xRT

Yes I am now, Thank you so much for your time and help.

Here is the Fixlog:~ ~ ~ ~ Fixlog.txt

FRST.txt Addition.txt

Here are my scan results: FRST:~ ~ ~ ~ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2017 Ran by Family (administrator) on T5500 (11-12-2017 21:14:46) Running from C:\Users\Family\Desktop Loaded Profiles: Family (Available Profiles: Family) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst- tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer \NVDisplay.Container.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS \dsAccessService.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS \dsAccessService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient \AGSService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support \AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe () C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service \nvwirelesscontroller.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry \NvTelemetryContainer.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Spotify Ltd) C:\Users\Family\AppData\Roaming\Spotify\SpotifyWebHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Family\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows \system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.) HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11- 19] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update \jusched.exe [596528 2015-11-09] (Oracle Corporation) HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd) HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\Run: [Spotify Web Helper] => C:\Users \Family\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1579120 2017-07-29] (Spotify Ltd) HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\MountPoints2: F - F:\setup.exe HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\MountPoints2: H - H:\setup\rsrc\Autorun.exe HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\MountPoints2: {3147ad70-1cd8-11e4-962c- 0023aea9040f} - H:\Setup.exe HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\MountPoints2: {8a76d1c6-8319-11e2-a009- 806e6f6e6963} - D:\autorun.exe HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\MountPoints2: {eab4b094-a749-11e3-bb44- 0023aea9040f} - G:\autorun.exe HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\MountPoints2: {f4d49233-fca2-11e3-9633- 0023aea9040f} - H:\setup\rsrc\Autorun.exe HKU\S-1-5-18\...\Run: [] => [X] GroupPolicy: Restriction - Chrome <==== ATTENTION GroupPolicy\User: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{737037F1-6F4E-448C-BE34-89773AE4F088}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{737037F1-6F4E-448C-BE34-89773AE4F088}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{B32A1E68-654E-4ADF-96D2-1E185973FFD2}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{E43EFC97-FCB5-4845-A9DE-1B0FB6EC885F}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{E43EFC97-FCB5-4845-A9DE-1B0FB6EC885F}: [DhcpNameServer] 10.0.0.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-286109471-3207669588-231307133-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKU\S-1-5-21-286109471-3207669588-231307133-1000 -> DefaultScope {0633EE93-D776- 472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-286109471-3207669588-231307133-1000 -> {BB82DE59-BC4C-4172-9AC4- 73315F71CFFE} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files \Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: No Name -> {5eaecdf4-2f7f-49d0-9956-30c2bdbbf21d} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-19] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-19] (Oracle Corporation) BHO-x32: No Name -> {f8c57169-9ac9-4513-853c-e945f1e3a468} -> No File Toolbar: HKU\S-1-5-21-286109471-3207669588-231307133-1000 -> No Name - {2318C2B1-4965-11D4-9B18- 009027A5CD4F} - No File DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {AA570693-00E2-4907-B6F1-60A1199B030C} DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://svpn.avinc.com/dana- cached/sc/JuniperSetupClient.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG \AVG2012\avgppa.dll [2012-03-27] (AVG Technologies CZ, s.r.o.) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG \AVG2012\avgpp.dll [2012-03-27] (AVG Technologies CZ, s.r.o.) FireFox: ======== FF ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\8uao7iqy.default [2017- 12-11] FF Homepage: Mozilla\Firefox\Profiles\8uao7iqy.default -> hxxps://www.google.com/ FF Extension: (Enhance Net Extension) - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles \8uao7iqy.default\Extensions\8d5722f08367402ca7e74cf2ef319f24@jetpack [2014-11-02] [Legacy] [not signed] FF Extension: (PPRiicceeMinus) - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles \8uao7iqy.default\Extensions\8N6XEE@h2.org [2015-08-07] [Legacy] [not signed] FF Extension: (CuuteThePriicE) - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles \8uao7iqy.default\Extensions\nT@mqFL.org [2015-08-07] [Legacy] [not signed] FF Extension: (youtubeadblocker) - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles \8uao7iqy.default\Extensions\pt@HK.edu [2015-03-03] [Legacy] [not signed] FF Extension: (UniDeaolsse) - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles \8uao7iqy.default\Extensions\vvet@Bk.com [2015-03-03] [Legacy] [not signed] FF Extension: (Greasemonkey) - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles \8uao7iqy.