Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Use of AdwCleaner


  • This topic is locked This topic is locked
22 replies to this topic

#1 manolesta90

manolesta90

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:11:51 PM

Posted 24 May 2016 - 11:13 AM

Can someone help me with the use of this program?

I scanned the computer but do not know whether to proceed to the complete cleaning of all.

I attach the .txt file

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 24 May 2016 - 11:52 AM

Hi manolesta90 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience. This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

I'll need a pair of FRST logs to start my analysis. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Rename it to EnglishFRST.exe or EnglishFRST64.exe (depending on the version you downloaded);
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of FRST.txt and Addition.txt in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 manolesta90

manolesta90
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:11:51 PM

Posted 24 May 2016 - 12:45 PM

Good evening, (I'm sorry for my english but I'm Italian :) ) thank you for the courtesy you have shown in me.
I did as you said and I am attaching the results:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-05-2016
Ran by Mattia (administrator) on MATTIA-PC (24-05-2016 19:36:32)
Running from C:\Users\Mattia\Desktop
Loaded Profiles: Mattia & Guest (Available Profiles: Mattia & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Promosoft Software Limited) C:\Program Files (x86)\Secure Folders\SecureFolders.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2015-01-25] (Realtek Semiconductor)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2013-04-30] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-3074473499-1170993428-1920782060-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\S-1-5-21-3074473499-1170993428-1920782060-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2014-06-18] (Acresso Corporation)
HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\...\Run: [cacaoweb] => "C:\Users\Mattia\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\...\Run: [Google Update] => "C:\Users\Mattia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\...\Run: [FileHunter Check for updates] => C:\Users\Guest\AppData\Roaming\FileHunter\update.exe
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\...\MountPoints2: {53292491-7702-11e0-979c-18f46aac5e57} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\...\MountPoints2: {53292528-7702-11e0-979c-18f46aac5e57} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\...\MountPoints2: {c79af654-586c-11e0-8559-1c750841182a} - E:\Autorun.exe
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175552 2016-05-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2016-05-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 62.101.93.101 83.103.25.250
Tcpip\..\Interfaces\{C395BF47-4DC2-45D3-8CA2-DF85BDF995D3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C395BF47-4DC2-45D3-8CA2-DF85BDF995D3}: [DhcpNameServer] 62.101.93.101 83.103.25.250
Tcpip\..\Interfaces\{EDA11859-BF4E-447B-AD3F-EF87D1683CD9}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://acer.msn.com
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.it/
URLSearchHook: HKU\S-1-5-21-3074473499-1170993428-1920782060-501 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-3074473499-1170993428-1920782060-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3074473499-1170993428-1920782060-501 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll [2011-04-24] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll [2011-04-24] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [2011-04-24] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-23] (Oracle Corporation)
BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-23] (Oracle Corporation)
BHO-x32: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [2011-04-24] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default
FF SelectedSearchEngine: Google
FF Homepage: WWW.GOOGLE.IT
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_162.dll [2015-09-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_162.dll [2015-09-01] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-10-13] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3074473499-1170993428-1920782060-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mattia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3074473499-1170993428-1920782060-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-10-15] ()
FF user.js: detected! => C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\user.js [2016-04-26]
FF Extension: DownThemAll! - C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-01-08]
FF Extension: RightToClick - C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-03-10]
FF Extension: Video DownloadHelper - C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-17]
FF Extension: Adblock Plus - C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-17]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2016-02-25] [not signed]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2016-02-25] [not signed]
FF Extension: Barra degli strumenti di Kaspersky - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2016-02-25] [not signed]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2016-02-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2013-04-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2013-04-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2013-04-30] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.blurum.it/Web/
CHR StartupUrls: Default -> "hxxp://www.google.it/"
CHR Profile: C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Presentazioni Google) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Documenti Google) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-08]
CHR Extension: (Google Search) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Controllo URL Kaspersky) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-04-30]
CHR Extension: (GFACE Experience Plugin) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol [2013-12-31]
CHR Extension: (Fogli Google) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Documenti offline) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Tastiera Virtuale) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-04-30]
CHR Extension: (Video DownloadHelper) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2015-12-17]
CHR Extension: (KProxy Background App) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\maicibfoihmlppibfkljeljefamfndbp [2016-03-19]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Anti-Banner) - C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-04-30]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx [2011-04-25]
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx [2011-04-25]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx [2011-04-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2013-04-30] (Kaspersky Lab ZAO)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-03-11] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-03-11] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [880152 2016-03-11] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
S3 GSService; C:\Windows\SysWOW64\GSService.exe [444640 2014-07-28] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-04-13] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2940704 2015-12-28] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-03-21] (Nitro PDF Software)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-09-09] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
S3 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [579904 2015-04-30] (WiseCleaner.com)
S4 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S3 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))
S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-10-26] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-03-11] (BlueStack Systems)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-25] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-25] (REALiX™)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2013-04-30] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-10-26] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-24] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R1 pnptdi; C:\Windows\system32\drivers\pnptdi.sys [45736 2015-05-12] (Promosoft Software Limited)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2015-01-25] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-11-29] (Duplex Secure Ltd.)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [17280 2013-03-27] (Scott)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] (MBB)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-09-17] (wisecleaner.com)
S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [21208 2015-09-23] ()
U3 a878nr7z; C:\Windows\System32\Drivers\a878nr7z.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
U3 ayl3k26e; C:\Windows\System32\Drivers\ayl3k26e.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-24 19:36 - 2016-05-24 19:38 - 00036577 _____ C:\Users\Mattia\Desktop\FRST.txt
2016-05-24 19:35 - 2016-05-24 19:36 - 00000000 ____D C:\FRST
2016-05-24 19:34 - 2016-05-24 19:35 - 02383360 _____ (Farbar) C:\Users\Mattia\Desktop\FRST64.exe
2016-05-23 16:45 - 2016-05-23 16:47 - 00000000 ____D C:\AdwCleaner
2016-05-23 15:42 - 2016-05-24 19:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-23 15:41 - 2016-05-23 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-23 15:41 - 2016-05-23 15:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-23 15:41 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-23 15:41 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-23 15:41 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-23 11:05 - 2016-05-23 11:14 - 234804776 _____ C:\Users\Mattia\Downloads\EmsisoftEmergencyKit.exe
2016-05-23 11:05 - 2016-05-23 11:06 - 01610816 _____ (Malwarebytes) C:\Users\Mattia\Downloads\JRT.exe
2016-05-23 11:04 - 2016-05-23 11:07 - 19867720 _____ C:\Users\Mattia\Downloads\RogueKiller.exe
2016-05-23 11:04 - 2016-05-23 11:06 - 22851472 _____ (Malwarebytes ) C:\Users\Mattia\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-23 11:04 - 2016-05-23 11:05 - 03651136 _____ C:\Users\Mattia\Downloads\AdwCleaner.exe
2016-05-23 11:01 - 2016-05-23 11:02 - 49152216 _____ (Microsoft Corporation) C:\Users\Mattia\Downloads\Windows-KB890830-x64-V5.36.exe
2016-05-22 14:28 - 2016-05-22 15:04 - 413300247 _____ C:\Users\Mattia\Downloads\Dragon Ball Super - 044.mp4
2016-05-22 14:28 - 2016-05-22 14:39 - 224046815 _____ C:\Users\Mattia\Downloads\One Piece 742 - Il legame tra padre e figlia! Kyros e Rebecca!.mp4
2016-05-22 00:44 - 2016-05-22 00:55 - 00000000 ____D C:\Users\Mattia\Downloads\shexview-x64
2016-05-22 00:37 - 2016-05-22 00:37 - 00097609 _____ C:\Users\Mattia\Downloads\shexview-x64.zip
2016-05-22 00:36 - 2016-05-22 00:37 - 00002707 _____ C:\Users\Mattia\Downloads\shexview_italian1.zip
2016-05-22 00:21 - 2016-05-22 00:21 - 00000000 ____D C:\rsit
2016-05-22 00:21 - 2016-05-22 00:21 - 00000000 ____D C:\Program Files (x86)\trend micro
2016-05-21 19:42 - 2016-05-21 19:42 - 00000000 ____D C:\SUPERDelete
2016-05-21 19:40 - 2016-05-21 19:40 - 00000000 ____D C:\Users\Mattia\AppData\Roaming\SUPERAntiSpyware.com
2016-05-21 19:40 - 2016-05-21 19:40 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-05-21 19:31 - 2016-05-21 19:31 - 00000000 ____D C:\Windows\SysWOW64\NV
2016-05-21 19:31 - 2016-05-21 19:31 - 00000000 ____D C:\Windows\system32\NV
2016-05-21 19:19 - 2016-05-04 04:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-05-21 19:19 - 2016-05-04 04:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-05-21 19:19 - 2016-05-04 04:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-05-21 19:19 - 2016-05-04 04:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-05-21 19:18 - 2016-05-21 19:18 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-21 19:18 - 2016-05-10 01:40 - 06369728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-05-21 19:18 - 2016-05-10 01:40 - 02993088 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-05-21 19:18 - 2016-05-10 01:40 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-05-21 19:18 - 2016-05-10 01:40 - 01201600 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-05-21 19:18 - 2016-05-10 01:40 - 00532536 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-05-21 19:18 - 2016-05-10 01:40 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-05-21 19:18 - 2016-05-10 01:40 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-05-21 19:18 - 2016-05-10 01:40 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-05-21 19:18 - 2016-05-06 16:02 - 06423191 _____ C:\Windows\system32\nvcoproc.bin
2016-05-21 19:16 - 2016-05-10 06:07 - 00215608 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-05-21 19:16 - 2016-05-10 06:07 - 00203320 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 31584704 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 25346616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 21372456 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 19006432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 17768992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 16449616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 12550712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-05-21 18:58 - 2016-05-10 06:07 - 10566520 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 08673880 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436519.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436519.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 00959544 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 00887744 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 00751552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 00695864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 00678704 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 00571912 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 00473592 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 00391632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 00175552 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-05-21 18:58 - 2016-05-10 06:07 - 00038336 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2016-05-21 18:58 - 2016-05-10 06:07 - 00037091 _____ C:\Windows\system32\nvinfo.pb
2016-05-21 18:57 - 2016-05-10 06:07 - 42923576 _____ C:\Windows\system32\nvcompiler.dll
2016-05-21 18:57 - 2016-05-10 06:07 - 37567424 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-05-21 18:57 - 2016-05-10 06:07 - 20914600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-05-21 18:57 - 2016-05-10 06:07 - 17362992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-05-21 18:57 - 2016-05-10 06:07 - 17248920 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-05-21 18:57 - 2016-05-10 06:07 - 14129544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-05-21 18:57 - 2016-05-10 06:07 - 03714144 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-05-21 18:57 - 2016-05-10 06:07 - 03286664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-05-21 18:57 - 2016-05-10 06:07 - 03234240 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-05-21 18:57 - 2016-05-10 06:07 - 02809280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-05-21 18:57 - 2016-05-10 06:07 - 00000592 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-21 18:57 - 2016-05-10 06:07 - 00000592 _____ C:\Windows\system32\nv-vk64.json
2016-05-21 17:16 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-21 17:16 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-21 17:16 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-21 17:16 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-21 17:16 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-21 17:16 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-21 17:16 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-21 17:16 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-21 17:16 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-21 17:16 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-21 17:16 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-21 17:16 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-21 17:16 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-21 17:16 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-21 17:16 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-21 17:16 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-21 17:16 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-21 17:16 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-21 17:16 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-21 17:16 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-21 17:16 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-21 17:16 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-21 17:16 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-21 17:16 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-21 17:16 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-21 17:16 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-21 17:16 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-21 17:16 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-21 17:16 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-21 17:16 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-21 17:16 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-21 17:16 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-21 17:16 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-21 17:16 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-21 17:16 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-21 17:16 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-21 17:16 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-21 17:16 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-21 17:16 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-21 17:16 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-21 17:16 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-21 17:16 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-21 17:16 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-21 17:16 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-21 17:16 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-21 17:16 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-21 17:16 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-21 17:16 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-21 17:16 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-21 17:16 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-21 17:16 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-21 17:16 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-21 17:16 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-21 17:16 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-21 17:16 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-21 17:16 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-21 17:16 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-21 17:16 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-21 17:16 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-21 17:16 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-21 17:16 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-21 17:16 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-21 17:16 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-21 17:16 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-21 17:16 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-21 17:16 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-21 17:16 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-21 17:16 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-21 17:16 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-21 17:16 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-21 17:16 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-21 17:16 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-21 17:16 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-21 17:16 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-21 17:16 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-21 17:16 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-21 17:16 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-21 17:16 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-21 17:16 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-21 17:16 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-21 17:16 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-21 17:16 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-21 17:16 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-21 17:16 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-21 17:16 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-21 17:16 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-21 17:16 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-21 17:16 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-21 17:16 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-21 17:16 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-21 17:16 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-21 17:16 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-21 17:16 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-21 17:16 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-21 17:16 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-21 17:16 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-21 17:16 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-21 17:16 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-21 17:16 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-21 17:16 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-21 17:16 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-21 17:16 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-21 17:16 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-21 17:16 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-21 17:16 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-21 17:16 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-21 17:16 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-21 17:10 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-21 17:10 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-21 10:45 - 2016-05-22 11:43 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2016-05-21 09:02 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-21 09:02 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-21 09:01 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-21 09:01 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-21 09:01 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-21 09:01 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-21 09:01 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-21 09:01 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-21 09:01 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-21 09:01 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-21 09:01 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-20 23:40 - 2016-05-21 18:18 - 00419320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-20 20:50 - 2016-05-20 21:55 - 00245094 _____ C:\TDSSKiller.3.1.0.9_20.05.2016_20.50.29_log.txt
2016-05-20 19:34 - 2016-05-20 19:34 - 00000000 ____D C:\Users\Mattia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-20 18:35 - 2016-05-20 18:35 - 00113160 _____ C:\Users\Mattia\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-10 18:34 - 2016-05-10 20:21 - 2253674650 _____ C:\Users\Mattia\Downloads\hennessy_images_V7.1.6.0.LHNCNCK_20160107.0000.12_5.0_cn_434e06a8a9.tgz
2016-05-06 15:03 - 2016-04-14 07:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-06 15:03 - 2016-04-14 07:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-05-05 19:33 - 2016-05-05 19:33 - 00000000 ____D C:\Users\Mattia\AppData\Roaming\ADBDriverInstaller
2016-05-04 04:23 - 2016-05-04 04:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1-1-0-11-1.dll
2016-05-04 04:22 - 2016-05-04 04:22 - 00130848 _____ C:\Windows\system32\vulkan-1-1-0-11-1.dll
2016-05-04 04:22 - 2016-05-04 04:22 - 00045344 _____ C:\Windows\system32\vulkaninfo-1-1-0-11-1.exe
2016-05-04 04:22 - 2016-05-04 04:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-11-1.exe
2016-05-02 17:14 - 2016-05-02 17:14 - 00000000 ____D C:\Users\Mattia\AppData\Local\GWX
2016-05-01 16:01 - 2016-05-01 16:02 - 00000000 ____D C:\Users\Mattia\AppData\Local\QQSM
2016-05-01 16:00 - 2016-05-01 16:00 - 00000000 ____D C:\Users\Mattia\AppData\Local\Infernum_Productions
