Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a miner (question mark?)


  • This topic is locked This topic is locked
19 replies to this topic

#1 d0dUxDJ

d0dUxDJ

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:02:03 PM

Posted 15 June 2016 - 03:46 PM

Hello! I've been helped in the past by this forum, so I thought I might give it another go (also thinking about joining the training program, seems about fun and fitting for my knowledge - IT student who loves to help - so yeah).
Back on topic however!
I've been infected with something that takes 25% of my CPU under the process "svchost.exe".
I checked and it's the actual system process, not a fake or misspelled one. I used process explorer to check what service it was, and apparently, it's wuauserv, Windows Update?
I deleted most of the infection, it had a task in the Task Scheduler (fake Steam task, Steam doesn't create tasks) and a couple of folders in appdata (!) where it ran.
The file had, surprisingly, no extension. It was just called "Steam", about two MBs in size. I deleted that and other suspicious files I didn't download or install myself.
Apparently, the only instance remaining is the one under svchost. I have attached the Addition.txt file.
 
Here are two screenshots (taken with Gyazo)
Task manager showing %CPU for the process: https://gyazo.com/9d9c50f451c94dd095de4034152cabe4
Process Explorer information on that process: https://gyazo.com/5dd83c775698b8c29bbc13435657ec38
 
Here's the scan log:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-06-2016
Ran by Edo (administrator) on HAF-X (15-06-2016 22:14:55)
Running from D:\Tutto\Download
Loaded Profiles: Edo (Available Profiles: Edo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Inglese (Stati Uniti)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Flux Software LLC) C:\Users\Edo\AppData\Local\FluxSoftware\Flux\flux.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(React) D:\Tutto\Giochi\ReactMW2\iw4m.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Audition CC 2015\32\dynamiclinkmanager.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Audition CC 2015\32\Adobe QT32 Server.exe
(Sysinternals - www.sysinternals.com) D:\Program Files (x86)\Process Explorer (ProcExp)\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\Edo\AppData\Local\Temp\procexp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Telegram Messenger LLP) D:\Program Files (x86)\Telegram\Telegram.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\Run: [f.lux] => C:\Users\Edo\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\MountPoints2: {fcf99702-2b12-11e6-81e6-bc5ff45b0521} - E:\aocsetup.exe /autorun
HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\MountPoints2: {fcf99711-2b12-11e6-81e6-bc5ff45b0521} - F:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-10-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{02CCBA1B-B585-41A0-83FA-706EF7700B9A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-17] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-17] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-28] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-28] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3000302092-2520746345-460137575-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Edo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3000302092-2520746345-460137575-1000: @talk.google.com/O1DPlugin -> C:\Users\Edo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3000302092-2520746345-460137575-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-3000302092-2520746345-460137575-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Edo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Edo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Web Developer - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-04-27]
FF Extension: Google Translator for Firefox - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\extensions\translator@zoli.bod.xpi [2016-04-28]
FF Extension: Greasemonkey - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-04-29]
FF Extension: MEGA - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\Extensions\firefox@mega.co.nz.xpi [2016-06-14]
FF Extension: uBlock Origin - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\Extensions\uBlock0@raymondhill.net.xpi [2016-05-02]
FF Extension: Adblock Plus - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.it/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Steam Community SteamRep Integration) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaclmldkenecanphogeaacolljiphmnk [2015-10-19]
CHR Extension: (Presentazioni Google) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-19]
CHR Extension: (Steam item search between friends.) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajlddciniccidokpjhppahkoefohkchg [2015-10-19]
CHR Extension: (Documenti Google) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-19]
CHR Extension: (Google Drive) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (MEGA) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-05-23]
CHR Extension: (YouTube) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-19]
CHR Extension: (Google Search) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Fogli Google) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-19]
CHR Extension: (FBDown Video Downloader) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2016-05-07]
CHR Extension: (Stylish) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-05-07]
CHR Extension: (Google Documenti offline) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-07]
CHR Extension: (AdBlock) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-23]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2016-05-07]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-05-07]
CHR Extension: (Window Resizer) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2016-05-23]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-07]
CHR Extension: (Gmail) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-19]
CHR Extension: (Reddit Trading Flair Linker Enhanced) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnahghpneiabcncanmccahgloopbbbgp [2015-10-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-01-22] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-10-29] ()
S3 PSEXESVC; C:\Windows\PSEXESVC.exe [189792 2016-06-11] (Sysinternals)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-10-19] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RTCore64; D:\Program Files (x86)\Afterburner\RTCore64.sys [13512 2015-12-09] ()
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11968 2000-06-28] () [File not signed]
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows ® Win 7 DDK provider)
S3 HWiNFO32; \??\C:\Users\Edo\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-15 22:14 - 2016-06-15 22:14 - 00000000 ____D C:\FRST
2016-06-15 21:54 - 2016-06-15 21:54 - 00006172 _____ C:\Windows\system32\PerfStringBackup.TMP
2016-06-15 21:50 - 2016-06-15 21:50 - 00001184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-15 21:50 - 2016-06-15 21:50 - 00001184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-15 21:48 - 2016-06-15 21:48 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-15 19:31 - 2016-06-15 19:31 - 00000000 ____D C:\f4a9135958f4e456d8b9d4dd42
2016-06-15 19:24 - 2016-06-15 19:24 - 00007679 _____ C:\Users\Edo\AppData\Local\Resmon.ResmonCfg
2016-06-15 18:45 - 2016-06-15 18:46 - 00000000 ____D C:\Windows\system32\appmgmt
2016-06-15 18:29 - 2016-06-15 18:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-06-14 18:10 - 2016-06-14 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devkitPro
2016-06-14 18:10 - 2016-06-14 18:10 - 00000000 ____D C:\devkitPro
2016-06-14 01:10 - 2016-06-14 05:48 - 00000000 ____D C:\Users\Edo\Documents\The Witcher 3
2016-06-12 20:41 - 2016-06-12 20:41 - 00000000 ____D C:\Users\Edo\Documents\3DSSaveBank
2016-06-11 19:02 - 2015-06-07 01:13 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-06-11 13:40 - 2016-06-11 13:40 - 00001238 _____ C:\Users\Edo\Desktop\Forgotten Empires.lnk
2016-06-11 03:39 - 2016-06-11 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoC 1.0e Patch
2016-06-11 03:34 - 2016-06-11 03:34 - 00000791 _____ C:\Users\Public\Desktop\The Conquerors.lnk
2016-06-11 03:08 - 2016-06-11 03:08 - 00189792 _____ (Sysinternals) C:\Windows\PSEXESVC.exe
2016-06-11 03:07 - 2014-04-28 14:44 - 00396480 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsExec.exe
2016-06-11 03:07 - 2014-01-29 08:23 - 00227520 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\psping.exe
2016-06-11 03:07 - 2012-10-17 18:28 - 00171608 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\pspasswd.exe
2016-06-11 03:07 - 2012-10-01 09:23 - 00066582 _____ C:\Windows\system32\Pstools.chm
2016-06-11 03:07 - 2012-06-21 23:34 - 00468592 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\pskill.exe
2016-06-11 03:07 - 2012-03-22 15:53 - 00232232 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\pslist.exe
2016-06-11 03:07 - 2010-04-27 11:04 - 00390520 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsInfo.exe
2016-06-11 03:07 - 2010-04-27 11:04 - 00333176 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsGetsid.exe
2016-06-11 03:07 - 2010-04-27 11:04 - 00183160 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsLoggedon.exe
2016-06-11 03:07 - 2010-04-27 11:04 - 00178040 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\psloglist.exe
2016-06-11 03:07 - 2010-04-27 11:04 - 00169848 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsService.exe
2016-06-11 03:07 - 2007-11-06 09:17 - 00000039 _____ C:\Windows\system32\psversion.txt
2016-06-11 03:07 - 2006-12-04 17:53 - 00207664 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\psshutdown.exe
2016-06-11 03:07 - 2006-12-04 17:53 - 00187184 _____ (Sysinternals) C:\Windows\system32\pssuspend.exe
2016-06-11 03:07 - 2006-12-04 17:53 - 00105264 _____ (Sysinternals) C:\Windows\system32\psfile.exe
2016-06-11 03:07 - 2006-07-28 09:32 - 00007005 _____ C:\Windows\system32\Eula.txt
2016-06-11 02:58 - 2016-06-11 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2016-06-11 02:58 - 2016-06-11 02:58 - 00000886 _____ C:\Users\Public\Desktop\Age of Empires II.lnk
2016-06-11 02:01 - 2016-06-11 02:01 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-11 02:01 - 2016-06-03 09:38 - 39979576 _____ C:\Windows\system32\nvcompiler.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 35115456 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 25377848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 21802280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 21346712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 18143912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 17738592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 17290416 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 13460536 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-06-11 02:01 - 2016-06-03 09:38 - 10643240 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 08733608 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 03512888 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 03065280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436839.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436839.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00985144 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00908736 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00769984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00707520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00565392 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00476664 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00422752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00394912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00178136 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00153416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00131768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-06-11 02:01 - 2016-06-03 05:19 - 00113208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-06-11 02:01 - 2016-05-04 04:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-06-11 02:01 - 2016-05-04 04:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-06-11 02:01 - 2016-05-04 04:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-06-11 02:01 - 2016-05-04 04:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-06-11 01:31 - 2016-06-11 01:31 - 00000000 ____D C:\ProgramData\Steam
2016-06-06 22:52 - 2016-06-07 00:03 - 00000000 ____D C:\Users\Edo\AppData\Roaming\discord
2016-06-06 22:52 - 2016-06-06 22:52 - 00002147 _____ C:\Users\Edo\Desktop\Discord.lnk
2016-06-06 22:52 - 2016-06-06 22:52 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-06-06 22:52 - 2016-06-06 22:52 - 00000000 ____D C:\Users\Edo\AppData\Local\SquirrelTemp
2016-06-06 22:52 - 2016-06-06 22:52 - 00000000 ____D C:\Users\Edo\AppData\Local\Discord
2016-06-05 21:28 - 2016-06-05 21:28 - 00000871 _____ C:\Users\Edo\Desktop\Warcraft III.lnk
2016-06-05 19:46 - 2016-06-05 19:46 - 00000000 ____D C:\Users\Edo\AppData\Local\CrashRpt
2016-06-05 14:38 - 2016-06-05 14:51 - 00077393 _____ C:\Windows\War3Unin.dat
2016-06-05 14:38 - 2016-06-05 14:41 - 00139264 _____ (Blizzard Entertainment) C:\Windows\War3Unin.exe
2016-06-05 14:38 - 2016-06-05 14:41 - 00002829 _____ C:\Windows\War3Unin.pif
2016-06-05 14:38 - 2016-06-05 14:41 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
2016-06-05 14:17 - 2016-06-11 13:39 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-06-05 14:00 - 2016-06-05 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2016-06-04 16:12 - 2016-06-04 16:12 - 00001215 _____ C:\Users\Edo\Desktop\Audacity.lnk
2016-06-04 03:36 - 2016-06-04 03:36 - 00000926 _____ C:\Users\Edo\Desktop\Pokemon - Blue Kaizo Version.lnk
2016-05-31 02:19 - 2016-05-31 02:19 - 00001289 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2016-05-31 02:19 - 2016-05-31 02:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2016-05-30 18:43 - 2016-05-30 18:44 - 00000000 ____D C:\Users\Edo\AppData\Roaming\NVIDIA
2016-05-27 17:23 - 2016-05-27 17:23 - 00001269 _____ C:\Users\Edo\Desktop\MM Server Picker.lnk
2016-05-27 17:22 - 2016-05-27 17:22 - 00000757 _____ C:\Users\Edo\Desktop\chetos.lnk
2016-05-27 17:20 - 2016-05-27 17:20 - 00001197 _____ C:\Users\Edo\Desktop\Vibrance GUI.lnk
2016-05-27 17:14 - 2016-06-15 21:48 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-27 17:14 - 2016-06-03 05:26 - 06362560 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-05-27 17:14 - 2016-06-03 05:26 - 02453952 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-05-27 17:14 - 2016-06-03 05:26 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-05-27 17:14 - 2016-06-03 05:26 - 01351104 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-05-27 17:14 - 2016-06-03 05:26 - 00534072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-05-27 17:14 - 2016-06-03 05:26 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-05-27 17:14 - 2016-06-03 05:26 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-05-27 17:14 - 2016-06-03 05:26 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-05-27 17:14 - 2016-06-02 14:19 - 06452948 _____ C:\Windows\system32\nvcoproc.bin
2016-05-27 17:14 - 2016-05-20 09:01 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-05-27 17:14 - 2016-05-20 09:01 - 00201664 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-05-27 17:13 - 2016-06-03 09:38 - 31603768 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-05-27 17:13 - 2016-06-03 09:38 - 19180152 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-05-27 17:13 - 2016-06-03 09:38 - 16756888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-05-27 17:13 - 2016-06-03 09:38 - 14346320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-05-27 17:13 - 2016-06-03 09:38 - 03825896 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-05-27 17:13 - 2016-06-03 09:38 - 03383472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-05-27 17:13 - 2016-06-03 09:38 - 00039124 _____ C:\Windows\system32\nvinfo.pb
2016-05-27 17:13 - 2016-05-20 09:01 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436822.dll
2016-05-27 17:13 - 2016-05-20 09:01 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436822.dll
2016-05-27 17:13 - 2016-05-20 09:01 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-27 17:13 - 2016-05-20 09:01 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-05-27 17:02 - 2016-04-14 07:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-05-27 17:02 - 2016-04-14 07:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-27 17:02 - 2016-04-14 07:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-05-17 09:07 - 2016-05-17 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2016-05-17 09:06 - 2016-05-17 09:28 - 00000000 ____D C:\xampp
2016-05-17 08:10 - 2016-05-17 08:10 - 00123652 ____H C:\Windows\system32\mlfcache.dat
2016-05-17 06:40 - 2016-05-17 06:40 - 00000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\MinGW Installation Manager.lnk
2016-05-17 06:39 - 2016-05-17 06:45 - 00000000 ____D C:\MinGW
2016-05-17 06:15 - 2016-05-20 09:43 - 00000000 ____D C:\Users\Edo\AppData\Local\Eclipse
2016-05-17 06:14 - 2016-05-17 06:14 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-05-17 06:14 - 2016-05-17 06:14 - 00000000 ____D C:\Program Files\Java
2016-05-17 06:11 - 2016-05-20 09:43 - 00000000 ____D C:\Users\Edo\.p2
2016-05-17 06:11 - 2016-05-20 09:43 - 00000000 ____D C:\Program Files\eclipse
2016-05-17 06:11 - 2016-05-17 08:25 - 00000949 _____ C:\Users\Edo\Desktop\Eclipse.lnk
2016-05-17 06:11 - 2016-05-17 06:15 - 00000000 ____D C:\Users\Edo\.eclipse

