Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Google Develops AI That Can Separate Voices in a Crowd

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Detected Win32/Varpes.J!plock

Started by Klaive , Feb 25 2016 06:52 AM

This topic is locked

5 replies to this topic

#1 Klaive

Members
3 posts
OFFLINE

Local time:01:13 PM

Posted 25 February 2016 - 06:52 AM

Hello everyone, and first let me give my thanks and my apogolize for no be a good at english.

Last night in a rutinary checking my Windows Defender detected a nasty surprise. Varpes.J!plock in two categories. I clicked delete in an instant and shiver inside because my Malwarebytes lite don't detect in my previos check. Next to the WD scan done after the malwarebytes i tried the esset online tool and the Microsoft Safety Scan. The two not detetected anything.

Looking in inet about the Varpes i founded thats a dangerous fella and the start of the detections took around nov. of the last year. Because it i think im severe infected. I need a total checking to start changing my passwords. Also in some mbytes logs detected a third administrator and im not sure what if means because im user of the windows insider program.

Im using Windows 10, an insider program edition (windows 10 professional). I not use any Disk Emulator software and i think i don't dissable the windows shadow recovery tool. I readed about disabling it to prevent the rootkits but i haven't idea how do it or what is really.

Also, around october 2015 i started to use qbitorrent and surfed not almost safe webs. At this time i learned a good lesson.

Here is my Farbar Log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by valef (administrator) on WIN-NT0RKV234G4 (25-02-2016 11:49:11)
Running from C:\Users\valef\Desktop
Loaded Profiles: valef (Available Profiles: valef)
Platform: Windows 10 Pro Version 1511 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-07-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [StereoLinksInstall] => "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-2485037238-2132735136-619222508-1001\...\RunOnce: [Uninstall C:\Users\valef\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\valef\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.0.33 80.58.32.97
Tcpip\..\Interfaces\{2072acb3-e58c-4663-9e34-81c23889fb02}: [DhcpNameServer] 80.58.0.33 80.58.32.97

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-17] (Oracle Corporation)

FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-06-25] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: BYOND -> C:\BYOND\bin\npbyond.dll [2008-07-08] (BYOND)

