Jump to content

Virus making computer unusable


Recommended Posts

Hello guys, recently signed up to the website and downloaded malwarebytes in hopes to fix a current virus problem that is making my PC unusable. I've tried different things and haven't had any luck. Computer works fine in safe mode, but once I start it normally is almost impossible to use. Freezes every few seconds, programs and games are impossible to open, browsers are impossible to open and overall just a pain in the ass. Was wondering if someone could guide me in removing this annoying *****

Link to post
Share on other sites

Hello Robtormar and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Run the following with your system in Normal mode if possible:

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin...
Link to post
Share on other sites

Hey,

Unfortunately running my computer in normal mode is nearly impossible. Ran both tools in safe mode with networking and i Hope that suffices. 

Here are the logs:

RKill:

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/19/2016 05:06:45 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Disabled

 * TBS [Missing Service]

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 08/19/2016 05:07:00 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)
 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-08-2016
Ran by Roberto (administrator) on ROBERTO-PC (19-08-2016 17:10:31)
Running from C:\Users\Roberto\Desktop
Loaded Profiles: Roberto &  (Available Profiles: Roberto)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2162864 2016-08-10] (Hola Networks Ltd.) <===== ATTENTION
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6709008 2016-07-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [1707080 2016-08-18] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [mbot_ca_141] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [593216 2015-08-11] (Razer Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-07-20] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Run: [uTorrent] => C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe [1972224 2016-08-15] (BitTorrent Inc.)
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-16] (Valve Corporation)
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Run: [Google Update] => C:\Users\Roberto\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Run: [Facebook Update] => C:\Users\Roberto\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-10] (Facebook Inc.)
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Run: [Spotify Web Helper] => C:\Users\Roberto\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-24] (Spotify Ltd)
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\MountPoints2: {f5409847-e838-11e2-b752-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe [1972224 2016-08-15] (BitTorrent Inc.)
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-16] (Valve Corporation)
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Roberto\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Roberto\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-10] (Facebook Inc.)
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Roberto\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-24] (Spotify Ltd)
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f5409847-e838-11e2-b752-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe [1972224 2016-08-15] (BitTorrent Inc.)
HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2857248 2016-08-16] (Valve Corporation)
HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f5409847-e838-11e2-b752-806e6f6e6963} - D:\start.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [177952 2016-07-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [155768 2016-07-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-03-13]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2014-11-16] ()
Startup: C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2013-01-06]
ShortcutTarget: IMVU.lnk -> C:\Users\Roberto\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
Startup: C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-10-01]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:62562;https=127.0.0.1:62562
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{3126BC1B-489A-44AA-9163-F8EC82DC57E4}: [NameServer] 10.8.0.1
Tcpip\..\Interfaces\{3126BC1B-489A-44AA-9163-F8EC82DC57E4}: [DhcpNameServer] 10.8.0.1
Tcpip\..\Interfaces\{D2D02A2C-8857-42FB-BFA8-FC3F7963B8EB}: [NameServer] 64.178.142.10,24.207.0.167
Tcpip\..\Interfaces\{D2D02A2C-8857-42FB-BFA8-FC3F7963B8EB}: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{F2287F3C-0ACE-428B-BC3C-A5043AF1D383}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={557499F3-6E69-4A19-BF11-9E79688F013F}&mid=02d3c78add7747d3846a4597c65431cf-7ae707645e7131f8255a4b1877eafd56a035a744&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=pr&d=2014-02-05 18:58:38&v=19.6.0.592&pid=safeguard&sg=0&sap=hp
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={557499F3-6E69-4A19-BF11-9E79688F013F}&mid=02d3c78add7747d3846a4597c65431cf-7ae707645e7131f8255a4b1877eafd56a035a744&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=pr&d=2014-02-05 18:58:38&v=19.6.0.592&pid=safeguard&sg=0&sap=hp
HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {390C7E9F-F2A9-4FEC-9166-FB7A7E24C652} URL = 
SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA73B61C0-4B0E-4978-8AC8-4F01AB335E12&q={searchTerms}&SSPV=SE1CG2_sp_ie
SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={557499F3-6E69-4A19-BF11-9E79688F013F}&mid=02d3c78add7747d3846a4597c65431cf-7ae707645e7131f8255a4b1877eafd56a035a744&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=pr&d=2014-02-05 18:58:38&v=19.4.0.508&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA73B61C0-4B0E-4978-8AC8-4F01AB335E12&q={searchTerms}&SSPV=SE1CG2_sp_ie
SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA73B61C0-4B0E-4978-8AC8-4F01AB335E12&q={searchTerms}&SSPV=SE1CG2_sp_ie
SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={557499F3-6E69-4A19-BF11-9E79688F013F}&mid=02d3c78add7747d3846a4597c65431cf-7ae707645e7131f8255a4b1877eafd56a035a744&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=pr&d=2014-02-05 18:58:38&v=19.4.0.508&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA73B61C0-4B0E-4978-8AC8-4F01AB335E12&q={searchTerms}&SSPV=SE1CG2_sp_ie
SearchScopes: HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: No Name -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-18] (Oracle Corporation)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-08-18] (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-18] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-08-18] (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-08-18] (AVG Secure Search)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Roberto\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-04-06] ()
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Roberto\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-04-06] (Hola)
FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Roberto\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Roberto\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001: @talk.google.com/O1DPlugin -> C:\Users\Roberto\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Roberto\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Roberto\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Roberto\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Roberto\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Roberto\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-05] [not signed]