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-15 21:56 - 2015-10-19 16:28 - 00000000 ____D C:\Users\Edo\AppData\Roaming\TS3Client
2016-06-15 21:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-15 21:49 - 2015-10-19 16:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-15 21:48 - 2015-11-14 05:46 - 00000000 ____D C:\Users\Edo\AppData\Local\TSVNCache
2016-06-15 21:48 - 2009-07-14 07:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-15 19:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
2016-06-15 19:00 - 2015-10-19 16:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-15 18:58 - 2015-10-19 15:20 - 00000000 ____D C:\Users\Edo
2016-06-15 18:55 - 2015-10-19 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-15 18:55 - 2015-10-19 16:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-15 18:48 - 2015-10-19 16:19 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-15 18:46 - 2016-01-17 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2016-06-15 18:45 - 2015-10-19 15:37 - 00000000 ____D C:\Users\Edo\AppData\Local\Deployment
2016-06-15 18:43 - 2015-10-19 19:30 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-06-15 18:43 - 2015-10-19 19:30 - 00000000 ____D C:\Program Files\Adobe
2016-06-15 18:43 - 2015-10-19 18:33 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Adobe
2016-06-15 18:42 - 2015-12-04 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2016-06-15 02:00 - 2015-10-19 18:33 - 00000000 ____D C:\Users\Edo\AppData\Local\Adobe
2016-06-15 01:21 - 2015-10-19 16:17 - 00000000 ____D C:\Users\Edo\AppData\Roaming\vlc
2016-06-15 00:46 - 2016-04-11 18:20 - 00000000 ____D C:\Users\Edo\AppData\Local\CrashDumps
2016-06-14 00:39 - 2015-10-19 16:55 - 00000000 ____D C:\Users\Edo\AppData\Roaming\uTorrent
2016-06-11 13:38 - 2015-11-02 11:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-11 13:38 - 2009-07-14 06:45 - 05009320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-11 03:52 - 2016-05-07 23:12 - 00000000 ____D C:\Users\Edo\AppData\Local\Battle.net
2016-06-11 03:02 - 2015-10-19 15:37 - 00089560 _____ C:\Users\Edo\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-11 02:02 - 2015-10-19 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-06-11 02:02 - 2015-10-19 15:40 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-06-11 01:31 - 2015-10-19 15:49 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-06-10 22:53 - 2016-05-07 05:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-10 19:36 - 2015-10-19 17:13 - 00000000 ____D C:\Users\Edo\AppData\Roaming\obs-studio
2016-06-10 17:49 - 2016-05-07 23:11 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-06-09 02:59 - 2015-10-19 15:38 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 23:08 - 2016-02-21 19:18 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Skype
2016-06-07 07:51 - 2015-10-24 11:08 - 00003394 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2016-06-07 07:51 - 2015-10-24 11:08 - 00003268 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2016-06-07 07:51 - 2015-10-24 11:08 - 00000000 ____D C:\Program Files (x86)\Gyazo
2016-06-05 19:47 - 2015-10-29 18:44 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2016-06-05 19:47 - 2015-10-29 18:44 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-06-05 19:46 - 2015-10-29 18:44 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-06-05 13:58 - 2015-10-19 17:02 - 00000000 ____D C:\Users\Edo\AppData\Roaming\DAEMON Tools Lite
2016-06-05 06:07 - 2015-10-20 21:39 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Audacity
2016-06-05 03:46 - 2015-10-20 01:52 - 00000000 ____D C:\Users\Edo\Documents\OFX Presets
2016-05-31 02:19 - 2015-10-19 17:39 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2016-05-30 17:48 - 2015-10-19 15:44 - 00000000 ____D C:\Users\Edo\AppData\Local\NVIDIA Corporation
2016-05-28 10:59 - 2015-11-02 16:19 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-28 10:59 - 2015-11-02 16:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-27 17:14 - 2015-10-19 15:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-05-27 17:14 - 2015-10-19 15:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-05-27 17:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2016-05-27 17:03 - 2015-10-19 15:44 - 00000000 ____D C:\Users\Edo\AppData\Local\NVIDIA
2016-05-27 14:41 - 2015-10-22 21:20 - 00000000 ____D C:\Users\Edo\AppData\Roaming\HandBrake
2016-05-26 23:00 - 2016-05-08 11:10 - 00000000 ____D C:\Users\Edo\Documents\Overwatch
2016-05-17 06:14 - 2015-11-02 11:14 - 00000000 ____D C:\Users\Edo\.oracle_jre_usage
2016-05-17 06:14 - 2015-11-02 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