Chrome: 
=======
CHR HomePage: Default -> hxxps://duckduckgo.com/
CHR StartupUrls: Default -> "hxxp://xn--nueva%20pestaa-2nb/"
CHR Profile: C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Script Blocker for Chrome™) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchmnmjneadkakfihibdbepehaflop [2016-02-24]
CHR Extension: (Presentaciones de Google) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-15]
CHR Extension: (Google Docs) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-15]
CHR Extension: (Google Drive) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (uBlock Origin) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-02-25]
CHR Extension: (Búsqueda de Google) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-15]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Hokusai's Wave Theme 1920) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphdhdhlleolbgddlhbpiiofonbfijph [2015-08-25]
CHR Extension: (TeX The World for Chromium) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbfninnbhfepghkkcgdnmfmhhbjmhggn [2015-08-10]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Origin\OriginClientService.exe [2099720 2015-11-19] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-06-26] (Disc Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-07-07] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-23] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-25 11:49 - 2016-02-25 11:52 - 00011883 _____ C:\Users\valef\Desktop\FRST.txt
2016-02-25 11:47 - 2016-02-25 11:49 - 00000000 ____D C:\FRST
2016-02-25 11:42 - 2016-02-25 11:47 - 02371072 _____ (Farbar) C:\Users\valef\Desktop\FRST64.exe
2016-02-24 13:03 - 2016-02-24 13:03 - 00001059 _____ C:\Users\valef\Desktop\malwarebytes2422016.txt
2016-02-24 09:59 - 2016-02-24 10:14 - 154752280 _____ (Microsoft Corporation) C:\Users\valef\Downloads\msert.exe
2016-02-24 09:37 - 2016-02-24 09:37 - 00000000 ____D C:\Program Files (x86)\ESET
2016-02-24 09:36 - 2016-02-24 09:37 - 02870984 _____ (ESET) C:\Users\valef\Downloads\esetsmartinstaller_enu.exe
2016-02-24 02:35 - 2016-02-24 03:15 - 54329568 _____ (Microsoft Corporation) C:\Users\valef\Downloads\Windows-KB890830-x64-V5.33.exe
2016-02-24 02:23 - 2016-02-24 02:24 - 22908888 _____ (Malwarebytes ) C:\Users\valef\Downloads\mbam-setup-org-2.2.0.1024.exe
2016-02-23 16:16 - 2016-02-23 16:16 - 00000000 ___HD C:\OneDriveTemp
2016-02-23 03:17 - 2016-02-23 04:25 - 00000000 ____D C:\Users\valef\Downloads\Fallout.4.Beta.Update.v1.3.45
2016-02-23 03:17 - 2016-02-23 03:17 - 00032829 _____ C:\Users\valef\Downloads\[kat.cr]fallout.4.beta.update.v1.3.45.torrent
2016-02-23 03:06 - 2016-02-23 03:06 - 00000000 ____D C:\Program Files (x86)\Fallout 4
2016-02-23 03:05 - 2016-02-23 03:05 - 00000000 ____D C:\Users\valef\Downloads\F4Upv1-3-CDX
2016-02-23 02:02 - 2016-02-23 02:50 - 646328303 _____ C:\Users\valef\Downloads\F4Upv1-3-CDX.rar
2016-02-23 00:41 - 2016-02-23 00:41 - 00000000 ____D C:\Users\valef\Desktop\EditSF 1.1.1
2016-02-23 00:41 - 2016-02-23 00:41 - 00000000 ____D C:\Users\valef\AppData\Roaming\EditSF
2016-02-23 00:40 - 2016-02-23 00:40 - 00070039 _____ C:\Users\valef\Desktop\EditSF 1.1.1.zip
2016-02-21 00:44 - 2016-02-21 00:44 - 04132035 _____ C:\Users\valef\Downloads\1455816715952.webm
2016-02-21 00:38 - 2016-02-21 00:38 - 03925753 _____ C:\Users\valef\Downloads\1455147706234.webm
2016-02-17 10:56 - 2016-02-17 10:56 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-17 10:56 - 2016-02-17 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-17 10:56 - 2016-02-17 10:56 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-17 10:53 - 2016-02-17 10:53 - 00735328 _____ (Oracle Corporation) C:\Users\valef\Downloads\JavaSetup8u73.exe
2016-02-16 19:54 - 2016-02-16 19:54 - 00000000 ____D C:\Users\valef\AppData\Roaming\NVIDIA
2016-02-16 19:46 - 2016-02-16 19:46 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-16 19:46 - 2016-02-09 09:25 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-02-16 19:46 - 2016-02-09 09:25 - 00203320 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-02-16 19:46 - 2016-02-09 06:29 - 06368824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-02-16 19:46 - 2016-02-09 06:29 - 02992064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-02-16 19:46 - 2016-02-09 06:29 - 02561472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-02-16 19:46 - 2016-02-09 06:29 - 01263040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-02-16 19:46 - 2016-02-09 06:29 - 00530368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-02-16 19:46 - 2016-02-09 06:29 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-02-16 19:46 - 2016-02-09 06:29 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-02-16 19:46 - 2016-02-09 06:29 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-02-16 19:46 - 2016-02-06 15:58 - 06154909 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-02-16 19:45 - 2016-02-11 18:27 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-02-16 19:45 - 2016-02-11 18:27 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-02-16 19:45 - 2016-02-11 18:27 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-02-16 19:45 - 2016-02-10 07:27 - 12478528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-02-16 19:45 - 2016-02-09 09:25 - 42983480 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 37616184 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 31119296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 24944064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 21201784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 20741880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 19779648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 17631304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 17224664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 17175248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 17116936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 14115136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 03649576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 03231544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 02541504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 02187712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436191.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436191.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00950328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00882232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00786688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00745408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00689600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00541000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00445728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00383424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00378968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00317144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00175368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00153392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-02-16 19:45 - 2016-02-09 09:25 - 00035832 _____ C:\WINDOWS\system32\nvinfo.pb
2016-02-16 19:00 - 2016-02-16 19:00 - 00000000 ____D C:\Users\valef\AppData\Roaming\The Creative Assembly
2016-02-16 18:27 - 2016-02-16 18:28 - 01435112 _____ C:\Users\valef\Desktop\u0qPkbw.webm
2016-02-15 02:17 - 2016-02-15 02:17 - 12417965 _____ C:\Users\valef\Desktop\TesisdeMTH.pdf
2016-02-10 03:24 - 2016-02-10 03:25 - 03796132 _____ C:\Users\valef\Downloads\1455066864985.webm
2016-02-10 03:24 - 2016-02-10 03:24 - 03902688 _____ C:\Users\valef\Downloads\1455066926809.webm
2016-02-10 00:39 - 2016-01-29 07:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 00:39 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 00:39 - 2016-01-27 07:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 00:39 - 2016-01-27 07:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 00:39 - 2016-01-27 07:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 00:39 - 2016-01-27 07:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 00:39 - 2016-01-27 07:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 00:39 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 00:39 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 00:39 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 00:39 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 00:39 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 00:39 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-10 00:39 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 00:39 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 00:39 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 00:39 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 00:39 - 2016-01-27 06:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 00:39 - 2016-01-27 06:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 00:39 - 2016-01-27 06:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 00:39 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 00:39 - 2016-01-27 06:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 00:39 - 2016-01-27 06:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 00:39 - 2016-01-27 06:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 00:39 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 00:39 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 00:39 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-10 00:39 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-10 00:39 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 00:39 - 2016-01-27 06:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 00:39 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 00:39 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 00:39 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 00:39 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 00:39 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 00:39 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 00:39 - 2016-01-27 06:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 00:39 - 2016-01-27 06:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 00:39 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 00:39 - 2016-01-27 06:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 00:39 - 2016-01-27 06:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 00:39 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 00:39 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 00:39 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 00:39 - 2016-01-27 05:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 00:39 - 2016-01-27 05:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 00:39 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 00:39 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 00:39 - 2016-01-27 05:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 00:39 - 2016-01-27 05:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 00:39 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 00:39 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 00:39 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 00:39 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 00:39 - 2016-01-27 05:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 00:39 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 00:39 - 2016-01-27 05:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 00:39 - 2016-01-27 05:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 00:39 - 2016-01-27 05:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 00:39 - 2016-01-27 05:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 00:39 - 2016-01-27 05:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 00:39 - 2016-01-27 05:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 00:39 - 2016-01-27 05:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 00:39 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 00:39 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-08 17:36 - 2016-02-08 17:36 - 03850301 _____ C:\Users\valef\Downloads\1454731201215.webm
2016-02-08 11:49 - 2016-02-08 11:49 - 00007840 _____ C:\Users\valef\Downloads\RU9mqoc.gifv
2016-02-08 05:05 - 2016-02-08 05:05 - 00000000 ____D C:\Users\valef\Downloads\Sexy Pattycake - My Secret Stash 1
2016-02-07 03:36 - 2016-02-07 03:36 - 00000000 ____D C:\WINDOWS\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2016-02-06 04:56 - 2016-02-06 04:57 - 02710541 _____ C:\Users\valef\Downloads\1454729265590.webm
2016-02-06 04:56 - 2016-02-06 04:56 - 02921944 _____ C:\Users\valef\Downloads\1454728684446.webm
2016-02-06 04:56 - 2016-02-06 04:56 - 01619928 _____ C:\Users\valef\Downloads\1454728918013.webm
2016-02-06 04:55 - 2016-02-06 04:55 - 01774652 _____ C:\Users\valef\Downloads\1454728042988.webm
2016-02-06 04:54 - 2016-02-06 04:54 - 02973126 _____ C:\Users\valef\Downloads\1454727191644.webm
2016-02-06 04:54 - 2016-02-06 04:54 - 02675663 _____ C:\Users\valef\Downloads\1454727298034.webm
2016-02-06 04:53 - 2016-02-06 04:53 - 03129167 _____ C:\Users\valef\Downloads\1454727123661.webm
2016-02-06 04:52 - 2016-02-06 04:53 - 03063262 _____ C:\Users\valef\Downloads\1454726953826.webm
2016-02-06 04:51 - 2016-02-06 04:51 - 03141804 _____ C:\Users\valef\Downloads\1454726784120.webm
2016-02-06 04:49 - 2016-02-06 04:49 - 03087930 _____ C:\Users\valef\Downloads\1454725972315.webm
2016-02-06 04:48 - 2016-02-06 04:48 - 03048535 _____ C:\Users\valef\Downloads\1454724060925.webm
2016-02-06 04:44 - 2016-02-06 04:44 - 03000742 _____ C:\Users\valef\Downloads\1454723544159.webm
2016-02-05 16:11 - 2016-02-05 16:11 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-02-04 22:25 - 2016-02-04 22:25 - 00004833 _____ C:\Users\valef\Downloads\[kat.cr]private.sex.magazine.37.38.torrent
2016-02-03 18:06 - 2016-02-03 18:06 - 00010109 _____ C:\Users\valef\Downloads\subs_srt_L01-5.srt
2016-02-03 14:11 - 2016-02-03 14:11 - 00829359 _____ C:\Users\valef\Downloads\1454367583527.webm
2016-02-02 18:49 - 2016-02-02 18:49 - 03100335 _____ C:\Users\valef\Downloads\1454298639906.webm
2016-02-02 13:17 - 2016-02-02 13:17 - 00000000 ____D C:\Users\valef\Downloads\EU IV - Update - 1.15.0 - 1.15.1 [RezMar]
2016-02-02 13:04 - 2016-02-02 13:07 - 25263068 _____ C:\Users\valef\Downloads\EU IV - Update - 1.15.0 - 1.15.1 [RezMar].rar
2016-02-02 11:15 - 2016-02-02 11:19 - 00000000 ____D C:\Users\valef\Downloads\EU IV - Update - 1.14.4 - 1.15.0 [RezMar]
2016-02-02 11:04 - 2016-02-02 11:13 - 00000000 ____D C:\Users\valef\Downloads\EU IV - Update - 1.14.3 - 1.14.4 [RezMar]
2016-02-02 11:00 - 2016-02-02 11:00 - 00009141 _____ C:\Users\valef\Downloads\[kat.cr]europa.universalis.iv.eu.4.hotfix.1.14.3.to.1.14.4.rezmar.torrent
2016-02-02 10:57 - 2016-02-02 11:03 - 00000000 ____D C:\Users\valef\Downloads\EU IV - Update - 1.14.0 - 1.14.3 [RezMar]
2016-02-02 10:35 - 2016-02-02 10:38 - 16933971 _____ (The qBittorrent project) C:\Users\valef\Downloads\qbittorrent_3.3.3_setup.exe
2016-02-02 10:35 - 2016-02-02 10:35 - 00019723 _____ C:\Users\valef\Downloads\[kat.cr]europa.universalis.iv.eu.4.hotfix.1.14.0.to.1.14.3.rezmar.torrent
2016-02-01 16:33 - 2016-02-01 16:33 - 00004563 _____ C:\Users\valef\Downloads\subs_srt_Course_overview1.srt
2016-02-01 14:05 - 2016-02-01 14:05 - 03039858 _____ C:\Users\valef\Downloads\ADA215572.pdf
2016-01-28 08:49 - 2016-01-16 07:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 08:49 - 2016-01-16 07:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 08:48 - 2016-01-16 07:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 08:48 - 2016-01-16 07:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 08:48 - 2016-01-16 07:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 08:48 - 2016-01-16 07:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 08:48 - 2016-01-16 07:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 08:48 - 2016-01-16 07:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 08:48 - 2016-01-16 07:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 08:48 - 2016-01-16 07:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 08:48 - 2016-01-16 07:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 08:48 - 2016-01-16 07:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 08:48 - 2016-01-16 07:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 08:48 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 08:48 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 08:48 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 08:48 - 2016-01-16 07:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 08:48 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 08:48 - 2016-01-16 07:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 08:48 - 2016-01-16 07:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 08:48 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 08:48 - 2016-01-16 07:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 08:48 - 2016-01-16 06:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 08:48 - 2016-01-16 06:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 08:48 - 2016-01-16 06:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 08:48 - 2016-01-16 06:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 08:48 - 2016-01-16 06:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 08:48 - 2016-01-16 06:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 08:48 - 2016-01-16 06:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 08:48 - 2016-01-16 06:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 08:48 - 2016-01-16 06:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 08:48 - 2016-01-16 06:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 08:48 - 2016-01-16 06:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 08:48 - 2016-01-16 06:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 08:48 - 2016-01-16 06:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 08:48 - 2016-01-16 06:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 08:48 - 2016-01-16 06:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 08:48 - 2016-01-16 06:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 08:48 - 2016-01-16 06:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 08:48 - 2016-01-16 06:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 08:48 - 2016-01-16 06:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 08:48 - 2016-01-16 06:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 08:48 - 2016-01-16 06:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 08:48 - 2016-01-16 06:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 08:48 - 2016-01-16 06:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 08:48 - 2016-01-16 06:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 08:48 - 2016-01-16 06:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 08:48 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 08:48 - 2016-01-16 06:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 08:48 - 2016-01-16 06:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 08:48 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 08:48 - 2016-01-16 06:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 08:48 - 2016-01-16 06:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 08:48 - 2016-01-16 06:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 08:48 - 2016-01-16 06:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 08:48 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 08:48 - 2016-01-16 06:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 08:48 - 2016-01-16 06:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 08:48 - 2016-01-16 06:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 08:48 - 2016-01-16 06:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 08:48 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 08:48 - 2016-01-16 06:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 08:48 - 2016-01-16 06:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 08:48 - 2016-01-16 06:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 08:48 - 2016-01-16 06:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 08:48 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 08:48 - 2016-01-16 06:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 08:48 - 2016-01-16 06:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 08:48 - 2016-01-16 06:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 08:48 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 08:48 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 08:48 - 2016-01-16 06:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 08:48 - 2016-01-16 06:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 08:48 - 2016-01-16 06:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 08:48 - 2016-01-16 06:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 08:48 - 2016-01-16 06:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 08:48 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 08:48 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 08:48 - 2016-01-16 06:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 08:48 - 2016-01-16 06:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 08:48 - 2016-01-16 06:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 08:48 - 2016-01-16 06:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 08:48 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 08:48 - 2016-01-16 06:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 08:48 - 2016-01-16 06:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 08:48 - 2016-01-16 06:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 08:48 - 2016-01-16 06:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 08:48 - 2016-01-16 06:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 08:48 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 08:48 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 08:48 - 2016-01-16 06:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 08:48 - 2016-01-16 06:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 08:48 - 2016-01-16 06:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 08:48 - 2016-01-16 06:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 08:48 - 2016-01-16 06:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 08:48 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 08:48 - 2016-01-16 06:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 08:48 - 2016-01-16 06:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 08:48 - 2016-01-16 06:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 08:48 - 2016-01-16 06:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 08:48 - 2016-01-16 06:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 08:48 - 2016-01-16 06:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 08:48 - 2016-01-16 06:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 08:48 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 08:48 - 2016-01-16 06:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 08:48 - 2016-01-16 06:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 08:48 - 2016-01-16 06:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 08:48 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-27 20:10 - 2016-02-24 02:41 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-27 20:10 - 2016-01-27 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-27 20:10 - 2016-01-27 20:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-27 20:10 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-27 20:10 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-27 20:10 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-27 19:08 - 2016-01-27 20:09 - 22908888 _____ (Malwarebytes ) C:\Users\valef\Downloads\mbam-setup-org-2.2.0.1024 (1).exe
2016-01-26 21:14 - 2016-02-23 23:01 - 00000000 ____D C:\Users\valef\AppData\Local\CrashDumps
2016-01-26 12:15 - 2016-01-26 12:17 - 03985536 _____ C:\Users\valef\Downloads\1453503714689.webm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-25 11:41 - 2015-07-15 12:09 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-25 11:19 - 2015-07-25 12:36 - 00004218 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FD16DF48-49CA-4F12-887F-C388339C1090}
2016-02-25 11:18 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-25 11:17 - 2015-06-24 03:59 - 00000000 ____D C:\Users\valef\AppData\Local\ActiveSync
2016-02-25 11:16 - 2015-06-24 03:49 - 00000000 ___RD C:\Users\valef\OneDrive
2016-02-25 11:15 - 2015-11-15 16:40 - 00000000 ____D C:\Users\valef
2016-02-25 11:15 - 2015-07-15 12:09 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-24 05:03 - 2015-06-24 03:59 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-24 03:16 - 2015-06-24 05:14 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-24 02:25 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-24 02:25 - 2015-06-24 03:48 - 00000000 ____D C:\Users\valef\AppData\Local\Packages
2016-02-23 23:30 - 2015-10-06 20:30 - 00000000 ____D C:\Users\valef\AppData\Local\Frontier_Developments
2016-02-23 05:33 - 2015-06-25 01:01 - 00000000 ____D C:\Users\valef\AppData\Local\ElevatedDiagnostics
2016-02-23 03:11 - 2015-06-24 04:14 - 00000000 ____D C:\Users\valef\AppData\Local\NVIDIA
2016-02-23 03:10 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-23 03:10 - 2015-06-24 04:14 - 00000000 ____D C:\Users\valef\AppData\Local\NVIDIA Corporation
2016-02-20 01:42 - 2015-07-15 12:12 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-17 10:57 - 2015-12-22 15:31 - 00000000 ____D C:\ProgramData\Oracle
2016-02-17 09:59 - 2015-12-22 15:32 - 00000000 ____D C:\Users\valef\.oracle_jre_usage
2016-02-17 07:40 - 2015-12-01 10:57 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-02-17 07:40 - 2015-06-24 04:13 - 01903344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-02-17 07:40 - 2015-06-24 04:13 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-02-17 07:40 - 2015-06-24 04:13 - 01571624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-02-17 07:40 - 2015-06-24 04:13 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-02-16 19:46 - 2015-11-15 16:37 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-02-16 19:46 - 2015-11-15 16:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-02-16 19:46 - 2015-11-15 16:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-02-16 19:46 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Help
2016-02-16 02:26 - 2015-10-31 08:39 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-02-16 02:25 - 2015-11-02 05:56 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-02-16 02:25 - 2015-10-31 08:42 - 00000000 ____D C:\Users\valef\AppData\Local\Battle.net
2016-02-12 21:20 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-11 17:32 - 2015-06-24 03:49 - 00002395 _____ C:\Users\valef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-10 17:09 - 2015-10-30 19:59 - 00820540 _____ C:\WINDOWS\system32\perfh00A.dat
2016-02-10 17:09 - 2015-10-30 19:59 - 00161168 _____ C:\WINDOWS\system32\perfc00A.dat
2016-02-10 17:09 - 2015-06-24 03:47 - 01849776 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-10 17:05 - 2015-06-24 03:48 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-10 17:03 - 2015-11-15 16:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-10 03:54 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-10 03:53 - 2015-10-30 20:02 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 02:36 - 2015-07-15 12:09 - 00004198 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-10 02:36 - 2015-07-15 12:09 - 00003966 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-10 02:16 - 2015-06-24 05:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 02:14 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-07 03:36 - 2015-06-24 12:51 - 00000000 ____D C:\Users\valef\Documents\My Games
2016-02-05 22:18 - 2015-12-04 21:27 - 00000000 ____D C:\Users\valef\Documents\BYOND
2016-02-03 20:01 - 2015-10-30 08:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 20:01 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-28 23:05 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-28 23:05 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-28 23:05 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-28 23:05 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-28 23:05 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-28 23:05 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-28 23:05 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-28 17:50 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2015-06-26 09:53 - 2015-06-26 09:53 - 0007606 _____ () C:\Users\valef\AppData\Local\Resmon.ResmonCfg
2015-11-15 16:36 - 2015-11-15 16:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\valef\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\valef\AppData\Local\Temp\jre-8u73-windows-au.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-21 19:26

==================== End of FRST.txt ============================

And here my addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by valef (2016-02-25 11:53:31)
Running from C:\Users\valef\Desktop
Windows 10 Pro Version 1511 (X64) (2015-11-15 16:01:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2485037238-2132735136-619222508-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2485037238-2132735136-619222508-503 - Limited - Disabled)
Invitado (S-1-5-21-2485037238-2132735136-619222508-501 - Limited - Disabled)
valef (S-1-5-21-2485037238-2132735136-619222508-1001 - Administrator - Enabled) => C:\Users\valef