2016-05-01 14:32 - 2016-05-01 14:32 - 00001401 _____ C:\Users\Mattia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-01 12:35 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2016-05-01 12:25 - 2016-05-01 12:25 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2016-05-01 12:25 - 2016-05-01 12:25 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2016-05-01 12:25 - 2016-05-01 12:25 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2016-05-01 12:25 - 2016-05-01 12:25 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2016-05-01 12:25 - 2016-05-01 12:25 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2016-05-01 12:25 - 2016-05-01 12:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2016-05-01 12:25 - 2016-05-01 12:25 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2016-05-01 12:25 - 2016-05-01 12:25 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2016-05-01 12:25 - 2016-05-01 12:25 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2016-05-01 12:25 - 2016-05-01 12:25 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2016-05-01 12:25 - 2016-05-01 12:25 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2016-05-01 12:25 - 2016-05-01 12:25 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2016-05-01 12:25 - 2016-05-01 12:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2016-05-01 12:25 - 2016-05-01 12:25 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-05-01 12:25 - 2016-05-01 12:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-05-01 12:25 - 2016-05-01 12:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-05-01 12:25 - 2016-05-01 12:25 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-04-30 21:21 - 2016-04-30 21:21 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-04-30 21:21 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-04-30 21:21 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-04-30 21:21 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-04-30 21:21 - 2015-07-16 21:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-04-30 21:21 - 2015-07-16 21:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-04-30 21:21 - 2015-07-16 21:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-04-30 21:21 - 2015-07-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-04-30 21:21 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-04-30 11:06 - 2016-04-30 11:06 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-30 11:00 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2016-04-30 11:00 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-04-30 11:00 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-04-30 11:00 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2016-04-30 11:00 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2016-04-30 11:00 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2016-04-30 11:00 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2016-04-30 11:00 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2016-04-30 11:00 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-04-30 11:00 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-04-29 17:53 - 2016-04-29 17:54 - 00000000 ____D C:\f79c3b5a94354d3a425e0410cc882d36
2016-04-29 17:43 - 2016-04-04 20:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-29 17:43 - 2016-04-04 20:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-29 17:43 - 2016-04-02 15:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-29 17:43 - 2016-03-23 16:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-29 17:43 - 2016-03-17 20:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-29 17:43 - 2016-03-17 20:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-29 17:43 - 2016-03-17 20:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-29 17:43 - 2016-03-17 20:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-29 17:43 - 2016-03-16 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-29 17:43 - 2016-03-16 20:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-29 17:43 - 2016-03-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-29 17:43 - 2016-03-09 21:00 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-04-29 17:43 - 2016-03-09 21:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-04-29 17:43 - 2016-03-09 20:40 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-04-29 17:43 - 2016-03-09 20:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-04-29 17:43 - 2016-02-03 16:07 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-04-29 17:43 - 2016-02-01 21:08 - 00114624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-04-29 17:43 - 2016-02-01 20:59 - 03243008 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-29 17:43 - 2016-02-01 20:59 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-04-29 17:43 - 2016-02-01 20:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-04-29 17:43 - 2016-02-01 20:56 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-04-29 17:43 - 2016-02-01 20:56 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-04-29 17:43 - 2016-02-01 20:49 - 02364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-04-29 17:43 - 2016-02-01 20:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-04-29 17:43 - 2016-02-01 20:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-04-29 17:43 - 2016-02-01 20:45 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-04-29 17:43 - 2015-12-16 20:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-04-29 17:43 - 2015-12-16 20:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-04-29 17:43 - 2015-12-16 20:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-04-29 17:43 - 2015-12-16 20:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-04-29 17:43 - 2015-12-16 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-04-29 17:43 - 2015-12-16 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-04-29 17:42 - 2016-02-05 20:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-29 17:42 - 2016-02-05 20:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-29 17:42 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-29 17:42 - 2016-02-02 20:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-29 17:42 - 2016-01-22 08:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-04-29 17:42 - 2016-01-22 08:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-04-29 17:42 - 2016-01-22 08:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-04-29 17:42 - 2016-01-22 08:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-04-29 17:42 - 2016-01-22 07:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-04-29 17:42 - 2016-01-22 07:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-04-29 17:42 - 2015-12-16 20:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-04-29 17:42 - 2015-12-16 20:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-04-29 17:42 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-04-29 17:42 - 2015-06-03 22:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-29 17:41 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-04-29 17:41 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-04-29 17:41 - 2016-01-21 02:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-29 17:41 - 2016-01-11 21:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-04-28 15:10 - 2016-04-29 13:43 - 00000000 ____D C:\Users\Mattia\Documents\Survarium-Steam
2016-04-28 14:25 - 2016-04-28 14:26 - 00000000 ____D C:\Program Files (x86)\LenovoUsbDriver
2016-04-27 19:46 - 2016-03-18 00:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-27 19:46 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-26 23:34 - 2016-01-07 19:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-04-26 23:34 - 2015-12-20 20:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-04-26 23:34 - 2015-12-20 20:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-04-26 23:34 - 2015-12-20 16:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-04-26 23:33 - 2016-02-12 20:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-04-26 23:33 - 2016-02-12 20:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-04-26 23:33 - 2016-02-12 20:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-04-26 23:33 - 2016-02-12 20:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-04-26 23:33 - 2016-02-12 20:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-04-26 23:33 - 2016-02-12 20:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-04-26 23:33 - 2016-02-12 20:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-04-26 23:33 - 2016-02-12 20:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-04-26 23:33 - 2016-02-12 20:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-04-26 23:33 - 2016-02-12 20:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-04-26 23:33 - 2016-02-12 20:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-04-26 23:33 - 2016-02-12 20:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-04-26 23:33 - 2016-02-12 20:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-04-26 23:33 - 2016-02-12 20:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-04-26 23:33 - 2016-02-12 20:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-04-26 23:33 - 2016-02-12 20:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-04-26 23:32 - 2016-02-03 20:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-04-26 23:32 - 2016-02-03 20:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-04-26 23:32 - 2016-02-03 20:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-04-26 23:32 - 2016-02-03 20:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-04-26 23:32 - 2016-02-03 20:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-04-26 23:22 - 2016-03-16 02:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-26 23:21 - 2016-03-16 02:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-26 23:21 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-26 23:20 - 2015-12-08 23:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-04-26 23:20 - 2015-12-08 21:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-04-26 23:20 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-04-26 23:20 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-04-26 23:20 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-04-26 23:20 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-04-26 20:50 - 2015-12-08 23:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-04-26 20:50 - 2015-12-08 23:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-04-26 20:50 - 2015-12-08 23:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-04-26 20:50 - 2015-12-08 23:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-04-26 20:50 - 2015-12-08 23:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-04-26 20:50 - 2015-12-08 23:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-04-26 20:50 - 2015-12-08 23:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-04-26 20:50 - 2015-12-08 23:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-04-26 20:50 - 2015-12-08 23:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-04-26 20:50 - 2015-12-08 23:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-04-26 20:50 - 2015-12-08 23:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-04-26 20:50 - 2015-12-08 23:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-04-26 20:50 - 2015-12-08 23:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-04-26 20:50 - 2015-12-08 23:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-04-26 20:50 - 2015-12-08 23:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-04-26 20:50 - 2015-12-08 23:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-04-26 20:50 - 2015-12-08 23:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-04-26 20:50 - 2015-12-08 23:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-04-26 20:50 - 2015-12-08 23:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-04-26 20:50 - 2015-12-08 23:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-04-26 20:50 - 2015-12-08 23:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-04-26 20:50 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-04-26 20:50 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-04-26 20:50 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-04-26 20:50 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-04-26 20:50 - 2015-12-08 23:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-04-26 20:50 - 2015-12-08 23:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-04-26 20:50 - 2015-12-08 23:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-04-26 20:50 - 2015-12-08 23:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-04-26 20:50 - 2015-12-08 23:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-04-26 20:50 - 2015-12-08 23:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-04-26 20:50 - 2015-12-08 23:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-04-26 20:50 - 2015-12-08 23:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-04-26 20:50 - 2015-12-08 23:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-04-26 20:50 - 2015-12-08 23:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-04-26 20:50 - 2015-12-08 21:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-04-26 20:50 - 2015-12-08 21:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-04-26 20:50 - 2015-12-08 21:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-04-26 20:50 - 2015-12-08 21:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-04-26 20:50 - 2015-12-08 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-04-26 20:50 - 2015-12-08 21:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-04-26 20:50 - 2015-12-08 20:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-04-26 20:50 - 2015-12-08 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-04-26 20:50 - 2015-12-08 20:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-04-26 20:49 - 2016-01-22 08:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-04-26 20:49 - 2016-01-22 08:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-04-26 20:49 - 2016-01-22 08:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-04-26 20:49 - 2016-01-22 08:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-04-26 20:14 - 2016-03-06 20:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-26 20:14 - 2016-03-06 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-26 20:14 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-26 20:14 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-26 20:14 - 2016-02-09 11:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-04-26 20:14 - 2016-02-09 11:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-04-26 20:14 - 2016-02-09 11:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-04-26 20:14 - 2016-02-09 11:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-04-26 20:14 - 2016-02-09 11:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-04-26 20:14 - 2016-02-09 11:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-04-26 20:14 - 2016-02-09 11:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-04-26 20:14 - 2016-02-09 11:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-04-26 20:14 - 2016-02-09 11:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-04-26 20:14 - 2016-02-09 11:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-04-26 20:14 - 2016-02-05 20:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-04-26 20:14 - 2016-02-05 20:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-04-26 20:14 - 2016-02-05 20:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-04-26 20:14 - 2016-02-05 20:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-04-26 20:14 - 2016-02-05 20:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-04-26 20:14 - 2016-02-05 20:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-04-26 20:14 - 2016-02-05 20:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-04-26 20:14 - 2016-02-05 19:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-04-26 20:14 - 2016-02-05 19:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-04-26 20:14 - 2016-02-05 19:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-04-26 20:14 - 2016-02-05 03:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-04-26 20:14 - 2016-02-04 20:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-04-26 20:14 - 2015-11-14 01:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-04-26 20:14 - 2015-11-14 01:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-04-26 20:14 - 2015-11-14 01:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-04-26 20:14 - 2015-11-14 00:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-04-26 20:14 - 2015-11-14 00:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-04-26 20:14 - 2015-11-14 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-04-26 20:13 - 2016-02-09 11:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-04-26 14:54 - 2016-05-10 17:31 - 00000000 ____D C:\Users\Mattia\Desktop\ROOT
2016-04-26 14:33 - 2016-04-26 14:33 - 00002972 _____ C:\Windows\System32\Tasks\{EDE9DB6A-20BF-43BF-88E5-58ED1AFC1C64}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-24 19:39 - 2012-09-14 10:15 - 00000000 ____D C:\Users\Mattia\AppData\Local\CrashDumps
2016-05-24 19:38 - 2015-01-11 19:48 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-24 19:33 - 2015-11-18 17:28 - 00001122 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3074473499-1170993428-1920782060-1001UA.job
2016-05-24 18:08 - 2011-10-21 16:54 - 00001182 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3074473499-1170993428-1920782060-1001UA.job
2016-05-24 18:08 - 2011-04-05 16:13 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-05-24 16:52 - 2013-01-30 21:25 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-05-24 16:33 - 2015-11-18 17:28 - 00001070 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3074473499-1170993428-1920782060-1001Core.job
2016-05-24 13:37 - 2015-01-11 19:48 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-24 12:50 - 2016-01-31 20:24 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-05-24 08:57 - 2011-10-21 16:54 - 00001160 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3074473499-1170993428-1920782060-1001Core.job
2016-05-24 08:57 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-24 08:57 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-23 18:32 - 2015-05-12 14:50 - 00005124 ___SH C:\Windows\system32\pnptdisr.dat
2016-05-23 15:35 - 2013-04-30 22:04 - 00000000 ____D C:\ProgramData\Broowssee2save
2016-05-23 11:02 - 2011-04-16 10:29 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-22 18:11 - 2016-03-30 14:31 - 00000000 ____D C:\Users\Mattia\Desktop\Nuova cartella
2016-05-22 17:12 - 2011-05-03 15:17 - 00000000 ____D C:\Users\Mattia\AppData\Local\ElevatedDiagnostics
2016-05-22 12:46 - 2013-01-13 17:38 - 00000000 ____D C:\Users\Mattia\AppData\Roaming\Wise Care 365
2016-05-22 12:45 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-22 12:37 - 2011-04-03 22:57 - 00000000 ____D C:\Users\Mattia\AppData\Roaming\vlc
2016-05-22 11:44 - 2010-11-29 22:49 - 00741652 _____ C:\Windows\system32\perfh010.dat
2016-05-22 11:44 - 2010-11-29 22:49 - 00147674 _____ C:\Windows\system32\perfc010.dat
2016-05-22 11:44 - 2009-07-14 07:13 - 01661252 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-22 11:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-22 11:21 - 2009-07-14 07:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-21 22:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-05-21 19:42 - 2011-09-25 11:57 - 00000000 ____D C:\Users\Mattia\AppData\Roaming\Easeware
2016-05-21 19:31 - 2010-11-29 14:16 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-21 19:17 - 2010-11-29 14:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-05-21 19:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2016-05-21 19:15 - 2013-07-03 16:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-05-21 19:15 - 2010-11-29 14:16 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-05-21 18:13 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-21 18:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-05-21 17:58 - 2013-08-15 01:40 - 00000000 ____D C:\Windows\system32\MRT
2016-05-21 10:58 - 2011-03-27 13:51 - 00000000 ____D C:\Users\Mattia
2016-05-21 10:28 - 2011-07-19 15:04 - 00000000 ____D C:\Users\Mattia\AppData\Roaming\Nitro PDF
2016-05-21 08:53 - 2011-04-15 11:29 - 00000000 ____D C:\Users\Guest
2016-05-21 08:52 - 2011-11-05 16:25 - 00000000 ____D C:\Users\UpdatusUser
2016-05-21 00:24 - 2014-06-22 10:05 - 00000000 ____D C:\Users\Mattia\AppData\Roaming\ProductData
2016-05-21 00:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-05-21 00:23 - 2014-10-24 10:44 - 00000000 ____D C:\Users\Mattia\AppData\Local\JDownloader v2.0
2016-05-20 19:34 - 2014-03-14 22:03 - 00000000 ____D C:\Users\Mattia\AppData\Roaming\Dropbox
2016-05-20 18:21 - 2015-05-12 14:47 - 00000000 ____D C:\ProgramData\{28D5D3C0-9147-4bb7-B2D0-453118720FE3}
2016-05-20 18:18 - 2012-09-09 18:10 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-20 18:18 - 2012-06-12 10:37 - 00000000 __RHD C:\MSOCache
2016-05-20 18:18 - 2011-09-26 21:35 - 00000000 ____D C:\Windows\Minidump
2016-05-20 18:18 - 2011-06-10 15:26 - 00000000 ____D C:\Users\Mattia\AppData\Roaming\BitTorrent
2016-05-20 18:18 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2016-05-14 16:38 - 2015-12-10 18:18 - 00000000 ____D C:\Users\Mattia\AppData\LocalLow\BitTorrent
2016-05-13 14:46 - 2015-01-11 19:54 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-11 13:32 - 2015-01-11 19:48 - 00004146 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 13:32 - 2015-01-11 19:48 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-11 13:31 - 2014-02-15 11:12 - 00000000 ____D C:\ProgramData\ProductData
2016-05-06 15:08 - 2013-07-10 22:26 - 00000000 ____D C:\Users\Mattia\AppData\Local\NVIDIA
2016-05-05 19:45 - 2016-04-04 14:36 - 00000000 ____D C:\ProgramData\SP_FT_Logs
2016-05-05 18:46 - 2011-04-08 12:50 - 00000000 ___RD C:\Users\Mattia\Documents\GAMES
2016-05-04 15:10 - 2014-10-24 10:50 - 00000000 ____D C:\Users\Mattia\Documents\JDOWNLOADER
2016-05-02 07:39 - 2014-06-04 10:50 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-05-02 07:39 - 2014-01-02 19:19 - 01377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-05-02 07:38 - 2016-01-09 15:50 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-05-02 07:38 - 2014-06-04 10:50 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-05-02 07:38 - 2014-01-02 19:19 - 01767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-05-01 18:23 - 2016-04-23 16:09 - 00000000 ____D C:\Users\Mattia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-05-01 11:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2016-04-30 11:06 - 2014-05-04 22:16 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-04-30 10:43 - 2012-04-14 00:20 - 01636074 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-29 17:46 - 2015-04-08 10:09 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-04-29 17:46 - 2015-04-08 10:09 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-29 16:17 - 2015-01-03 01:31 - 00000000 ____D C:\Users\Mattia\AppData\Roaming\WiseUpdate
2016-04-28 14:11 - 2014-01-16 16:46 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-27 15:17 - 2012-10-21 14:29 - 00000000 ____D C:\Program Files\DIFX
2016-04-26 23:48 - 2012-05-17 04:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-04-26 23:47 - 2012-05-17 04:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-04-26 23:47 - 2012-05-17 04:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-04-26 23:10 - 2009-07-14 04:34 - 00000513 ____N C:\Windows\win.ini
2016-04-26 21:53 - 2012-11-12 17:05 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-04-26 21:53 - 2011-07-19 14:54 - 00002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Professional.lnk
2016-04-26 21:53 - 2011-07-03 11:34 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-26 21:53 - 2011-04-16 10:27 - 00001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-04-26 21:53 - 2011-04-16 10:27 - 00001297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-04-26 21:53 - 2011-04-16 10:26 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-04-26 21:53 - 2011-04-16 10:26 - 00001494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-04-26 21:53 - 2011-03-27 14:32 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-26 21:53 - 2010-08-30 10:52 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-26 21:53 - 2009-07-14 06:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-26 21:53 - 2009-07-14 06:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-04-26 21:53 - 2009-07-14 06:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-04-26 21:53 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-04-26 21:50 - 2016-03-12 12:48 - 00001870 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2016-04-26 21:50 - 2014-02-20 01:51 - 00000857 _____ C:\Users\Mattia\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-04-26 21:50 - 2009-07-14 07:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-04-26 21:50 - 2009-07-14 06:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-04-26 21:49 - 2014-10-11 23:54 - 00000270 __RSH C:\ProgramData\ntuser.pol
2016-04-26 21:30 - 2011-05-01 20:38 - 00000000 ____D C:\Users\Mattia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-04-26 21:30 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-26 21:29 - 2013-08-13 17:20 - 00000000 ____D C:\ProgramData\eSafe
2016-04-26 21:29 - 2011-11-11 19:52 - 00000000 ____D C:\Program Files (x86)\Conduit
2016-04-26 15:37 - 2016-04-09 13:15 - 00000000 ____D C:\Users\Mattia\AppData\Roaming\Xiaomi
 