==================== Files in the root of some directories =======

2016-03-10 00:58 - 2016-03-10 00:59 - 0001456 _____ () C:\Users\Edo\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-06-15 19:24 - 2016-06-15 19:24 - 0007679 _____ () C:\Users\Edo\AppData\Local\Resmon.ResmonCfg
2015-10-19 16:52 - 2015-10-19 16:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Edo\AppData\Local\Temp\130972278783419649.exe
C:\Users\Edo\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Edo\AppData\Local\Temp\EBU2BFD.exe
C:\Users\Edo\AppData\Local\Temp\EBU2C5B.DLL
C:\Users\Edo\AppData\Local\Temp\handbrake-setup.exe
C:\Users\Edo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Edo\AppData\Local\Temp\nvStInst.exe
C:\Users\Edo\AppData\Local\Temp\procexp64.exe
C:\Users\Edo\AppData\Local\Temp\proxy_vole8182631914574726674.dll
C:\Users\Edo\AppData\Local\Temp\SIntf16.dll
C:\Users\Edo\AppData\Local\Temp\SIntf32.dll
C:\Users\Edo\AppData\Local\Temp\SIntfNT.dll
C:\Users\Edo\AppData\Local\Temp\utils.dll
C:\Users\Edo\AppData\Local\Temp\vsredistsetup.exe
C:\Users\Edo\AppData\Local\Temp\war3_Install.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-07 01:54