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actualización de NVIDIA 2.10.2.40 (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BYOND (HKLM-x32\...\BYOND) (Version: 509.1317 - BYOND)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Darkest Dungeon (HKLM-x32\...\Steam App 262060) (Version:  - Red Hook Studios)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version:  - Techland)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Distant Worlds Universe (HKLM-x32\...\Distant Worlds Universe_is1) (Version:  - )
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dungeon of the Endless (HKLM-x32\...\Steam App 249050) (Version:  - AMPLITUDE Studios)
Elite Dangerous Launcher version 0.4.4084.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.4084.0 - Frontier Developments)
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
Endless Legend (HKLM-x32\...\Steam App 289130) (Version:  - AMPLITUDE Studios)
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - AMPLITUDE Studios)
Europa Universalis IV versión 1.14.0 (HKLM-x32\...\{A0A05CBD-5A83-45E4-B90E-7ED2F9C74404}_is1) (Version: 1.14.0 - Paradox Interactive)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FarCry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Galactic Civilizations III (HKLM-x32\...\Steam App 226860) (Version:  - Stardock Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HELLDIVERS™ (HKLM-x32\...\Steam App 394510) (Version:  - Arrowhead Game Studios)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Homeworld Remastered Collection (HKLM-x32\...\Steam App 244160) (Version:  - Gearbox Software)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version:  - Tripwire Interactive)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
NVIDIA Controlador de audio HD 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.91 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.10.2.4863 - Electronic Arts, Inc.)
Panel de control de NVIDIA 361.91 (Version: 361.91 - NVIDIA Corporation) Hidden
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Planetary Annihilation: TITANS (HKLM-x32\...\Steam App 386070) (Version:  - Uber Entertainment)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Daybreak Games)
PlanetSide 2 (HKU\S-1-5-21-2485037238-2132735136-619222508-1001\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version:  - GSC Game World)
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version:  - Harebrained Schemes)
Shadowrun: Hong Kong (HKLM-x32\...\Steam App 346940) (Version:  - Harebrained Schemes)
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Sid Meiers Civilization Beyond Earth versión 1.1.0.1043 (HKLM-x32\...\{C6F9A429-5D1A-4FF8-A446-EA1E7880B5E6}_is1) (Version: 1.1.0.1043 - 2K Games)
Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - Ironclad Games)
Skyrim Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - bgs.bethsoft.com)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - Keen Software House)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sword of the Stars: The Pit (HKLM-x32\...\Steam App 233700) (Version:  - Kerberos Productions Inc.)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD PROJEKT RED)
Total War: ATTILA (HKLM-x32\...\Steam App 325610) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM-x32\...\Steam App 4570) (Version:  - Relic Entertainment)
Warhammer 40,000: Dawn of War – Soulstorm (HKLM-x32\...\Steam App 9450) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic Entertainment)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2485037238-2132735136-619222508-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\valef\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {69C6D62E-4EBF-4062-867C-36A1F4074038} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-15] (Google Inc.)
Task: {C2ADDC89-9689-40DA-8FD7-0BB35063566D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-15] (Google Inc.)
Task: {F3D0D655-4DC9-4AE2-AC56-DE3EC06B56E0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-24] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-02-23 03:10 - 2016-02-17 07:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-01-21 03:51 - 2016-02-17 07:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-02-23 03:10 - 2016-02-17 07:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-02-16 19:46 - 2016-02-09 06:29 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-03 22:40 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 22:40 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-18 10:00 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 10:00 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 18:20 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 18:20 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 08:48 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 08:48 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-24 04:13 - 2016-02-17 08:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-02-20 01:42 - 2016-02-18 05:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-20 01:42 - 2016-02-18 05:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-05-23 14:06 - 2015-05-23 14:04 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2485037238-2132735136-619222508-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\valef\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{eb98010f-7872-4239-ac52-beba49927a6f}.jpg
DNS Servers: 80.58.0.33 - 80.58.32.97
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{4ED7D3E2-E9B8-4464-8568-9BEA118B2733}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{83B124E0-8DE9-4613-8476-A6C21FBD630B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{999D7C9B-860B-45E4-9E31-AD4CA259760C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [{CDFD49EA-248F-4378-BFEB-29D6A6BCF76E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [UDP Query User{9A705881-A7B1-4811-AAB0-45AC66B1CDAA}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{DFCACBCD-D3E9-4B76-9C38-E63AE93C5551}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [{B384515B-C1E7-4975-BE0E-242947ECBEA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{9FBB22BC-1EA9-4665-8BAE-C9CC16BB9DEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{201335B9-31D8-4B53-B11E-C2174F27605C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Gold\W40k.exe
FirewallRules: [{1F25D89A-A623-4295-A869-56BB6A8F078A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Gold\W40k.exe
FirewallRules: [{13655368-C09B-42C4-B3E5-EFE423C9E977}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{A2E4AAE1-51EA-426D-A503-B13B7B0E497A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [UDP Query User{A449BB2E-0160-4078-8570-5832D4D17F9E}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{FB44C6CD-975D-44BB-9D8E-74BA43AAE588}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{DF635299-B26C-40AB-89FC-3688FBDCC8EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{87667BC0-60A5-4484-BFA1-2E725BB09FF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{B3772844-862C-466D-8D8C-CB058AA33C3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{DDF905C8-5D5F-4EFC-9589-6550B524E6D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{E1F329CF-E53D-4B95-8546-DD2D64144F0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{D0380437-97FB-4C4A-87B5-C9C6FB558AB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{A2648FFC-30C2-4CEA-A653-B7C23D436AE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{13EBD9D0-E9F5-4E63-B2A7-D66FD2EB9C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{A1EDB514-9F56-4F2B-ACC2-6114D6AAF4BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{01546AE4-CB65-4EEF-8E69-5856142AD766}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{096C6448-3931-4300-8534-4157D97BB96D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{A30F1F7B-C84C-4A1E-B5A3-C2E0F1EADBBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{9B094334-FAEC-41A9-BF70-554555BF6E48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{25788ED5-7E3A-414F-920E-7E458997FA06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{01238967-52D9-4EDB-8122-2554A0D1BF5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{4F8A6ECC-50D1-400B-8904-A0F27F0C96D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{F37880E1-8CBE-46A3-8DE7-64C95762EFEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{1F308916-0F11-44BA-930D-29CCE7CF0631}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{A1841230-4C74-4C51-B1A3-8EADFC354C96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{B9AEF37B-B802-4761-AA07-EF26EA9E50FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{0D4EC622-1EF9-4F87-A75A-010E940D4F9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{D08FD009-E773-4E41-B84F-D77D1A37162A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{FA0816E6-A41C-48D3-BBB1-CE5898052259}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe
FirewallRules: [{67696F68-9BD4-4DAE-96DB-2793B3282824}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe
FirewallRules: [{8A90F07F-CCFB-4AA7-98D1-7D844C905108}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{45CB51E2-6042-46E0-9BF0-59CD394BECD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{B8C14D5C-DDA8-4408-BEB0-2B410915BB83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{4DCCD645-EFFE-4EB2-8F95-8CF9386FF547}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{63F0FAB6-300F-42DC-AC3F-64F9748BFEAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{6A279BE1-D416-48B4-BF53-B1FD1AD493E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{DC2956EC-F623-475B-A2C7-33992F9BBC50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{74FE0410-EF9C-427C-AAEF-C2963FADD5D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{45D57C51-1B91-46A5-BD44-EBB9223AB0D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{084FE2B4-FEB1-4ACB-86A1-EE35680BD679}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CA93B535-7217-455B-B490-C8FE52D84F40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9F0B0119-76CD-4A74-B282-7EC949282562}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{7F61906F-7508-4E82-9AF4-0291F3DAED42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{63CA08DF-0218-471C-B6A9-36FACBD6918B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{02DA2688-DF58-4508-9D80-C78AB8DD75FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{5875E45D-77D0-4B8D-BA4B-A53305CAEEBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{FB446CEF-0823-41F9-8634-B15E5420D224}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{64DE4006-9899-4293-B74B-DB80D0B46D79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{3D5DD773-9074-4783-9129-E4514832344B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{3B6AFA3F-1CBF-4884-8C54-B5AC88549E20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1D4ACE6C-5BDF-44FA-A4F3-0A78FDE0131D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{5974D33C-CF55-457D-9C6C-618F251A4110}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{8B374F2D-8CA1-422B-850D-5955E7FA3DA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6B056832-C502-40FC-82CD-7EDCC8698795}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{C4A21B6D-10B1-4130-BD7E-B6B21F506E2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [UDP Query User{72BC8FDA-5867-4973-B4CD-9D2D79E17A93}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [TCP Query User{FBD29DEA-0F37-4E32-8B8F-1C0A28DCB0B9}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{34D1D806-CF77-4F28-A522-D71B0AE0C8F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{C1610212-81EF-4F2F-B655-1351D2E5E2CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{886B4E94-5A2D-4BEC-A0AD-DED3885E356F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{8FD9E352-7BF4-4372-81F9-3E237DB130EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{2D2E6E4B-21ED-4A17-9501-59A10F33C67B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{E6B88C19-D0C6-47B7-9138-835815198246}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{99FB703E-56C2-4375-BD82-A81D2D512F8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe
FirewallRules: [{ADA11AE8-0C48-414A-9486-DD2A1591DCF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe
FirewallRules: [{B3DD27A4-D47F-4D86-ADD4-EE7AE046A173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{F75EB109-2614-4B6A-807D-D2633E008070}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{BEF1C8D7-5AA3-4062-AC40-52A9E044B631}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{2FB0671A-D540-4DC1-B708-895FEE95EBD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{39BDDFC7-5152-4709-A28C-00C1E86BD896}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{B21A61DC-561C-4999-8F14-04E1ED320B51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{8DDA24FF-620F-4F99-9560-F0D276493245}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{3FD3DF3F-1E77-40A1-B683-A3FC1BAF55AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{0BFB4978-FA6A-41BD-BF95-963EE9F61FA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{BECA1E08-61B8-4CB8-91C1-518EB676AD8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{AFCFB756-6E83-4F18-B3B3-D0D3392E732F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{CB160B27-CCFC-4D0C-A471-0738230FF127}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{FABB1639-73E9-4846-A39A-7184C6961F86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{5888E594-067B-4B94-A0A8-072D3138DEFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{34F7AB0C-E5C7-46D4-843A-CD1A809DBC03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{9A6D1AB7-8BDC-4E10-B324-600C5974EDEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{2C8E9238-5888-4C55-9C99-85D28E9DFDD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{E0F9F3E7-D90B-45E4-ADEB-65A4A9236510}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{E6869F41-B4C5-4D87-A209-B4E7801706F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Pit\ThePit.exe
FirewallRules: [{4962B854-D464-4EBD-88F2-43D52351490A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Pit\ThePit.exe
FirewallRules: [{D66799BF-34F6-4AB0-AC93-9533F47ED43A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{66969B60-6230-4264-9246-D194CF7A00AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{D29FE9F9-F694-4B07-87A3-8859F9294E20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{F0248417-41C2-48B3-90DC-89ACFF0E2790}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{AE5E464D-AF0A-48CD-B4E3-0B3CEFEE3117}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{D3AE87BE-154C-4DD3-B3FB-1F86CD695CBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{5B1F1A37-3D8C-432E-A2DB-C78F0E45474D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{AF23AD81-E30A-43C0-89FD-7F0C56A78FF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{71FCADD9-9CB1-4CEC-A15E-44E0BE3FAC40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{CC3BB7C2-A2B8-4316-A7A4-B420FE65DCC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{F467DF0A-925A-4BDE-9A93-DDF4F6FD5562}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{3494B3DA-8862-4BB6-B157-EBF85DE4569D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{AD4FED91-2789-44DB-A858-83785613F49F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B0495C78-79DA-4B2A-9D6C-A7BB66FCE022}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4CB43DB9-6D8A-42CE-BB08-A74091B868F9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FC353234-7CFD-49FC-BC29-1EC0906C21EB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E25918CC-0FBF-48E3-AC2C-1DE1739F7AF5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A3C8BE3-A018-4F95-A83D-38A91F3A57AC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{1A8DADC4-D3D0-4970-A4FD-1B92A1AA258A}C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{70C210AC-BE41-4425-A2F0-D5A639649156}C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [{9D21BA9F-9D67-46B3-B514-9564B1059E07}] => (Allow) C:\Ubisoft\FarCry 4\bin\FarCry4.exe
FirewallRules: [{759857E6-10BA-4011-96E2-41CD49E796D6}] => (Allow) C:\Ubisoft\FarCry 4\bin\FarCry4.exe
FirewallRules: [{D1A0B253-0588-4F17-8375-82F2EAAB538F}] => (Allow) C:\Ubisoft\FarCry 4\bin\IGE_WPF64.exe
FirewallRules: [{779579DC-6D5A-4228-9F2F-5E40570EA9B5}] => (Allow) C:\Ubisoft\FarCry 4\bin\IGE_WPF64.exe
FirewallRules: [TCP Query User{3A716901-5565-4A34-BA9F-E8B2D5E96AD8}C:\byond\bin\byond.exe] => (Allow) C:\byond\bin\byond.exe
FirewallRules: [UDP Query User{1F50F459-6ED6-4988-8008-91556B683C27}C:\byond\bin\byond.exe] => (Allow) C:\byond\bin\byond.exe
FirewallRules: [{0C1A17AD-18C5-4C51-9D9A-67B50ECC3F6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x64\helldivers.exe
FirewallRules: [{A6C05723-8FFE-4631-A5BE-976945CCE903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x64\helldivers.exe
FirewallRules: [{DB100430-D647-41F3-BFD3-E46A486373CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x86\helldivers.exe
FirewallRules: [{4E2598AB-7586-450E-BFE0-FBDCE2E7AFDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x86\helldivers.exe
FirewallRules: [{79E3A945-7B72-470B-ABD7-40A8747D737F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{92D9413F-A6CE-4893-959C-384AAE2E16C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{A3C57C4C-A81C-417A-A2AD-3DA6657AFD81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{797EFC26-6C74-406A-AB73-CBB7F1B23CFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{05C38A57-9390-45C8-8DB4-6EDF515D9FEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{19B08ABD-D1B5-44AD-870B-F0ECA63CDCB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{B24BD49A-B46A-49AB-A1C7-E2BA55E51D2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{62CA18B3-04D2-4CB7-A428-66D5221CF2B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{EE7080CC-114C-48E2-8A33-5323C14782DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{FC772AFA-4D8E-4AD5-AA1D-21B0FB282782}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{1C59ED49-2974-4754-891F-882810B2A823}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{63E9F725-2E53-4D93-AA4C-FD4BBE4FF147}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{2B8C4ED1-0077-46A9-8DB1-A05D16A58CFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{F39051DE-3E82-4C53-AA83-723A87D8AB00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{C637B506-DD5C-47F8-A456-54C9444C78DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{74B26688-AC1F-48CE-B898-C1EF22233E3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{D59DC481-4708-4AFF-9815-A29678C282D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{EFEC9CF6-D29B-404B-87AC-13EAD2244F28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{F05A191D-067C-45B7-AA82-8B204025D434}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{353532CF-5385-40AF-B9BD-0B41B48BB55D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{236CDD17-58F3-48FB-9902-BD196D3784DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{942EE511-8052-4ED0-8CAE-BCBDBB7B848E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [TCP Query User{9DB1D628-28F2-42BC-A759-7D790F282862}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [UDP Query User{A72AE89C-9843-407D-BDAD-F00B55DA1D34}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [{6001E138-4A34-45C7-BADC-7F90DBC9BAF2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A53F5C4F-27B6-49B8-ABFD-57A5CF71457C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{AD4339FA-649F-443C-98BA-F3953618A2FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe

==================== Restore Points =========================

10-02-2016 02:12:31 Windows Update
16-02-2016 18:50:23 Se ha instalado DirectX

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2016 11:47:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Error en el archivo de manifiesto o directiva "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" en la línea C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (02/25/2016 11:47:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Error en el archivo de manifiesto o directiva "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" en la línea C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (02/24/2016 09:37:54 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Error en el archivo de manifiesto o directiva "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" en la línea C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (02/24/2016 09:37:54 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Error en el archivo de manifiesto o directiva "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" en la línea C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (02/24/2016 09:37:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Error al generar el contexto de activación para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Error en el archivo de manifiesto o directiva "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" en la línea C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (02/24/2016 08:44:49 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (02/23/2016 11:01:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: attila.exe, versión: 1.5.0.0, marca de tiempo: 0x56675acc
Nombre del módulo con errores: Attila.dll, versión: 1.5.0.0, marca de tiempo: 0x56675ff9
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0121cf3d
Identificador del proceso con errores: 0x1038
Hora de inicio de la aplicación con errores: 0xattila.exe0
Ruta de acceso de la aplicación con errores: attila.exe1
Ruta de acceso del módulo con errores: attila.exe2
Identificador del informe: attila.exe3
Nombre completo del paquete con errores: attila.exe4
Identificador de aplicación relativa del paquete con errores: attila.exe5

Error: (02/23/2016 11:01:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: attila.exe, versión: 1.5.0.0, marca de tiempo: 0x56675acc
Nombre del módulo con errores: Attila.dll, versión: 1.5.0.0, marca de tiempo: 0x56675ff9
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0121cf3d
Identificador del proceso con errores: 0x1038
Hora de inicio de la aplicación con errores: 0xattila.exe0
Ruta de acceso de la aplicación con errores: attila.exe1
Ruta de acceso del módulo con errores: attila.exe2
Identificador del informe: attila.exe3
Nombre completo del paquete con errores: attila.exe4
Identificador de aplicación relativa del paquete con errores: attila.exe5

Error: (02/23/2016 06:14:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: attila.exe, versión: 1.5.0.0, marca de tiempo: 0x56675acc
Nombre del módulo con errores: Attila.dll, versión: 1.5.0.0, marca de tiempo: 0x56675ff9
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00b2cf80
Identificador del proceso con errores: 0x20d8
Hora de inicio de la aplicación con errores: 0xattila.exe0
Ruta de acceso de la aplicación con errores: attila.exe1
Ruta de acceso del módulo con errores: attila.exe2
Identificador del informe: attila.exe3
Nombre completo del paquete con errores: attila.exe4
Identificador de aplicación relativa del paquete con errores: attila.exe5

Error: (02/21/2016 07:16:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: attila.exe, versión: 1.5.0.0, marca de tiempo: 0x56675acc
Nombre del módulo con errores: Attila.dll, versión: 1.5.0.0, marca de tiempo: 0x56675ff9
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00b2cf80
Identificador del proceso con errores: 0x4fc
Hora de inicio de la aplicación con errores: 0xattila.exe0
Ruta de acceso de la aplicación con errores: attila.exe1
Ruta de acceso del módulo con errores: attila.exe2
Identificador del informe: attila.exe3
Nombre completo del paquete con errores: attila.exe4
Identificador de aplicación relativa del paquete con errores: attila.exe5


System errors:
=============
Error: (02/25/2016 11:33:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalActivación{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)No disponibleNo disponible

Error: (02/24/2016 03:58:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Acceso a datos de usuarios_1492476d terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (02/24/2016 03:58:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Almacenamiento de datos de usuarios_1492476d terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (02/24/2016 03:58:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Datos de contactos_1492476d terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (02/24/2016 03:58:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Sincronizar host_1492476d terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (02/24/2016 03:58:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalActivación{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)No disponibleNo disponible

Error: (02/24/2016 01:15:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalActivación{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYServicio de redS-1-5-20LocalHost (con LRPC)No disponibleNo disponible

Error: (02/24/2016 09:57:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
%%1275

Error: (02/24/2016 09:57:12 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\valef\AppData\Local\Temp\ehdrv.sys

Error: (02/24/2016 09:57:12 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\valef\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2016-02-12 03:43:24.827
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-10 17:04:25.120
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-07 16:56:47.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-29 08:17:41.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-15 17:40:28.202
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-10 03:16:23.233
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-09 03:47:50.561
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-02 11:58:22.634
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-31 13:05:44.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-19 08:27:46.426
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 44%
Total physical RAM: 8173.23 MB
Available physical RAM: 4558.93 MB
Total Virtual: 9453.23 MB
Available Virtual: 5246.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:293.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B46DEEAD)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Thank you very much for using your time in this matter.

Edit: Tried to correct the post with grammar faults and so on.

Attached Files

FRST.txt 50.07KB 5 downloads
Addition.txt 53.42KB 8 downloads

Edited by Klaive, 25 February 2016 - 01:19 PM.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 HelpBot

Bleepin' Binary Bot

Bots
12,578 posts
OFFLINE

Gender:Male
Local time:08:13 AM

Posted 01 March 2016 - 06:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/606390 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
- Please do this even if you have previously posted logs for us.
- If you were unable to produce the logs originally please try once more.
- If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
Please tell us if you have your original Windows CD/DVD available.
Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

FRST Download Link
When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
Double click on the FRST icon and allow it to run.
Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
Notepad will open with the results.
Post the new logs as explained in the prep guide.
Close the program window, and delete the program from your desktop.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Klaive

Topic Starter

Members
3 posts
OFFLINE

Local time:01:13 PM

Posted 01 March 2016 - 04:26 PM

Hello again, im just replying the HelpBot with the instructions asked.

My Windows Defender detected a Trojan around 6 days, Win/Varpes.J!plock. I deleted instantly without thinking about it. Also checked with MB free, ESET online and Microsoft Security Scan Tools and didn't get a positive. Before the detection,i was having performance issues and my start menu informs me about new installed apps that doesn't appear in them. Also im an user of the Insider program and im obligated to update in the moment i receive the notification. This is not normal, before december i can postpone two or three days the updates. And my Pc name has changed to WIN-NT0RKV234G4 and don't know if is part of the insider program or is a zombienet nomenclature.
Im using a Windows 10 Pro Ver. 1511, comp. 10586.104, x64. Im going to adquire a professional license in the next days and quit the insider program.
I havent a original CD/DVD, i installed the OS ISO using a USB.

Here are the new logs, i paste without the code field:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-03-2016

Ran by valef (administrator) on WIN-NT0RKV234G4 (01-03-2016 22:19:08)

Running from C:\Users\valef\Desktop\FABAR

Loaded Profiles: valef (Available Profiles: valef)

Platform: Windows 10 Pro Version 1511 (X64) Language: Español (España, internacional)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.6741.18061.0_x64__8wekyb3d8bbwe\onenoteim.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-07-07] (Realtek Semiconductor)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM-x32\...\Run: [StereoLinksInstall] => "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1

HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)

HKU\S-1-5-21-2485037238-2132735136-619222508-1001\...\RunOnce: [Uninstall C:\Users\valef\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\valef\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.0.33 80.58.32.97

Tcpip\..\Interfaces\{2072acb3-e58c-4663-9e34-81c23889fb02}: [DhcpNameServer] 80.58.0.33 80.58.32.97

Internet Explorer:

==================

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-17] (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-17] (Oracle Corporation)

FireFox:

========

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-06-25] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-17] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-17] (Oracle Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)

FF Plugin-x32: BYOND -> C:\BYOND\bin\npbyond.dll [2008-07-08] (BYOND)

Chrome:

=======

CHR HomePage: Default -> hxxps://duckduckgo.com/

CHR StartupUrls: Default -> "hxxp://xn--nueva%20pestaa-2nb/"

CHR Profile: C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Script Blocker for Chrome™) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchmnmjneadkakfihibdbepehaflop [2016-02-24]

CHR Extension: (Presentaciones de Google) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-15]

CHR Extension: (Google Docs) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-15]

CHR Extension: (Google Drive) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (YouTube) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]

CHR Extension: (uBlock Origin) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-02-25]

CHR Extension: (Búsqueda de Google) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Hojas de cálculo de Google) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-15]

CHR Extension: (Documentos de Google sin conexión) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]

CHR Extension: (Hokusai's Wave Theme 1920) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphdhdhlleolbgddlhbpiiofonbfijph [2015-08-25]