==================== Files in the root of some directories =======
 
2015-01-04 17:08 - 2015-01-04 17:22 - 0000357 _____ () C:\Users\Mattia\AppData\Roaming\burnaware.ini
2014-06-19 11:51 - 2014-06-19 11:51 - 0000024 _____ () C:\Users\Mattia\AppData\Roaming\temp.ini
2011-06-12 13:19 - 2015-10-18 17:57 - 0077312 _____ () C:\Users\Mattia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-31 15:54 - 2014-02-15 11:10 - 0007600 _____ () C:\Users\Mattia\AppData\Local\Resmon.ResmonCfg
2013-04-30 22:22 - 2013-04-30 22:22 - 0017408 _____ () C:\Users\Mattia\AppData\Local\WebpageIcons.db
2014-01-16 17:14 - 2014-01-16 17:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2010-08-30 11:12 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2016-02-13 18:02 - 2016-05-20 16:58 - 0000273 _____ () C:\ProgramData\{CF93D06A-43BB-4aa4-A4FB-99880124E1AC}.log
 
Files to move or delete:
====================
C:\Users\Mattia\x.exe
 
 
Some files in TEMP:
====================
C:\Users\Mattia\AppData\Local\Temp\NVI2_29.DLL
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-21 15:51
 
==================== End of FRST.txt ============================


#4 manolesta90

manolesta90
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:11:51 PM

Posted 24 May 2016 - 12:46 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-05-2016