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-06-2016
Ran by Edo (2016-06-15 22:15:09)
Running from D:\Tutto\Download
Windows 7 Ultimate Service Pack 1 (X64) (2015-10-19 13:20:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3000302092-2520746345-460137575-500 - Administrator - Disabled)
Edo (S-1-5-21-3000302092-2520746345-460137575-1000 - Administrator - Enabled) => C:\Users\Edo
Guest (S-1-5-21-3000302092-2520746345-460137575-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3000302092-2520746345-460137575-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
7-Zip 15.09 beta (x64) (HKLM\...\7-Zip) (Version: 15.09 - Igor Pavlov)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 7.1 - PainteR)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
Aggiornamenti NVIDIA 2.11.3.5 (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
AutoHotkey 1.1.22.07 (HKLM\...\AutoHotkey) (Version: 1.1.22.07 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version: - Treyarch)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
devkitProUpdater 1.6.0 (HKLM-x32\...\devkitProUpdater) (Version: 1.6.0 - devkitPro)
Discord (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\Discord) (Version: 0.0.291 - Hammer & Chisel, Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Epic Games Launcher (HKLM-x32\...\{4620A9CA-A0D7-4F15-BA89-4545B5372345}) (Version: 1.1.60.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
f.lux (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\Flux) (Version: - )
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
Gameforge Live 2.0.10 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.10 - Gameforge)
GameRanger (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\GameRanger) (Version: - GameRanger Technologies)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Git version 2.8.1 (HKLM\...\Git_is1) (Version: 2.8.1 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grim Fandango Remastered (HKLM-x32\...\1207667183_is1) (Version: 2.0.0.2 - GOG.com)
Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 it) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 it)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
NVIDIA Driver 3D Vision 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation)
NVIDIA Driver grafico 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.11.2.10120 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Pannello di controllo NVIDIA 368.39 (Version: 368.39 - NVIDIA Corporation) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pokemon Online versione 2.6.2.1 (HKLM-x32\...\{3D3DE059-3951-47BE-BD7C-664898D14138}_is1) (Version: 2.6.2.1 - Pokemon Online)
Popcorn-Time (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time)
Python 2.7.11 (64-bit) (HKLM\...\{16E52445-1392-469F-9ADB-FC03AF00CD62}) (Version: 2.7.11150 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Scrap Mechanic (HKLM-x32\...\Steam App 387990) (Version: - Axolot Games)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Software della webcam Logitech (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tastiera italiana estesa (1.2) (HKLM\...\{0B02661F-0C23-4182-9FD7-09EDC02A8AB0}) (Version: 1.0.3.40 - tastiera-estesa.it)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TortoiseSVN 1.9.2.26806 (64 bit) (HKLM\...\{8A5AA5D6-F797-4ED3-AE08-35EF5433409E}) (Version: 1.9.26806 - TortoiseSVN)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\Warcraft III) (Version: - )
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.21-0 - Bitnami)
YTD Video Downloader 5.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.6 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3000302092-2520746345-460137575-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3000302092-2520746345-460137575-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3000302092-2520746345-460137575-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3377629B-F584-4F47-ADD9-EC6FBC6E857F} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {4348C2DB-642F-472E-BDE5-10B7C61FF3CD} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {A78B98F1-99BB-49F7-8CB4-948A6574BECE} - System32\Tasks\AdobeAAMUpdater-1.0-HAF-X-Edo => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {FC49CB74-2C26-4281-8595-AA7875DA15A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-05-27 17:14 - 2016-06-03 05:26 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-22 21:32 - 2015-09-22 21:32 - 00093568 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2016-04-03 15:10 - 2016-05-02 07:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-03 15:10 - 2016-05-02 07:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-03 15:10 - 2016-05-02 07:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-02 12:06 - 2016-05-02 07:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-29 18:43 - 2015-10-29 18:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-04-03 15:10 - 2016-05-02 07:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-03 15:10 - 2016-05-02 07:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-03 15:10 - 2016-05-02 07:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-02 12:06 - 2016-05-02 07:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-03 15:10 - 2016-05-02 07:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-03 15:10 - 2016-05-02 07:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-10-22 13:22 - 2016-04-27 15:25 - 00174872 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2015-10-22 13:21 - 2016-04-27 15:25 - 00103192 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2015-10-22 13:21 - 2016-04-27 15:25 - 00107800 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2015-10-22 13:22 - 2016-04-27 15:25 - 00312088 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2016-01-09 07:52 - 2016-01-09 07:52 - 00486912 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\soundboard.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00143891 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 02750483 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00618515 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00079379 _____ () C:\Program Files\VideoLAN\VLC\libgcc_s_seh-1.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00038419 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00035347 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00083987 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00075795 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2015-10-22 13:22 - 2016-04-27 15:25 - 00485656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2015-05-26 12:51 - 2015-05-26 12:51 - 03499008 _____ () C:\Program Files\Adobe\Adobe Audition CC 2015\DNxHDCodec.dll
2015-10-19 15:40 - 2016-05-02 08:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-19 16:23 - 2016-04-29 22:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-10-19 16:23 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-10-19 16:23 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-10-19 16:23 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-10-19 16:23 - 2016-06-15 02:47 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2015-10-19 16:23 - 2016-02-09 01:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-10-19 16:23 - 2016-02-09 01:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-10-19 16:23 - 2016-02-09 01:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-10-19 16:23 - 2016-02-09 01:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-10-19 16:23 - 2016-02-09 01:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-10-19 16:23 - 2016-06-15 02:47 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 01:12 - 2016-02-18 00:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-10-19 16:23 - 2016-06-14 21:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-04-17 19:49 - 2010-01-14 23:35 - 00093696 _____ () D:\Tutto\Giochi\ReactMW2\miles\mssmp3.asi
2016-04-17 19:49 - 2015-02-27 03:59 - 00038400 _____ () D:\Tutto\Giochi\ReactMW2\miles\mssogg.asi
2016-04-17 19:49 - 2010-01-14 23:35 - 00153088 _____ () D:\Tutto\Giochi\ReactMW2\miles\mssvoice.asi
2016-04-17 19:49 - 2010-01-14 23:35 - 00114688 _____ () D:\Tutto\Giochi\ReactMW2\miles\milesEq.flt
2016-04-17 19:49 - 2010-01-14 23:34 - 00012288 _____ () D:\Tutto\Giochi\ReactMW2\miles\mssds3d.flt
2016-04-17 19:49 - 2010-01-14 23:35 - 00058368 _____ () D:\Tutto\Giochi\ReactMW2\miles\msseax.flt
2015-09-22 20:52 - 2015-09-22 20:52 - 00073088 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\Temp:$DATA [16]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-10-21 12:07 - 00001023 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3000302092-2520746345-460137575-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACTION_SVC => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupfolder: C:^Users^Edo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrazione prodotti.lnk => C:\Windows\pss\Logitech . Registrazione prodotti.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Edo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Skype => "D:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Usrcheat Downloader => D:\Program Files (x86)\usrcheat downlaoder\usrcheat_downloader.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3849D111-558B-4CEF-B146-A5614F71342A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8D880711-D5F4-42FD-AA74-759311049982}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F8C28636-5F00-4538-A786-4E9C909C9D04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0BBF534F-5525-4728-919F-A5298084C5D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{165587E7-DEC1-4D91-A575-FE76C444AFE7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B616B713-DCFF-49CC-A998-677537527441}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{84F60875-DCCF-40AD-B9ED-4C62428D715B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8DFC2369-8AAE-41A6-A3D9-7D9AF6A66C6B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7460BFF8-789E-4804-A4F5-FDAD0B9C889F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3D0194E0-7A98-4A46-A317-803AB8BB01D2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3A652C0C-7496-484B-89F0-3C0849A82809}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3A43BF03-8E6D-4E52-9516-3C9A984E113A}] => (Allow) C:\Users\Edo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4150A7BB-DEB5-41A8-8518-FE48133ABCC1}] => (Allow) C:\Users\Edo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1405E9C4-F053-4429-9BE0-898C6D8E6E44}] => (Allow) C:\Users\Edo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{46BD7137-A364-48C6-8522-E2ADAAD62787}] => (Allow) C:\Users\Edo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{844EA764-928D-4D79-8C58-1448AB8FC5E3}] => (Allow) C:\Users\Edo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A76C3673-4A2D-4AFA-922D-689C5AED86D7}] => (Allow) C:\Users\Edo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54C9BA29-F52F-44B3-B648-1E713B5F84AE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{94B05538-368C-4E56-8E4F-94EA6EA89FAA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{59B95B91-E68D-427A-8E15-30CB8595276E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EC50359D-5C9B-46CB-8765-FEE7464C9BB1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AAF00C47-9894-4E69-92BD-CD82F513FEFC}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015\Support Files\AfterFX.exe
FirewallRules: [{7A8A2CB2-291C-42D3-B380-A737AFBEB8D3}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015\Support Files\AfterFX.exe
FirewallRules: [{8562111E-4D35-40FF-A7D6-267D7FCADB88}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{A0C32A9F-31C9-45F1-BD26-3441F35F3F9F}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC\Adobe Audition CC.exe
FirewallRules: [{E3B14E9B-1E79-4A2E-A97E-E7BEB01BE9A7}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{8D4979D9-1B3F-4F64-BC3F-685443B592E7}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{9AED9F43-4BDD-42AE-9C71-C8A947D19C1D}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{E5465A7A-2CD7-48C0-9A43-620764D9F065}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{9BF8C29B-A9A1-4463-953D-12F3CF44C64A}] => (Block) %ProgramFiles%\Adobe\Adobe Character Animator (Preview)\Support Files\Character Animator.exe
FirewallRules: [{F4F5DED6-D613-4DE7-A2A7-38FFC47B1CD7}] => (Block) %ProgramFiles%\Adobe\Adobe Character Animator (Preview)\Support Files\Character Animator.exe
FirewallRules: [TCP Query User{835A92D8-835A-4521-BE47-5E259D7AE48F}D:\program files (x86)\cod4\iw3mp.exe] => (Allow) D:\program files (x86)\cod4\iw3mp.exe
FirewallRules: [UDP Query User{3B51FDEE-F295-4CBD-80DE-44DA5407BCB8}D:\program files (x86)\cod4\iw3mp.exe] => (Allow) D:\program files (x86)\cod4\iw3mp.exe
FirewallRules: [{676D622D-88B9-4B0C-8CBF-50EA2CE61E6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CCE2FD51-9A7F-41A9-B7A8-4A4337C2374F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{091C6F50-450E-4247-AF9B-71553CB2E991}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8577520E-3786-4115-9BB7-469226D7625E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C6E45DFD-8230-4117-A2E4-64D699CB28CA}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B9681802-82AF-4774-B7DB-2FBD82C644B3}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{2C86F456-4CA9-4852-A9CC-DF8634897607}D:\steam\steamapps\common\call of duty black ops ii\t6mp.exe] => (Allow) D:\steam\steamapps\common\call of duty black ops ii\t6mp.exe
FirewallRules: [UDP Query User{8D946978-14A4-4C1B-9BD1-F605026AD2B6}D:\steam\steamapps\common\call of duty black ops ii\t6mp.exe] => (Allow) D:\steam\steamapps\common\call of duty black ops ii\t6mp.exe
FirewallRules: [{7CF0873C-8CC6-45BB-B1EE-5A67FCA69227}] => (Allow) D:\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{DA4357BD-471E-43D5-A58E-3208137F5F2F}] => (Allow) D:\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{EA122337-6A73-40F4-83B5-2E248A4EFD79}] => (Allow) D:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{47E35548-8F1A-4BF7-BD9C-4A70E13F5C90}] => (Allow) D:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{F0405827-E2DB-4F0B-8112-0F1B115641C0}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{91C6DF17-B4AE-41AB-BF95-01E075008D36}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{249D55AB-8C75-487A-BD38-5F526664B96B}D:\tutto\giochi\repzmw2\iw4m.exe] => (Allow) D:\tutto\giochi\repzmw2\iw4m.exe
FirewallRules: [UDP Query User{8833F4CB-E8D9-4906-AFF9-52581C6098C0}D:\tutto\giochi\repzmw2\iw4m.exe] => (Allow) D:\tutto\giochi\repzmw2\iw4m.exe
FirewallRules: [TCP Query User{5727BDD2-493B-47FB-B3F4-7B2611782541}C:\users\edo\appdata\local\apps\2.0\pjykvzoa.0gx\0nwy5ydl.ta2\repz..tion_14c6f330b0eaf23d_0001.0000_8b80b3a54a980325\repzlauncher.exe] => (Allow) C:\users\edo\appdata\local\apps\2.0\pjykvzoa.0gx\0nwy5ydl.ta2\repz..tion_14c6f330b0eaf23d_0001.0000_8b80b3a54a980325\repzlauncher.exe
FirewallRules: [UDP Query User{4092D9C9-688F-44BA-A2FC-940ED7B6E4F9}C:\users\edo\appdata\local\apps\2.0\pjykvzoa.0gx\0nwy5ydl.ta2\repz..tion_14c6f330b0eaf23d_0001.0000_8b80b3a54a980325\repzlauncher.exe] => (Allow) C:\users\edo\appdata\local\apps\2.0\pjykvzoa.0gx\0nwy5ydl.ta2\repz..tion_14c6f330b0eaf23d_0001.0000_8b80b3a54a980325\repzlauncher.exe
FirewallRules: [{93BFA075-DAE0-4EAE-9078-C869AD597F63}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{21E1D985-9CF2-48B7-A084-DA79165BD812}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8F114BDF-FA10-4874-9B86-90C191AF1403}] => (Allow) D:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{9DF6B441-86A3-462E-8950-89252CF942C1}D:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe
FirewallRules: [UDP Query User{95ED1E0C-3EDB-484B-BAC7-8C6DB45FE0FA}D:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe
FirewallRules: [TCP Query User{CD1A2AC9-2AA1-43BD-BFA2-7ECB8B470793}D:\program files (x86)\cod4\iw3mp.exe] => (Allow) D:\program files (x86)\cod4\iw3mp.exe
FirewallRules: [UDP Query User{54920709-ABD5-4F49-9C47-EC43B08BD1BB}D:\program files (x86)\cod4\iw3mp.exe] => (Allow) D:\program files (x86)\cod4\iw3mp.exe
FirewallRules: [TCP Query User{E6588481-2A93-4818-AD1F-01B6C5FA64AE}C:\users\edo\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\edo\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{30667DAD-0200-4BDE-8F0C-D44055C906F6}C:\users\edo\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\edo\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{F141E2EF-0389-421B-8A9D-4BB95EED1FB4}D:\tutto\giochi\metin2\aroka2\aroka2.exe] => (Allow) D:\tutto\giochi\metin2\aroka2\aroka2.exe
FirewallRules: [UDP Query User{3956B98A-F0E1-4605-B8C0-74809ECBBEFA}D:\tutto\giochi\metin2\aroka2\aroka2.exe] => (Allow) D:\tutto\giochi\metin2\aroka2\aroka2.exe
FirewallRules: [{05A1B13D-382E-4C2D-BF49-80924976CB74}] => (Allow) D:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{458A51C9-7440-411A-8368-B15789741888}] => (Allow) D:\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{9D2C80EE-6377-4AB5-BAF8-F0F536B50ED1}] => (Allow) D:\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [TCP Query User{82D6172D-AB69-4758-88BC-AE19E4BCAE2C}D:\tutto\giochi\urbanterror42\quake3-urt.exe] => (Allow) D:\tutto\giochi\urbanterror42\quake3-urt.exe
FirewallRules: [UDP Query User{C59EA3E5-AEE1-47D2-90C7-3184BA9E3C37}D:\tutto\giochi\urbanterror42\quake3-urt.exe] => (Allow) D:\tutto\giochi\urbanterror42\quake3-urt.exe
FirewallRules: [TCP Query User{36D57D74-E3C9-4574-9C79-0B32A2B78F9A}D:\tutto\giochi\urbanterror42\quake3-urt-ded.exe] => (Allow) D:\tutto\giochi\urbanterror42\quake3-urt-ded.exe
FirewallRules: [UDP Query User{5343EE71-336D-4713-A95C-1D4188F0F5F2}D:\tutto\giochi\urbanterror42\quake3-urt-ded.exe] => (Allow) D:\tutto\giochi\urbanterror42\quake3-urt-ded.exe
FirewallRules: [TCP Query User{400A2162-A6F9-40B6-AC99-91FCDC9F2764}D:\program files (x86)\popcorn\popcorn-time\nw.exe] => (Allow) D:\program files (x86)\popcorn\popcorn-time\nw.exe
FirewallRules: [UDP Query User{C7733605-0ECD-4A6D-B54C-87ADEE529C17}D:\program files (x86)\popcorn\popcorn-time\nw.exe] => (Allow) D:\program files (x86)\popcorn\popcorn-time\nw.exe
FirewallRules: [TCP Query User{4A4809AA-83B4-4AE9-B403-61D6C7BB7A62}D:\program files (x86)\popcorn\popcorn-time\popcorn-time.exe] => (Allow) D:\program files (x86)\popcorn\popcorn-time\popcorn-time.exe
FirewallRules: [UDP Query User{21390E9A-BAF3-42AE-AC54-B1B99FBA7D3C}D:\program files (x86)\popcorn\popcorn-time\popcorn-time.exe] => (Allow) D:\program files (x86)\popcorn\popcorn-time\popcorn-time.exe
FirewallRules: [TCP Query User{30CDD089-0805-40ED-A323-CB3023530BA4}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{D3F6D1D0-D8FB-4CFF-9176-392859F95F07}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{601F1561-CD09-4D36-AD3F-F02BC515C8A0}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{3E6F19DF-0DE2-41A7-8B8D-182F48A62618}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{41C186D5-CF3A-4314-84EE-0DBC2080EF3B}D:\program files (x86)\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) D:\program files (x86)\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [UDP Query User{A29FEF75-3C84-40A1-AD04-A91D5CB9EECD}D:\program files (x86)\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) D:\program files (x86)\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [TCP Query User{7ABC262D-3333-441E-9B48-5F0F6166A7EC}D:\program files (x86)\cod4 (game backup)\iw3mp.exe] => (Allow) D:\program files (x86)\cod4 (game backup)\iw3mp.exe
FirewallRules: [UDP Query User{930911EF-6315-4C62-8E73-CE311239DD3A}D:\program files (x86)\cod4 (game backup)\iw3mp.exe] => (Allow) D:\program files (x86)\cod4 (game backup)\iw3mp.exe
FirewallRules: [TCP Query User{4302EAE2-B8D8-499F-935A-EEC1C718CDF3}D:\tutto\giochi\reactmw2\iw4m.exe] => (Allow) D:\tutto\giochi\reactmw2\iw4m.exe
FirewallRules: [UDP Query User{DC99DC8C-92A2-4361-9397-08C05319100D}D:\tutto\giochi\reactmw2\iw4m.exe] => (Allow) D:\tutto\giochi\reactmw2\iw4m.exe
FirewallRules: [TCP Query User{AD49DCA4-6798-4262-8D3E-4753E79EE9A3}D:\tutto\giochi\rektmw2\nuova cartella\launchiw4m.exe] => (Allow) D:\tutto\giochi\rektmw2\nuova cartella\launchiw4m.exe
FirewallRules: [UDP Query User{45114D8F-EE9D-4A76-8844-EBF00BA16156}D:\tutto\giochi\rektmw2\nuova cartella\launchiw4m.exe] => (Allow) D:\tutto\giochi\rektmw2\nuova cartella\launchiw4m.exe
FirewallRules: [TCP Query User{F185662E-AC18-4F8D-AA4E-FF6795955D99}D:\tutto\giochi\battle.net\overwatch\overwatch.exe] => (Allow) D:\tutto\giochi\battle.net\overwatch\overwatch.exe
FirewallRules: [UDP Query User{8AE14C77-47DB-4F80-8F32-B89D81E6F2E3}D:\tutto\giochi\battle.net\overwatch\overwatch.exe] => (Allow) D:\tutto\giochi\battle.net\overwatch\overwatch.exe
FirewallRules: [{E173B4A5-95A1-422B-A8CE-768A9E08C14A}] => (Allow) D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{2C6C6479-C543-4546-930A-716466306DDB}] => (Allow) D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{17A7ED91-BFE9-4E28-B301-86DD7D60F335}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{C48110F1-1E1C-48A3-A45A-2BD0E8135465}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{9AA05A8F-4903-4F2E-8CB0-39799299702D}D:\program files (x86)\eclipse\workspace\tcp\debug\tcp.exe] => (Allow) D:\program files (x86)\eclipse\workspace\tcp\debug\tcp.exe
FirewallRules: [UDP Query User{3C25CA5F-26F5-42B7-8310-5A06EA387DF5}D:\program files (x86)\eclipse\workspace\tcp\debug\tcp.exe] => (Allow) D:\program files (x86)\eclipse\workspace\tcp\debug\tcp.exe
FirewallRules: [{375E6467-3516-4850-8DF9-5D3E2405266C}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{81822310-A1D2-4A53-9D24-9F13C4E7840B}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{48678764-C77A-458B-9463-1C631FEBC831}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{43212F61-8667-4C1F-8E9A-97A66FAC540E}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{A7C5BD6C-7211-49C9-8D2A-D8FBF70D631E}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{48C92702-5FB0-4E97-97D4-77FD6F7B2FC8}] => (Allow) D:\Tutto\Giochi\Age Of Empires II\age2_x1\age2_x2.exe
FirewallRules: [{20049911-F208-4BEC-A83D-DD89885B825C}] => (Allow) D:\Tutto\Giochi\Age Of Empires II\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{89039E00-2FA5-48C6-BF46-D893969D38EB}D:\tutto\giochi\age of empires ii\age2_x1\age2_x1.exe] => (Allow) D:\tutto\giochi\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{DD12517F-0739-4D08-9593-99EEA1048BD2}D:\tutto\giochi\age of empires ii\age2_x1\age2_x1.exe] => (Allow) D:\tutto\giochi\age of empires ii\age2_x1\age2_x1.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Controller PCI Simple Communications
Description: Controller PCI Simple Communications
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Controller video
Description: Controller video
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Controller USB ( Universal Serial Bus)
Description: Controller USB ( Universal Serial Bus)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2016 09:54:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Impossibile leggere le stringhe dei contatori delle prestazioni definite per l'ID lingua 010. Il primo valore DWORD nella sezione Data contiene il codice di errore Win32.

