAE6786C1602}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [{83405D02-C654-4FDA-B0AF-28F529C05985}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DCAA9F92-13E6-4EB3-A895-34F617526F53}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{CA699284-1142-46AD-A036-3DA804C55460}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6C8D3CA7-AE37-459F-90DE-B175FFF3F9BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{2C218D04-AA88-4816-8F8E-A909CB92BBBB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe FirewallRules: [{8F0C5080-F740-469A-848E-D19BB240FB51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe FirewallRules: [{185C7078-6D31-4C85-B28B-70979E075404}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\dota.exe FirewallRules: [{9C27D618-89C0-4FA9-9D31-2610F686EFB8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\dota.exe FirewallRules: [{3E13B15E-5B4B-4299-8A7E-7F49F924C9A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe FirewallRules: [{7077B0E6-08D7-43A1-ACF5-5446EAF6B3D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe FirewallRules: [{DFDF4E36-7ACE-4BA7-9273-661909E0B2C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\dota.exe FirewallRules: [{83D37AF4-D2E3-47A6-A58A-8761B2EF370A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\dota.exe FirewallRules: [{B4A32BEF-2F75-429E-B78B-26C1F04FECE1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe FirewallRules: [{478D5F61-D8D2-463B-BF4D-DD45F5531FD2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe FirewallRules: [{8F5CBC67-4695-48ED-B4F4-9F17D13BE0FD}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe FirewallRules: [{C2E02FEF-551A-4DB6-B2CA-2EF51E4F9AE2}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe FirewallRules: [{DDAAA0EA-06A5-473C-AB26-BFCEDE0EDD4D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe FirewallRules: [{87F6D04D-BD4C-46DB-91DE-AA794C0471BF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe FirewallRules: [{86E5FE39-E424-431A-BE4F-040C51543494}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe FirewallRules: [{44C1D085-46D5-40CE-8DD7-C17B8E42D0FC}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe FirewallRules: [{B32EE279-8A82-43AD-A690-2486F6551B43}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe FirewallRules: [{438530BF-C04D-4EE2-8C17-A6AA6CE50344}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe FirewallRules: [{BDDCD0EB-2E05-45D8-AF68-F102B660C666}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{7ABF2AD2-AA6F-4639-B158-A9AB7DFCA231}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{48B9A468-5FDD-4D1B-A067-2917A616D393}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe FirewallRules: [{EC19AFD0-63B2-4CAB-8198-8B0DF13CD927}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe FirewallRules: [{D582EF4C-8C4E-44BE-979F-2ED08725AA0A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{7BB2B6AE-865F-45BA-AE1E-D6D990225C2C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{18F71234-80E2-4151-8A71-CBE484424B39}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{F1FA6F88-4932-4EF0-BD24-EC8FF908AB20}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{229BEBA6-E04D-4C1A-B5DB-4AB7FA5B9BBD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [TCP Query User{C45119F9-19F0-4150-9131-706879300545}C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe FirewallRules: [UDP Query User{AAF1D2E4-BE48-4E90-9DBE-00811D909130}C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe FirewallRules: [TCP Query User{9C9267DF-46D6-4073-A13E-F73393FC7484}C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe FirewallRules: [UDP Query User{1CE04341-4992-4344-8934-B4C4A2D5C618}C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe FirewallRules: [{56514E96-DEE1-413B-A574-67A39843E753}] => (Allow) C:\Users\Roberto\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{F41679FD-B7EA-48C7-A2E9-E05D1DC54082}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{D81D257B-68D2-4805-B426-B3490FEED15C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{DAEE96C9-D098-4077-B8BF-46992F75D832}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2cfg.exe FirewallRules: [{EF83B25D-8280-4D3D-9C85-677219EDA04F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2cfg.exe FirewallRules: [TCP Query User{E7F16F48-622D-49E8-BB94-20076C2E22EA}C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe FirewallRules: [UDP Query User{B4CA62F6-E5EA-49D4-AE9F-57D5375452A4}C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe FirewallRules: [{99986E3F-4D91-4994-A8F9-EAA7D04CD27F}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe FirewallRules: [{8FC1A7BF-9E3F-4A2F-8339-5050D9592831}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe FirewallRules: [{9FEF4955-6A7C-49CD-B9B4-E79E12A583EE}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{7E87A1DE-6854-41E6-97D0-9F8B69642F15}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe FirewallRules: [UDP Query User{5B8E51F9-FB07-4B2D-A298-10C04C08704B}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe FirewallRules: [{773F5B6B-FEC6-4921-8B74-D8F6C696253F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{F28A8862-D912-4028-B306-FF867EBB9F9E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{46B3BFFB-D68A-4B13-835F-3727B4D2F57E}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe FirewallRules: [{2EE9021F-0D83-4085-A779-01B897A361B9}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe FirewallRules: [{BC2DC2C2-A117-4C95-965E-D9150F1DE222}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lord of the Rings Online\TurbineInvoker.exe FirewallRules: [{109DD547-427F-44F1-BE00-2E0A09117095}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lord of the Rings Online\TurbineInvoker.exe FirewallRules: [TCP Query User{F0787FB2-C31F-4DAD-B7CB-597F4466CBC4}C:\users\roberto\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roberto\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{D7BE3F3F-086E-41DB-A8B7-021BB4DC27B3}C:\users\roberto\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roberto\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{2CB3C40B-B039-4A05-B8BA-3D43DAE608A9}C:\users\roberto\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\roberto\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{A9EE4D13-C547-4DE2-89D7-2CE0604E852E}C:\users\roberto\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\roberto\appdata\roaming\spotify\spotify.exe FirewallRules: [{72B52763-F039-4E3E-8DB0-FD30CF91EB65}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe FirewallRules: [{1B5FF6B3-3F32-415E-8586-0EAA5D75BFA8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{E5989DBB-9D5C-451B-AA05-3F4CF1B06EFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [TCP Query User{25118EA9-5844-4624-8DD6-0EC7DF7AD950}C:\users\roberto\appdata\local\temp\ign43b3.tmp\lmiignition.exe] => (Allow) C:\users\roberto\appdata\local\temp\ign43b3.tmp\lmiignition.exe FirewallRules: [UDP Query User{5F40182C-C0CB-44CD-AAAA-30E2E45A94E7}C:\users\roberto\appdata\local\temp\ign43b3.tmp\lmiignition.exe] => (Allow) C:\users\roberto\appdata\local\temp\ign43b3.tmp\lmiignition.exe FirewallRules: [TCP Query User{964B7ACD-98C4-47F7-BFDA-48522838A08C}C:\users\roberto\appdata\local\temp\ign8d60.tmp\lmiignition.exe] => (Allow) C:\users\roberto\appdata\local\temp\ign8d60.tmp\lmiignition.exe FirewallRules: [UDP Query User{F8427EED-D23C-4112-ADA1-4EC07F5EA068}C:\users\roberto\appdata\local\temp\ign8d60.tmp\lmiignition.exe] => (Allow) C:\users\roberto\appdata\local\temp\ign8d60.tmp\lmiignition.exe FirewallRules: [TCP Query User{31E7C7E5-D267-4A5B-9751-FFE50DDCA628}C:\users\roberto\appdata\local\temp\ignb2ea.tmp\lmiignition.exe] => (Allow) C:\users\roberto\appdata\local\temp\ignb2ea.tmp\lmiignition.exe FirewallRules: [UDP Query User{D17E19BE-1CD6-4810-A9A6-803057EF83EC}C:\users\roberto\appdata\local\temp\ignb2ea.tmp\lmiignition.exe] => (Allow) C:\users\roberto\appdata\local\temp\ignb2ea.tmp\lmiignition.exe FirewallRules: [{62EC9D54-7F43-44EF-ADB6-DC99EC98578A}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe FirewallRules: [{F9AB4917-7DA9-4C7F-AA07-F23CB9C86F72}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe FirewallRules: [{1F2567A8-A621-445A-90BE-3E6706A357BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{DB4E780F-E133-4C07-A450-8507A87685B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{504BB080-1555-43D1-A2A6-4A4A0CC84273}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{D1AB01D8-DCAF-4F62-8F5E-BFA8AE777778}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{82852481-1474-4834-8A85-971EE93225C6}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe FirewallRules: [{5F517053-1C07-415E-8BB2-711676172763}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe FirewallRules: [{8AD422C6-18AD-4431-B8C4-03BC177B0538}] => (Allow) C:\Users\Roberto\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe FirewallRules: [{1D5EBCC0-B7AE-466C-A3BD-3B168AE96C15}] => (Allow) C:\Users\Roberto\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe FirewallRules: [TCP Query User{5C9FAF00-B7F5-4D80-A81D-46C0C5AF5762}C:\users\roberto\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\roberto\appdata\local\mycomgames\mycomgames.exe FirewallRules: [UDP Query User{85C775AD-6302-42CE-B35E-C8646957A772}C:\users\roberto\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\roberto\appdata\local\mycomgames\mycomgames.exe FirewallRules: [{9E797ED3-409A-42AA-A87C-32D84268B47F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DADE97B9-BCE0-4B73-80CD-F416A7F72955}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{82E265D4-E66D-408A-9D09-25178D22F2B6}C:\users\roberto\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\roberto\appdata\local\mycomgames\mycomgames.exe FirewallRules: [UDP Query User{A8ACE715-6034-43D9-A43D-471520345E44}C:\users\roberto\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\roberto\appdata\local\mycomgames\mycomgames.exe FirewallRules: [TCP Query User{50119420-3FEC-4557-8BEF-85EFCF39DC00}C:\users\roberto\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Block) C:\users\roberto\appdata\roaming\utorrent\updates\3.4.5_41202.exe