Ran by Mattia (2016-05-24 19:39:30)
Running from C:\Users\Mattia\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-27 11:51:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3074473499-1170993428-1920782060-500 - Administrator - Disabled)
Guest (S-1-5-21-3074473499-1170993428-1920782060-501 - Limited - Disabled) => C:\Users\Guest
Mattia (S-1-5-21-3074473499-1170993428-1920782060-1001 - Administrator - Enabled) => C:\Users\Mattia
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
AS: Kaspersky Internet Security (Enabled - Up to date) {95CBD341-38DB-14AC-AF6A-08054B41A339}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: Kaspersky Internet Security (Enabled) {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.194.1021 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.194.1021 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.162 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Aggiornamenti NVIDIA 2.11.3.5 (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version:  - Oberon Media)
Allok Video to MP4 Converter 6.2.0603 (HKLM-x32\...\Allok Video to MP4 Converter_is1) (Version:  - Allok Soft Inc)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
AnyMedia Player 4.5.3 (HKLM-x32\...\{1959CCD2-1227-4de4-97E7-04F29D526762}_is1) (Version: 4.5.3 - cyan soft ltd)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
BitTorrent (HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\BitTorrent) (Version: 7.9.6.42095 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.1.7.5658 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.235.19 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
BulletStorm (x32 Version: 1.0.0001.130 - EA) Hidden
C3100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c3100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
Call of Duty® 4 - Modern Warfare™ (x32 Version: 1.00.0000 - Activision) Hidden
Camtasia Studio 8 (HKLM-x32\...\{2EB28256-1D66-49F1-AF66-691BF9A27C79}) (Version: 8.0.2.918 - TechSmith Corporation)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Complitly (HKLM-x32\...\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1) (Version:  - Complitly) <==== ATTENTION
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DiRT 3 (x32 Version: 1.0.0000.130 - Codemasters) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Dropbox (HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EA Download Manager (HKLM-x32\...\EA Download Manager) (Version: 6.0.4.124 - Electronic Arts, Inc.)
EA Download Manager UI (HKLM-x32\...\com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 6.0.4.124 - Electronic Arts)
EA Download Manager UI (x32 Version: 6.0.4 - Electronic Arts) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FileHunter (HKU\S-1-5-21-3074473499-1170993428-1920782060-501\...\FileHunter) (Version:  - )
Freemake Video Converter versione 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
GBoost (HKLM\...\{235B7B98-EAC3-4953-AE2C-EABCE1CD65C9}_is1) (Version: 1.0.3.0 - GZero)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Chrome (HKU\S-1-5-21-3074473499-1170993428-1920782060-501\...\Google Chrome) (Version: 14.0.835.186 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoSavue (HKLM-x32\...\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}) (Version: 4.2.0.1049 - ) <==== ATTENTION
GS_Booster (HKLM-x32\...\S-576482620) (Version: 1.1.0.1441 - PremiumSoft) <==== ATTENTION
Hazard Ops (HKLM\...\Steam App 319150) (Version:  - Yingpei Games)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024F0}) (Version: 6.0.240 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security 2012 (HKLM-x32\...\InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}) (Version: 12.0.0.374 - Kaspersky Lab)
Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374 - Kaspersky Lab) Hidden
L&H TTS3000 Italiano (HKLM-x32\...\LHTTSITI) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
LenovoUsbDriver 1.0.14 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.14 - Lenovo)
Machete Lite 3.8 (HKLM-x32\...\{CBA55866-5332-4E19-867F-30F7E22E9F1E}) (Version: 3.8.33 - MacheteSoft)
Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mi PC Suite (HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\MiPhoneManager) (Version:  - Xiaomi Inc.)
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Client Profile ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Extended ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{F03CB3EF-DC16-35CE-B3C1-C68EA09E5E97}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Monitoraggio della tecnologia Intel® Turbo Boost (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
MorphVOX Junior (HKLM-x32\...\{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}) (Version: 2.7.5 - Screaming Bee)
Mozilla Firefox 43.0.1 (x86 it) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 it)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Need for Speed™ Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
Nero 9 Lite (HKLM-x32\...\{eef23727-bc95-4e5f-b154-823b0393666d}) (Version:  - Nero AG)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nitro PDF Professional (HKLM\...\{59525B55-DE3C-439F-82CC-D4578960DE73}) (Version: 6.2.1.10 - Nitro PDF Software)
No More Room in Hell (HKLM\...\Steam App 224260) (Version:  - No More Room in Hell Team)
Nokia Connectivity Cable Driver (HKLM-x32\...\{0906982B-A432-4C06-8F01-C01BE1143779}) (Version: 7.1.92.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.6.36.0 - Nokia)
Nokia Suite (x32 Version: 3.6.36.0 - Nokia) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NSS (remove only) (HKLM-x32\...\NSS) (Version: 1.0.38.15 - B-Phreaks Ltd)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
NVIDIA Driver grafico 365.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.19 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pacchetto driver Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (HKLM\...\76F6B4A696B8C9A7ACFF01D4E1D6EF2D974C3E67) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Pacchetto driver Windows - MediaTek Inc. (usbser) Ports  (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
Pacchetto driver Windows - MediaTek Inc. (usbser) Ports  (09/01/2011 2.0.1136.0) (HKLM\...\32DC281B7E359EA3D16ECC7D98609F6A592B981D) (Version: 09/01/2011 2.0.1136.0 - MediaTek Inc.)
Pacchetto driver Windows - MediaTek Inc. (usbser) Ports  (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
Pacchetto driver Windows - MediaTek Inc. Net  (07/14/2011 1.1129.00) (HKLM\...\8BC3CF920AF63C7AEF78B82D1C60D94704FB95CD) (Version: 07/14/2011 1.1129.00 - MediaTek Inc.)
Pacchetto driver Windows - Microsoft (WUDFRd) WPD  (02/22/2006 5.2.5326.4762) (HKLM\...\B77DDB8A5697AAF5DA4E4859E53C301B877DD206) (Version: 02/22/2006 5.2.5326.4762 - Microsoft)
Pacchetto driver Windows - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Pannello di controllo NVIDIA 365.19 (Version: 365.19 - NVIDIA Corporation) Hidden
PC Connectivity Solution (HKLM-x32\...\{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}) (Version: 12.0.48.0 - Nokia)
PdaNet+ for Android 4.18 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version:  - Oberon Media)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7443 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
RipTiger 4.5.3 (HKLM-x32\...\{AFD4597D-56CC-447F-AA68-C1BF1AEA448E}_is1) (Version: 4.5.3 - cyan soft ltd)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.0 - Rockstar Games)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolveigMM AVI Trimmer (HKLM-x32\...\SolveigMM AVI Trimmer 2.0.1204.27) (Version: 2.0.1204.27 - Solveig Multimedia)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Supporto applicazioni Apple (64 bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TuneUp Utilities Language Pack (it-IT) (x32 Version: 13.0.3000.144 - TuneUp Software) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ufo-Wardriving (HKLM-x32\...\Ufo-Wardriving) (Version: 4 Invasion - UW-Team)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WD Quick View (HKLM-x32\...\{20CC5519-9A30-4F19-AA1B-72EABE35AA7C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{F4EEBD1F-EB14-4E1F-89B5-D33257B7618D}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{C89F2092-B9E4-46FD-83BB-C6F2D7838CED}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Auto Shutdown 1.39 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.39 - WiseCleaner.com, Inc.)
Wise Care 365 version 2.92 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 4.1.5 - WiseCleaner.com, Inc.)
Wise Registry Cleaner 7.62 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version:  - WiseCleaner.com, Inc.)
YOUtoubeAdeBlockeu (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 2.3.0.1072 - ) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mattia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Mattia\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0E90F8E8-F903-419B-803C-CA30D5E2C3D0} - System32\Tasks\{1E820257-06B0-44D7-8A7C-C433F7A44C4C} => pcalua.exe -a "C:\Users\Mattia\Documents\Mipony\[DivX - ITA] - Woody Allen - Manhattan.part01.exe" -d C:\Users\Mattia\Documents\Mipony
Task: {17BB72B0-291B-454E-B4D1-A496CA1C9025} - System32\Tasks\{1032AD15-C5A8-45B2-9A1D-CB42F52F73A3} => pcalua.exe -a E:\PhysX\PhysX_9.10.0224_SystemSoftware.exe -d E:\PhysX
Task: {19398C90-8D7D-457D-9122-F3B71FDB29C9} - System32\Tasks\{C972D698-292A-4CE7-BE9A-74E6975EE78C} => pcalua.exe -a C:\Users\Mattia\Desktop\Infernal\Install.exe -d C:\Users\Mattia\Desktop\Infernal
Task: {27F5AE12-6C5F-41B9-AE49-48BA1C5C8A51} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {28F65F9B-3150-46BE-ADF0-C9B9062E69D9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3074473499-1170993428-1920782060-1001Core => C:\Users\Mattia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-11-18] (Dropbox, Inc.)
Task: {34CA29BB-0EFD-4847-BAFE-ADC24B604BAA} - System32\Tasks\{CC8F1EFD-1E35-4AC0-A42C-BF786E5CC6A6} => pcalua.exe -a E:\install.exe -d E:\
Task: {3CF72F91-DCE0-464B-BCF4-B68E4675BF42} - System32\Tasks\{C802C492-311A-4659-AAC3-165AB19CC2E6} => pcalua.exe -a "C:\Program Files (x86)\Activision\Call of Duty 4 Modern Warfare\setup.exe" -d "C:\Program Files (x86)\Activision\Call of Duty 4 Modern Warfare"
Task: {401425BD-5DE3-4CB9-A8B1-9C5F090AEA8C} - System32\Tasks\{C2870BCD-A63F-46F3-843F-EA5241CF2A60} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe" -c -runfromtemp -l0x0409
Task: {41ED5472-4D2B-4B10-9F39-082E41DA059F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3074473499-1170993428-1920782060-1001UA => C:\Users\Mattia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-11-18] (Dropbox, Inc.)
Task: {4DB7953F-1EFC-41DC-91E7-306E5C1B988D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01] (Oracle Corporation)
Task: {5266E58B-3AB9-46AB-A2B2-8EB01D3367B1} - System32\Tasks\{B2E6E566-8467-412F-83BC-659012CAC50A} => pcalua.exe -a "F:\Call of Duty 4 modernwar\setup.exe" -d "F:\Call of Duty 4 modernwar"
Task: {5D54C9AC-6CC4-430F-941C-4DE68DFF5B77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {68C372DB-254E-4DE2-9C86-C73D3F510351} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3074473499-1170993428-1920782060-1001Core => C:\Users\Mattia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {778852EF-2B03-4F37-BA40-781879AE87FA} - System32\Tasks\{D90AD19D-66FF-45B6-8209-AC52C818FB48} => pcalua.exe -a F:\setup_vmc_lite.exe -d F:\ -c /checkApplicationPresence
Task: {785DB29E-68AD-469F-AE7F-74C742AE9618} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-01] (Adobe Systems Incorporated)
Task: {7E4A206A-AEF5-423A-82E0-71DFB725F67E} - System32\Tasks\{C1E67EC4-D07A-4C88-AFBE-42EA9A8A4DF0} => C:\Users\Mattia\Desktop\trid.exe
Task: {9955EDFA-487C-409A-855C-C790897F92F9} - System32\Tasks\{E9C80C99-8B65-46CE-AF09-BE9D4F838D82} => C:\Program Files (x86)\EA GAMES\Need for Speed Underground 2\speed2.exe [2012-02-03] ()
Task: {9CD118DD-953C-4E6C-9D81-88EA39EECE8D} - System32\Tasks\pnptdi => C:\Program Files (x86)\Secure Folders\SecureFolders.exe [2015-05-12] (Promosoft Software Limited)
Task: {9E32CB93-52E9-4E1C-8B95-DDA747AC1EE5} - \Driver Booster Update -> No File <==== ATTENTION
Task: {A5289AF3-1652-48E0-A8CF-B25B0C2C222E} - System32\Tasks\{AECCC6E7-F56F-489D-B2CD-0521BD1252A6} => pcalua.exe -a "C:\Program Files (x86)\PdaNet for Android\drvins.exe"
Task: {A5D43E40-FC02-423F-A447-8CE61077F632} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-06-06] ()
Task: {A6A6EC4A-5C1F-475A-B9DD-56943BD8E8E0} - System32\Tasks\{1EF4D78D-76A1-4029-BA60-654A6D849DB7} => C:\Program Files (x86)\EA GAMES\Need for Speed Underground 2\speed2.exe [2012-02-03] ()
Task: {B1EBA817-787F-4CC6-A5A2-AC0A39AC8C24} - System32\Tasks\{301BF5D5-F289-44DF-A2E4-FC9A3E1BB126} => pcalua.exe -a "C:\ProgramData\Kaspersky Lab\SandboxShared\Call of Duty 4 modernwar\setup.exe" -d "C:\ProgramData\Kaspersky Lab\SandboxShared\Call of Duty 4 modernwar"
Task: {B27CA47C-AB96-4D17-A205-9171F8B41F89} - System32\Tasks\{BD83723E-6D23-4DB6-9DB5-E4478F5472A4} => pcalua.exe -a C:\Users\Mattia\Downloads\gdiplus_9.exe -d C:\Users\Mattia\Downloads