Error: (06/15/2016 09:54:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Impossibile leggere le stringhe dei contatori delle prestazioni definite per l'ID lingua 009. Il primo valore DWORD nella sezione Data contiene il codice di errore Win32.

Error: (06/15/2016 09:54:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Impossibile leggere le stringhe dei contatori delle prestazioni definite per l'ID lingua 010. Il primo valore DWORD nella sezione Data contiene il codice di errore Win32.

Error: (06/15/2016 09:54:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Impossibile leggere le stringhe dei contatori delle prestazioni definite per l'ID lingua 009. Il primo valore DWORD nella sezione Data contiene il codice di errore Win32.

Error: (06/15/2016 09:48:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: svchost.exe, versione: 6.1.7600.16385, timestamp: 0x4a5bc3c1
Nome del modulo che ha generato l'errore: ESENT.dll_unloaded, versione: 0.0.0.0, timestamp: 0x4ce7c6a2
Codice eccezione: 0xc0000005
Offset errore 0x000007fef8dd1e30
ID processo che ha generato l'errore: 0x104
Ora di avvio dell'applicazione che ha generato l'errore: 0xsvchost.exe0
Percorso dell'applicazione che ha generato l'errore: svchost.exe1
Percorso del modulo che ha generato l'errore: svchost.exe2
ID segnalazione: svchost.exe3


System errors:
=============
Error: (06/15/2016 09:48:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
cdrom

Error: (06/15/2016 09:48:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Windows Management Instrumentation è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 120000 millisecondi: Restart the service.

Error: (06/15/2016 09:48:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Themes è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Restart the service.

Error: (06/15/2016 09:48:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Shell Hardware Detection è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Restart the service.

Error: (06/15/2016 09:48:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio System Event Notification Service è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 120000 millisecondi: Restart the service.

Error: (06/15/2016 09:48:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Task Scheduler è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Restart the service.

Error: (06/15/2016 09:48:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio User Profile Service è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 120000 millisecondi: Restart the service.

Error: (06/15/2016 09:48:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Multimedia Class Scheduler è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 120000 millisecondi: Restart the service.

Error: (06/15/2016 09:48:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Server è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Restart the service.

Error: (06/15/2016 09:48:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio IP Helper è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 120000 millisecondi: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 46%
Total physical RAM: 8086 MB
Available physical RAM: 4317.21 MB
Total Virtual: 16170.19 MB
Available Virtual: 11545.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:64.8 GB) NTFS
Drive d: () (Fixed) (Total:931.5 GB) (Free:549.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 76A82BEE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 0825E04B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 20 June 2016 - 10:05 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 AM

Posted 20 June 2016 - 10:16 AM

Greetings d0dUxDJ and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall all Adobe products and all other products for which you do not have a valid Product Key. If you are willing to do that please right click on FRST rename it to FRST64english. Check Addition.txt and scan your computer again, posting both logs. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you desire to continue please do this also.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST logs (2)
  • ckfiles.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 d0dUxDJ

d0dUxDJ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:02:03 PM

Posted 20 June 2016 - 01:54 PM

Sure thing, name's Edoardo, or Edo. Thanks Gary for your post. I uninstalled all Adobe products and ran the scan, sorry about that. The PC is also used by my brother and I'm not sure whether there are more cracked programs. If so, please do tell me, I will remove them. I am not letting him use the computer for the time being so no other software will be installed at all.

 

Renamed FRST to FRST64english and ran it; results:

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016 01
Ran by Edo (administrator) on HAF-X (20-06-2016 20:52:33)
Running from C:\Users\Edo\Desktop
Loaded Profiles: Edo (Available Profiles: Edo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Inglese (Stati Uniti)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Totalidea Software) C:\Windows\System32\Tweak7SystemService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Flux Software LLC) C:\Users\Edo\AppData\Local\FluxSoftware\Flux\flux.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Don HO don.h@free.fr) D:\Program Files (x86)\Notepad++\notepad++.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Edo\Desktop\FRST64english.exe
(Farbar) C:\Users\Edo\Desktop\FRST64english.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [!Tweak7SystemService] => net Start Tweak7SystemService
HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\Run: [f.lux] => C:\Users\Edo\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\MountPoints2: {fcf99702-2b12-11e6-81e6-bc5ff45b0521} - E:\aocsetup.exe /autorun
HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\MountPoints2: {fcf99711-2b12-11e6-81e6-bc5ff45b0521} - F:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-10-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{02CCBA1B-B585-41A0-83FA-706EF7700B9A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-17] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-17] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-28] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-28] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-3000302092-2520746345-460137575-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Edo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3000302092-2520746345-460137575-1000: @talk.google.com/O1DPlugin -> C:\Users\Edo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3000302092-2520746345-460137575-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-3000302092-2520746345-460137575-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Edo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Edo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Web Developer - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-04-27]
FF Extension: Google Translator for Firefox - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\extensions\translator@zoli.bod.xpi [2016-04-28]
FF Extension: Greasemonkey - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-04-29]
FF Extension: MEGA - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\Extensions\firefox@mega.co.nz.xpi [2016-06-16]
FF Extension: uBlock Origin - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\Extensions\uBlock0@raymondhill.net.xpi [2016-05-02]
FF Extension: Adblock Plus - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.it/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Steam Community SteamRep Integration) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaclmldkenecanphogeaacolljiphmnk [2015-10-19]
CHR Extension: (Presentazioni Google) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-19]
CHR Extension: (Steam item search between friends.) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajlddciniccidokpjhppahkoefohkchg [2015-10-19]
CHR Extension: (Documenti Google) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-19]
CHR Extension: (Google Drive) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (MEGA) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-05-23]
CHR Extension: (YouTube) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-19]
CHR Extension: (Google Search) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Fogli Google) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-19]
CHR Extension: (FBDown Video Downloader) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2016-05-07]
CHR Extension: (Stylish) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-05-07]
CHR Extension: (Google Documenti offline) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-07]
CHR Extension: (AdBlock) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-23]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2016-05-07]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-05-07]
CHR Extension: (Window Resizer) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2016-05-23]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-07]
CHR Extension: (Gmail) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-19]
CHR Extension: (Reddit Trading Flair Linker Enhanced) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnahghpneiabcncanmccahgloopbbbgp [2015-10-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-01-22] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-10-29] ()
S3 PSEXESVC; C:\Windows\PSEXESVC.exe [189792 2016-06-11] (Sysinternals)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 Tweak7SystemService; C:\Windows\system32\Tweak7SystemService.exe [132288 2016-02-15] (Totalidea Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-10-19] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11968 2000-06-28] () [File not signed]
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows ® Win 7 DDK provider)
S3 HWiNFO32; \??\C:\Users\Edo\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-20 20:50 - 2016-06-20 20:52 - 00017602 _____ C:\Users\Edo\Desktop\FRST.txt
2016-06-20 20:50 - 2016-06-20 20:50 - 00468480 _____ () C:\Users\Edo\Desktop\CKScanner.exe
2016-06-20 20:49 - 2016-06-20 20:49 - 02387456 _____ (Farbar) C:\Users\Edo\Desktop\FRST64english.exe
2016-06-19 21:16 - 2016-06-19 21:16 - 00002257 _____ C:\Users\Edo\AppData\Local\recently-used.xbel
2016-06-19 20:05 - 2016-06-19 20:05 - 00000000 ____D C:\Users\Edo\AppData\Local\fontconfig
2016-06-19 20:04 - 2016-06-19 20:06 - 00000000 ____D C:\Users\Edo\AppData\Local\meld
2016-06-19 20:04 - 2016-06-19 20:04 - 00000000 ____D C:\Users\Edo\.dbus-keyrings
2016-06-19 20:02 - 2016-06-19 20:02 - 00000835 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Meld.lnk
2016-06-19 20:02 - 2016-06-19 20:02 - 00000000 ____D C:\Program Files (x86)\Meld
2016-06-19 16:06 - 2016-06-19 16:06 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Sublime Text 3
2016-06-19 16:06 - 2016-06-19 16:06 - 00000000 ____D C:\Users\Edo\AppData\Local\Sublime Text 3
2016-06-19 15:57 - 2016-06-19 15:57 - 00000886 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2016-06-19 15:57 - 2016-06-19 15:57 - 00000000 ____D C:\Program Files\Sublime Text 3
2016-06-17 19:03 - 2016-06-17 19:03 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Tweak-7
2016-06-17 19:03 - 2016-06-17 19:03 - 00000000 ____D C:\Users\Edo\AppData\Local\Totalidea_Software_GmbH
2016-06-17 19:02 - 2016-06-17 19:02 - 00020105 _____ C:\Windows\Tweak-7 Setup Log.txt
2016-06-17 19:02 - 2016-06-17 19:02 - 00001921 _____ C:\Users\Edo\Desktop\Tweak-7.lnk
2016-06-17 19:02 - 2016-06-17 19:02 - 00001802 _____ C:\Users\Edo\Desktop\Shutdown Windows 7.lnk
2016-06-17 19:02 - 2016-06-17 19:02 - 00001798 _____ C:\Users\Edo\Desktop\Suspend Windows 7.lnk
2016-06-17 19:02 - 2016-06-17 19:02 - 00001798 _____ C:\Users\Edo\Desktop\Restart Windows 7.lnk
2016-06-17 19:02 - 2016-06-17 19:02 - 00000000 ____D C:\Windows\Tweak-7
2016-06-17 19:02 - 2016-06-17 19:02 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweak-7
2016-06-17 19:02 - 2016-06-17 19:02 - 00000000 ____D C:\Program Files\Tweak-7
2016-06-15 23:34 - 2016-05-24 01:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 23:34 - 2016-05-24 00:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-15 23:34 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 23:34 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 23:34 - 2016-05-21 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 23:34 - 2016-05-21 00:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 23:34 - 2016-05-21 00:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-15 23:34 - 2016-05-21 00:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 23:34 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 23:34 - 2016-05-21 00:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 23:34 - 2016-05-21 00:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 23:34 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 23:34 - 2016-05-21 00:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 23:34 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 23:34 - 2016-05-21 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 23:34 - 2016-05-20 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 23:34 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 23:34 - 2016-05-20 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-15 23:34 - 2016-05-20 23:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-15 23:34 - 2016-05-20 23:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 23:34 - 2016-05-20 23:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-15 23:34 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 23:34 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 23:34 - 2016-05-20 23:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 23:34 - 2016-05-20 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 23:34 - 2016-05-20 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 23:34 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 23:34 - 2016-05-20 23:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-15 23:34 - 2016-05-20 23:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-15 23:34 - 2016-05-20 23:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 23:34 - 2016-05-20 23:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-15 23:34 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 23:34 - 2016-05-20 23:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-15 23:34 - 2016-05-20 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-15 23:34 - 2016-05-20 23:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 23:34 - 2016-05-20 23:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-15 23:34 - 2016-05-20 23:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 23:34 - 2016-05-20 23:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 23:34 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 23:34 - 2016-05-20 23:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 23:34 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 23:34 - 2016-05-20 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-15 23:34 - 2016-05-20 23:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-15 23:34 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 23:34 - 2016-05-20 23:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-15 23:34 - 2016-05-20 23:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-15 23:34 - 2016-05-20 23:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 23:34 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 23:34 - 2016-05-20 23:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-15 23:34 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 23:34 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 23:34 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 23:34 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 23:34 - 2016-05-20 23:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 23:34 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 23:34 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 23:34 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 23:34 - 2016-05-20 23:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 23:34 - 2016-05-20 23:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-15 23:34 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 23:34 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 23:34 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 23:34 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 23:34 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 23:34 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 23:34 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 23:34 - 2016-05-18 18:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 23:34 - 2016-05-18 18:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 23:34 - 2016-05-14 00:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 23:34 - 2016-05-14 00:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 23:34 - 2016-05-14 00:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 23:34 - 2016-05-14 00:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 23:34 - 2016-05-14 00:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 23:34 - 2016-05-13 23:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 23:34 - 2016-05-13 23:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-15 23:34 - 2016-05-13 23:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 23:34 - 2016-05-13 23:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-15 23:34 - 2016-05-13 23:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 23:34 - 2016-05-12 19:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 23:34 - 2016-05-12 19:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 23:34 - 2016-05-12 19:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 23:34 - 2016-05-12 19:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 23:34 - 2016-05-12 19:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 23:34 - 2016-05-12 19:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 23:34 - 2016-05-12 19:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 23:34 - 2016-05-12 19:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 23:34 - 2016-05-12 19:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 23:34 - 2016-05-12 19:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-15 23:34 - 2016-05-12 17:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-15 23:34 - 2016-05-12 17:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 23:34 - 2016-05-12 17:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 23:34 - 2016-05-12 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 23:34 - 2016-05-12 16:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 23:34 - 2016-05-12 16:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 23:34 - 2016-05-12 16:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 23:34 - 2016-05-12 16:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 23:34 - 2016-05-12 16:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 23:34 - 2016-05-12 16:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 23:34 - 2016-05-12 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-15 23:34 - 2016-05-12 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 23:34 - 2016-05-12 16:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-06-15 23:34 - 2016-05-12 16:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-15 23:34 - 2016-05-12 16:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-15 23:34 - 2016-05-12 15:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 23:34 - 2016-05-12 15:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 23:34 - 2016-05-12 15:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 23:34 - 2016-05-11 19:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 23:34 - 2016-05-11 19:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 23:34 - 2016-05-11 19:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 23:34 - 2016-05-11 19:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 23:34 - 2016-05-11 17:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 23:34 - 2016-05-11 17:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 23:34 - 2016-05-11 17:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 23:34 - 2016-05-11 17:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 23:34 - 2016-05-11 17:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 23:34 - 2016-05-11 17:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-15 23:34 - 2016-05-11 16:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 22:14 - 2016-06-20 20:52 - 00000000 ____D C:\FRST