FirewallRules: [UDP Query User{0BC49AEB-D8D0-4B58-9968-2D918FA72839}C:\users\roberto\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Block) C:\users\roberto\appdata\roaming\utorrent\updates\3.4.5_41202.exe FirewallRules: [{F136FDE0-A7A1-46B6-9ED2-6C70D5156A95}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{BD8296CB-A8AD-4754-9A2E-38D9806ED00F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{DD421078-04E1-47A9-BA2F-8E9D13ECD1AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\game\bin\win64\dota2.exe FirewallRules: [{312D04B3-5259-43C1-B878-F6869F50C121}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\game\bin\win64\dota2.exe FirewallRules: [{469B2F35-2E7B-4AB2-BD4F-3F010CD19821}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{A6D72251-39C1-4742-9541-0606002D9E46}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [TCP Query User{C5E04C74-9FB2-471C-8C92-F804F6EBBE1C}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{358FD2E7-D0AC-431D-93FC-F6538948EA24}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [{E7AC6E23-DC10-46EE-A156-CF71799E171C}] => (Allow) C:\Users\Roberto\Downloads\bin\BlackDesert32.exe FirewallRules: [{2C776578-3258-499B-9D0A-B1C13CEABF32}] => (Allow) C:\Users\Roberto\Downloads\bin64\BlackDesert64.exe FirewallRules: [{3F1A17BC-1C36-46D2-B3B6-CC4E808826C5}] => (Allow) C:\Users\Roberto\Downloads\BlackDesert_Launcher.exe FirewallRules: [{C387FA91-6874-48A3-996C-2B915860C0F1}] => (Allow) C:\Users\Roberto\Downloads\BlackDesert_Downloader.exe FirewallRules: [{E9DEF967-AB5D-44B4-89E7-79982CB12EE3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{F958B247-E667-4E9C-9EF5-A236E74A5627}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [UDP QUERY USER{BC62C58C-2A12-49E7-BC0F-B6A5DA8B6341}C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\COMMON\COUNTER-STRIKE GLOBAL OFFENSIVE\CSGO.EXE] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe FirewallRules: [TCP QUERY USER{7E877B66-DB72-4CBB-A3BE-0556D2F1C64F}C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\COMMON\COUNTER-STRIKE GLOBAL OFFENSIVE\CSGO.EXE] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe FirewallRules: [TCP Query User{EA4F6642-0E87-4F2E-81F7-FBDCBBEFF752}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{1F288BC3-7ACA-428B-9F44-3DCBCA29B71E}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [{4C24E2A4-422D-460D-AAC0-7BFBC840377D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{1779C8F4-4D1C-49EA-8F0E-CFB3C6CCBB68}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{98D8721D-B2A7-4058-9A43-4D25DFEB8D27}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{71198C41-471B-4012-8626-737800A44D05}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{9AAD60A8-E046-40A2-BCBF-433C7C165267}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{89C68E27-DBCB-449F-9DC0-4EB8A95DC52F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [TCP Query User{9A589E08-7058-4EC8-A930-BEE11B67AD45}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{12F1F988-6453-4587-8603-441BFDB7BE16}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [{DFB39B6B-CC03-4E93-B214-6A9ED2F106AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{83365BCA-BFEE-4E92-AA15-B28F4E9762EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{317B8EAB-7013-4022-ABFA-7D30DDE15623}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{8F355E40-243C-48C4-B34E-EE12D09A144C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{57AE5B7A-546D-451A-837F-FE9F4441805E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{C53F3F52-C799-46CA-A695-F3DB9BF32308}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{0133C024-FA51-44C5-9DBB-97CDA8BF09D8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{60923DC9-EDBC-432F-A84A-218FC56E5AD3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{C1431071-8E40-46EB-9FDD-6458F2B6C881}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{8DDBDE29-755E-4833-AC5E-9ED7DFCBDE57}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{A7805AB6-481C-4BE6-BA83-13EAE203E8C0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{20AD6E7F-D58D-4024-B1AC-A5F97D9040D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{41C9D56D-F276-41FB-B01B-1C822E71CD90}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{D7E2B76D-D7C5-42EF-B120-8821AC7902B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (08/19/2016 04:22:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2016 04:06:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2016 08:57:03 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file C:\Windows\System32\vssapi.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Windows host process (Rundll32) because of this error. Program: Windows host process (Rundll32) File: C:\Windows\System32\vssapi.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error: (08/19/2016 08:57:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rundll32.exe_srrstr.