Task: {B589130A-88BE-48CB-877D-646590A0F602} - System32\Tasks\{DDB919B0-150A-42DE-B7DC-D128C84D6C3D} => pcalua.exe -a "C:\Users\Mattia\Desktop\Call of Duty 4 modernwar\setup.exe" -d "C:\Users\Mattia\Desktop\Call of Duty 4 modernwar"
Task: {C85484E2-BC73-44B2-BDE9-0B921218E9FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {CA218FF3-4ED9-475C-A416-056965E20B58} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3074473499-1170993428-1920782060-1001UA => C:\Users\Mattia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {EA9A7C24-B662-4959-AC0E-D328BB5F7EAE} - System32\Tasks\{EDE9DB6A-20BF-43BF-88E5-58ED1AFC1C64} => C:\Users\Mattia\Downloads\mbam-setup-2.2.1.1043.exe [2016-05-23] (Malwarebytes                                                )
Task: {F0F1B21E-B2FE-4DD4-9892-12AEA90E43BD} - \Driver Booster Scan -> No File <==== ATTENTION
Task: {F4392AB5-6EFE-49A3-B2BA-D269CEDA3003} - System32\Tasks\{383F7B37-7FC2-48F8-9858-E4A90B0186D4} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3074473499-1170993428-1920782060-1001Core.job => C:\Users\Mattia\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3074473499-1170993428-1920782060-1001UA.job => C:\Users\Mattia\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3074473499-1170993428-1920782060-1001Core.job => C:\Users\Mattia\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3074473499-1170993428-1920782060-1001UA.job => C:\Users\Mattia\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\Windows\Tasks\Wise Memory Optimizer Task.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseMemoryOptimzer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-21 19:18 - 2016-05-10 01:40 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-04-13 17:30 - 2012-04-13 17:29 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2012-04-13 17:30 - 2012-04-13 17:29 - 00151552 ____N () C:\Windows\KMService.exe
2016-03-19 12:58 - 2016-05-02 07:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-30 15:36 - 2016-05-02 07:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-19 12:58 - 2016-05-02 07:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-01-09 15:49 - 2016-05-02 07:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2011-08-18 18:44 - 2012-09-09 23:21 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-03-30 15:36 - 2016-05-02 07:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-30 15:36 - 2016-05-02 07:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-30 15:36 - 2016-05-02 07:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-04 20:10 - 2016-05-02 07:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2011-09-26 15:39 - 2011-06-26 18:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-24 21:27 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2014-01-02 19:19 - 2016-05-02 08:00 - 00167480 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-01-02 19:19 - 2016-05-02 08:01 - 00862776 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2016-03-30 15:36 - 2016-05-02 07:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-30 15:36 - 2016-05-02 07:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-08-24 21:27 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2015-06-09 11:33 - 2016-05-02 08:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2010-08-30 11:45 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
2011-04-20 19:56 - 2011-04-20 19:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-05-21 19:23 - 2016-05-21 19:23 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\68b50258c65f19990de5179995021e57\IsdiInterop.ni.dll
2010-08-30 11:03 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2011-05-02 17:52 - 2003-08-14 07:16 - 00021504 _____ () C:\Windows\SysWow64\docobj.dll
2016-05-13 14:46 - 2016-05-11 13:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 14:46 - 2016-05-11 13:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 [121]
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [134]
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96 [270]
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F [144]
AlternateDataStreams: C:\ProgramData\Temp:798A3728 [118]
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE [288]
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D [129]
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 [135]
AlternateDataStreams: C:\ProgramData\Temp:E3C56885 [240]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\Software\Classes\.exe:  =>  <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2014-12-24 20:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mattia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AxAutoMntSrv => 2
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: hpqcxs08 => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: lmhosts => 3
MSCONFIG\Services: NOBU => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: AlcoholAutomount => "c:\program files (x86)\alcohol soft\alcohol 120\axautomntsrv.exe" -automount
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "c:\program files (x86)\daemon tools lite\dtlite.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\Mattia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Mattia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe                                                                                                                                                                                                             
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: RocketDock => c:\program files (x86)\rocketdock\rocketdock.exe
MSCONFIG\startupreg: Smart File Advisor => "c:\program files (x86)\smart file advisor\sfa.exe" /checkassoc
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4E7961D8-A9C4-4BEF-86EA-3DDAFC7B34D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{DA56BFFD-C391-4A4B-96D5-A115B17FE2E5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CCC4A7EA-385D-4A57-961F-D16D60774E17}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{B46BB5AC-FDCD-4014-A75D-5CA0CF3E5345}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3169EE2F-3CCA-4C94-82EC-2CD187189ED1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{41372399-9A40-423D-B54F-C901FC350C7B}] => (Allow) LPort=2869
FirewallRules: [{B13B2A45-0B9A-4672-874C-9960022A4F70}] => (Allow) LPort=1900
FirewallRules: [{11D8AA68-C8B2-4119-8A12-F84C0B36CED0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C3B5981D-C19E-42A1-9F3C-97C14873DF89}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2EDD0F3D-86D9-4CA0-9846-C2A8B1628B84}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CCE14020-44C7-4D3A-A0C2-5822E86E8334}] => (Allow) C:\Program Files (x86)\Electronic Arts\Need for Speed™ Hot Pursuit\Launcher.exe
FirewallRules: [{E528DE4D-C9AA-4B9D-84AF-DE28E724A1FC}] => (Allow) C:\Program Files (x86)\Electronic Arts\Need for Speed™ Hot Pursuit\Launcher.exe
FirewallRules: [{B5F6BD38-CA4F-4B4F-8B0C-A5132CB48B18}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C7DC46C7-437C-4426-A8C1-915629D5119E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{819557EE-2869-4F30-AD68-B617CADA36C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8089D2D3-128B-490E-A175-89E8EB06C257}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D6E7ABE1-111A-4C51-879D-1E7D38470868}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{454C40F7-262A-401D-BC84-E1AEDF585E1C}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{DAC4EC5E-BBDB-464C-A9EC-C5BCAF935313}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BEDA60CB-E0F2-4A78-8FFA-42B94E9A097C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DFE8EDE0-875A-47EE-96FE-165AD1D777BB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E78E12F2-5193-4E68-914C-700B65D7F133}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2F9CD02A-B534-4FB4-BAD6-CD39FEE4420E}] => (Allow) LPort=443
FirewallRules: [{9F8349F2-6793-498C-942A-87AE1E75BE22}] => (Allow) LPort=443
FirewallRules: [{D73596BE-0821-4143-8D42-7999DCDF2A87}] => (Allow) LPort=37674
FirewallRules: [{808CE823-B4BC-47DF-A5C4-DD12C9F1FDE3}] => (Allow) LPort=37674
FirewallRules: [{01642714-A8DA-4D19-BAAB-1A94DA8076E8}] => (Allow) LPort=37675
FirewallRules: [{EF0AB28B-FE67-4D6F-B28D-538A850FD7D9}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{D8D3D4B0-C1AE-44CC-9128-155FBDA2C4B7}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [TCP Query User{888B34B5-2E9D-42B2-B53A-C8FD649845FF}C:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe] => (Block) C:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe
FirewallRules: [UDP Query User{845DFFCD-E669-4141-BABF-B34625DB702A}C:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe] => (Block) C:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe
FirewallRules: [{68A832B4-690D-4912-8524-07A54F0E2320}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FDE78471-A3CC-48B7-BD10-706A807EA8EF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{63DCE2C1-EC7D-4793-B560-D5C2D31D820B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BDB7B05E-A407-4C2A-B25A-756F92A39240}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8FD6AB7F-1FEA-4DAA-826F-CD923BD59B95}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{411CF4CF-9F0F-4C67-B8B9-D9A5799D3124}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AA503516-C82C-4959-BEF9-91E2F4BBD830}] => (Allow) C:\Users\Mattia\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5AEFCA4A-CAF1-451C-8F9F-52BE7767EF00}] => (Allow) C:\Users\Mattia\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{C6F77CDA-C263-41B4-89CB-9A8720336283}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{6A488805-BA99-4253-9E83-310E9ACE2A4C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{D1DFA3E7-8BCF-42F1-81EA-6824C8C7AB56}] => (Allow) C:\Users\Mattia\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{08045C10-4F83-4A78-B4FD-B89DE3DFEAB6}] => (Allow) C:\Users\Mattia\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5800A899-A461-49A8-85A7-62223A843375}] => (Allow) C:\Users\Mattia\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{44E6B989-705E-4E02-ACEB-E3F59F88A00C}] => (Allow) C:\Program Files (x86)\RipTiger\RipTiger.exe
FirewallRules: [{D2C63DC2-3842-4090-85E5-AAB26D7D622B}] => (Allow) C:\Program Files (x86)\RipTiger\RipTiger.exe
FirewallRules: [{C95FEFEB-6A9C-4250-9CC2-C96C0DDFB26D}] => (Allow) C:\Program Files (x86)\RipTiger\HTTPDownloaderApp.exe
FirewallRules: [{0DDFEB91-03C2-440A-8778-DC7FD3F95CD8}] => (Allow) C:\Program Files (x86)\RipTiger\HTTPDownloaderApp.exe
FirewallRules: [{87DEE2C0-E632-43BA-BF9D-B2F16DFAAF49}] => (Allow) C:\Program Files (x86)\RipTiger\RTMPDownloaderApp.exe
FirewallRules: [{1C0D8972-3DAF-474B-B5F6-30DEDDECE954}] => (Allow) C:\Program Files (x86)\RipTiger\RTMPDownloaderApp.exe
FirewallRules: [{6F7AE68D-B729-4892-B93D-7AD2593E0731}] => (Allow) C:\Program Files (x86)\RipTiger\VideoDownloadApp_RTMP.exe
FirewallRules: [{AF8ED388-5601-4676-BEE5-0656820407AF}] => (Allow) C:\Program Files (x86)\RipTiger\VideoDownloadApp_RTMP.exe
FirewallRules: [{42BEACAC-448E-4CC9-9188-3A0B1E42521B}] => (Allow) C:\Program Files (x86)\RipTiger\MMSDownloaderApp.exe
FirewallRules: [{1BBB2F84-3BF8-4F4B-879B-2CD96EA60DC9}] => (Allow) C:\Program Files (x86)\RipTiger\MMSDownloaderApp.exe
FirewallRules: [{AE8DF9DE-C290-457A-BF85-6664524B103A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4DFEA7CF-48C9-4837-91B7-1B8235749BB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{EC0FE4E8-7A7C-45BD-BE1E-4B18226A037A}C:\users\mattia\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\mattia\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [UDP Query User{37FCF701-E289-41A4-BABB-C9A71C327D88}C:\users\mattia\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\mattia\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{E2650925-33D1-4385-83A2-931FAD1ED3E9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{27B8A811-46F8-4AD5-939E-C1D53529BA02}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
24-05-2016 14:46:50 Punto di controllo pianificato
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Scheda Microsoft Teredo Tunneling
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: MediaTek DA USB VCOM Port (COM60)
Description: MediaTek DA USB VCOM Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: MediaTek Inc.
Service: usbser
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: USB Device(VID_1f3a_PID_efe8)
Description: USB Device(VID_1f3a_PID_efe8)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: USB Devices
Service: usbUDisc
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/24/2016 07:40:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: explorer.exe, versione: 6.1.7601.19135, timestamp: 0x56a1bbe2
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.1.7601.23418, timestamp: 0x5708a857
Codice eccezione: 0xc0000005
Offset errore 0x0000000000037ff7
ID processo che ha generato l'errore: 0x12a4
Ora di avvio dell'applicazione che ha generato l'errore: 0xexplorer.exe0
Percorso dell'applicazione che ha generato l'errore: explorer.exe1
Percorso del modulo che ha generato l'errore: explorer.exe2
ID segnalazione: explorer.exe3
 