Chrome: 
=======
CHR Profile: C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-28]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-08-18]
CHR Extension: (entrusted) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk [2016-02-07] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3281675&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Skype) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
CHR HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\Roberto\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [2013-12-31]
CHR HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Roberto\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx <not found>
CHR HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\Roberto\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [2013-12-31]
CHR HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Roberto\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\Roberto\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [2013-12-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Roberto\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-07-28] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5267456 2016-07-28] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-07-20] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-07-28] (AVG Technologies CZ, s.r.o.)
S2 BufferedService; C:\Program Files (x86)\Buffered VPN\cacher.exe [636184 2016-04-24] ()
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [5618864 2016-08-10] (Hola Networks Ltd.) <==== ATTENTION
S2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [8104576 2015-10-25] (Hola Networks Ltd.) <==== ATTENTION
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
S2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-03-13] (RealNetworks, Inc.)
S2 vToolbarUpdater19.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe [1277512 2016-08-18] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation) [File not signed]
S3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation) [File not signed]
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [314112 2016-06-30] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [261888 2016-07-19] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [298752 2016-07-12] (AVG Technologies CZ, s.r.o.)
S0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-27] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 ElRawDisk; C:\windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-19] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
S2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-11] ()
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-19 17:10 - 2016-08-19 17:10 - 00035432 _____ C:\Users\Roberto\Desktop\FRST.txt
2016-08-19 17:10 - 2016-08-19 17:10 - 00000000 ____D C:\FRST
2016-08-19 17:08 - 2016-08-19 17:08 - 02395648 _____ (Farbar) C:\Users\Roberto\Desktop\FRST64.exe
2016-08-19 17:06 - 2016-08-19 17:07 - 00002612 _____ C:\Users\Roberto\Desktop\Rkill.txt
2016-08-19 17:03 - 2016-08-19 17:03 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Roberto\Desktop\rkill.exe
2016-08-19 17:03 - 2016-08-19 17:03 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Roberto\Desktop\rkill64.exe
2016-08-19 16:33 - 2016-08-19 16:35 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-19 16:33 - 2016-08-19 16:33 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-19 16:33 - 2016-08-19 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-19 16:33 - 2016-08-19 16:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-19 16:33 - 2016-08-19 16:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-19 16:33 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-08-19 16:33 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-08-19 16:33 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-08-19 16:32 - 2016-08-19 16:32 - 22851472 _____ (Malwarebytes ) C:\Users\Roberto\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-19 16:24 - 2016-08-19 16:30 - 00000000 ____D C:\AdwCleaner
2016-08-19 16:24 - 2016-08-19 16:24 - 03784256 _____ C:\Users\Roberto\Downloads\adwcleaner_6.000.exe
2016-08-19 07:56 - 2016-08-19 16:06 - 00000000 ____D C:\Users\Roberto\AppData\LocalLow\uTorrent
2016-08-18 19:11 - 2016-08-18 19:11 - 00000000 ____D C:\Users\Roberto\AppData\Local\CrashDumps
2016-08-18 14:37 - 2016-08-18 14:37 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2016-08-15 18:10 - 2016-07-10 20:13 - 01887800 _____ (NVIDIA Corporation) C:\windows\system32\NvCamera64.dll
2016-08-15 18:10 - 2016-07-10 20:13 - 01595840 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvCamera32.dll
2016-08-15 18:10 - 2016-07-10 16:36 - 00127424 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvStreaming.exe
2016-08-15 18:09 - 2016-08-15 18:09 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-08-15 18:09 - 2016-07-10 17:17 - 00547896 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshext.dll
2016-08-15 18:09 - 2016-07-10 17:17 - 00081856 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshextr.dll
2016-08-15 18:09 - 2016-05-03 20:23 - 00129824 _____ C:\windows\SysWOW64\vulkan-1.dll
2016-08-15 18:09 - 2016-05-03 20:22 - 00130848 _____ C:\windows\system32\vulkan-1.dll
2016-08-15 18:09 - 2016-05-03 20:22 - 00045344 _____ C:\windows\system32\vulkaninfo.exe
2016-08-15 18:09 - 2016-05-03 20:22 - 00040224 _____ C:\windows\SysWOW64\vulkaninfo.exe
2016-08-15 18:07 - 2016-07-15 12:15 - 00214592 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvhda64v.sys
2016-08-15 18:07 - 2016-07-15 12:15 - 00046016 _____ (NVIDIA Corporation) C:\windows\system32\nvhdap64.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 39977920 _____ C:\windows\system32\nvcompiler.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 35115968 _____ C:\windows\SysWOW64\nvcompiler.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 31640512 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 25414080 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 17321352 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 13581880 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2016-08-15 18:07 - 2016-07-10 20:13 - 10691632 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 10656112 _____ C:\windows\system32\nvptxJitCompiler.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 10234336 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 09020656 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 08742360 _____ C:\windows\SysWOW64\nvptxJitCompiler.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 08615336 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 03542072 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 03099072 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 01939000 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6436881.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 01571776 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6436881.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 01001016 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 00930360 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 00909880 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 00852024 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 00694672 _____ C:\windows\system32\nvfatbinaryLoader.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 00583736 _____ C:\windows\SysWOW64\nvfatbinaryLoader.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 00544120 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 00490744 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 00459320 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 00444472 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 00406064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 00394808 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 00153416 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 00131584 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2016-08-15 18:07 - 2016-07-10 20:13 - 00000594 _____ C:\windows\SysWOW64\nv-vk32.json