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-12-10] FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4 FF Extension: (AVG Safe Search) - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2013-03-13] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar \FireFoxExt\18.1.9.790 => not found FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-29] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight \5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM \Utilities\npAdobeAAMDetect64.dll [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash \NPSWF32_27_0_0_183.dll [2017-10-29] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director \np32dsw_1229199.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin \dtplugin\npDeployJava1.dll [2015-12-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java \jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-19] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight \5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C: \PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C: \PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision \npnv3dv.dll [2017-03-31] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-31] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update \1.3.33.7\npGoogleUpdate3.dll [2017-11-23] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update \1.3.33.7\npGoogleUpdate3.dll [2017-11-23] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR \nppdf32.dll [2017-11-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-286109471-3207669588-231307133-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-26] (Unity Technologies ApS) StartMenuInternet: FIREFOX.EXE - C:\Users\Family\AppData\Local\Mozilla Firefox\firefox.exe Chrome: ======= CHR DefaultProfile: Profile 2 CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-11-11] CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-12-10] CHR Extension: (Slides) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-09] CHR Extension: (Docs) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-09] CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-09] CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-09] CHR Extension: (Adobe Acrobat) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-09] CHR Extension: (Sheets) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-09] CHR Extension: (Google Docs Offline) - C:\Users\Family\AppData\Local\Google\Chrome\User Data \Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-09] CHR Extension: (AdBlocker Ultimate) - C:\Users\Family\AppData\Local\Google\Chrome\User Data \Profile 2\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2017-11-11] CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-09] CHR Extension: (Chrome Media Router) - C:\Users\Family\AppData\Local\Google\Chrome\User Data \Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-09] CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-10] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nagnmfhgkjkplbhplkbicmpkfopmnefp] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support \AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1547200 2017-10-21] () S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2017-01-05] (EasyAntiCheat Ltd) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-11] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-11] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer \NVDisplay.Container.exe [462784 2017-03-31] (NVIDIA Corporation) R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers \nvPDsvc.exe [6237800 2010-04-30] () R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-11] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry \NvTelemetryContainer.exe [427064 2017-03-31] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-05-25] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S2 RzOvlMon; no ImagePath ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. ) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.) R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.) R3 BENDER; C:\Windows\System32\drivers\bender64.sys [253568 2006-11-27] (Pinnacle Systems) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-11-09] () R1 jnprns; C:\Windows\System32\DRIVERS\jnprns.sys [507192 2014-07-08] (Juniper Networks) S4 jnprTdi_806_48695; C:\Windows\system32\Drivers\jnprTdi_806_48695.sys [108344 2014-08-07] (Juniper Networks, Inc.) S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2014-07-08] (Juniper Networks, Inc.) R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2014-07-08] (Juniper Networks, Inc.) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-11] (Malwarebytes) S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) [File not signed] S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12- 11] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-12-11] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-03-31] (NVIDIA Corporation) R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-02-20] (Razer, Inc.) R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2014-02-20] (Razer, Inc.) R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 sf; \??