Error: (05/24/2016 07:40:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: explorer.exe, versione: 6.1.7601.19135, timestamp: 0x56a1bbe2
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.1.7601.23418, timestamp: 0x5708a857
Codice eccezione: 0xc0000005
Offset errore 0x0000000000037ff7
ID processo che ha generato l'errore: 0x1da8
Ora di avvio dell'applicazione che ha generato l'errore: 0xexplorer.exe0
Percorso dell'applicazione che ha generato l'errore: explorer.exe1
Percorso del modulo che ha generato l'errore: explorer.exe2
ID segnalazione: explorer.exe3
 
Error: (05/24/2016 07:39:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: explorer.exe, versione: 6.1.7601.19135, timestamp: 0x56a1bbe2
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.1.7601.23418, timestamp: 0x5708a857
Codice eccezione: 0xc0000005
Offset errore 0x0000000000037ff7
ID processo che ha generato l'errore: 0x7d8
Ora di avvio dell'applicazione che ha generato l'errore: 0xexplorer.exe0
Percorso dell'applicazione che ha generato l'errore: explorer.exe1
Percorso del modulo che ha generato l'errore: explorer.exe2
ID segnalazione: explorer.exe3
 
Error: (05/24/2016 07:39:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: explorer.exe, versione: 6.1.7601.19135, timestamp: 0x56a1bbe2
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.1.7601.23418, timestamp: 0x5708a857
Codice eccezione: 0xc0000005
Offset errore 0x0000000000037ff7
ID processo che ha generato l'errore: 0xb54
Ora di avvio dell'applicazione che ha generato l'errore: 0xexplorer.exe0
Percorso dell'applicazione che ha generato l'errore: explorer.exe1
Percorso del modulo che ha generato l'errore: explorer.exe2
ID segnalazione: explorer.exe3
 
Error: (05/24/2016 07:38:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: explorer.exe, versione: 6.1.7601.19135, timestamp: 0x56a1bbe2
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.1.7601.23418, timestamp: 0x5708a857
Codice eccezione: 0xc0000005
Offset errore 0x0000000000037ff7
ID processo che ha generato l'errore: 0x234c
Ora di avvio dell'applicazione che ha generato l'errore: 0xexplorer.exe0
Percorso dell'applicazione che ha generato l'errore: explorer.exe1
Percorso del modulo che ha generato l'errore: explorer.exe2
ID segnalazione: explorer.exe3
 
Error: (05/24/2016 07:38:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: explorer.exe, versione: 6.1.7601.19135, timestamp: 0x56a1bbe2
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.1.7601.23418, timestamp: 0x5708a857
Codice eccezione: 0xc0000005
Offset errore 0x0000000000037ff7
ID processo che ha generato l'errore: 0x1eb8
Ora di avvio dell'applicazione che ha generato l'errore: 0xexplorer.exe0
Percorso dell'applicazione che ha generato l'errore: explorer.exe1
Percorso del modulo che ha generato l'errore: explorer.exe2
ID segnalazione: explorer.exe3
 
Error: (05/24/2016 07:38:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: explorer.exe, versione: 6.1.7601.19135, timestamp: 0x56a1bbe2
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.1.7601.23418, timestamp: 0x5708a857
Codice eccezione: 0xc0000005
Offset errore 0x0000000000037ff7
ID processo che ha generato l'errore: 0x2244
Ora di avvio dell'applicazione che ha generato l'errore: 0xexplorer.exe0
Percorso dell'applicazione che ha generato l'errore: explorer.exe1
Percorso del modulo che ha generato l'errore: explorer.exe2
ID segnalazione: explorer.exe3
 
Error: (05/24/2016 07:38:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: explorer.exe, versione: 6.1.7601.19135, timestamp: 0x56a1bbe2
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.1.7601.23418, timestamp: 0x5708a857
Codice eccezione: 0xc0000005
Offset errore 0x0000000000037ff7
ID processo che ha generato l'errore: 0x2098
Ora di avvio dell'applicazione che ha generato l'errore: 0xexplorer.exe0
Percorso dell'applicazione che ha generato l'errore: explorer.exe1
Percorso del modulo che ha generato l'errore: explorer.exe2
ID segnalazione: explorer.exe3
 
Error: (05/24/2016 07:37:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: explorer.exe, versione: 6.1.7601.19135, timestamp: 0x56a1bbe2
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.1.7601.23418, timestamp: 0x5708a857
Codice eccezione: 0xc0000005
Offset errore 0x0000000000037ff7
ID processo che ha generato l'errore: 0xba0
Ora di avvio dell'applicazione che ha generato l'errore: 0xexplorer.exe0
Percorso dell'applicazione che ha generato l'errore: explorer.exe1
Percorso del modulo che ha generato l'errore: explorer.exe2
ID segnalazione: explorer.exe3
 
Error: (05/24/2016 07:37:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: explorer.exe, versione: 6.1.7601.19135, timestamp: 0x56a1bbe2
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 6.1.7601.23418, timestamp: 0x5708a857
Codice eccezione: 0xc0000005
Offset errore 0x0000000000037ff7
ID processo che ha generato l'errore: 0x1e3c
Ora di avvio dell'applicazione che ha generato l'errore: 0xexplorer.exe0
Percorso dell'applicazione che ha generato l'errore: explorer.exe1
Percorso del modulo che ha generato l'errore: explorer.exe2
ID segnalazione: explorer.exe3
 
 
System errors:
=============
Error: (05/23/2016 03:42:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio MBAMWebAccessControl dipende dal servizio BFE (Base Filtering Engine) che non è stato avviato per il seguente errore: 
%%1058
 
Error: (05/23/2016 03:42:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio MBAMWebAccessControl dipende dal servizio BFE (Base Filtering Engine) che non è stato avviato per il seguente errore: 
%%1058
 
Error: (05/22/2016 03:34:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (05/22/2016 02:48:13 PM) (Source: volsnap) (EventID: 14) (User: )
Description: Le copie shadow del volume C: sono state interrotte. Errore IO sul volume C:.
 
Error: (05/22/2016 12:45:56 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: Impossibile creare un nuovo processo BITS. Il numero corrente di processi per l'utente Mattia-PC\Mattia (60) è maggiore o uguale al limite di processi (60) specificato mediante i Criteri di gruppo. Per risolvere il problema, completare o annullare i processi BITS che non sono avanzati guardando l'errore e riavviare il servizio BITS. Se l'errore si ripresenta, chiedere all'amministratore di sistema di ricreare i limiti di processi per utente e per computer nei Criteri di gruppo.
 