2016-08-15 18:07 - 2016-07-10 20:13 - 00000594 _____ C:\windows\system32\nv-vk64.json
2016-08-15 17:59 - 2016-06-14 14:01 - 00112216 _____ C:\windows\system32\NvRtmpStreamer64.dll
2016-08-15 17:58 - 2016-04-13 23:38 - 00102976 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll
2016-08-15 17:58 - 2016-04-13 23:38 - 00056384 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
2016-08-15 17:56 - 2016-08-15 17:56 - 44984120 _____ (NVIDIA Corporation) C:\Users\Roberto\Downloads\GeForce_Experience_v2.11.4.0.exe
2016-08-15 16:50 - 2016-08-15 16:50 - 00001642 _____ C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk
2016-08-15 16:50 - 2016-08-15 16:50 - 00000000 ____D C:\Program Files (x86)\MonitorDriver
2016-08-05 16:35 - 2016-08-06 22:24 - 00000000 ____D C:\Users\Roberto\AppData\Local\Apps\2.0
2016-08-05 16:35 - 2016-08-05 16:35 - 00003308 _____ C:\windows\System32\Tasks\{7CA4E8DF-EE46-43C0-98AE-1C0BF29226E6}
2016-08-05 16:35 - 2016-08-05 16:35 - 00000318 _____ C:\Users\Roberto\Desktop\Curse Client.appref-ms
2016-08-05 16:35 - 2016-08-05 16:35 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2016-08-05 16:34 - 2016-08-05 16:35 - 00402696 _____ () C:\Users\Roberto\Downloads\setup (6).exe
2016-08-05 16:32 - 2016-08-05 16:32 - 00003308 _____ C:\windows\System32\Tasks\{DC443FE1-5562-4D7B-B679-D18C61E63812}
2016-08-05 16:31 - 2016-08-05 16:31 - 00402696 _____ () C:\Users\Roberto\Downloads\setup (5).exe
2016-08-05 16:30 - 2016-08-05 16:30 - 00402696 _____ () C:\Users\Roberto\Downloads\setup (4).exe
2016-08-05 16:30 - 2016-08-05 16:30 - 00003308 _____ C:\windows\System32\Tasks\{F48E18B9-738A-46D4-833F-A0BE67D260EB}
2016-08-05 16:29 - 2016-08-05 16:29 - 00003308 _____ C:\windows\System32\Tasks\{E2936E0D-8AC5-4604-8365-EBB9DC5B7BDA}
2016-08-05 16:28 - 2016-08-05 16:28 - 00402696 _____ () C:\Users\Roberto\Downloads\setup (1).exe
2016-08-04 00:05 - 2016-08-19 16:05 - 00000570 _____ C:\windows\Tasks\AVG-SSU_0716wt.job
2016-08-04 00:05 - 2016-08-19 16:05 - 00000432 _____ C:\windows\Tasks\AVG-SSU_0716wt_DELETE.job
2016-08-04 00:05 - 2016-08-04 00:05 - 00002934 _____ C:\windows\System32\Tasks\AVG-SSU_0716wt_DELETE
2016-08-04 00:05 - 2016-08-04 00:05 - 00002866 _____ C:\windows\System32\Tasks\AVG-SSU_0716wt
2016-08-04 00:05 - 2016-08-04 00:05 - 00000000 ____D C:\ProgramData\Avg_Update_0716wt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-19 16:35 - 2015-05-18 19:10 - 00629712 _____ C:\windows\ntbtlog.txt
2016-08-19 16:17 - 2013-07-22 20:10 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\uTorrent
2016-08-19 16:16 - 2013-07-12 21:52 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-19 16:11 - 2009-07-13 22:45 - 00031904 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-19 16:11 - 2009-07-13 22:45 - 00031904 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-19 16:06 - 2013-08-20 00:09 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\Skype
2016-08-19 16:06 - 2013-07-12 21:45 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-08-19 16:06 - 2013-07-12 21:32 - 00000000 ____D C:\ProgramData\MFAData
2016-08-19 16:05 - 2013-07-12 21:52 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-19 16:04 - 2015-05-18 20:22 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-19 16:04 - 2013-07-28 14:52 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-19 16:04 - 2009-07-13 23:08 - 00032558 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-08-19 16:04 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-19 09:49 - 2014-02-08 20:50 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001UA.job
2016-08-19 07:57 - 2014-03-10 13:52 - 00000936 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001UA.job
2016-08-19 07:54 - 2015-05-10 20:22 - 00000000 _RSHD C:\Users\Roberto\AppData\Roaming\nvxasync
2016-08-19 07:54 - 2013-11-23 21:10 - 00000000 ____D C:\Users\Roberto\AppData\Local\TBHostSupport
2016-08-18 21:10 - 2015-11-11 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-08-18 21:05 - 2014-03-23 09:39 - 00000000 ____D C:\Users\Roberto\AppData\Local\Battle.net
2016-08-18 21:02 - 2015-11-10 10:52 - 00000000 ____D C:\Users\Roberto\AppData\Local\Avg
2016-08-18 20:45 - 2014-10-01 19:39 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-08-18 20:44 - 2014-03-23 09:38 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-08-18 14:49 - 2014-02-08 20:50 - 00000864 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001Core.job
2016-08-18 14:37 - 2016-04-24 14:27 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2016-08-18 13:57 - 2014-03-10 13:52 - 00000914 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001Core.job
2016-08-16 22:07 - 2016-05-07 19:39 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-08-16 17:54 - 2013-07-08 12:40 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-16 17:53 - 2013-07-22 21:13 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-16 17:36 - 2013-07-12 21:50 - 00000000 ____D C:\Users\Roberto\AppData\Local\Deployment
2016-08-15 19:19 - 2015-01-17 17:55 - 00000000 ____D C:\Users\Roberto\AppData\Local\Spotify
2016-08-15 18:34 - 2015-01-17 17:53 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\Spotify
2016-08-15 18:10 - 2013-07-28 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-08-15 18:10 - 2013-07-28 14:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-15 18:10 - 2013-07-28 14:08 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-08-15 18:10 - 2009-07-13 21:20 - 00000000 ____D C:\windows\inf
2016-08-15 18:09 - 2014-12-20 15:37 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-15 17:59 - 2014-04-19 17:51 - 00000000 ____D C:\Users\Roberto\AppData\Local\NVIDIA Corporation
2016-08-15 17:59 - 2013-07-28 14:47 - 00000000 ____D C:\Users\Roberto\AppData\Local\NVIDIA
2016-08-15 17:59 - 2013-07-28 14:43 - 00001383 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-08-15 16:50 - 2013-07-08 19:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-10 05:00 - 2015-11-03 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-08-08 14:16 - 2013-07-12 21:53 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 14:16 - 2013-07-12 21:53 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-03 21:53 - 2015-11-11 10:26 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
2016-08-02 19:40 - 2013-08-20 00:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-02 19:40 - 2013-08-20 00:09 - 00000000 ____D C:\ProgramData\Skype
2016-07-28 14:44 - 2014-02-08 20:50 - 00003890 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001UA
2016-07-28 14:44 - 2014-02-08 20:50 - 00003494 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001Core
2016-07-28 14:10 - 2013-07-12 21:52 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 14:10 - 2013-07-12 21:52 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2015-05-10 20:22 - 2015-05-10 20:25 - 53205728 _____ () C:\Users\Roberto\AppData\Roaming\chport.exe
2014-01-06 19:43 - 2014-01-06 19:43 - 0010183 _____ () C:\Users\Roberto\AppData\Local\CleanupUninstall.txt
2013-07-26 10:46 - 2014-07-18 15:29 - 0013312 _____ () C:\Users\Roberto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-11 17:33 - 2014-01-11 17:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Program Files\Hola\app\hola.exe