CHR Extension: (TeX The World for Chromium) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbfninnbhfepghkkcgdnmfmhhbjmhggn [2015-08-10]

CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]

CHR Extension: (Gmail) - C:\Users\valef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)

R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)

S3 Origin Client Service; C:\Origin\OriginClientService.exe [2099720 2015-11-19] (Electronic Arts)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-06-26] (Disc Soft Ltd)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-07-07] (MediaTek Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-23] (Synaptics Incorporated)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-01 22:18 - 2016-03-01 22:19 - 00000000 ____D C:\Users\valef\Desktop\FABAR

2016-03-01 15:36 - 2016-03-01 15:36 - 00000000 ___HD C:\OneDriveTemp

2016-02-29 23:05 - 2016-02-29 23:06 - 03970510 _____ C:\Users\valef\Desktop\1456768889805.webm

2016-02-29 23:00 - 2016-02-29 23:00 - 00903609 _____ C:\Users\valef\Desktop\1456765004808.webm

2016-02-29 22:59 - 2016-02-29 23:00 - 03142332 _____ C:\Users\valef\Desktop\1456763366974.webm

2016-02-29 22:56 - 2016-02-29 22:56 - 01587398 _____ C:\Users\valef\Desktop\1456753896408.webm

2016-02-29 22:51 - 2016-02-29 22:51 - 04122088 _____ C:\Users\valef\Desktop\1456737387392.webm

2016-02-29 22:49 - 2016-02-29 22:49 - 00427001 _____ C:\Users\valef\Desktop\1456734054756.webm

2016-02-29 02:00 - 2016-02-29 02:01 - 417950932 _____ C:\Users\valef\Downloads\WT Silver 1-04 WIN.zip

2016-02-29 01:37 - 2016-02-29 01:38 - 151177354 _____ C:\Users\valef\Downloads\Music Pack.zip

2016-02-26 17:23 - 2016-02-26 17:23 - 00000000 _____ C:\Users\valef\defogger_reenable

2016-02-25 12:25 - 2016-02-26 17:22 - 00050477 _____ C:\Users\valef\Desktop\Defogger.exe

2016-02-25 11:54 - 2016-02-25 11:54 - 02026456 _____ C:\Users\valef\Downloads\dixmlsetup.exe

2016-02-25 11:47 - 2016-03-01 22:19 - 00000000 ____D C:\FRST

2016-02-24 13:03 - 2016-02-24 13:03 - 00001059 _____ C:\Users\valef\Desktop\malwarebytes2422016.txt

2016-02-24 09:59 - 2016-02-24 10:14 - 154752280 _____ (Microsoft Corporation) C:\Users\valef\Downloads\msert.exe

2016-02-24 09:37 - 2016-02-24 09:37 - 00000000 ____D C:\Program Files (x86)\ESET

2016-02-24 09:36 - 2016-02-24 09:37 - 02870984 _____ (ESET) C:\Users\valef\Downloads\esetsmartinstaller_enu.exe

2016-02-24 02:35 - 2016-02-24 03:15 - 54329568 _____ (Microsoft Corporation) C:\Users\valef\Downloads\Windows-KB890830-x64-V5.33.exe

2016-02-24 02:23 - 2016-02-24 02:24 - 22908888 _____ (Malwarebytes ) C:\Users\valef\Downloads\mbam-setup-org-2.2.0.1024.exe

2016-02-23 03:17 - 2016-02-23 04:25 - 00000000 ____D C:\Users\valef\Downloads\Fallout.4.Beta.Update.v1.3.45

2016-02-23 03:17 - 2016-02-23 03:17 - 00032829 _____ C:\Users\valef\Downloads\[kat.cr]fallout.4.beta.update.v1.3.45.torrent

2016-02-23 03:06 - 2016-02-23 03:06 - 00000000 ____D C:\Program Files (x86)\Fallout 4

2016-02-23 03:05 - 2016-02-23 03:05 - 00000000 ____D C:\Users\valef\Downloads\F4Upv1-3-CDX

2016-02-23 02:02 - 2016-02-23 02:50 - 646328303 _____ C:\Users\valef\Downloads\F4Upv1-3-CDX.rar

2016-02-23 00:41 - 2016-02-23 00:41 - 00000000 ____D C:\Users\valef\Desktop\EditSF 1.1.1

2016-02-23 00:41 - 2016-02-23 00:41 - 00000000 ____D C:\Users\valef\AppData\Roaming\EditSF

2016-02-23 00:40 - 2016-02-23 00:40 - 00070039 _____ C:\Users\valef\Desktop\EditSF 1.1.1.zip

2016-02-21 00:44 - 2016-02-21 00:44 - 04132035 _____ C:\Users\valef\Downloads\1455816715952.webm

2016-02-21 00:38 - 2016-02-21 00:38 - 03925753 _____ C:\Users\valef\Downloads\1455147706234.webm

2016-02-17 10:56 - 2016-02-17 10:56 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2016-02-17 10:56 - 2016-02-17 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2016-02-17 10:56 - 2016-02-17 10:56 - 00000000 ____D C:\Program Files (x86)\Java

2016-02-17 10:53 - 2016-02-17 10:53 - 00735328 _____ (Oracle Corporation) C:\Users\valef\Downloads\JavaSetup8u73.exe

2016-02-16 19:54 - 2016-02-16 19:54 - 00000000 ____D C:\Users\valef\AppData\Roaming\NVIDIA

2016-02-16 19:46 - 2016-02-16 19:46 - 00000000 ____D C:\ProgramData\NVIDIA

2016-02-16 19:46 - 2016-02-09 09:25 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll

2016-02-16 19:46 - 2016-02-09 09:25 - 00203320 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll

2016-02-16 19:46 - 2016-02-09 06:29 - 06368824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll

2016-02-16 19:46 - 2016-02-09 06:29 - 02992064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll

2016-02-16 19:46 - 2016-02-09 06:29 - 02561472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll

2016-02-16 19:46 - 2016-02-09 06:29 - 01263040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe

2016-02-16 19:46 - 2016-02-09 06:29 - 00530368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll

2016-02-16 19:46 - 2016-02-09 06:29 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll

2016-02-16 19:46 - 2016-02-09 06:29 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll

2016-02-16 19:46 - 2016-02-09 06:29 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll

2016-02-16 19:46 - 2016-02-06 15:58 - 06154909 _____ C:\WINDOWS\system32\nvcoproc.bin

2016-02-16 19:45 - 2016-02-11 18:27 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll

2016-02-16 19:45 - 2016-02-11 18:27 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys

2016-02-16 19:45 - 2016-02-11 18:27 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll

2016-02-16 19:45 - 2016-02-10 07:27 - 12478528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys

2016-02-16 19:45 - 2016-02-09 09:25 - 42983480 _____ C:\WINDOWS\system32\nvcompiler.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 37616184 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 31119296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 24944064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 21201784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 20741880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 19779648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 17631304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 17224664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 17175248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 17116936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 14115136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 03649576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 03231544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 02541504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 02187712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436191.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436191.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00950328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00882232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00786688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00745408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00689600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00541000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00445728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00383424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00378968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00317144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00175368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00153392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll

2016-02-16 19:45 - 2016-02-09 09:25 - 00035832 _____ C:\WINDOWS\system32\nvinfo.pb

2016-02-16 19:00 - 2016-02-16 19:00 - 00000000 ____D C:\Users\valef\AppData\Roaming\The Creative Assembly

2016-02-16 18:27 - 2016-02-16 18:28 - 01435112 _____ C:\Users\valef\Desktop\u0qPkbw.webm

2016-02-15 02:17 - 2016-02-15 02:17 - 12417965 _____ C:\Users\valef\Desktop\TesisdeMTH.pdf

2016-02-10 03:24 - 2016-02-10 03:25 - 03796132 _____ C:\Users\valef\Downloads\1455066864985.webm

2016-02-10 03:24 - 2016-02-10 03:24 - 03902688 _____ C:\Users\valef\Downloads\1455066926809.webm

2016-02-10 00:39 - 2016-01-29 07:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2016-02-10 00:39 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2016-02-10 00:39 - 2016-01-27 07:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2016-02-10 00:39 - 2016-01-27 07:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2016-02-10 00:39 - 2016-01-27 07:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-02-10 00:39 - 2016-01-27 07:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2016-02-10 00:39 - 2016-01-27 07:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2016-02-10 00:39 - 2016-01-27 06:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe

2016-02-10 00:39 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2016-02-10 00:39 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll

2016-02-10 00:39 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll

2016-02-10 00:39 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2016-02-10 00:39 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2016-02-10 00:39 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe

2016-02-10 00:39 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2016-02-10 00:39 - 2016-01-27 06:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll

2016-02-10 00:39 - 2016-01-27 06:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll

2016-02-10 00:39 - 2016-01-27 06:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2016-02-10 00:39 - 2016-01-27 06:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2016-02-10 00:39 - 2016-01-27 06:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2016-02-10 00:39 - 2016-01-27 06:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe

2016-02-10 00:39 - 2016-01-27 06:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2016-02-10 00:39 - 2016-01-27 06:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2016-02-10 00:39 - 2016-01-27 06:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2016-02-10 00:39 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll

2016-02-10 00:39 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll

2016-02-10 00:39 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll

2016-02-10 00:39 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2016-02-10 00:39 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll

2016-02-10 00:39 - 2016-01-27 06:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2016-02-10 00:39 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll

2016-02-10 00:39 - 2016-01-27 06:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll

2016-02-10 00:39 - 2016-01-27 06:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll

2016-02-10 00:39 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll

2016-02-10 00:39 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-02-10 00:39 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2016-02-10 00:39 - 2016-01-27 06:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll

2016-02-10 00:39 - 2016-01-27 06:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2016-02-10 00:39 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2016-02-10 00:39 - 2016-01-27 06:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll

2016-02-10 00:39 - 2016-01-27 06:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll

2016-02-10 00:39 - 2016-01-27 06:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll

2016-02-10 00:39 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2016-02-10 00:39 - 2016-01-27 05:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll

2016-02-10 00:39 - 2016-01-27 05:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2016-02-10 00:39 - 2016-01-27 05:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2016-02-10 00:39 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-02-10 00:39 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2016-02-10 00:39 - 2016-01-27 05:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-02-10 00:39 - 2016-01-27 05:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2016-02-10 00:39 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-02-10 00:39 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-02-10 00:39 - 2016-01-27 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

2016-02-10 00:39 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2016-02-10 00:39 - 2016-01-27 05:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-02-10 00:39 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll

2016-02-10 00:39 - 2016-01-27 05:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2016-02-10 00:39 - 2016-01-27 05:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2016-02-10 00:39 - 2016-01-27 05:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2016-02-10 00:39 - 2016-01-27 05:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2016-02-10 00:39 - 2016-01-27 05:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-02-10 00:39 - 2016-01-27 05:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2016-02-10 00:39 - 2016-01-27 05:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-02-10 00:39 - 2016-01-27 05:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll

2016-02-10 00:39 - 2016-01-27 05:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll

2016-02-08 17:36 - 2016-02-08 17:36 - 03850301 _____ C:\Users\valef\Downloads\1454731201215.webm

2016-02-08 11:49 - 2016-02-08 11:49 - 00007840 _____ C:\Users\valef\Downloads\RU9mqoc.gifv

2016-02-08 05:05 - 2016-02-08 05:05 - 00000000 ____D C:\Users\valef\Downloads\Sexy Pattycake - My Secret Stash 1

2016-02-07 03:36 - 2016-02-07 03:36 - 00000000 ____D C:\WINDOWS\46ED2B6485C74E1F920CA555B21F2E4C.TMP

2016-02-06 04:56 - 2016-02-06 04:57 - 02710541 _____ C:\Users\valef\Downloads\1454729265590.webm

2016-02-06 04:56 - 2016-02-06 04:56 - 02921944 _____ C:\Users\valef\Downloads\1454728684446.webm

2016-02-06 04:56 - 2016-02-06 04:56 - 01619928 _____ C:\Users\valef\Downloads\1454728918013.webm

2016-02-06 04:55 - 2016-02-06 04:55 - 01774652 _____ C:\Users\valef\Downloads\1454728042988.webm