\C:\AeriaGames\SoldierFront\avital\soldierf64.sys [X] S3 slb; \??\C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-11 21:14 - 2017-12-11 21:14 - 000020745 _____ C:\Users\Family\Desktop\FRST.txt 2017-12-11 21:14 - 2017-12-11 21:14 - 000000000 ____D C:\Users\Family\Desktop\FRST-OlderVersion 2017-12-11 21:12 - 2017-12-11 21:12 - 002392064 _____ (Farbar) C:\Users\Family\Downloads \FRST64.exe 2017-12-10 21:34 - 2017-12-10 21:35 - 000125864 _____ C:\Users\Family\Downloads\14-1 Outline .pdf 2017-12-10 13:57 - 2017-12-10 13:57 - 000311224 _____ (Mozilla) C:\Users\Family\Downloads\Firefox Installer(1).exe 2017-12-05 22:51 - 2017-12-05 22:51 - 000061952 _____ C:\Users\Family\Downloads\13-3 Cornell Notes .pdf 2017-12-04 20:17 - 2017-12-04 20:17 - 000064420 _____ C:\Users\Family\Downloads\13-1 & 2 Cornell Notes.pdf 2017-11-29 00:22 - 2017-11-29 00:22 - 000111722 _____ C:\Users\Family\Downloads\11-4.pdf 2017-11-26 12:38 - 2017-11-26 12:38 - 000000000 ____D C:\Users\Family\AppData\LocalLow\Square Enix 2017-11-26 12:37 - 2017-11-26 12:37 - 000002699 _____ C:\Users\Family\Desktop\Play Life is Strange - Before the Storm.lnk 2017-11-26 12:06 - 2017-11-26 12:16 - 000000000 ____D C:\Users\Family\Downloads\Life is Strange - Before the Storm E1+E2 PC game ^^nosTEAM^^RO 2017-11-26 12:05 - 2017-11-26 12:32 - 000000000 ____D C:\Program Files (x86)\Life is Strange - Before the Storm 2017-11-26 11:56 - 2017-11-26 12:01 - 053624595 _____ C:\Users\Family\Downloads \LifeIsStrange_BS-E1+E2.exe 2017-11-26 11:32 - 2017-11-26 11:32 - 000116572 _____ C:\Users\Family\Downloads\Chapter 11-1 Outline.pdf 2017-11-23 14:25 - 2017-11-23 14:25 - 000000000 ____D C:\Users\Family\AppData\LocalLow\Defiant Development 2017-11-23 13:58 - 2017-11-26 12:06 - 000000000 ____D C:\Users\Family\AppData\LocalLow\uTorrent 2017-11-16 17:12 - 2017-11-16 17:12 - 000096190 _____ C:\Users\Family\Downloads\Chapter 10-4 Outline 10_35 (2-Red 9-Pictures).pdf 2017-11-13 17:07 - 2017-11-13 17:07 - 000125102 _____ C:\Users\Family\Downloads\10-2 Outline (3- red 2-pics).pdf 2017-11-12 18:06 - 2017-11-12 18:06 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2017-11-12 18:04 - 2017-11-12 18:05 - 000000000 ____D C:\ProgramData\RogueKiller 2017-11-12 18:04 - 2017-11-12 18:04 - 036135784 _____ (Adlice Software ) C:\Users\Family \Downloads\setup.exe 2017-11-12 18:04 - 2017-11-12 18:04 - 000000863 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-11-12 18:04 - 2017-11-12 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-11-12 18:04 - 2017-11-12 18:04 - 000000000 ____D C:\Program Files\RogueKiller 2017-11-12 17:57 - 2017-11-16 15:48 - 000002107 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-11-12 17:56 - 2017-11-12 17:57 - 000000000 ____D C:\Program Files (x86)\Google 2017-11-12 17:56 - 2017-11-12 17:56 - 001130328 _____ (Google Inc.) C:\Users\Family\Downloads \ChromeSetup.exe 2017-11-11 22:23 - 2017-11-12 20:09 - 000000154 _____ C:\Users\Family\AppData\LocalLow \rbxcsettings.rbx 2017-11-11 22:13 - 2017-11-11 22:13 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-11 21:14 - 2017-11-10 10:21 - 002392064 _____ (Farbar) C:\Users\Family\Desktop\FRST64 (1).exe 2017-12-11 21:14 - 2017-11-09 23:12 - 000000000 ____D C:\FRST 2017-12-11 21:11 - 2017-01-06 01:39 - 000000000 ____D C:\Users\Family\AppData\LocalLow\Mozilla 2017-12-11 21:11 - 2013-03-02 01:46 - 000000000 ____D C:\ProgramData\NVIDIA 2017-12-11 21:10 - 2017-11-10 11:00 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers \mbamswissarmy.sys 2017-12-11 21:10 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-12-10 21:36 - 2009-07-13 21:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI 2017-12-10 21:36 - 2009-07-13 20:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e- B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-12-10 21:36 - 2009-07-13 20:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e- B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-12-10 21:36 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf 2017-12-10 21:32 - 2013-07-13 23:29 - 000000000 ____D C:\Users\Family\AppData\Roaming\Mozilla 2017-12-10 13:57 - 2017-08-10 10:00 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-12-10 13:57 - 2017-01-06 01:38 - 000000929 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-12-10 13:57 - 2014-05-13 22:52 - 000000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-12-10 13:57 - 2014-05-13 22:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-12-06 17:57 - 2013-03-02 01:28 - 000000000 ____D C:\Windows\system32\Drivers\AVG 2017-12-01 16:51 - 2017-03-20 19:36 - 000000000 ____D C:\Users\Family\AppData\Roaming\Spotify 2017-12-01 16:51 - 2017-03-20 19:36 - 000000000 ____D C:\Users\Family\AppData\Local\Spotify 2017-11-30 18:03 - 2017-02-19 14:25 - 000000000 ____D C:\Users\Family\AppData\Roaming\Microsoft \Windows\Start Menu\Programs\Roblox 2017-11-30 17:58 - 2015-06-17 14:13 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-11-26 13:26 - 2017-10-29 12:09 - 000000000 ____D C:\Users\Family\AppData\Roaming\uTorrent 2017-11-26 13:26 - 2016-11-13 14:02 - 000000000 ____D C:\Program Files (x86)\Steam 2017-11-26 12:37 - 2016-10-02 11:20 - 000001602 _____ C:\Users\Family\Desktop\visit www.nosteam.ro.lnk 2017-11-23 14:21 - 2017-11-09 17:49 - 000003330 _____ C:\Windows\System32\Tasks \GoogleUpdateTaskMachineUA 2017-11-23 14:21 - 2017-11-09 17:49 - 000003202 _____ C:\Windows\System32\Tasks \GoogleUpdateTaskMachineCore 2017-11-16 15:50 - 2015-06-17 14:13 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-11-16 15:48 - 2017-11-09 17:49 - 000002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-12 16:03 - 2014-02-09 17:31 - 000000000 ____D C:\Users\Family\AppData\Local\CrashDumps 2017-11-11 22:13 - 2013-06-13 14:20 - 000000827 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-11-11 22:13 - 2013-06-13 14:20 - 000000000 ____D C:\Program Files\CCleaner ==================== Files in the root of some directories ======= 2014-02-10 14:41 - 2013-07-08 11:33 - 002450464 _____ (SPAMfighter ApS - SPAMfighter.com) C: \Users\Family\sfhtml.dll 2014-02-10 14:41 - 2013-07-08 11:33 - 000951328 _____ (SPAMfighter ApS) C:\Users\Family \SuiteClient.dll 2016-10-28 03:17 - 2016-11-05 04:00 - 000000429 _____ () C:\Users\Family\update- WarfareRemasterd.bat 2013-09-26 22:34 - 2013-09-26 22:34 - 000061367 _____ () C:\Users\Family\AppData\Roaming\icarus- dxdiag.xml 2014-06-25 12:17 - 2014-08-25 17:37 - 000000012 _____ () C:\Users\Family\AppData\Roaming\id.txt 2014-02-07 21:57 - 2014-05-13 21:34 - 000034816 _____ () C:\Users\Family\AppData\Roaming \RZR_0060fc43455390be466a0c37e436.db 2015-01-22 16:45 - 2015-01-22 16:45 - 000000088 _____ () C:\Users\Family\AppData\Local \c1908001ff7b97913e150b59be1f3794 2013-08-15 21:12 - 2013-08-15 21:12 - 000000000 ___SH () C:\Users\Family\AppData\Local\LumaEmu 2014-06-24 09:11 - 2014-06-24 09:11 - 000000000 _____ () C:\Users\Family\AppData\Local\Mozilla Firefoxsafeguard-secure-search.xml 2017-01-06 00:41 - 2016-11-23 05:37 - 000000570 _____ () C:\Users\Family\AppData\Local \TroubleshooterConfig.json 2014-01-25 15:49 - 2014-01-25 20:42 - 000000914 _____ () C:\Users\Family\AppData\Local \_settings.ini 2014-09-19 14:04 - 2014-09-19 14:04 - 000000000 _____ () C:\Users\Family\AppData\Local\{331A67C7 -76A5-4416-8690-AD79190E3823} 2014-07-03 14:04 - 2014-07-03 14:04 - 000000000 _____ () C:\Users\Family\AppData\Local\{DC3B1D31 -FCB4-4C70-8923-6F76B2F68300} Some files in TEMP: ==================== 2017-11-12 18:04 - 2016-04-08 22:59 - 001732864 _____ (Microsoft Corporation) C:\Users\Family \AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-03 11:32 ==================== End of FRST.txt ============================ Addition Txt:~ ~ ~ ~ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2017 Ran by Family (11-12-2017 21:15:11) Running from C:\Users\Family\Desktop Windows 7 Professional Service Pack 1 (X64) (2013-03-02 09:23:10) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-286109471-3207669588-231307133-500 - Administrator - Disabled) Family (S-1-5-21-286109471-3207669588-231307133-1000 - Administrator - Enabled) => C:\Users\Family Guest (S-1-5-21-286109471-3207669588-231307133-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-286109471-3207669588-231307133-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Internet Security 2012 (Disabled) {621CC794-9486-F902-D092-0484E8EA828B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated) Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 381.65 - NVIDIA Corporation) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.) AVG 2012 (HKLM\...\{151C1354-B1CD-4768-A691-E03D84929073}) (Version: 12.0.4365 - AVG Technologies) Hidden AVG 2012 (HKLM\...\{31CE1406-5C12-44C5-B6C5-0F55F2039DE3}) (Version: 12.1.2240 - AVG Technologies) Hidden AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2240 - AVG Technologies) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.0.3.2 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Hand of Fate 2 (HKLM\...\aGFuZG9mZmF0ZTI_is1) (Version: 1 - ) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.) Infinity (HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\Infinity) (Version: 3.0.35 - WeMod) iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) JetBrains PyCharm Community Edition 2017.2.1 (HKLM-x32\...\PyCharm Community Edition 2017.2.1) (Version: 172.3544.46 - JetBrains s.r.o.) Juniper Networks Setup Client (HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\Juniper_Setup_Client) (Version: 8.0.6.48695 - Juniper Networks) Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks) Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.48695 - Juniper Networks, Inc.) Junos Pulse Core Components (HKLM-x32\...\{CFEA6426-1BD5-4AD4-A095-A1830D8B90D4}) (Version: 5.0.48695 - Juniper Networks) Hidden Junos Pulse Drivers Add-On (HKLM\...\{01A43787-60A3-4568-A7AE-A6894A05C364}) (Version: 5.0.48695 - Juniper Networks) Hidden Junos Pulse Host Checker Plugin Add-On (HKLM-x32\...\{D99E257C-F639-4423-B1E4-DB241029E52A}) (Version: 5.0.48695 - Juniper Networks) Hidden Junos Pulse Tunnel Manager Add-On (HKLM-x32\...