Error: (05/22/2016 12:45:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Condivisione connessione Internet (ICS) dipende dal servizio BFE (Base Filtering Engine) che non è stato avviato per il seguente errore: 
%%1058
 
Error: (05/22/2016 12:45:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Agente criteri IPsec dipende dal servizio BFE (Base Filtering Engine) che non è stato avviato per il seguente errore: 
%%1058
 
Error: (05/22/2016 12:45:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio Servizio di rilevamento dispositivi HP CUE terminato con l'errore: 
%%126
 
Error: (05/22/2016 12:45:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Moduli di impostazione chiavi IPSec IKE e Auth-IP dipende dal servizio BFE (Base Filtering Engine) che non è stato avviato per il seguente errore: 
%%1058
 
Error: (05/22/2016 12:45:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Windows Firewall dipende dal servizio BFE (Base Filtering Engine) che non è stato avviato per il seguente errore: 
%%1058
 
 
CodeIntegrity:
===================================
  Date: 2014-12-24 19:14:04.713
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2014-12-24 19:14:04.495
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2013-10-12 15:38:53.495
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2013-10-12 15:38:53.308
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2013-10-12 15:38:51.311
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2013-10-12 15:38:51.139
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2013-10-12 08:57:42.932
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2013-10-12 08:57:42.682
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2013-10-12 08:57:41.481
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2013-10-12 08:57:41.325
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 74%
Total physical RAM: 3766.71 MB
Available physical RAM: 974.74 MB
Total Virtual: 9413.89 MB
Available Virtual: 5499.07 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:583.07 GB) (Free:227.34 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 8FEAACA6)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=583.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 25 May 2016 - 08:34 PM

Thank you for waiting :)

I've noticed traces of pirated software on your system. Since BleepingComputer doesn't condone piracy, I'll ask you to uninstall/remove/delete any traces of piracy on your system, as you may be refused assistance in the future here. If you don't know what traces I'm talking about, let me know.

warning.gifP2P Program Warning!
Going over your logs I noticed that you have BitTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

warning.gifMalicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.
  • FileHunter
  • Complitly
  • GoSavue
  • GS_Booster
  • Wise Registry Cleaner 7.62 - Registry Cleaners are potentially harmful for your system
  • YOUtoubeAdeBlockeu
If you have an issue when uninstalling a program, please let me know.

There's a file I would like you to upload on VirusTotal, and provide me the result URL so I can check if it's malicious or not.

5KB3EXa.pngUpload a file on VirusTotal
  • Open your favorite web browser, and go on virustotal.com;
  • From there, click on the Select a file button and wait for the Windows Explorer to open;
  • Browse to the file below, select it and click on Open;
    C:\ProgramData\FullRemove.exe
    
  • Once done, click on the Analyze button;
  • If you get a message that the file was already analyzed, click on the Re-analyze button;
  • At the end of the analysis, copy and paste the VirusTotal report URL in your next reply;
I see that you also have the Video DownloadHelper extension installed on both Google Chrome and Mozilla Firefox. There's currently an open debate on this extension since it could at some point classify as an Adware/PUP. For more information, you can check the links below.
http://www.systemlookup.com/FF_Extensions/87-b9db16a4_6edc_47ec_a1f4_b86292ed211d_xpi.html
https://www.reasoncoresecurity.com/b9db16a4-6edc-47ec-a1f4-b86292ed211d.xpi-dace289355f50753be1c0de3ff339d5950fc9ebe.aspx

I see that you downloaded Emsisoft Emergency Kit, JRT and RogueKiller. Did you run these tools? If so, do you still have the logs they produced? If you do, please copy/paste their content in your next reply.

Now, we'll start by running a fix using FRST, and also clean everything AdwCleaner detected (to answer your original question). Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;


zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes;
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
Your next reply(ies) should include:
  • Confirmation that you got rid of any traces of piracy on your system;
  • Confirmation that you uninstalled the malicious and outdated software listed above (if not, let me know which one(s));
  • URL to the VirusTotal report of the file I asked you to upload;
  • Copy/pasted content of the EEK, JRT and RogueKiller logs if you have them;
  • Copy/pasted content of the FRST fixlog;
  • Copy/pasted content of the AdwCleaner clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 manolesta90

manolesta90
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:11:51 PM

Posted 26 May 2016 - 07:10 AM

Good evening Aura,
I began to uninstall malicious programs you mentioned, but I could not find the following:
- Filehunter
- complitly
- GoSavue
- YOUtoubeAdeBlockeu
even after I uninstalled these will continue in the process. Thanks


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 29 May 2016 - 12:07 PM

Hi manolesta90 :)

Are you still with me? You can follow the instructions past the uninstall ones if you can't uninstall a program, it's alright.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 manolesta90

manolesta90
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:11:51 PM

Posted 29 May 2016 - 04:10 PM

This is the scanning of Virus Total: 
I do not have the log files of Emsisoft Emergency Kit, JRT and RogueKiller. I used them and then deleted.
I used FRST, and the .txt file is as follows:
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Mattia (2016-05-29 22:49:22) Run:1
Running from C:\Users\Mattia\Desktop
Loaded Profiles: Mattia & Guest &  (Available Profiles: Mattia & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-3074473499-1170993428-1920782060-501 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3074473499-1170993428-1920782060-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-3074473499-1170993428-1920782060-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3074473499-1170993428-1920782060-501 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
FF user.js: detected! => C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\user.js [2016-04-26]
 
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
 
U3 a878nr7z; C:\Windows\System32\Drivers\a878nr7z.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
U3 ayl3k26e; C:\Windows\System32\Drivers\ayl3k26e.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
 
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-04-13] () [File not signed]
 
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 [121]
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [134]
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96 [270]
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F [144]
AlternateDataStreams: C:\ProgramData\Temp:798A3728 [118]
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE [288]
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D [129]
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 [135]
AlternateDataStreams: C:\ProgramData\Temp:E3C56885 [240]
 
HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\Software\Classes\.exe:  =>  <===== ATTENTION
 
C:\ProgramData\boost_interprocess
C:\ProgramData\Broowssee2save
C:\ProgramData\eSafe
C:\ProgramData\ProductData
C:\Program Files (x86)\Conduit
C:\Windows\KMService.exe
C:\Windows\System32\Drivers\a878nr7z.sys
C:\Windows\System32\Drivers\ayl3k26e.sys
 
EmptyTemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => key removed successfully
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found. 
HKU\S-1-5-21-3074473499-1170993428-1920782060-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3074473499-1170993428-1920782060-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\user.js => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => key removed successfully
a878nr7z => service not found.
ayl3k26e => service not found.
KMService => service removed successfully
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\Temp => ":0B9176C0" ADS removed successfully.
C:\ProgramData\Temp => ":0FF263E8" ADS removed successfully.
C:\ProgramData\Temp => ":1A60DE96" ADS removed successfully.
C:\ProgramData\Temp => ":5D7E5A8F" ADS removed successfully.
C:\ProgramData\Temp => ":798A3728" ADS removed successfully.
C:\ProgramData\Temp => ":CDFF58FE" ADS removed successfully.
C:\ProgramData\Temp => ":E1F04E8D" ADS removed successfully.
C:\ProgramData\Temp => ":E36F5B57" ADS removed successfully.
C:\ProgramData\Temp => ":E3C56885" ADS removed successfully.
"HKU\S-1-5-21-3074473499-1170993428-1920782060-1001\Software\Classes\.exe" => key removed successfully
C:\ProgramData\boost_interprocess => moved successfully
C:\ProgramData\Broowssee2save => moved successfully
C:\ProgramData\eSafe => moved successfully
C:\ProgramData\ProductData => moved successfully
C:\Program Files (x86)\Conduit => moved successfully
C:\Windows\KMService.exe => moved successfully
"C:\Windows\System32\Drivers\a878nr7z.sys" => not found.
"C:\Windows\System32\Drivers\ayl3k26e.sys" => not found.
EmptyTemp: => 2.4 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 23:00:35 ====


#9 manolesta90

manolesta90
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:11:51 PM

Posted 29 May 2016 - 04:28 PM

# AdwCleaner v5.118 - File di log creato 29/05/2016 a 23:19:20
# Aggiornato 23/05/2016 by Xplode
# Database : 2016-05-29.1 [Server]
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (X64)
# Nome utente : Mattia - MATTIA-PC
# In esecuzione da : C:\Users\Mattia\Desktop\adwcleaner_5.118.exe
# Opzione : Pulizia
 
***** [ Servizi ] *****
 
 
***** [ Cartelle ] *****
 
[-] Cartella Eliminato : C:\ProgramData\Babylon
[-] Cartella Eliminato : C:\ProgramData\Driver Mender
[-] Cartella Eliminato : C:\ProgramData\SoftSafe
[-] Cartella Eliminato : C:\ProgramData\Trusted Publisher
[-] Cartella Eliminato : C:\ProgramData\WPM
[-] Cartella Eliminato : C:\ProgramData\GoSavue
[#] Cartella Eliminato : C:\ProgramData\Application Data\Babylon
[#] Cartella Eliminato : C:\ProgramData\Application Data\Driver Mender
[#] Cartella Eliminato : C:\ProgramData\Application Data\SoftSafe
[#] Cartella Eliminato : C:\ProgramData\Application Data\Trusted Publisher
[#] Cartella Eliminato : C:\ProgramData\Application Data\WPM
[#] Cartella Eliminato : C:\ProgramData\Application Data\GoSavue
[-] Cartella Eliminato : C:\Users\Public\Documents\Downloaded Installers
[-] Cartella Eliminato : C:\Program Files (x86)\SlimCleaner
[-] Cartella Eliminato : C:\Program Files (x86)\Common Files\337
[-] Cartella Eliminato : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Cartella Eliminato : C:\Users\Mattia\AppData\Local\genienext
[-] Cartella Eliminato : C:\Users\Mattia\AppData\Local\Ilivid Player
[-] Cartella Eliminato : C:\Users\Mattia\AppData\Local\Mobogenie
[-] Cartella Eliminato : C:\Users\Mattia\AppData\Local\PackageAware
[-] Cartella Eliminato : C:\Users\Mattia\AppData\Local\slimware utilities inc
[-] Cartella Eliminato : C:\Users\Mattia\AppData\Local\torch
[-] Cartella Eliminato : C:\Users\Mattia\AppData\Local\YSearchUtil
[-] Cartella Eliminato : C:\Users\Mattia\AppData\Roaming\Babylon
[-] Cartella Eliminato : C:\Users\Mattia\AppData\Roaming\Easeware
[-] Cartella Eliminato : C:\Users\Mattia\AppData\Roaming\eIntaller
[-] Cartella Eliminato : C:\Users\Mattia\AppData\Roaming\GrabPro
[-] Cartella Eliminato : C:\Users\Mattia\AppData\Roaming\ProgSense
[-] Cartella Eliminato : C:\Users\Guest\AppData\Local\torch
[-] Cartella Eliminato : C:\Users\Guest\AppData\Roaming\mipony
[-] Cartella Eliminato : C:\Users\Guest\AppData\Roaming\ProgSense
[-] Cartella Eliminato : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}
[-] Cartella Eliminato : C:\Users\Mattia\AppData\Local\CrashRpt
 
***** [ File ] *****
 
[-] File Eliminato : C:\Users\Mattia\daemonprocess.txt
[-] File Eliminato : C:\Users\Guest\Desktop\MiPony.lnk
[-] File Eliminato : C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\invalidprefs.js
[-] File Eliminato : C:\user.js
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Collegamenti ] *****
 