2016-02-06 04:54 - 2016-02-06 04:54 - 02973126 _____ C:\Users\valef\Downloads\1454727191644.webm

2016-02-06 04:54 - 2016-02-06 04:54 - 02675663 _____ C:\Users\valef\Downloads\1454727298034.webm

2016-02-06 04:53 - 2016-02-06 04:53 - 03129167 _____ C:\Users\valef\Downloads\1454727123661.webm

2016-02-06 04:52 - 2016-02-06 04:53 - 03063262 _____ C:\Users\valef\Downloads\1454726953826.webm

2016-02-06 04:51 - 2016-02-06 04:51 - 03141804 _____ C:\Users\valef\Downloads\1454726784120.webm

2016-02-06 04:49 - 2016-02-06 04:49 - 03087930 _____ C:\Users\valef\Downloads\1454725972315.webm

2016-02-06 04:48 - 2016-02-06 04:48 - 03048535 _____ C:\Users\valef\Downloads\1454724060925.webm

2016-02-06 04:44 - 2016-02-06 04:44 - 03000742 _____ C:\Users\valef\Downloads\1454723544159.webm

2016-02-05 16:11 - 2016-02-05 16:11 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2016-02-04 22:25 - 2016-02-04 22:25 - 00004833 _____ C:\Users\valef\Downloads\[kat.cr]private.sex.magazine.37.38.torrent

2016-02-03 18:06 - 2016-02-03 18:06 - 00010109 _____ C:\Users\valef\Downloads\subs_srt_L01-5.srt

2016-02-03 14:11 - 2016-02-03 14:11 - 00829359 _____ C:\Users\valef\Downloads\1454367583527.webm

2016-02-02 18:49 - 2016-02-02 18:49 - 03100335 _____ C:\Users\valef\Downloads\1454298639906.webm

2016-02-02 13:17 - 2016-02-02 13:17 - 00000000 ____D C:\Users\valef\Downloads\EU IV - Update - 1.15.0 - 1.15.1 [RezMar]

2016-02-02 13:04 - 2016-02-02 13:07 - 25263068 _____ C:\Users\valef\Downloads\EU IV - Update - 1.15.0 - 1.15.1 [RezMar].rar

2016-02-02 11:15 - 2016-02-02 11:19 - 00000000 ____D C:\Users\valef\Downloads\EU IV - Update - 1.14.4 - 1.15.0 [RezMar]

2016-02-02 11:04 - 2016-02-02 11:13 - 00000000 ____D C:\Users\valef\Downloads\EU IV - Update - 1.14.3 - 1.14.4 [RezMar]

2016-02-02 11:00 - 2016-02-02 11:00 - 00009141 _____ C:\Users\valef\Downloads\[kat.cr]europa.universalis.iv.eu.4.hotfix.1.14.3.to.1.14.4.rezmar.torrent

2016-02-02 10:57 - 2016-02-02 11:03 - 00000000 ____D C:\Users\valef\Downloads\EU IV - Update - 1.14.0 - 1.14.3 [RezMar]

2016-02-02 10:35 - 2016-02-02 10:38 - 16933971 _____ (The qBittorrent project) C:\Users\valef\Downloads\qbittorrent_3.3.3_setup.exe

2016-02-02 10:35 - 2016-02-02 10:35 - 00019723 _____ C:\Users\valef\Downloads\[kat.cr]europa.universalis.iv.eu.4.hotfix.1.14.0.to.1.14.3.rezmar.torrent

2016-02-01 16:33 - 2016-02-01 16:33 - 00004563 _____ C:\Users\valef\Downloads\subs_srt_Course_overview1.srt

2016-02-01 14:05 - 2016-02-01 14:05 - 03039858 _____ C:\Users\valef\Downloads\ADA215572.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-01 21:48 - 2015-07-25 12:36 - 00004218 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FD16DF48-49CA-4F12-887F-C388339C1090}

2016-03-01 21:41 - 2015-07-15 12:09 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-03-01 20:28 - 2015-06-24 03:59 - 00000000 ____D C:\Program Files (x86)\Steam

2016-03-01 18:34 - 2015-06-25 01:01 - 00000000 ____D C:\Users\valef\AppData\Local\ElevatedDiagnostics

2016-03-01 15:38 - 2015-06-24 03:59 - 00000000 ____D C:\Users\valef\AppData\Local\ActiveSync

2016-03-01 15:36 - 2015-07-15 12:09 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-03-01 15:36 - 2015-06-24 03:49 - 00000000 ___RD C:\Users\valef\OneDrive

2016-03-01 01:07 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF

2016-02-28 02:32 - 2015-10-31 08:42 - 00000000 ____D C:\Users\valef\AppData\Roaming\Battle.net

2016-02-28 02:32 - 2015-10-31 08:42 - 00000000 ____D C:\Users\valef\AppData\Local\Battle.net

2016-02-28 02:32 - 2015-10-31 08:39 - 00000000 ____D C:\Program Files (x86)\Battle.net

2016-02-28 02:32 - 2015-10-31 08:31 - 00000000 ____D C:\ProgramData\Battle.net

2016-02-27 19:38 - 2016-01-26 21:14 - 00000000 ____D C:\Users\valef\AppData\Local\CrashDumps

2016-02-27 18:24 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-02-26 23:36 - 2015-10-06 20:30 - 00000000 ____D C:\Users\valef\AppData\Local\Frontier_Developments

2016-02-26 17:35 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-02-26 17:23 - 2015-11-15 16:40 - 00000000 ____D C:\Users\valef

2016-02-25 22:40 - 2016-01-27 20:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-02-25 14:56 - 2015-08-15 23:34 - 00000000 ____D C:\Users\valef\AppData\Roaming\Sword of the Stars - The Pit

2016-02-24 03:16 - 2015-06-24 05:14 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-02-24 02:25 - 2015-06-24 03:48 - 00000000 ____D C:\Users\valef\AppData\Local\Packages

2016-02-23 03:11 - 2015-06-24 04:14 - 00000000 ____D C:\Users\valef\AppData\Local\NVIDIA

2016-02-23 03:10 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF

2016-02-23 03:10 - 2015-06-24 04:14 - 00000000 ____D C:\Users\valef\AppData\Local\NVIDIA Corporation

2016-02-20 01:42 - 2015-07-15 12:12 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-02-17 10:57 - 2015-12-22 15:31 - 00000000 ____D C:\ProgramData\Oracle

2016-02-17 09:59 - 2015-12-22 15:32 - 00000000 ____D C:\Users\valef\.oracle_jre_usage

2016-02-17 07:40 - 2015-12-01 10:57 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll

2016-02-17 07:40 - 2015-06-24 04:13 - 01903344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll

2016-02-17 07:40 - 2015-06-24 04:13 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll

2016-02-17 07:40 - 2015-06-24 04:13 - 01571624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll

2016-02-17 07:40 - 2015-06-24 04:13 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll

2016-02-16 19:46 - 2015-11-15 16:37 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2016-02-16 19:46 - 2015-11-15 16:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2016-02-16 19:46 - 2015-11-15 16:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2016-02-16 19:46 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Help

2016-02-16 02:25 - 2015-11-02 05:56 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm

2016-02-12 21:20 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache

2016-02-11 17:32 - 2015-06-24 03:49 - 00002395 _____ C:\Users\valef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-02-10 17:09 - 2015-10-30 19:59 - 00820540 _____ C:\WINDOWS\system32\perfh00A.dat

2016-02-10 17:09 - 2015-10-30 19:59 - 00161168 _____ C:\WINDOWS\system32\perfc00A.dat

2016-02-10 17:09 - 2015-06-24 03:47 - 01849776 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-02-10 17:05 - 2015-06-24 03:48 - 00000000 __RHD C:\Users\Public\AccountPictures

2016-02-10 17:03 - 2015-11-15 16:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-02-10 03:54 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2016-02-10 03:53 - 2015-10-30 20:02 - 00000000 ____D C:\Program Files\Windows Journal

2016-02-10 02:36 - 2015-07-15 12:09 - 00004198 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2016-02-10 02:36 - 2015-07-15 12:09 - 00003966 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2016-02-10 02:16 - 2015-06-24 05:14 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-02-10 02:14 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-02-07 03:36 - 2015-06-24 12:51 - 00000000 ____D C:\Users\valef\Documents\My Games

2016-02-05 22:18 - 2015-12-04 21:27 - 00000000 ____D C:\Users\valef\Documents\BYOND

2016-02-03 20:01 - 2015-10-30 08:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2016-02-03 20:01 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-06-26 09:53 - 2015-06-26 09:53 - 0007606 _____ () C:\Users\valef\AppData\Local\Resmon.ResmonCfg

2015-11-15 16:36 - 2015-11-15 16:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:

====================

C:\Users\valef\AppData\Local\Temp\jre-8u71-windows-au.exe

C:\Users\valef\AppData\Local\Temp\jre-8u73-windows-au.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-21 19:26

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-03-2016

Ran by valef (2016-03-01 22:19:26)

Running from C:\Users\valef\Desktop\FABAR

Windows 10 Pro Version 1511 (X64) (2015-11-15 16:01:51)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrador (S-1-5-21-2485037238-2132735136-619222508-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-2485037238-2132735136-619222508-503 - Limited - Disabled)

Invitado (S-1-5-21-2485037238-2132735136-619222508-501 - Limited - Disabled)

valef (S-1-5-21-2485037238-2132735136-619222508-1001 - Administrator - Enabled) => C:\Users\valef

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actualización de NVIDIA 2.10.2.40 (Version: 2.10.2.40 - NVIDIA Corporation) Hidden

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

BYOND (HKLM-x32\...\BYOND) (Version: 509.1317 - BYOND)

Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)

Darkest Dungeon (HKLM-x32\...\Steam App 262060) (Version: - Red Hook Studios)

Dead Island (HKLM-x32\...\Steam App 91310) (Version: - Techland)

Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version: - Techland)

Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal)

Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version: - Splash Damage®)

Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)

Distant Worlds Universe (HKLM-x32\...\Distant Worlds Universe_is1) (Version: - )

Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)

Dungeon of the Endless (HKLM-x32\...\Steam App 249050) (Version: - AMPLITUDE Studios)

Elite Dangerous Launcher version 0.4.4084.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.4084.0 - Frontier Developments)

Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version: - Frontier Developments)

Endless Legend (HKLM-x32\...\Steam App 289130) (Version: - AMPLITUDE Studios)

Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

Europa Universalis IV versión 1.14.0 (HKLM-x32\...\{A0A05CBD-5A83-45E4-B90E-7ED2F9C74404}_is1) (Version: 1.14.0 - Paradox Interactive)

Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )

Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)

FarCry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)

Galactic Civilizations III (HKLM-x32\...\Steam App 226860) (Version: - Stardock Entertainment)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

HELLDIVERS™ (HKLM-x32\...\Steam App 394510) (Version: - Arrowhead Game Studios)

Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)

Homeworld Remastered Collection (HKLM-x32\...\Steam App 244160) (Version: - Gearbox Software)

Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)

Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version: - Tripwire Interactive)

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)

League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)

NVIDIA Controlador de audio HD 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)

NVIDIA Controlador de gráficos 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.91 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)

NVIDIA Software del sistema PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.10.2.4863 - Electronic Arts, Inc.)

Panel de control de NVIDIA 361.91 (Version: 361.91 - NVIDIA Corporation) Hidden

Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)

Planetary Annihilation: TITANS (HKLM-x32\...\Steam App 386070) (Version: - Uber Entertainment)

PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Daybreak Games)

PlanetSide 2 (HKU\S-1-5-21-2485037238-2132735136-619222508-1001\...\DG0-PlanetSide 2) (Version: - Sony Online Entertainment)

Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)

S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version: - GSC Game World)

Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)

Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version: - Harebrained Schemes)

Shadowrun: Hong Kong (HKLM-x32\...\Steam App 346940) (Version: - Harebrained Schemes)

SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden

Sid Meiers Civilization Beyond Earth versión 1.1.0.1043 (HKLM-x32\...\{C6F9A429-5D1A-4FF8-A446-EA1E7880B5E6}_is1) (Version: 1.1.0.1043 - 2K Games)

Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version: - Ironclad Games)

Skyrim Creation Kit (HKLM-x32\...\Steam App 202480) (Version: - bgs.bethsoft.com)

Space Engineers (HKLM-x32\...\Steam App 244850) (Version: - Keen Software House)

Starbound (HKLM-x32\...\Steam App 211820) (Version: - )

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Sword of the Stars: The Pit (HKLM-x32\...\Steam App 233700) (Version: - Kerberos Productions Inc.)

Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)

The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD PROJEKT RED)

Total War: ATTILA (HKLM-x32\...\Steam App 325610) (Version: - Creative Assembly)

Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)

Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)

Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)

Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM-x32\...\Steam App 4570) (Version: - Relic Entertainment)

Warhammer 40,000: Dawn of War – Soulstorm (HKLM-x32\...\Steam App 9450) (Version: - Relic Entertainment)

Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version: - Relic Entertainment)

Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic Entertainment)

Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic Entertainment)

WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2485037238-2132735136-619222508-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\valef\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {69C6D62E-4EBF-4062-867C-36A1F4074038} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-15] (Google Inc.)

Task: {9BF5F060-E277-4168-A4FE-4D262C96DE3A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-24] (Microsoft Corporation)

Task: {C2ADDC89-9689-40DA-8FD7-0BB35063566D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-15] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-02-23 03:10 - 2016-02-17 07:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll

2016-01-21 03:51 - 2016-02-17 07:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll

2016-02-23 03:10 - 2016-02-17 07:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2016-02-16 19:46 - 2016-02-09 06:29 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-12-03 22:40 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2015-12-03 22:40 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2015-12-18 10:00 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll

2015-12-18 10:00 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2015-12-18 10:00 - 2015-12-07 05:00 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll

2016-01-13 18:20 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2016-01-13 18:20 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-01-28 08:48 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2016-01-28 08:48 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2016-02-05 12:34 - 2016-02-05 12:38 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

2016-02-05 12:34 - 2016-02-05 12:38 - 14869504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll

2015-11-20 10:45 - 2015-11-20 10:48 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll

2016-01-28 08:49 - 2016-01-28 08:53 - 00618688 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.6741.18061.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll

2016-02-20 15:13 - 2016-02-20 15:16 - 00136384 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.6741.18061.0_x64__8wekyb3d8bbwe\textinputdriver.dll

2015-06-24 04:13 - 2016-02-17 08:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2016-02-20 01:42 - 2016-02-18 05:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll

2016-02-20 01:42 - 2016-02-18 05:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll

2016-02-20 01:42 - 2016-02-18 05:15 - 16808600 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll

2015-06-24 04:07 - 2015-12-15 06:54 - 00782336 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2015-06-24 04:07 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll

2015-06-24 04:07 - 2016-02-04 22:02 - 02546768 _____ () C:\Program Files (x86)\Steam\video.dll

2015-06-24 04:07 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2015-06-24 04:07 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2015-06-24 04:07 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2015-06-24 04:07 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2015-06-24 04:07 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2015-06-24 04:07 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2015-06-24 04:07 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2015-06-24 04:07 - 2016-02-04 22:01 - 00802896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2015-07-22 10:36 - 2015-12-30 02:51 - 00208896 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll

2015-06-24 04:07 - 2016-01-06 02:52 - 48387872 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2015-06-24 04:07 - 2015-09-25 00:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-05-23 14:06 - 2015-05-23 14:04 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2485037238-2132735136-619222508-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\valef\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{eb98010f-7872-4239-ac52-beba49927a6f}.jpg

DNS Servers: 80.58.0.33 - 80.58.32.97

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [UDP Query User{4ED7D3E2-E9B8-4464-8568-9BEA118B2733}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe

FirewallRules: [TCP Query User{83B124E0-8DE9-4613-8476-A6C21FBD630B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe

FirewallRules: [{999D7C9B-860B-45E4-9E31-AD4CA259760C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galactic Civilizations III\GalCiv3.exe

FirewallRules: [{CDFD49EA-248F-4378-BFEB-29D6A6BCF76E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galactic Civilizations III\GalCiv3.exe

FirewallRules: [UDP Query User{9A705881-A7B1-4811-AAB0-45AC66B1CDAA}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe

FirewallRules: [TCP Query User{DFCACBCD-D3E9-4B76-9C38-E63AE93C5551}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe

FirewallRules: [{B384515B-C1E7-4975-BE0E-242947ECBEA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe

FirewallRules: [{9FBB22BC-1EA9-4665-8BAE-C9CC16BB9DEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe

FirewallRules: [{201335B9-31D8-4B53-B11E-C2174F27605C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Gold\W40k.exe

FirewallRules: [{1F25D89A-A623-4295-A869-56BB6A8F078A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Gold\W40k.exe

FirewallRules: [{13655368-C09B-42C4-B3E5-EFE423C9E977}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe

FirewallRules: [{A2E4AAE1-51EA-426D-A503-B13B7B0E497A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe

FirewallRules: [UDP Query User{A449BB2E-0160-4078-8570-5832D4D17F9E}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe

FirewallRules: [TCP Query User{FB44C6CD-975D-44BB-9D8E-74BA43AAE588}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe

FirewallRules: [{DF635299-B26C-40AB-89FC-3688FBDCC8EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe

FirewallRules: [{87667BC0-60A5-4484-BFA1-2E725BB09FF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe

FirewallRules: [{B3772844-862C-466D-8D8C-CB058AA33C3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe

FirewallRules: [{DDF905C8-5D5F-4EFC-9589-6550B524E6D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe

FirewallRules: [{E1F329CF-E53D-4B95-8546-DD2D64144F0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe

FirewallRules: [{D0380437-97FB-4C4A-87B5-C9C6FB558AB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe

FirewallRules: [{A2648FFC-30C2-4CEA-A653-B7C23D436AE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe

FirewallRules: [{13EBD9D0-E9F5-4E63-B2A7-D66FD2EB9C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe

FirewallRules: [{A1EDB514-9F56-4F2B-ACC2-6114D6AAF4BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\server.exe

FirewallRules: [{01546AE4-CB65-4EEF-8E69-5856142AD766}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\server.exe

FirewallRules: [{096C6448-3931-4300-8534-4157D97BB96D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe

FirewallRules: [{A30F1F7B-C84C-4A1E-B5A3-C2E0F1EADBBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe

FirewallRules: [{9B094334-FAEC-41A9-BF70-554555BF6E48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe

FirewallRules: [{25788ED5-7E3A-414F-920E-7E458997FA06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe

FirewallRules: [{01238967-52D9-4EDB-8122-2554A0D1BF5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe

FirewallRules: [{4F8A6ECC-50D1-400B-8904-A0F27F0C96D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe

FirewallRules: [{F37880E1-8CBE-46A3-8DE7-64C95762EFEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe

FirewallRules: [{1F308916-0F11-44BA-930D-29CCE7CF0631}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe

FirewallRules: [{A1841230-4C74-4C51-B1A3-8EADFC354C96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\PA.exe

FirewallRules: [{B9AEF37B-B802-4761-AA07-EF26EA9E50FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\PA.exe

FirewallRules: [{0D4EC622-1EF9-4F87-A75A-010E940D4F9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\PA.exe

FirewallRules: [{D08FD009-E773-4E41-B84F-D77D1A37162A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\PA.exe

FirewallRules: [{FA0816E6-A41C-48D3-BBB1-CE5898052259}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe

FirewallRules: [{67696F68-9BD4-4DAE-96DB-2793B3282824}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe

FirewallRules: [{8A90F07F-CCFB-4AA7-98D1-7D844C905108}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe

FirewallRules: [{45CB51E2-6042-46E0-9BF0-59CD394BECD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe

FirewallRules: [{B8C14D5C-DDA8-4408-BEB0-2B410915BB83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe

FirewallRules: [{4DCCD645-EFFE-4EB2-8F95-8CF9386FF547}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe

FirewallRules: [{63F0FAB6-300F-42DC-AC3F-64F9748BFEAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe

FirewallRules: [{6A279BE1-D416-48B4-BF53-B1FD1AD493E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe

FirewallRules: [{DC2956EC-F623-475B-A2C7-33992F9BBC50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{74FE0410-EF9C-427C-AAEF-C2963FADD5D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{45D57C51-1B91-46A5-BD44-EBB9223AB0D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{084FE2B4-FEB1-4ACB-86A1-EE35680BD679}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{CA93B535-7217-455B-B490-C8FE52D84F40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{9F0B0119-76CD-4A74-B282-7EC949282562}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe

FirewallRules: [{7F61906F-7508-4E82-9AF4-0291F3DAED42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe

FirewallRules: [{63CA08DF-0218-471C-B6A9-36FACBD6918B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe

FirewallRules: [{02DA2688-DF58-4508-9D80-C78AB8DD75FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe

FirewallRules: [{5875E45D-77D0-4B8D-BA4B-A53305CAEEBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe

FirewallRules: [{FB446CEF-0823-41F9-8634-B15E5420D224}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe

FirewallRules: [{64DE4006-9899-4293-B74B-DB80D0B46D79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe

FirewallRules: [{3D5DD773-9074-4783-9129-E4514832344B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe

FirewallRules: [{3B6AFA3F-1CBF-4884-8C54-B5AC88549E20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe

FirewallRules: [{1D4ACE6C-5BDF-44FA-A4F3-0A78FDE0131D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe

FirewallRules: [{5974D33C-CF55-457D-9C6C-618F251A4110}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe

FirewallRules: [{8B374F2D-8CA1-422B-850D-5955E7FA3DA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe

FirewallRules: [{6B056832-C502-40FC-82CD-7EDCC8698795}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe

FirewallRules: [{C4A21B6D-10B1-4130-BD7E-B6B21F506E2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe

FirewallRules: [UDP Query User{72BC8FDA-5867-4973-B4CD-9D2D79E17A93}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe

FirewallRules: [TCP Query User{FBD29DEA-0F37-4E32-8B8F-1C0A28DCB0B9}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe

FirewallRules: [{34D1D806-CF77-4F28-A522-D71B0AE0C8F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe

FirewallRules: [{C1610212-81EF-4F2F-B655-1351D2E5E2CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe

FirewallRules: [{886B4E94-5A2D-4BEC-A0AD-DED3885E356F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe

FirewallRules: [{8FD9E352-7BF4-4372-81F9-3E237DB130EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe

FirewallRules: [{2D2E6E4B-21ED-4A17-9501-59A10F33C67B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe

FirewallRules: [{E6B88C19-D0C6-47B7-9138-835815198246}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe

FirewallRules: [{99FB703E-56C2-4375-BD82-A81D2D512F8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe

FirewallRules: [{ADA11AE8-0C48-414A-9486-DD2A1591DCF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe

FirewallRules: [{B3DD27A4-D47F-4D86-ADD4-EE7AE046A173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe

FirewallRules: [{F75EB109-2614-4B6A-807D-D2633E008070}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe

FirewallRules: [{BEF1C8D7-5AA3-4062-AC40-52A9E044B631}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe

FirewallRules: [{2FB0671A-D540-4DC1-B708-895FEE95EBD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe

FirewallRules: [{39BDDFC7-5152-4709-A28C-00C1E86BD896}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe

FirewallRules: [{B21A61DC-561C-4999-8F14-04E1ED320B51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe

FirewallRules: [{8DDA24FF-620F-4F99-9560-F0D276493245}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{3FD3DF3F-1E77-40A1-B683-A3FC1BAF55AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{0BFB4978-FA6A-41BD-BF95-963EE9F61FA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe

FirewallRules: [{BECA1E08-61B8-4CB8-91C1-518EB676AD8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe

FirewallRules: [{AFCFB756-6E83-4F18-B3B3-D0D3392E732F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe

FirewallRules: [{CB160B27-CCFC-4D0C-A471-0738230FF127}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe

FirewallRules: [{FABB1639-73E9-4846-A39A-7184C6961F86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe

FirewallRules: [{5888E594-067B-4B94-A0A8-072D3138DEFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe

FirewallRules: [{34F7AB0C-E5C7-46D4-843A-CD1A809DBC03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe

FirewallRules: [{9A6D1AB7-8BDC-4E10-B324-600C5974EDEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe

FirewallRules: [{2C8E9238-5888-4C55-9C99-85D28E9DFDD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{E0F9F3E7-D90B-45E4-ADEB-65A4A9236510}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{E6869F41-B4C5-4D87-A209-B4E7801706F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Pit\ThePit.exe

FirewallRules: [{4962B854-D464-4EBD-88F2-43D52351490A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Pit\ThePit.exe

FirewallRules: [{D66799BF-34F6-4AB0-AC93-9533F47ED43A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{66969B60-6230-4264-9246-D194CF7A00AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{D29FE9F9-F694-4B07-87A3-8859F9294E20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe

FirewallRules: [{F0248417-41C2-48B3-90DC-89ACFF0E2790}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe

FirewallRules: [{AE5E464D-AF0A-48CD-B4E3-0B3CEFEE3117}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe

FirewallRules: [{D3AE87BE-154C-4DD3-B3FB-1F86CD695CBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe

FirewallRules: [{5B1F1A37-3D8C-432E-A2DB-C78F0E45474D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe

FirewallRules: [{AF23AD81-E30A-43C0-89FD-7F0C56A78FF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe

FirewallRules: [{71FCADD9-9CB1-4CEC-A15E-44E0BE3FAC40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe

FirewallRules: [{CC3BB7C2-A2B8-4316-A7A4-B420FE65DCC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe

FirewallRules: [{F467DF0A-925A-4BDE-9A93-DDF4F6FD5562}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe

FirewallRules: [{3494B3DA-8862-4BB6-B157-EBF85DE4569D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe

FirewallRules: [{AD4FED91-2789-44DB-A858-83785613F49F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{B0495C78-79DA-4B2A-9D6C-A7BB66FCE022}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{4CB43DB9-6D8A-42CE-BB08-A74091B868F9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{FC353234-7CFD-49FC-BC29-1EC0906C21EB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{E25918CC-0FBF-48E3-AC2C-1DE1739F7AF5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{5A3C8BE3-A018-4F95-A83D-38A91F3A57AC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [TCP Query User{1A8DADC4-D3D0-4970-A4FD-1B92A1AA258A}C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{70C210AC-BE41-4425-A2F0-D5A639649156}C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe

FirewallRules: [{9D21BA9F-9D67-46B3-B514-9564B1059E07}] => (Allow) C:\Ubisoft\FarCry 4\bin\FarCry4.exe

FirewallRules: [{759857E6-10BA-4011-96E2-41CD49E796D6}] => (Allow) C:\Ubisoft\FarCry 4\bin\FarCry4.exe

FirewallRules: [{D1A0B253-0588-4F17-8375-82F2EAAB538F}] => (Allow) C:\Ubisoft\FarCry 4\bin\IGE_WPF64.exe

FirewallRules: [{779579DC-6D5A-4228-9F2F-5E40570EA9B5}] => (Allow) C:\Ubisoft\FarCry 4\bin\IGE_WPF64.exe

FirewallRules: [TCP Query User{3A716901-5565-4A34-BA9F-E8B2D5E96AD8}C:\byond\bin\byond.exe] => (Allow) C:\byond\bin\byond.exe

FirewallRules: [UDP Query User{1F50F459-6ED6-4988-8008-91556B683C27}C:\byond\bin\byond.exe] => (Allow) C:\byond\bin\byond.exe

FirewallRules: [{0C1A17AD-18C5-4C51-9D9A-67B50ECC3F6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x64\helldivers.exe

FirewallRules: [{A6C05723-8FFE-4631-A5BE-976945CCE903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x64\helldivers.exe

FirewallRules: [{DB100430-D647-41F3-BFD3-E46A486373CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x86\helldivers.exe

FirewallRules: [{4E2598AB-7586-450E-BFE0-FBDCE2E7AFDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x86\helldivers.exe

FirewallRules: [{79E3A945-7B72-470B-ABD7-40A8747D737F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe

FirewallRules: [{92D9413F-A6CE-4893-959C-384AAE2E16C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe

FirewallRules: [{A3C57C4C-A81C-417A-A2AD-3DA6657AFD81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe

FirewallRules: [{797EFC26-6C74-406A-AB73-CBB7F1B23CFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe

FirewallRules: [{05C38A57-9390-45C8-8DB4-6EDF515D9FEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe

FirewallRules: [{19B08ABD-D1B5-44AD-870B-F0ECA63CDCB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe

FirewallRules: [{B24BD49A-B46A-49AB-A1C7-E2BA55E51D2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War 2\DOW2.exe

FirewallRules: [{62CA18B3-04D2-4CB7-A428-66D5221CF2B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War 2\DOW2.exe

FirewallRules: [{EE7080CC-114C-48E2-8A33-5323C14782DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe

FirewallRules: [{FC772AFA-4D8E-4AD5-AA1D-21B0FB282782}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe

FirewallRules: [{1C59ED49-2974-4754-891F-882810B2A823}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe

FirewallRules: [{63E9F725-2E53-4D93-AA4C-FD4BBE4FF147}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe

FirewallRules: [{2B8C4ED1-0077-46A9-8DB1-A05D16A58CFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe

FirewallRules: [{F39051DE-3E82-4C53-AA83-723A87D8AB00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe

FirewallRules: [{F05A191D-067C-45B7-AA82-8B204025D434}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe

FirewallRules: [{353532CF-5385-40AF-B9BD-0B41B48BB55D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe

FirewallRules: [TCP Query User{9DB1D628-28F2-42BC-A759-7D790F282862}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe

FirewallRules: [UDP Query User{A72AE89C-9843-407D-BDAD-F00B55DA1D34}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe

FirewallRules: [{6001E138-4A34-45C7-BADC-7F90DBC9BAF2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{DB5600EA-5A4F-49A5-A4CB-13B022A378A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe

FirewallRules: [{A3FB740A-57A9-4B04-B917-D2D02D2EEF55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe

FirewallRules: [{9698D05D-5FB6-4E35-B3AC-675FA5C634D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe

FirewallRules: [{1E0EDC86-BBC4-40D2-9468-A9FC137B741C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe

FirewallRules: [{5BAC9B28-2691-4557-A35A-BCD5ED78CBF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe

FirewallRules: [{8D69F691-F9CE-430F-9DDD-39B7D5037B1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe

FirewallRules: [{C6E5C8F4-EE74-4578-B3E1-39645386649C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe

FirewallRules: [{FB662EED-8B59-4F1B-9946-4810A8A652F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe

==================== Restore Points =========================

16-02-2016 18:50:23 Se ha instalado DirectX

28-02-2016 22:38:06 Punto de control programado

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (02/28/2016 10:38:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:

AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:

Acceso denegado.

Error: (02/28/2016 09:51:54 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (02/27/2016 07:34:28 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nombre de la aplicación con errores: attila.exe, versión: 1.6.0.0, marca de tiempo: 0x56ca6e96

Nombre del módulo con errores: Attila.dll, versión: 1.6.0.0, marca de tiempo: 0x56ca7388

Código de excepción: 0xc0000005

Desplazamiento de errores: 0x00d13030

Identificador del proceso con errores: 0x22bc

Hora de inicio de la aplicación con errores: 0xattila.exe0

Ruta de acceso de la aplicación con errores: attila.exe1

Ruta de acceso del módulo con errores: attila.exe2

Identificador del informe: attila.exe3

Nombre completo del paquete con errores: attila.exe4

Identificador de aplicación relativa del paquete con errores: attila.exe5

Error: (02/26/2016 11:29:34 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Error al generar el contexto de activación para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Error en el archivo de manifiesto o directiva "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" en la línea C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (02/26/2016 03:40:12 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nombre de la aplicación con errores: attila.exe, versión: 1.6.0.0, marca de tiempo: 0x56ca6e96

Nombre del módulo con errores: Attila.dll, versión: 1.6.0.0, marca de tiempo: 0x56ca7388

Código de excepción: 0xc0000005

Desplazamiento de errores: 0x00d13030

Identificador del proceso con errores: 0x1d10

Hora de inicio de la aplicación con errores: 0xattila.exe0

Ruta de acceso de la aplicación con errores: attila.exe1

Ruta de acceso del módulo con errores: attila.exe2

Identificador del informe: attila.exe3

Nombre completo del paquete con errores: attila.exe4

Identificador de aplicación relativa del paquete con errores: attila.exe5

Error: (02/25/2016 10:24:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nombre de la aplicación con errores: attila.exe, versión: 1.6.0.0, marca de tiempo: 0x56ca6e96

Nombre del módulo con errores: Attila.dll, versión: 1.6.0.0, marca de tiempo: 0x56ca7388

Código de excepción: 0xc0000005

Desplazamiento de errores: 0x00d13030

Identificador del proceso con errores: 0x2118

Hora de inicio de la aplicación con errores: 0xattila.exe0

Ruta de acceso de la aplicación con errores: attila.exe1

Ruta de acceso del módulo con errores: attila.exe2

Identificador del informe: attila.exe3

Nombre completo del paquete con errores: attila.exe4

Identificador de aplicación relativa del paquete con errores: attila.exe5

Error: (02/25/2016 11:47:06 AM) (Source: SideBySide) (EventID: 78) (User: )

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (02/25/2016 11:47:06 AM) (Source: SideBySide) (EventID: 78) (User: )

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (02/24/2016 09:37:54 AM) (Source: SideBySide) (EventID: 78) (User: )

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (02/24/2016 09:37:54 AM) (Source: SideBySide) (EventID: 78) (User: )

Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.

Los componentes en conflicto son:.

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

System errors:

=============

Error: (03/01/2016 10:17:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: específico de la aplicaciónLocalActivación{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)No disponibleNo disponible

Error: (03/01/2016 08:27:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Error: (03/01/2016 05:50:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: El servicio Acceso a datos de usuarios_244952b7 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (03/01/2016 05:50:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: El servicio Almacenamiento de datos de usuarios_244952b7 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (03/01/2016 05:50:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: El servicio Datos de contactos_244952b7 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (03/01/2016 05:50:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: El servicio Sincronizar host_244952b7 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (03/01/2016 05:50:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Error: (02/29/2016 05:54:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: El servicio Acceso a datos de usuarios_241f7c84 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (02/29/2016 05:54:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: El servicio Almacenamiento de datos de usuarios_241f7c84 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (02/29/2016 05:54:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: El servicio Datos de contactos_241f7c84 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

CodeIntegrity:

===================================

Date: 2016-02-12 03:43:24.827

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-10 17:04:25.120

Date: 2016-02-07 16:56:47.606

Date: 2016-01-29 08:17:41.183

Date: 2016-01-15 17:40:28.202

Date: 2016-01-10 03:16:23.233

Date: 2016-01-09 03:47:50.561

Date: 2016-01-02 11:58:22.634

Date: 2015-12-31 13:05:44.100

Date: 2015-12-19 08:27:46.426

==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz

Percentage of memory in use: 35%

Total physical RAM: 8173.23 MB

Available physical RAM: 5297.83 MB

Total Virtual: 9453.23 MB

Available Virtual: 5900.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:301.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B46DEEAD)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Thank you for your help.

Attached Files

FRST.txt 37.91KB 0 downloads
Addition.txt 56.03KB 0 downloads

#4 nasdaq

Malware Response Team
38,577 posts
ONLINE

Gender:Male
Location:Montreal, QC. Canada
Local time:08:13 AM

Posted 02 March 2016 - 09:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

i don't dissable the windows shadow recovery tool. I readed about disabling it to prevent the rootkits but i haven't idea how do it or what is really.

Do not disable the Windows Shadow recovery service.
http://blog.szynalski.com/2009/11/23/volume-shadow-copy-system-restore/
====

Your logs are clean or malware.

There could be some remnant items.

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

This may take awhile, run it when you know you will not need the computer for an hour or two.
<<<>>>

Any other issues with this computer?

#5 nasdaq

Malware Response Team
38,577 posts
ONLINE

Gender:Male
Location:Montreal, QC. Canada
Local time:08:13 AM

Posted 08 March 2016 - 07:38 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#6 nasdaq

Malware Response Team
38,577 posts
ONLINE

Gender:Male
Location:Montreal, QC. Canada
Local time:08:13 AM

Posted 14 March 2016 - 08:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Back to Virus, Trojan, Spyware, and Malware Removal Logs