\{A368881F-F47D-404D-87EB-C4669F6674DA}) (Version: 5.0.48695 - Juniper Networks) Hidden Junos Pulse UAC/NC Components (HKLM-x32\...\{5B73AA8E-8F1F-4BB6-A9A5-9D81DC93B00F}) (Version: 5.0.48695 - Juniper Networks) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Word 2007 (HKLM-x32\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft PowerPoint 2010 (HKLM-x32\...\Office14.POWERPOINT) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - ) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837B34E3-7C30-493C-8F6A-2B0F04E2912C}) (Version: - ) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - ) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: - ) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: - ) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla) Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 381.65 - NVIDIA Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9825 - NVIDIA Corporation) NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation) NVIDIA Graphics Driver 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.65 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation) NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation) NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12575 - NVIDIA Corporation) NVIDIA Performance Drivers (HKLM\...\{4C0A8D65-4286-4B58-87FE-18AD24289285}) (Version: 2.2.5.0 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.5.0 - NVIDIA Corporation) Hidden NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd) Python 3.6.2 (32-bit) (HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\{8388fa07-1617-4b8d-8ad8-6a940ad8052c}) (Version: 3.6.2150.0 - Python Software Foundation) Python 3.6.2 Add to Path (32-bit) (HKLM-x32\...\{5FEE3F00-F984-49A6-880C-CDEB3A9DC308}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden Python 3.6.2 Core Interpreter (32-bit symbols) (HKLM-x32\...\{77259715-4E95-461D-B7C0-5D94B821CFCA}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden Python 3.6.2 Core Interpreter (32-bit) (HKLM-x32\...\{4542573C-6216-4584-BA90-72BAF7954404}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden Python 3.6.2 Development Libraries (32-bit) (HKLM-x32\...\{69E3E4A6-2A0F-4A32-9C2D-591EEC107289}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden Python 3.6.2 Documentation (32-bit) (HKLM-x32\...\{796410A7-1669-4FE4-8332-F684B61269E2}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden Python 3.6.2 Executables (32-bit symbols) (HKLM-x32\...\{49C645E6-ED07-4A99-971D-C78DA6C4ACFE}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden Python 3.6.2 Executables (32-bit) (HKLM-x32\...\{348C0EFF-60B1-4E68-88B8-33D7DF70DFCF}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden Python 3.6.2 pip Bootstrap (32-bit) (HKLM-x32\...\{6B2D61BA-C42D-4324-B23F-1D7B5A2808EF}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden Python 3.6.2 Standard Library (32-bit symbols) (HKLM-x32\...\{93C956E0-8513-464B-A862-B26A0F59140F}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden Python 3.6.2 Standard Library (32-bit) (HKLM-x32\...\{79B4337D-166F-4BC0-B67A-F73806CC730E}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden Python 3.6.2 Tcl/Tk Support (32-bit symbols) (HKLM-x32\...\{C286663D-0309-4480-B282-AEF543D93814}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden Python 3.6.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{DF24AFFD-23AB-4A7D-A0E0-6410CE3B6B9D}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden Python 3.6.2 Test Suite (32-bit symbols) (HKLM-x32\...\{0084DB64-F560-4F30-9FD6-147A641B859C}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden Python 3.6.2 Test Suite (32-bit) (HKLM-x32\...\{433FD2E2-839C-4211-88B7-45C90F738842}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden Python 3.6.2 Utility Scripts (32-bit) (HKLM-x32\...\{9B79DE7E-E864-4758-8DFC-85DA43B19671}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{2636F1E4-2BC5-4B19-BFFD-A08F72598309}) (Version: 3.6.6032.0 - Python Software Foundation) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Roblox Player for Family (HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) RogueKiller version 12.11.23.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.23.0 - Adlice Software) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0340 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden Spotify (HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\Spotify) (Version: 1.0.59.395.ge6ca9946 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Unity (HKLM-x32\...\Unity) (Version: 5.0.0f4 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VC8 CRT (HKLM\...