2016-06-15 21:54 - 2016-06-20 20:52 - 00006172 _____ C:\Windows\system32\PerfStringBackup.TMP
2016-06-15 21:50 - 2016-06-20 15:49 - 00013040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-15 21:50 - 2016-06-20 15:49 - 00013040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-15 21:48 - 2016-06-20 20:46 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-15 19:31 - 2016-06-15 19:31 - 00000000 ____D C:\f4a9135958f4e456d8b9d4dd42
2016-06-15 19:24 - 2016-06-15 19:24 - 00007679 _____ C:\Users\Edo\AppData\Local\Resmon.ResmonCfg
2016-06-15 18:45 - 2016-06-15 18:46 - 00000000 ____D C:\Windows\system32\appmgmt
2016-06-15 18:29 - 2016-06-15 18:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-06-14 18:10 - 2016-06-14 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devkitPro
2016-06-14 18:10 - 2016-06-14 18:10 - 00000000 ____D C:\devkitPro
2016-06-14 01:10 - 2016-06-14 05:48 - 00000000 ____D C:\Users\Edo\Documents\The Witcher 3
2016-06-12 20:41 - 2016-06-12 20:41 - 00000000 ____D C:\Users\Edo\Documents\3DSSaveBank
2016-06-11 19:02 - 2015-06-07 01:13 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-06-11 19:02 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-06-11 13:40 - 2016-06-11 13:40 - 00001238 _____ C:\Users\Edo\Desktop\Forgotten Empires.lnk
2016-06-11 03:39 - 2016-06-11 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoC 1.0e Patch
2016-06-11 03:34 - 2016-06-11 03:34 - 00000791 _____ C:\Users\Public\Desktop\The Conquerors.lnk
2016-06-11 03:08 - 2016-06-11 03:08 - 00189792 _____ (Sysinternals) C:\Windows\PSEXESVC.exe
2016-06-11 03:07 - 2014-04-28 14:44 - 00396480 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsExec.exe
2016-06-11 03:07 - 2014-01-29 08:23 - 00227520 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\psping.exe
2016-06-11 03:07 - 2012-10-17 18:28 - 00171608 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\pspasswd.exe
2016-06-11 03:07 - 2012-10-01 09:23 - 00066582 _____ C:\Windows\system32\Pstools.chm
2016-06-11 03:07 - 2012-06-21 23:34 - 00468592 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\pskill.exe
2016-06-11 03:07 - 2012-03-22 15:53 - 00232232 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\pslist.exe
2016-06-11 03:07 - 2010-04-27 11:04 - 00390520 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsInfo.exe
2016-06-11 03:07 - 2010-04-27 11:04 - 00333176 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsGetsid.exe
2016-06-11 03:07 - 2010-04-27 11:04 - 00183160 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsLoggedon.exe
2016-06-11 03:07 - 2010-04-27 11:04 - 00178040 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\psloglist.exe
2016-06-11 03:07 - 2010-04-27 11:04 - 00169848 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsService.exe
2016-06-11 03:07 - 2007-11-06 09:17 - 00000039 _____ C:\Windows\system32\psversion.txt
2016-06-11 03:07 - 2006-12-04 17:53 - 00207664 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\psshutdown.exe
2016-06-11 03:07 - 2006-12-04 17:53 - 00187184 _____ (Sysinternals) C:\Windows\system32\pssuspend.exe
2016-06-11 03:07 - 2006-12-04 17:53 - 00105264 _____ (Sysinternals) C:\Windows\system32\psfile.exe
2016-06-11 03:07 - 2006-07-28 09:32 - 00007005 _____ C:\Windows\system32\Eula.txt
2016-06-11 02:58 - 2016-06-11 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2016-06-11 02:58 - 2016-06-11 02:58 - 00000886 _____ C:\Users\Public\Desktop\Age of Empires II.lnk
2016-06-11 02:01 - 2016-06-11 02:01 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-11 02:01 - 2016-06-03 09:38 - 39979576 _____ C:\Windows\system32\nvcompiler.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 35115456 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 25377848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 21802280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 21346712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 18143912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 17738592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 17290416 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 13460536 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-06-11 02:01 - 2016-06-03 09:38 - 10643240 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 08733608 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 03512888 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 03065280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436839.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436839.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00985144 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00908736 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00769984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00707520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00565392 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00476664 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00422752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00394912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00178136 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00153416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-06-11 02:01 - 2016-06-03 09:38 - 00131768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-06-11 02:01 - 2016-06-03 05:19 - 00113208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-06-11 02:01 - 2016-05-04 04:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-06-11 02:01 - 2016-05-04 04:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-06-11 02:01 - 2016-05-04 04:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-06-11 02:01 - 2016-05-04 04:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-06-11 01:31 - 2016-06-11 01:31 - 00000000 ____D C:\ProgramData\Steam
2016-06-06 22:52 - 2016-06-07 00:03 - 00000000 ____D C:\Users\Edo\AppData\Roaming\discord
2016-06-06 22:52 - 2016-06-06 22:52 - 00002147 _____ C:\Users\Edo\Desktop\Discord.lnk
2016-06-06 22:52 - 2016-06-06 22:52 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-06-06 22:52 - 2016-06-06 22:52 - 00000000 ____D C:\Users\Edo\AppData\Local\SquirrelTemp
2016-06-06 22:52 - 2016-06-06 22:52 - 00000000 ____D C:\Users\Edo\AppData\Local\Discord
2016-06-05 21:28 - 2016-06-05 21:28 - 00000871 _____ C:\Users\Edo\Desktop\Warcraft III.lnk
2016-06-05 19:46 - 2016-06-05 19:46 - 00000000 ____D C:\Users\Edo\AppData\Local\CrashRpt
2016-06-05 14:38 - 2016-06-05 14:51 - 00077393 _____ C:\Windows\War3Unin.dat
2016-06-05 14:38 - 2016-06-05 14:41 - 00139264 _____ (Blizzard Entertainment) C:\Windows\War3Unin.exe
2016-06-05 14:38 - 2016-06-05 14:41 - 00002829 _____ C:\Windows\War3Unin.pif
2016-06-05 14:38 - 2016-06-05 14:41 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
2016-06-05 14:17 - 2016-06-11 13:39 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-06-05 14:00 - 2016-06-05 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2016-06-04 16:12 - 2016-06-04 16:12 - 00001215 _____ C:\Users\Edo\Desktop\Audacity.lnk
2016-06-04 03:36 - 2016-06-04 03:36 - 00000926 _____ C:\Users\Edo\Desktop\Pokemon - Blue Kaizo Version.lnk
2016-05-31 02:19 - 2016-05-31 02:19 - 00001289 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2016-05-31 02:19 - 2016-05-31 02:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2016-05-30 18:43 - 2016-05-30 18:44 - 00000000 ____D C:\Users\Edo\AppData\Roaming\NVIDIA
2016-05-27 17:23 - 2016-05-27 17:23 - 00001269 _____ C:\Users\Edo\Desktop\MM Server Picker.lnk
2016-05-27 17:22 - 2016-05-27 17:22 - 00000757 _____ C:\Users\Edo\Desktop\chetos.lnk
2016-05-27 17:20 - 2016-05-27 17:20 - 00001197 _____ C:\Users\Edo\Desktop\Vibrance GUI.lnk
2016-05-27 17:14 - 2016-06-20 20:46 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-27 17:14 - 2016-06-03 05:26 - 06362560 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-05-27 17:14 - 2016-06-03 05:26 - 02453952 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-05-27 17:14 - 2016-06-03 05:26 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-05-27 17:14 - 2016-06-03 05:26 - 01351104 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-05-27 17:14 - 2016-06-03 05:26 - 00534072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-05-27 17:14 - 2016-06-03 05:26 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-05-27 17:14 - 2016-06-03 05:26 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-05-27 17:14 - 2016-06-03 05:26 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-05-27 17:14 - 2016-06-02 14:19 - 06452948 _____ C:\Windows\system32\nvcoproc.bin
2016-05-27 17:14 - 2016-05-20 09:01 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-05-27 17:14 - 2016-05-20 09:01 - 00201664 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-05-27 17:13 - 2016-06-03 09:38 - 31603768 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-05-27 17:13 - 2016-06-03 09:38 - 19180152 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-05-27 17:13 - 2016-06-03 09:38 - 16756888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-05-27 17:13 - 2016-06-03 09:38 - 14346320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-05-27 17:13 - 2016-06-03 09:38 - 03825896 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-05-27 17:13 - 2016-06-03 09:38 - 03383472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-05-27 17:13 - 2016-06-03 09:38 - 00039124 _____ C:\Windows\system32\nvinfo.pb
2016-05-27 17:13 - 2016-05-20 09:01 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436822.dll
2016-05-27 17:13 - 2016-05-20 09:01 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436822.dll
2016-05-27 17:13 - 2016-05-20 09:01 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-27 17:13 - 2016-05-20 09:01 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-05-27 17:02 - 2016-04-14 07:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-05-27 17:02 - 2016-04-14 07:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-27 17:02 - 2016-04-14 07:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-20 20:46 - 2015-11-14 05:46 - 00000000 ____D C:\Users\Edo\AppData\Local\TSVNCache
2016-06-20 20:45 - 2015-10-19 19:30 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-06-20 20:45 - 2015-10-19 19:30 - 00000000 ____D C:\Program Files\Adobe
2016-06-20 20:45 - 2015-10-19 18:33 - 00000000 ____D C:\ProgramData\Adobe
2016-06-20 20:44 - 2015-10-19 16:28 - 00000000 ____D C:\Users\Edo\AppData\Roaming\TS3Client
2016-06-20 20:44 - 2015-10-19 16:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-20 18:00 - 2015-10-19 16:17 - 00000000 ____D C:\Users\Edo\AppData\Roaming\vlc
2016-06-20 15:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-20 02:00 - 2015-10-19 18:33 - 00000000 ____D C:\Users\Edo\AppData\Local\Adobe
2016-06-19 23:40 - 2016-04-11 18:20 - 00000000 ____D C:\Users\Edo\AppData\Local\CrashDumps
2016-06-19 20:04 - 2015-10-19 15:20 - 00000000 ____D C:\Users\Edo
2016-06-18 04:51 - 2015-10-19 17:39 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2016-06-18 01:45 - 2016-05-07 23:12 - 00000000 ____D C:\Users\Edo\AppData\Local\Battle.net
2016-06-17 21:35 - 2016-05-07 23:11 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-06-17 02:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-06-17 01:25 - 2015-10-19 17:13 - 00000000 ____D C:\Users\Edo\AppData\Roaming\obs-studio
2016-06-17 01:24 - 2015-10-19 16:55 - 00000000 ____D C:\Users\Edo\AppData\Roaming\uTorrent
2016-06-16 03:07 - 2009-07-14 06:45 - 05009320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-16 03:04 - 2015-10-19 15:59 - 00000000 ____D C:\Windows\system32\MRT
2016-06-16 03:01 - 2015-10-19 15:59 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-15 21:48 - 2009-07-14 07:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-15 19:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
2016-06-15 19:00 - 2015-10-19 16:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-15 18:55 - 2015-10-19 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-15 18:55 - 2015-10-19 16:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-15 18:48 - 2015-10-19 16:19 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-15 18:46 - 2016-01-17 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2016-06-15 18:45 - 2015-10-19 15:37 - 00000000 ____D C:\Users\Edo\AppData\Local\Deployment
2016-06-15 18:43 - 2015-10-19 18:33 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Adobe
2016-06-15 18:42 - 2015-12-04 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2016-06-13 19:31 - 2015-10-19 15:57 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-11 13:38 - 2015-11-02 11:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-11 03:02 - 2015-10-19 15:37 - 00089560 _____ C:\Users\Edo\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-11 02:02 - 2015-10-19 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-06-11 02:02 - 2015-10-19 15:40 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-06-11 01:31 - 2015-10-19 15:49 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-06-10 22:53 - 2016-05-07 05:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-09 02:59 - 2015-10-19 15:38 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 23:08 - 2016-02-21 19:18 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Skype
2016-06-07 07:51 - 2015-10-24 11:08 - 00003394 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2016-06-07 07:51 - 2015-10-24 11:08 - 00003268 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2016-06-07 07:51 - 2015-10-24 11:08 - 00000000 ____D C:\Program Files (x86)\Gyazo
2016-06-05 19:47 - 2015-10-29 18:44 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2016-06-05 19:47 - 2015-10-29 18:44 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-06-05 19:46 - 2015-10-29 18:44 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-06-05 13:58 - 2015-10-19 17:02 - 00000000 ____D C:\Users\Edo\AppData\Roaming\DAEMON Tools Lite
2016-06-05 06:07 - 2015-10-20 21:39 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Audacity
2016-06-05 03:46 - 2015-10-20 01:52 - 00000000 ____D C:\Users\Edo\Documents\OFX Presets
2016-05-30 17:48 - 2015-10-19 15:44 - 00000000 ____D C:\Users\Edo\AppData\Local\NVIDIA Corporation
2016-05-28 10:59 - 2015-11-02 16:19 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-28 10:59 - 2015-11-02 16:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-27 17:14 - 2015-10-19 15:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-05-27 17:14 - 2015-10-19 15:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-05-27 17:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2016-05-27 17:03 - 2015-10-19 15:44 - 00000000 ____D C:\Users\Edo\AppData\Local\NVIDIA
2016-05-27 14:41 - 2015-10-22 21:20 - 00000000 ____D C:\Users\Edo\AppData\Roaming\HandBrake
2016-05-26 23:00 - 2016-05-08 11:10 - 00000000 ____D C:\Users\Edo\Documents\Overwatch