Some files in TEMP:
====================
C:\Users\Roberto\AppData\Local\Temp\31e0d9922d6e2445679182992ebb85ee.dll
C:\Users\Roberto\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
C:\Users\Roberto\AppData\Local\Temp\avguirn_081423489783.exe
C:\Users\Roberto\AppData\Local\Temp\avguirn_081499081875.exe
C:\Users\Roberto\AppData\Local\Temp\avguirn_081580198834.exe
C:\Users\Roberto\AppData\Local\Temp\avguirn_08396502048.exe
C:\Users\Roberto\AppData\Local\Temp\avguirn_08509008946.exe
C:\Users\Roberto\AppData\Local\Temp\avguirn_08632861142.exe
C:\Users\Roberto\AppData\Local\Temp\avguirn_08634499362.exe
C:\Users\Roberto\AppData\Local\Temp\avguirn_08982942380.exe
C:\Users\Roberto\AppData\Local\Temp\Gw2.exe
C:\Users\Roberto\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Roberto\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Roberto\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Roberto\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Roberto\AppData\Local\Temp\libeay32.dll
C:\Users\Roberto\AppData\Local\Temp\lowproc.exe
C:\Users\Roberto\AppData\Local\Temp\msvcr120.dll
C:\Users\Roberto\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Roberto\AppData\Local\Temp\nvStInst.exe
C:\Users\Roberto\AppData\Local\Temp\sqlite3.dll
C:\Users\Roberto\AppData\Local\Temp\stubhelper.dll
C:\Users\Roberto\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-16 00:35