\{F1842B04-3399-4595-AD78-CD8E1DDD2C3B}) (Version: 8.0.50727.762 - Juniper Networks) Hidden Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_05.dll [2012-06-18] () ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\AVG2012\avgsea.dll [2012-02-14] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2014-06-26] (Power Software Ltd) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2014-06-26] (Power Software Ltd) ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => -> No File ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-03-31] (NVIDIA Corporation) ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\AVG2012\avgsea.dll [2012-02-14] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2014-06-26] (Power Software Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03DBFF7B-13BF-426A-B6B9-E586959D7FE7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-11] (NVIDIA Corporation) Task: {09AA4E44-DF67-4293-84AB-E243851638DA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-11] (NVIDIA Corporation) Task: {1A01BBEB-A9AD-4CE5-BC28-A9D3FBDF852E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-11] (NVIDIA Corporation) Task: {25A32556-4A64-413C-8EE0-2282752F0D0D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-11] (NVIDIA Corporation) Task: {27673577-B7B4-4FA4-83EF-7D05D642B825} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd) Task: {29523539-F744-458C-B19D-51C549E882CE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-11] (NVIDIA Corporation) Task: {370E2FB9-4E61-4A5B-8B07-BBE23B612F9A} - System32\Tasks\{B9E0C865-7A0E-4AB5-B468-62B240BD4BDF} => C:\Windows\system32\pcalua.exe -a "C:\Users\Family\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /affid uninstall /id uninstall /name "Bundled software uninstaller" Task: {37F74C43-B0BC-4E7C-98BA-9F707B3AA748} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-286109471-3207669588-231307133-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {3A70897B-DE38-4DD2-96D1-121410AC9506} - System32\Tasks\{429AA244-4951-4197-A501-F2D7E51D180A} => C:\Windows\system32\pcalua.exe -a "C:\Users\Family\Downloads\Cube World setup (June 2013).exe" -d C:\Users\Family\Downloads Task: {49A6BB42-573E-4395-BF55-4F833FB09F35} - System32\Tasks\{D947D6AD-23A5-49B6-88AE-EB45C2A85F35} => C:\Users\Family\Desktop\DS4Windows.exe Task: {4C85C552-85D1-4594-89BF-88E14091F670} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-12] (Google Inc.) Task: {5079128D-D055-4A01-AAE6-5249E00A0F31} - System32\Tasks\{BC831BD6-48D8-4D41-AC9D-BD9726AAD2C0} => C:\Windows\system32\pcalua.exe -a F:\installer.exe -d F:\ Task: {54A72429-1595-4503-8129-69ACB19A30EF} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime Task: {54A72429-1595-4503-8129-69ACB19A30EF} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation) Task: {6081A041-A735-4A90-BDBE-B7220B354A8F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-11] (NVIDIA Corporation) Task: {6CDBD291-D119-4629-98AD-4F110864B66A} - System32\Tasks\{3F68A6FD-3901-43A7-BBCA-40CDEC5FC0DA} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/226320 Task: {7123789F-1AE9-4C63-BD8F-AA3E1FB55262} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig Task: {7123789F-1AE9-4C63-BD8F-AA3E1FB55262} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation) Task: {77B884EC-D4AB-4F94-8485-A7E5BB315DED} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd) Task: {8BF71EC1-0048-49DD-A530-35087EF3175F} - System32\Tasks\{F528BAFE-BB7D-4085-A675-9B4E617EB0D0} => C:\Windows\system32\pcalua.exe -a C:\Users\Family\AppData\Local\Temp\$PowerISO$\SPORESetup.exe -d "C:\Users\Family\Downloads\Spore [MULTI17][PCDVD][WwW.GamesTorrents.CoM]" <==== ATTENTION Task: {98BA877A-7AD6-464E-8CC1-D126D474C474} - System32\Tasks\{57EE4C50-0742-4E4A-9AA4-3D91FFACFC60} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Play\Mini RLHream MGR.exe" -d "C:\Program Files (x86)\Play" Task: {993E5E4B-0FF2-4E57-977E-E92BA1540E29} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-286109471-3207669588-231307133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {A0DD8785-32D1-411D-81CD-B13EF0797252} - System32\Tasks\{6BFD953B-0E1B-44F8-8CD1-EB483DAC36BA} => C:\Windows\system32\pcalua.exe -a F:\setup.exe -d F:\ Task: {A2E8D8E0-2806-4C4E-ACC7-5EB02AA4F9D6} - System32\Tasks\{FC0C98E9-8E1B-4956-8A65-7F4BCAC3D72E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Mini RLHream MGR.exe" -d "C:\Program Files (x86)" Task: {A44F6EEF-4F27-4171-A4A5-220FB662F8DD} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig Task: {A44F6EEF-4F27-4171-A4A5-220FB662F8DD} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent Task: {A44F6EEF-4F27-4171-A4A5-220FB662F8DD} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation) Task: {A654EC0A-C0C9-4190-9C0D-023FE5E7C0D8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {A98488B8-F943-497E-883C-0DBC2D49E419} - System32\Tasks\{1EB1E016-25D4-4001-BF8A-DFB5E8EF292B} => C:\Windows\system32\pcalua.exe -a "C:\Users\Family\Desktop\New folder\Setup.exe" -d "C:\Users\Family\Desktop\New folder" Task: {B43463A1-62D8-4C4A-B119-FC5628027040} - System32\Tasks\{DE5C1BBA-B75D-483C-9D55-1B84B40C6B23} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\CutThePrice\94GBebAFmd2ilb.