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0 Faulting module name: VSSAPI.DLL, version: 6.1.7601.17514, time stamp: 0x4ce7c9f9 Exception code: 0xc0000006 Fault offset: 0x0000000000107e4c Faulting process id: 0x1f88 Faulting application start time: 0xrundll32.exe_srrstr.dll0 Faulting application path: rundll32.exe_srrstr.dll1 Faulting module path: rundll32.exe_srrstr.dll2 Report Id: rundll32.exe_srrstr.dll3 Error: (08/19/2016 08:54:23 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d, The service did not respond to the start or control request in a timely fashion. . Operation: Instantiating VSS server Error: (08/19/2016 08:54:23 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x8007041d, The service did not respond to the start or control request in a timely fashion. ] Operation: Instantiating VSS server Error: (08/19/2016 07:55:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2016 09:07:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2016 08:34:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2016 07:10:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Agent.exe, version: 2.6.8.5111, time stamp: 0x57a28468 Faulting module name: Agent.exe, version: 2.6.8.5111, time stamp: 0x57a28468 Exception code: 0xc0000005 Fault offset: 0x000cd885 Faulting process id: 0x1a90 Faulting application start time: 0xAgent.exe0 Faulting application path: Agent.exe1 Faulting module path: Agent.exe2 Report Id: Agent.exe3 System errors: ============= Error: (08/19/2016 05:10:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 = The dependency service or group failed to start. Error: (08/19/2016 05:10:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 = The dependency service or group failed to start. Error: (08/19/2016 05:10:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 = The dependency service or group failed to start. Error: (08/19/2016 05:10:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 = The dependency service or group failed to start. Error: (08/19/2016 05:10:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 = The dependency service or group failed to start. Error: (08/19/2016 05:10:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 = The dependency service or group failed to start. Error: (08/19/2016 05:07:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 = The dependency service or group failed to start. Error: (08/19/2016 05:07:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 = The dependency service or group failed to start. Error: (08/19/2016 05:07:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 = The dependency service or group failed to start. Error: (08/19/2016 05:07:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 = The dependency service or group failed to start. CodeIntegrity: =================================== Date: 2015-05-18 19:12:01.983 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzdaendpt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-18 19:12:01.905 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzdaendpt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-06 19:53:15.483 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzdaendpt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-06 19:53:15.455 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzdaendpt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-06 19:46:44.419 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzdaendpt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-06 19:46:44.372 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzdaendpt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-12 20:26:59.735 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Alpham264.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-12 20:26:59.708 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Alpham264.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-12 20:26:59.673 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Alpham164.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-12 20:26:59.646 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Alpham164.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4430 CPU @ 3.00GHz Percentage of memory in use: 10% Total physical RAM: 32647.16 MB Available physical RAM: 29344.79 MB Total Virtual: 65292.51 MB Available Virtual: 62150.25 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:921.26 GB) (Free:86.31 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (User Manual) (CDROM) (Total:0.31 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 099D9EA9) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=9.8 GB) - (Type=27) Partition 3: (Not Active) - (Size=921.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ thanks, Rob

Hello guys, recently signed up to the website and downloaded malwarebytes in hopes to fix a current virus problem that is making my PC unusable. I've tried different things and haven't had any luck. Computer works fine in safe mode, but once I start it normally is almost impossible to use. Freezes every few seconds, programs and games are impossible to open, browsers are impossible to open and overall just a pain in the ass. Was wondering if someone could guide me in removing this annoying *****