 
***** [ Attività  pianificate ] *****
 
 
***** [ Registro ] *****
 
[-] Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
[-] Chiave Eliminato : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Valore Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
[-] Chiave Eliminato : HKCU\Software\5b68a8db33be410
[-] Chiave Eliminato : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-576482620
[-] Chiave Eliminato : HKLM\SOFTWARE\Classes\Prod.cap
[-] Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
[-] Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
[-] Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[-] Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
[-] Valore Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{398C01F1-E584-46AD-A649-4F78B435DCFE}]
[-] Valore Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}]
[-] Chiave Eliminato : HKCU\Software\Ask&Record
[-] Chiave Eliminato : HKCU\Software\BRS
[-] Chiave Eliminato : HKCU\Software\Complitly
[-] Chiave Eliminato : HKCU\Software\Mozilla\Extends
[-] Chiave Eliminato : HKCU\Software\OCS
[-] Chiave Eliminato : HKCU\Software\ProgSense
[-] Chiave Eliminato : HKCU\Software\SlimWare Utilities Inc
[-] Chiave Eliminato : HKCU\Software\Softonic
[-] Chiave Eliminato : HKCU\Software\UpdateStar
[-] Chiave Eliminato : HKCU\Software\WEBAPP
[-] Chiave Eliminato : HKCU\Software\YahooPartnerToolbar
[-] Chiave Eliminato : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Chiave Eliminato : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Chiave Eliminato : HKLM\SOFTWARE\Babylon
[-] Chiave Eliminato : HKLM\SOFTWARE\Conduit
[-] Chiave Eliminato : HKLM\SOFTWARE\Desksvc
[-] Chiave Eliminato : HKLM\SOFTWARE\GS_Booster
[-] Chiave Eliminato : HKLM\SOFTWARE\hdcode
[-] Chiave Eliminato : HKLM\SOFTWARE\IePlugin
[-] Chiave Eliminato : HKLM\SOFTWARE\SimplyGen
[-] Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
[-] Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}
[-] Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Chiave Eliminato : HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Chiave Eliminato : HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3074473499-1170993428-1920782060-1001\Software\Complitly
[-] Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3074473499-1170993428-1920782060-1001\Software\SweetIM
[-] Chiave Eliminato : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Chiave Eliminato : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Chiave Eliminato : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Chiave Eliminato : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Chiave Eliminato : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Chiave Eliminato : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Chiave Eliminato : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\euask.com
[-] Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.euask.com
[-] Chiave Eliminato : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wpm
[-] Chiave Eliminato : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WsysSvc
 
***** [ Browser Web ] *****
 
[-] [C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\prefs.js] Eliminato : user_pref("extensions.5BKSOh57AUlrInvT.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[-] [C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\prefs.js] Eliminato : user_pref("extensions.KF8duQJ1rYIyqDAf.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[-] [C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\prefs.js] Eliminato : user_pref("extensions.TpzukY2yYprNdy7O.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[-] [C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\prefs.js] Eliminato : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0AzytBzz0DtAyByBzz0AtN0D0Tzu0StCtDtBtAtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD[...]
[-] [C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\prefs.js] Eliminato : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0AzytBzz0DtAyByBzz0AtN0D0Tzu0StCtDtBtAtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytD[...]
[-] [C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\prefs.js] Eliminato : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[-] [C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\prefs.js] Eliminato : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[-] [C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\prefs.js] Eliminato : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0AzytBzz0DtAyByBzz0AtN0D0Tzu0StCtDtBtAtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzy[...]
[-] [C:\Users\Mattia\AppData\Roaming\Mozilla\Firefox\Profiles\qt8z3jot.default\prefs.js] Eliminato : user_pref("network.hxxp.request.max-start-delay", 0);
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\prefs.js] Eliminato : user_pref("aol_toolbar.default.homepage.check", false);
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\prefs.js] Eliminato : user_pref("aol_toolbar.default.search.check", false);
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\prefs.js] Eliminato : user_pref("browser.search.selectedEngine", "Astromenda");
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\prefs.js] Eliminato : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\prefs.js] Eliminato : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\prefs.js] Eliminato : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\prefs.js] Eliminato : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\prefs.js] Eliminato : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\prefs.js] Eliminato : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\prefs.js] Eliminato : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\prefs.js] Eliminato : user_pref("sweetim.toolbar.searchguard.enable", "");
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\user.js] Eliminato : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0AzytBzz0DtAyByBzz0AtN0D0Tzu0StCtDtBtAtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD[...]
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\user.js] Eliminato : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\user.js] Eliminato : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0AzytBzz0DtAyByBzz0AtN0D0Tzu0StCtDtBtAtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytD[...]
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\user.js] Eliminato : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0AzytBzz0DtAyByBzz0AtN0D0Tzu0StCtDtBtAtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzy[...]
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hkszhsup.default\user.js] Eliminato : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[-] [C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminato : qone8
[-] [C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminato : astromenda.com
[-] [C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminato : bbmegnmpleoagolcnjnejdacakedpcgd
[-] [C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminato : dlfienamagdnkekbbbocojppncdambda
[-] [C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminato : dlmebkoiahbppacaicbgncnjhbpdfkcc
[-] [C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminato : gnbcopcndefcccgdofjadnafjljgofam
[-] [C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminato : ifohbjbgfchkkfhphahclmkpgejiplfo
[-] [C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminato : jmhhdaimhfblnamlcdijbaakkifakade
[-] [C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminato : nfengeggddojhakldhlpjdlddgkkjkdd
[-] [C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminato : pelmeidfhdlhlbjimpabfcbnnojbboma
[-] [C:\Users\Mattia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminato : pfkfdlcdbajamklbneflfbcmfgddmpae
 
*************************
 
:: Chiavi "Tracing" eliminate
:: Impostazioni Winsock resettate
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [15209 bytes] - [29/05/2016 23:19:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [18552 bytes] - [23/05/2016 16:47:10]
C:\AdwCleaner\AdwCleaner[S2].txt - [15985 bytes] - [29/05/2016 23:14:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15431 bytes] ##########


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 30 May 2016 - 06:38 AM

Thank you for the logs :)

Do you remember if EEK, JRT and RogueKiller detected/deleted anything?

Also, follow the instructions below please.

0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
cvMlKv6.pngESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.
  • Download and execute ESET Online Scanner (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
  • Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :
    • Enable detection of potentially unwanted applications;
    • Scan archives;
    • Scan for potentially unsafe applications;
    • Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;
  • After you're done checking these options, click on "Start" and ESET Online Scanner will download it's virus signature database before starting the scan;
  • Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
  • After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
  • Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
  • Once you're done, click on the Back button, then click on the Finish button;
How's your computer running now?

Your next reply(ies) should include:
  • Answer to my question about JRT, EEK and RogueKiller;
  • Copy/pasted content of the Malwarebytes clean log;
  • Copy/pasted content of the ESET Online Scanner log;
  • Answer to my question about your computer's current state;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 manolesta90

manolesta90
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:11:51 PM

Posted 30 May 2016 - 08:11 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data scansione: 30/05/2016
Ora scansione: 14:02
File di log: 
Amministratore: Sì
 
Versione: 2.2.1.1043
Database malware: v2016.05.30.04
Database rootkit: v2016.05.27.01
Licenza: Periodo di prova
Protezione da malware: Attivata
Protezione da siti web nocivi: Disattivata
Auto-protezione: Disattivata
 
SO: Windows 7 Service Pack 1
CPU: x64
File system: NTFS
Utente: Mattia
 
Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 440328
Tempo impiegato: 1 ore, 4 min, 26 sec
 
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Euristiche: Attivata
PUP: Attivata
PUM: Attivata
 
Processi: 0
(Nessun elemento nocivo rilevato)
 
Moduli: 0
(Nessun elemento nocivo rilevato)
 
Chiavi di registro: 0
(Nessun elemento nocivo rilevato)
 
Valori di registro: 0
(Nessun elemento nocivo rilevato)
 
Dati di registro: 0
(Nessun elemento nocivo rilevato)
 
Cartelle: 0
(Nessun elemento nocivo rilevato)
 
File: 0
(Nessun elemento nocivo rilevato)
 
Settori fisici: 0
(Nessun elemento nocivo rilevato)
 
 
(end)


#12 manolesta90

manolesta90
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:11:51 PM

Posted 30 May 2016 - 05:44 PM

Hi Aura, ESET is still scanning the PC (from 9 hours) . Soon it will end , I write all the result . Thanks for waiting

#13 manolesta90

manolesta90
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:11:51 PM

Posted 31 May 2016 - 07:07 AM

C:\Qoobox\Quarantine\C\ProgramData\SearchNewTab\518023fe93e11.dll.vir a variant of Win32/Adware.MultiPlug.I application
C:\Qoobox\Quarantine\C\Windows\SysWOW64\MPK\MpkHCQ12.dll.vir a variant of Win32/KeyLogger.Refog.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\GS_Booster\AssistantSvc.dll.vir a variant of Win32/SProtector.D potentially unwanted application cleaned by deleting
C:\Qoobox\Quarantine\C\Users\Mattia\AppData\Roaming\Complitly\Complitly.dll.vir a variant of Win32/Complitly.A potentially unwanted application cleaned by deleting
C:\Qoobox\Quarantine\C\Users\Mattia\AppData\Roaming\Complitly\KeepMeUpdated.exe.vir a variant of Win32/PredictAd.A potentially unwanted application cleaned by deleting
C:\Qoobox\Quarantine\C\Users\Mattia\AppData\Roaming\Complitly\64\Complitly64.dll.vir a variant of Win64/Complitly.A potentially unwanted application cleaned by deleting
C:\Qoobox\Quarantine\C\Users\Mattia\AppData\Roaming\Complitly\64\KeepMeUpdated.exe.vir a variant of Win32/PredictAd.A potentially unwanted application cleaned by deleting
C:\Qoobox\Quarantine\C\Windows\SysWOW64\MPK\lnkmst.exe.vir Win32/Monitor.MIPKOEmployeeMonitor.AD potentially unsafe application cleaned by deleting
C:\Users\Mattia\AppData\Roaming\BitTorrent\updates\7.8.2_30587.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting
C:\Users\Mattia\Documents\DOC e PROG\PROGRAMMI\FreeVideoFlipAndRotate.exe Win32/Toolbar.Conduit.S potentially unwanted application deleted
C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe a variant of Win32/CompuTrace.A potentially unsafe application cleaned by deleting
 
Now my pc seems to be faster. But the original problem (the EXPLORER.EXE crash every ten seconds) is not yet solved.


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 31 May 2016 - 10:45 AM

Thank you for the logs :)

Do you know this program, Mipko Employee Monitor?

https://www.mipko.ru/employee-monitor/

Did you ever install it on your system, or not?

As for your explorer.exe crashing every 10 seconds, if you configure a clean boot and restart your computer, does it still occurs?

https://support.microsoft.com/en-us/kb/929135

Your next reply(ies) should include:
  • Whether or not you know the Mipko Employee Monitor, and if you ever installed it on your system;
  • If explorer.exe still crashes when under a clean boot;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 manolesta90

manolesta90
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:italy
  • Local time:11:51 PM

Posted 31 May 2016 - 12:58 PM

- I have never heard and never installed Mipko Employee Monitor;

- Explorer.exe crashes again after clean boot






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users