==================== End of FRST.txt ============================

Addtion.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-08-2016
Ran by Roberto (19-08-2016 17:10:47)
Running from C:\Users\Roberto\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-07-13 03:26:05)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2762693780-1719230438-2156667301-500 - Administrator - Disabled)
Guest (S-1-5-21-2762693780-1719230438-2156667301-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2762693780-1719230438-2156667301-1002 - Limited - Enabled)
Roberto (S-1-5-21-2762693780-1719230438-2156667301-1001 - Administrator - Enabled) => C:\Users\Roberto

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.3.2.30180 - BitTorrent Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.6.8.3 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.6.8.3 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.82.2.30772 - AVG Technologies)
AVG (Version: 16.101.7752 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4647 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.101.7752 - AVG Technologies)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.6.0.592 - AVG Technologies)
AVG Zen (Version: 1.82.2 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Buffered VPN version 1.0 (HKLM-x32\...\{1F5468A2-96C0-4973-80CA-327DD47ED6E5}_is1) (Version: 1.0 - Buffered Ltd.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse Client (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Curse Client (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
Dota 2 Workshop Tools Alpha (HKLM-x32\...\Steam App 316570) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FMW 1 (Version: 1.112.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Hola™ 1.15.577 - Better Internet (HKLM\...\Hola) (Version: 1.15.577 - Hola Networks Ltd.) <==== ATTENTION
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3165 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27405 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.2 - Rockstar Games)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB)
Spotify (HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Lord of the Rings Online™ (HKLM-x32\...\Steam App 212500) (Version:  - Turbine, Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Roberto\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07537D93-581A-43B9-83BA-DECA672A7C25} - System32\Tasks\{DC443FE1-5562-4D7B-B679-D18C61E63812} => pcalua.exe -a C:\Users\Roberto\AppData\Local\Temp\VSD37D7.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\Roberto\Downloads -c /lang:enu /passive /norestart <==== ATTENTION
Task: {0EFE155C-1F5F-4176-AE75-09F4BEEB6AF1} - System32\Tasks\RocketTab => /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {0F6B1C65-FFD9-43B4-9FE7-6ABF482E9CF7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {18E6A2FC-54B4-40F1-B238-8FFF5D973024} - System32\Tasks\{3CDB80FE-7E54-47D7-AAEB-E64E6CFCFE7E} => pcalua.exe -a "C:\Program Files (x86)\GoPCPro\gopcpro.exe" -c -u
Task: {20158045-2669-411D-B1B2-D0FFFC0FB191} - System32\Tasks\{07DB1AFA-AB33-4BB6-B190-26C7485D8A2F} => pcalua.exe -a C:\Users\Roberto\Downloads\Install_CopyTrans_Suite.exe -d C:\Users\Roberto\Downloads
Task: {3219925F-7D5C-43F7-A821-E7B4D83663BD} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-03-25] (ASUSTek Computer Inc.)
Task: {3AD2B6A1-1485-401A-8E78-987ECFB0728D} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe <==== ATTENTION
Task: {3CA7686F-3504-4B72-BC0A-47F76CF1EA37} - System32\Tasks\{7CA4E8DF-EE46-43C0-98AE-1C0BF29226E6} => pcalua.exe -a C:\Users\Roberto\AppData\Local\Temp\VSD4BD3.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\Roberto\Downloads -c /lang:enu /passive /norestart <==== ATTENTION
Task: {515EF47B-9A13-4523-BE79-3786F35BA61D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {56C08549-059C-4A56-95A9-7608975A1DB9} - System32\Tasks\{F48E18B9-738A-46D4-833F-A0BE67D260EB} => pcalua.exe -a C:\Users\Roberto\AppData\Local\Temp\VSDEE1A.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\Roberto\Downloads -c /lang:enu /passive /norestart <==== ATTENTION
Task: {58FCF953-A599-46E6-94A6-887527874082} - System32\Tasks\gameo_update => C:\Users\Roberto\AppData\Roaming\Gameo\gameo.exe <==== ATTENTION
Task: {5DB4DBFE-7798-4305-8187-77B6D0D0741D} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {60754CC5-0ABD-4EC3-9B2D-DFF13FE74AFB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001UA => C:\Users\Roberto\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6E9CBFA3-13C9-4A9F-B6F4-F3EDB7A9A4AB} - System32\Tasks\AVG-SSU_0716wt => C:\ProgramData\Avg_Update_0716wt\AVG-Secure-Search-Update_0716wt.exe [2016-08-04] ()
Task: {7518CFA6-3A8B-4F9D-A6E1-4172DC66E2A4} - System32\Tasks\{E2936E0D-8AC5-4604-8365-EBB9DC5B7BDA} => pcalua.exe -a C:\Users\Roberto\AppData\Local\Temp\VSD9419.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\Roberto\Downloads -c /lang:enu /passive /norestart <==== ATTENTION
Task: {80689709-1616-47BD-A37C-C7E425D27232} - System32\Tasks\{657E2528-D4A1-4BD2-8041-49AAB469F445} => pcalua.exe -a "C:\Users\Roberto\Downloads\setup (2).exe" -d C:\Users\Roberto\Downloads
Task: {815226A2-1ED9-437B-B406-ABC043E36969} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {8A766F03-7AAD-4F63-B0A2-5651528F488B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001Core => C:\Users\Roberto\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {8CB48964-7240-4C35-9005-6321AF311053} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2762693780-1719230438-2156667301-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {9B07EAF4-D7CB-4B1B-98B7-9D68C90F1681} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {A40CC3CB-8133-4BBB-BC7D-D9E4F24164A2} - System32\Tasks\{BE36D21E-4911-4254-95A2-941FECABB9B5} => pcalua.exe -a C:\Users\Roberto\AppData\Local\Temp\VSDC765.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\Roberto\Downloads -c /lang:enu /passive /norestart <==== ATTENTION
Task: {A673AD5B-905B-4817-8167-100389A9F38A} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {AD6DEEAC-81AB-4CD4-A8BB-B9BFF184CB13} - System32\Tasks\{A53202E0-F36A-45A6-A8DE-4B0B59330D53} => pcalua.exe -a C:\Users\Roberto\AppData\Local\Temp\VSD30C2.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\Roberto\Downloads -c /lang:enu /passive /norestart <==== ATTENTION
Task: {B7C1EDA5-16E2-40D7-A577-EC1CBE60974B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C33817E3-E1DE-4FCF-B4A5-9131B7370A1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D5BBCC52-67C2-4A66-BB32-0363EB97A14B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001Core => C:\Users\Roberto\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10] (Facebook Inc.)
Task: {D99099D2-3859-4EC6-AD87-C493840C4CF7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001UA => C:\Users\Roberto\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10] (Facebook Inc.)
Task: {DA2EFB71-89B4-4560-A1A0-8FD41DFDEB51} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {DCC27406-EA07-46DE-AC48-90C3292166DD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2762693780-1719230438-2156667301-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {DF81BEFE-ACBB-4139-B394-33A6A7F1ADA9} - System32\Tasks\AVG-SSU_0716wt_DELETE => C:\ProgramData\Avg_Update_0716wt\AVG-Secure-Search-Update_0716wt.exe [2016-08-04] ()
Task: {E9A74363-89C8-4B99-8A64-1F7A2C7A20FD} - System32\Tasks\{38773827-D4FE-4268-BF01-4F0ABB20EFDF} => pcalua.exe -a C:\Users\Roberto\AppData\Local\Temp\VSD5726.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\Roberto\Downloads -c /lang:enu /passive /norestart <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AVG-SSU_0716wt.job => C:\ProgramData\Avg_Update_0716wt\AVG-Secure-Search-Update_0716wt.exe
Task: C:\windows\Tasks\AVG-SSU_0716wt_DELETE.job => C:\ProgramData\Avg_Update_0716wt\AVG-Secure-Search-Update_0716wt.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001Core.job => C:\Users\Roberto\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001UA.job => C:\Users\Roberto\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001Core.job => C:\Users\Roberto\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2762693780-1719230438-2156667301-1001UA.job => C:\Users\Roberto\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-23 12:21 - 2016-05-24 10:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-12 03:49 - 2014-05-12 03:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-07-30 13:13 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-07-30 13:13 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\hola.org -> hxxp://hola.org