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" "" Task: {C74365B2-883D-4FCA-AE09-446E65A6F65B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-12] (Google Inc.) Task: {CFE911C7-D66C-4177-9126-1800010B3E47} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-286109471-3207669588-231307133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {D1C6D311-AA81-42C8-A62E-6DBD12735BA4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-11-04] (Adobe Systems Incorporated) Task: {D2BB6E1D-F45C-4DFD-BC43-D56CDC2B3242} - System32\Tasks\{9B5A693B-8AE3-4CC6-9C03-2CFA009DA5CE} => C:\Windows\system32\pcalua.exe -a C:\Users\Family\Downloads\vtfedit125-11.exe -d C:\Users\Family\Downloads Task: {DCD906B1-B745-46B3-90BF-B82E60318A7B} - \{0A7A7D47-7A78-7A0A-0A11-78080B79110C} -> No File <==== ATTENTION Task: {E14E9F72-EEA1-4E2B-BC24-5FC6FEAC4625} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-286109471-3207669588-231307133-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {E163338B-A684-49C2-8FD0-2BD2481D48D7} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent Task: {E163338B-A684-49C2-8FD0-2BD2481D48D7} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation) Task: {E4239AC1-77D7-41DB-8B9C-6A9A1C75E4FC} - System32\Tasks\{EB0CA2C5-E8E5-4B1D-9D23-AFAA1E032BB5} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Play\Mini RLHream.exe" -d "C:\Program Files (x86)\Play" Task: {EAA097CF-F861-4388-AB62-C558C776B766} - System32\Tasks\{4AA52C7E-BA9D-48DB-96E3-44358ECDBB6F} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\PowerISO\PowerISO.exe" -d C:\Windows\system32 -c -pf C:\Users\Family\AppData\Local\Temp\DA09.tmp <==== ATTENTION Task: {F9FA3919-E153-4874-BDF9-06A407C96A6D} - System32\Tasks\{472AD09D-E621-4ED3-9DA6-74F8308D0788} => C:\Windows\system32\pcalua.exe -a C:\Users\Family\Desktop\forge-1.7.2-10.12.0.1024-installer-win.exe -d C:\Users\Family\Desktop Task: {FFE593AB-703C-480B-8380-300E199081E7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-10-06 22:18 - 2012-12-04 19:33 - 000065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL 2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-03-16 15:08 - 2017-03-16 15:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-05 04:55 - 2016-12-11 18:37 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-01-05 04:55 - 2016-12-11 18:37 - 004489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2017-01-05 04:55 - 2016-12-11 18:37 - 000418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll 2010-04-30 06:52 - 2010-04-30 06:52 - 006237800 _____ () C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe 2014-06-25 14:23 - 2016-05-25 18:30 - 000076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2017-11-09 17:56 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2012-06-18 07:24 - 2012-06-18 07:24 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2017-09-11 13:45 - 2017-09-11 13:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2017-09-11 13:45 - 2017-09-11 13:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll 2016-01-06 08:41 - 2016-01-06 08:41 - 000062168 _____ () C:\Program Files\CCleaner\branding.dll 2017-01-05 04:55 - 2016-12-11 18:37 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2017-01-05 04:55 - 2016-12-11 18:37 - 000900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-01-05 04:55 - 2016-12-11 18:37 - 003774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll 2017-01-05 04:55 - 2016-12-11 18:37 - 060817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2017-01-05 04:55 - 2016-12-11 18:37 - 000506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node 2017-01-05 04:55 - 2016-12-11 18:37 - 000252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2017-01-05 04:55 - 2016-12-11 18:37 - 002809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2017-01-05 04:55 - 2016-12-11 18:37 - 000245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2017-01-05 04:55 - 2016-12-11 18:37 - 000436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2017-01-05 04:55 - 2016-12-11 18:37 - 000338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2017-01-05 04:55 - 2016-12-11 18:37 - 000968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\localhost -> localhost ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2017-07-28 22:28 - 000000002 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-286109471-3207669588-231307133-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^Users^Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DS4Windows.lnk => C:\Windows\pss\DS4Windows.lnk.Startup MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun MSCONFIG\startupreg: gflauncher => "C:\Program Files (x86)\Crytek\GFACE Launcher\live\gflauncher.exe" --autostart MSCONFIG\startupreg: iFunBox => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: JunosPulse => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe -tray MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup MSCONFIG\startupreg: Spotify => C:\Users\Family\AppData\Roaming\Spotify\Spotify.exe --autostart MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Family\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent MSCONFIG\startupreg: uTorrent => "C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [TCP Query