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2762693780-1719230438-2156667301-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2762693780-1719230438-2156667301-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2762693780-1719230438-2156667301-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Osvaldo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.178.142.10 - 24.207.0.167
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C419A91E-D752-41BB-B818-1DDA1D312BAE}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{0DBE3E9E-E062-48FF-91E1-2E2BB77392FA}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{C9AE27E6-FAD5-4586-A979-82F10C9C4312}] => (Allow) C:\Users\Roberto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{EFCB97D7-7F4D-46F1-BBD8-AA3AFBA7103D}] => (Allow) C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{143296F6-4171-4EA1-AE88-F31632FCA14F}] => (Allow) C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{127A0B8E-374F-4005-8067-D15DAE44BD37}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0768337D-5B63-4DE2-8943-FD0D618B46F1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1816B206-0C83-48B0-9F64-5E4431B6CD3E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{7C503B7D-BDC1-4421-971E-ECFD523E263E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{059809EC-1CE0-4E03-A195-BAE6786C1602}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{83405D02-C654-4FDA-B0AF-28F529C05985}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DCAA9F92-13E6-4EB3-A895-34F617526F53}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA699284-1142-46AD-A036-3DA804C55460}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6C8D3CA7-AE37-459F-90DE-B175FFF3F9BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2C218D04-AA88-4816-8F8E-A909CB92BBBB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{8F0C5080-F740-469A-848E-D19BB240FB51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{185C7078-6D31-4C85-B28B-70979E075404}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\dota.exe
FirewallRules: [{9C27D618-89C0-4FA9-9D31-2610F686EFB8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\dota.exe
FirewallRules: [{3E13B15E-5B4B-4299-8A7E-7F49F924C9A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{7077B0E6-08D7-43A1-ACF5-5446EAF6B3D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{DFDF4E36-7ACE-4BA7-9273-661909E0B2C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\dota.exe
FirewallRules: [{83D37AF4-D2E3-47A6-A58A-8761B2EF370A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\dota.exe
FirewallRules: [{B4A32BEF-2F75-429E-B78B-26C1F04FECE1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{478D5F61-D8D2-463B-BF4D-DD45F5531FD2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{8F5CBC67-4695-48ED-B4F4-9F17D13BE0FD}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{C2E02FEF-551A-4DB6-B2CA-2EF51E4F9AE2}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{DDAAA0EA-06A5-473C-AB26-BFCEDE0EDD4D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{87F6D04D-BD4C-46DB-91DE-AA794C0471BF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{86E5FE39-E424-431A-BE4F-040C51543494}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{44C1D085-46D5-40CE-8DD7-C17B8E42D0FC}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{B32EE279-8A82-43AD-A690-2486F6551B43}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{438530BF-C04D-4EE2-8C17-A6AA6CE50344}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{BDDCD0EB-2E05-45D8-AF68-F102B660C666}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7ABF2AD2-AA6F-4639-B158-A9AB7DFCA231}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{48B9A468-5FDD-4D1B-A067-2917A616D393}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{EC19AFD0-63B2-4CAB-8198-8B0DF13CD927}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{D582EF4C-8C4E-44BE-979F-2ED08725AA0A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{7BB2B6AE-865F-45BA-AE1E-D6D990225C2C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{18F71234-80E2-4151-8A71-CBE484424B39}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F1FA6F88-4932-4EF0-BD24-EC8FF908AB20}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{229BEBA6-E04D-4C1A-B5DB-4AB7FA5B9BBD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{C45119F9-19F0-4150-9131-706879300545}C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{AAF1D2E4-BE48-4E90-9DBE-00811D909130}C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{9C9267DF-46D6-4073-A13E-F73393FC7484}C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{1CE04341-4992-4344-8934-B4C4A2D5C618}C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\roberto\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{56514E96-DEE1-413B-A574-67A39843E753}] => (Allow) C:\Users\Roberto\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{F41679FD-B7EA-48C7-A2E9-E05D1DC54082}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D81D257B-68D2-4805-B426-B3490FEED15C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DAEE96C9-D098-4077-B8BF-46992F75D832}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2cfg.exe
FirewallRules: [{EF83B25D-8280-4D3D-9C85-677219EDA04F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2cfg.exe
FirewallRules: [TCP Query User{E7F16F48-622D-49E8-BB94-20076C2E22EA}C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe
FirewallRules: [UDP Query User{B4CA62F6-E5EA-49D4-AE9F-57D5375452A4}C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe
FirewallRules: [{99986E3F-4D91-4994-A8F9-EAA7D04CD27F}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe
FirewallRules: [{8FC1A7BF-9E3F-4A2F-8339-5050D9592831}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe
FirewallRules: [{9FEF4955-6A7C-49CD-B9B4-E79E12A583EE}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{7E87A1DE-6854-41E6-97D0-9F8B69642F15}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [UDP Query User{5B8E51F9-FB07-4B2D-A298-10C04C08704B}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [{773F5B6B-FEC6-4921-8B74-D8F6C696253F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{F28A8862-D912-4028-B306-FF867EBB9F9E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{46B3BFFB-D68A-4B13-835F-3727B4D2F57E}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{2EE9021F-0D83-4085-A779-01B897A361B9}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{BC2DC2C2-A117-4C95-965E-D9150F1DE222}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lord of the Rings Online\TurbineInvoker.exe
FirewallRules: [{109DD547-427F-44F1-BE00-2E0A09117095}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lord of the Rings Online\TurbineInvoker.exe
FirewallRules: [TCP Query User{F0787FB2-C31F-4DAD-B7CB-597F4466CBC4}C:\users\roberto\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roberto\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D7BE3F3F-086E-41DB-A8B7-021BB4DC27B3}C:\users\roberto\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roberto\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2CB3C40B-B039-4A05-B8BA-3D43DAE608A9}C:\users\roberto\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\roberto\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A9EE4D13-C547-4DE2-89D7-2CE0604E852E}C:\users\roberto\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\roberto\appdata\roaming\spotify\spotify.exe
FirewallRules: [{72B52763-F039-4E3E-8DB0-FD30CF91EB65}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{1B5FF6B3-3F32-415E-8586-0EAA5D75BFA8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{E5989DBB-9D5C-451B-AA05-3F4CF1B06EFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{25118EA9-5844-4624-8DD6-0EC7DF7AD950}C:\users\roberto\appdata\local\temp\ign43b3.tmp\lmiignition.exe] => (Allow) C:\users\roberto\appdata\local\temp\ign43b3.tmp\lmiignition.exe
FirewallRules: [UDP Query User{5F40182C-C0CB-44CD-AAAA-30E2E45A94E7}C:\users\roberto\appdata\local\temp\ign43b3.tmp\lmiignition.exe] => (Allow) C:\users\roberto\appdata\local\temp\ign43b3.tmp\lmiignition.exe
FirewallRules: [TCP Query User{964B7ACD-98C4-47F7-BFDA-48522838A08C}C:\users\roberto\appdata\local\temp\ign8d60.tmp\lmiignition.exe] => (Allow) C:\users\roberto\appdata\local\temp\ign8d60.tmp\lmiignition.exe
FirewallRules: [UDP Query User{F8427EED-D23C-4112-ADA1-4EC07F5EA068}C:\users\roberto\appdata\local\temp\ign8d60.tmp\lmiignition.exe] => (Allow) C:\users\roberto\appdata\local\temp\ign8d60.tmp\lmiignition.exe
FirewallRules: [TCP Query User{31E7C7E5-D267-4A5B-9751-FFE50DDCA628}C:\users\roberto\appdata\local\temp\ignb2ea.tmp\lmiignition.exe] => (Allow) C:\users\roberto\appdata\local\temp\ignb2ea.tmp\lmiignition.exe
FirewallRules: [UDP Query User{D17E19BE-1CD6-4810-A9A6-803057EF83EC}C:\users\roberto\appdata\local\temp\ignb2ea.tmp\lmiignition.exe] => (Allow) C:\users\roberto\appdata\local\temp\ignb2ea.tmp\lmiignition.exe
FirewallRules: [{62EC9D54-7F43-44EF-ADB6-DC99EC98578A}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{F9AB4917-7DA9-4C7F-AA07-F23CB9C86F72}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{1F2567A8-A621-445A-90BE-3E6706A357BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{DB4E780F-E133-4C07-A450-8507A87685B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{504BB080-1555-43D1-A2A6-4A4A0CC84273}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{D1AB01D8-DCAF-4F62-8F5E-BFA8AE777778}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{82852481-1474-4834-8A85-971EE93225C6}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{5F517053-1C07-415E-8BB2-711676172763}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{8AD422C6-18AD-4431-B8C4-03BC177B0538}] => (Allow) C:\Users\Roberto\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{1D5EBCC0-B7AE-466C-A3BD-3B168AE96C15}] => (Allow) C:\Users\Roberto\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [TCP Query User{5C9FAF00-B7F5-4D80-A81D-46C0C5AF5762}C:\users\roberto\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\roberto\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{85C775AD-6302-42CE-B35E-C8646957A772}C:\users\roberto\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\roberto\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{9E797ED3-409A-42AA-A87C-32D84268B47F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DADE97B9-BCE0-4B73-80CD-F416A7F72955}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{82E265D4-E66D-408A-9D09-25178D22F2B6}C:\users\roberto\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\roberto\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{A8ACE715-6034-43D9-A43D-471520345E44}C:\users\roberto\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\roberto\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{50119420-3FEC-4557-8BEF-85EFCF39DC00}C:\users\roberto\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Block) C:\users\roberto\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [UDP Query User{0BC49AEB-D8D0-4B58-9968-2D918FA72839}C:\users\roberto\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Block) C:\users\roberto\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [{F136FDE0-A7A1-46B6-9ED2-6C70D5156A95}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{BD8296CB-A8AD-4754-9A2E-38D9806ED00F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{DD421078-04E1-47A9-BA2F-8E9D13ECD1AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\game\bin\win64\dota2.exe
FirewallRules: [{312D04B3-5259-43C1-B878-F6869F50C121}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 test\game\bin\win64\dota2.exe
FirewallRules: [{469B2F35-2E7B-4AB2-BD4F-3F010CD19821}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{A6D72251-39C1-4742-9541-0606002D9E46}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{C5E04C74-9FB2-471C-8C92-F804F6EBBE1C}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{358FD2E7-D0AC-431D-93FC-F6538948EA24}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{E7AC6E23-DC10-46EE-A156-CF71799E171C}] => (Allow) C:\Users\Roberto\Downloads\bin\BlackDesert32.exe
FirewallRules: [{2C776578-3258-499B-9D0A-B1C13CEABF32}] => (Allow) C:\Users\Roberto\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{3F1A17BC-1C36-46D2-B3B6-CC4E808826C5}] => (Allow) C:\Users\Roberto\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{C387FA91-6874-48A3-996C-2B915860C0F1}] => (Allow) C:\Users\Roberto\Downloads\BlackDesert_Downloader.exe
FirewallRules: [{E9DEF967-AB5D-44B4-89E7-79982CB12EE3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F958B247-E667-4E9C-9EF5-A236E74A5627}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP QUERY USER{BC62C58C-2A12-49E7-BC0F-B6A5DA8B6341}C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\COMMON\COUNTER-STRIKE GLOBAL OFFENSIVE\CSGO.EXE] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [TCP QUERY USER{7E877B66-DB72-4CBB-A3BE-0556D2F1C64F}C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\COMMON\COUNTER-STRIKE GLOBAL OFFENSIVE\CSGO.EXE] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{EA4F6642-0E87-4F2E-81F7-FBDCBBEFF752}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{1F288BC3-7ACA-428B-9F44-3DCBCA29B71E}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{4C24E2A4-422D-460D-AAC0-7BFBC840377D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{1779C8F4-4D1C-49EA-8F0E-CFB3C6CCBB68}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{98D8721D-B2A7-4058-9A43-4D25DFEB8D27}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{71198C41-471B-4012-8626-737800A44D05}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{9AAD60A8-E046-40A2-BCBF-433C7C165267}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{89C68E27-DBCB-449F-9DC0-4EB8A95DC52F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [TCP Query User{9A589E08-7058-4EC8-A930-BEE11B67AD45}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{12F1F988-6453-4587-8603-441BFDB7BE16}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{DFB39B6B-CC03-4E93-B214-6A9ED2F106AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{83365BCA-BFEE-4E92-AA15-B28F4E9762EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{317B8EAB-7013-4022-ABFA-7D30DDE15623}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8F355E40-243C-48C4-B34E-EE12D09A144C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{57AE5B7A-546D-451A-837F-FE9F4441805E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{C53F3F52-C799-46CA-A695-F3DB9BF32308}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{0133C024-FA51-44C5-9DBB-97CDA8BF09D8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{60923DC9-EDBC-432F-A84A-218FC56E5AD3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{C1431071-8E40-46EB-9FDD-6458F2B6C881}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{8DDBDE29-755E-4833-AC5E-9ED7DFCBDE57}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A7805AB6-481C-4BE6-BA83-13EAE203E8C0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{20AD6E7F-D58D-4024-B1AC-A5F97D9040D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{41C9D56D-F276-41FB-B01B-1C822E71CD90}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D7E2B76D-D7C5-42EF-B120-8821AC7902B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2016 04:22:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2016 04:06:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2016 08:57:03 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\vssapi.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows host process (Rundll32) because of this error.