User{71491A61-B830-433B-9F7B-0939CBEEEA53}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{2EA3702B-E0FE-4303-B127-410711DD00F7}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{7463F226-55BC-4B5B-A746-84992B376187}C:\users\family\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\family\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{6BF63F69-7025-4EEE-AD14-071EF7D223A5}C:\users\family\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\family\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{FBFAE8F1-B4BA-4AE4-960E-290F7A312566}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{43CD0EE3-DD0C-489D-9556-0CD4FEB333F1}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1CEF5146-5900-46B5-8537-D1FC3CEC58B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{AC27D12F-A566-4880-BFCE-475CC16149B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A93A1F97-EEB5-4AE9-8C6F-D149D02B1091}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{0D80034F-A740-4729-A2C6-0E82A40741D2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{2D2498B3-8207-41E9-95F7-CB679D15AB32}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{1F28B4B8-3300-47F6-9711-6202B66A59CB}C:\program files (x86)\life is strange - before the storm\life is strange - before the storm\life is strange - before the storm.exe] => (Allow) C:\program files (x86)\life is strange - before the storm\life is strange - before the storm\life is strange - before the storm.exe FirewallRules: [UDP Query User{6BC6D1BA-087C-4F88-940C-39C4973EB48F}C:\program files (x86)\life is strange - before the storm\life is strange - before the storm\life is strange - before the storm.exe] => (Allow) C:\program files (x86)\life is strange - before the storm\life is strange - before the storm\life is strange - before the storm.exe FirewallRules: [TCP Query User{BC129858-34C2-4214-AAEE-3B1B2FD054D7}C:\users\family\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\family\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{AA1B6D8A-D435-480C-8B83-224EA0D515B3}C:\users\family\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\family\appdata\roaming\spotify\spotify.exe FirewallRules: [{FEE0C5BB-1B8E-4BB8-AEFC-7877A527A303}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{BE68EAA8-3E69-4942-AFEC-3337DCFBE976}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 09-11-2017 17:40:28 Checkpoint by HitmanPro 09-11-2017 17:42:04 Checkpoint by HitmanPro 09-11-2017 18:26:42 Checkpoint by HitmanPro 10-11-2017 10:24:49 Restore Point Created by FRST ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/11/2017 09:12:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/10/2017 09:33:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/10/2017 01:49:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/06/2017 05:58:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/05/2017 10:29:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/04/2017 08:06:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/01/2017 04:15:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/30/2017 05:48:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/29/2017 03:09:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/29/2017 12:21:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (12/11/2017 09:10:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The RzOvlMon service failed to start due to the following error: The system cannot find the path specified. Error: (12/11/2017 09:10:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (12/10/2017 09:31:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The RzOvlMon service failed to start due to the following error: The system cannot find the path specified. Error: (12/10/2017 09:31:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (12/10/2017 09:30:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (12/10/2017 09:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The RzOvlMon service failed to start due to the following error: The system cannot find the path specified. Error: (12/10/2017 09:29:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (12/10/2017 01:48:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The RzOvlMon service failed to start due to the following error: The system cannot find the path specified. Error: (12/10/2017 01:48:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (12/06/2017 06:01:38 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E43EFC97-FCB5-4845-A9DE-1B0FB6EC885F}. The backup browser is stopping. ==================== Memory info =========================== Processor: Intel(R) Xeon(R) CPU E5540 @ 2.53GHz Percentage of memory in use: 23% Total physical RAM: 12285.59 MB Available physical RAM: 9346.52 MB Total Virtual: 24569.36 MB Available Virtual: 21289.23 MB ==================== Drives ================================ Drive c: (T5500) (Fixed) (Total:238.4 GB) (Free:92.68 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (14-980-99-2) (CDROM) (Total:1.82 GB) (Free:0 GB) CDFS Drive e: (DATA-T5500) (Fixed) (Total:149.01 GB) (Free:148.85 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: D8B14E35) Partition 1: (Not Active) - (Size=71 MB) - (Type=DE) Partition 2: (Active) - (Size=238.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 149 GB) (Disk ID: 9CA39CA3) Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================

My kids have downloaded something on this computer and now every time i open chrome I cannot delete the most visited tabs. I tried to reinstall chrome with no luck, the most visited boxes still have not changed. I was wondering if there is anything else I can do to get rid of this?