Program: Windows host process (Rundll32)
File: C:\Windows\System32\vssapi.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (08/19/2016 08:57:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_srrstr.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: VSSAPI.DLL, version: 6.1.7601.17514, time stamp: 0x4ce7c9f9
Exception code: 0xc0000006
Fault offset: 0x0000000000107e4c
Faulting process id: 0x1f88
Faulting application start time: 0xrundll32.exe_srrstr.dll0
Faulting application path: rundll32.exe_srrstr.dll1
Faulting module path: rundll32.exe_srrstr.dll2
Report Id: rundll32.exe_srrstr.dll3

Error: (08/19/2016 08:54:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007041d, The service did not respond to the start or control request in a timely fashion.
.


Operation:
   Instantiating VSS server

Error: (08/19/2016 08:54:23 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x8007041d, The service did not respond to the start or control request in a timely fashion.
]


Operation:
   Instantiating VSS server

Error: (08/19/2016 07:55:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2016 09:07:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2016 08:34:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2016 07:10:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Agent.exe, version: 2.6.8.5111, time stamp: 0x57a28468
Faulting module name: Agent.exe, version: 2.6.8.5111, time stamp: 0x57a28468
Exception code: 0xc0000005
Fault offset: 0x000cd885
Faulting process id: 0x1a90
Faulting application start time: 0xAgent.exe0
Faulting application path: Agent.exe1
Faulting module path: Agent.exe2
Report Id: Agent.exe3


System errors:
=============
Error: (08/19/2016 05:10:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.

Error: (08/19/2016 05:10:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.

Error: (08/19/2016 05:10:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.

Error: (08/19/2016 05:10:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.

Error: (08/19/2016 05:10:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.

Error: (08/19/2016 05:10:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.

Error: (08/19/2016 05:07:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.

Error: (08/19/2016 05:07:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.

Error: (08/19/2016 05:07:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.

Error: (08/19/2016 05:07:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.


CodeIntegrity:
===================================
  Date: 2015-05-18 19:12:01.983
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzdaendpt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-18 19:12:01.905
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzdaendpt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-06 19:53:15.483
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzdaendpt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-06 19:53:15.455
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzdaendpt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-06 19:46:44.419
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzdaendpt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-06 19:46:44.372
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzdaendpt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-12 20:26:59.735
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Alpham264.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-12 20:26:59.708
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Alpham264.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-12 20:26:59.673
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Alpham164.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-12 20:26:59.646
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Alpham164.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4430 CPU @ 3.00GHz
Percentage of memory in use: 10%
Total physical RAM: 32647.16 MB
Available physical RAM: 29344.79 MB
Total Virtual: 65292.51 MB
Available Virtual: 62150.25 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:921.26 GB) (Free:86.31 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (User Manual) (CDROM) (Total:0.31 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 099D9EA9)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 3: (Not Active) - (Size=921.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

thanks,

 

Rob

Link to post
Share on other sites

Thanks for those logs, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Your system should re-boot, if not re-boot yourself to normal mode if possible.....

Next,

There are two Anti-Virus programs installed and active, for now remove AVG use the removal tool at the following link:

http://www.avg.com/us-en/utilities

Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the Scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Let me see those logs, also give an update on any remaining issues or concerns...

Thank you,

Kevin...

Fixlist.txt

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.