==================== Files in the root of some directories =======

2016-03-10 00:58 - 2016-03-10 00:59 - 0001456 _____ () C:\Users\Edo\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-06-19 21:16 - 2016-06-19 21:16 - 0002257 _____ () C:\Users\Edo\AppData\Local\recently-used.xbel
2016-06-15 19:24 - 2016-06-15 19:24 - 0007679 _____ () C:\Users\Edo\AppData\Local\Resmon.ResmonCfg
2015-10-19 16:52 - 2015-10-19 16:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Edo\AppData\Local\Temp\130972278783419649.exe
C:\Users\Edo\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Edo\AppData\Local\Temp\EBU2BFD.exe
C:\Users\Edo\AppData\Local\Temp\EBU2C5B.DLL
C:\Users\Edo\AppData\Local\Temp\handbrake-setup.exe
C:\Users\Edo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Edo\AppData\Local\Temp\nvStInst.exe
C:\Users\Edo\AppData\Local\Temp\proxy_vole8182631914574726674.dll
C:\Users\Edo\AppData\Local\Temp\SIntf16.dll
C:\Users\Edo\AppData\Local\Temp\SIntf32.dll
C:\Users\Edo\AppData\Local\Temp\SIntfNT.dll
C:\Users\Edo\AppData\Local\Temp\utils.dll
C:\Users\Edo\AppData\Local\Temp\vlc-2.2.4-win64.exe
C:\Users\Edo\AppData\Local\Temp\vsredistsetup.exe
C:\Users\Edo\AppData\Local\Temp\war3_Install.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-17 02:44

==================== End of FRST.txt ============================

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01
Ran by Edo (2016-06-20 20:52:45)
Running from C:\Users\Edo\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-10-19 13:20:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3000302092-2520746345-460137575-500 - Administrator - Disabled)
Edo (S-1-5-21-3000302092-2520746345-460137575-1000 - Administrator - Enabled) => C:\Users\Edo
Guest (S-1-5-21-3000302092-2520746345-460137575-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3000302092-2520746345-460137575-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
7-Zip 15.09 beta (x64) (HKLM\...\7-Zip) (Version: 15.09 - Igor Pavlov)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
Aggiornamenti NVIDIA 2.11.3.5 (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
AutoHotkey 1.1.22.07 (HKLM\...\AutoHotkey) (Version: 1.1.22.07 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version:  - Treyarch)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
devkitProUpdater 1.6.0 (HKLM-x32\...\devkitProUpdater) (Version: 1.6.0 - devkitPro)
Discord (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\Discord) (Version: 0.0.291 - Hammer & Chisel, Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Epic Games Launcher (HKLM-x32\...\{4620A9CA-A0D7-4F15-BA89-4545B5372345}) (Version: 1.1.60.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
f.lux (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\Flux) (Version:  - )
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
Gameforge Live 2.0.10 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.10 - Gameforge)
GameRanger (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\GameRanger) (Version:  - GameRanger Technologies)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Git version 2.8.1 (HKLM\...\Git_is1) (Version: 2.8.1 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grim Fandango Remastered (HKLM-x32\...\1207667183_is1) (Version: 2.0.0.2 - GOG.com)
Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Meld (HKLM-x32\...\{7089C4EB-7085-45DC-8015-0FB667FEEF34}) (Version: 3.16.0 - The Meld project)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 it) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 it)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
NVIDIA Driver 3D Vision 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation)
NVIDIA Driver grafico 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.11.2.10120 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Pannello di controllo NVIDIA 368.39 (Version: 368.39 - NVIDIA Corporation) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pokemon Online versione 2.6.2.1 (HKLM-x32\...\{3D3DE059-3951-47BE-BD7C-664898D14138}_is1) (Version: 2.6.2.1 - Pokemon Online)
Popcorn-Time (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time)
Python 2.7.11 (64-bit) (HKLM\...\{16E52445-1392-469F-9ADB-FC03AF00CD62}) (Version: 2.7.11150 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Scrap Mechanic (HKLM-x32\...\Steam App 387990) (Version:  - Axolot Games)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Software della webcam Logitech (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text Build 3113 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Tastiera italiana estesa (1.2) (HKLM\...\{0B02661F-0C23-4182-9FD7-09EDC02A8AB0}) (Version: 1.0.3.40 - tastiera-estesa.it)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TortoiseSVN 1.9.2.26806 (64 bit) (HKLM\...\{8A5AA5D6-F797-4ED3-AE08-35EF5433409E}) (Version: 1.9.26806 - TortoiseSVN)
Tweak-7 (HKLM\...\Tweak-7) (Version: 1.0 build 1240 - Totalidea Software)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\Warcraft III) (Version:  - )
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.21-0 - Bitnami)
YTD Video Downloader 5.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.6 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3000302092-2520746345-460137575-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3000302092-2520746345-460137575-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3000302092-2520746345-460137575-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3377629B-F584-4F47-ADD9-EC6FBC6E857F} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {4348C2DB-642F-472E-BDE5-10B7C61FF3CD} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {FC49CB74-2C26-4281-8595-AA7875DA15A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-05-27 17:14 - 2016-06-03 05:26 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-03 15:10 - 2016-05-02 07:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-03 15:10 - 2016-05-02 07:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-03 15:10 - 2016-05-02 07:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-02 12:06 - 2016-05-02 07:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-29 18:43 - 2015-10-29 18:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-09-22 21:32 - 2015-09-22 21:32 - 00093568 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2015-11-11 16:27 - 2012-04-01 01:06 - 02689536 _____ () C:\Program Files\File Shredder\fsshell.dll
2016-04-03 15:10 - 2016-05-02 07:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-03 15:10 - 2016-05-02 07:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-03 15:10 - 2016-05-02 07:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-02 12:06 - 2016-05-02 07:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-03 15:10 - 2016-05-02 07:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-03 15:10 - 2016-05-02 07:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-10-19 15:40 - 2016-05-02 08:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-19 16:16 - 2015-06-08 21:06 - 00014336 _____ () D:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2015-09-22 20:52 - 2015-09-22 20:52 - 00073088 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\Temp:$DATA [16]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-10-21 12:07 - 00001023 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3000302092-2520746345-460137575-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACTION_SVC => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupfolder: C:^Users^Edo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrazione prodotti.lnk => C:\Windows\pss\Logitech . Registrazione prodotti.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Edo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Skype => "D:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Usrcheat Downloader => D:\Program Files (x86)\usrcheat downlaoder\usrcheat_downloader.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3849D111-558B-4CEF-B146-A5614F71342A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8D880711-D5F4-42FD-AA74-759311049982}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F8C28636-5F00-4538-A786-4E9C909C9D04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0BBF534F-5525-4728-919F-A5298084C5D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{165587E7-DEC1-4D91-A575-FE76C444AFE7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B616B713-DCFF-49CC-A998-677537527441}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{84F60875-DCCF-40AD-B9ED-4C62428D715B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8DFC2369-8AAE-41A6-A3D9-7D9AF6A66C6B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7460BFF8-789E-4804-A4F5-FDAD0B9C889F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3D0194E0-7A98-4A46-A317-803AB8BB01D2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3A652C0C-7496-484B-89F0-3C0849A82809}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3A43BF03-8E6D-4E52-9516-3C9A984E113A}] => (Allow) C:\Users\Edo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4150A7BB-DEB5-41A8-8518-FE48133ABCC1}] => (Allow) C:\Users\Edo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1405E9C4-F053-4429-9BE0-898C6D8E6E44}] => (Allow) C:\Users\Edo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{46BD7137-A364-48C6-8522-E2ADAAD62787}] => (Allow) C:\Users\Edo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{844EA764-928D-4D79-8C58-1448AB8FC5E3}] => (Allow) C:\Users\Edo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A76C3673-4A2D-4AFA-922D-689C5AED86D7}] => (Allow) C:\Users\Edo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54C9BA29-F52F-44B3-B648-1E713B5F84AE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{94B05538-368C-4E56-8E4F-94EA6EA89FAA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{59B95B91-E68D-427A-8E15-30CB8595276E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EC50359D-5C9B-46CB-8765-FEE7464C9BB1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AAF00C47-9894-4E69-92BD-CD82F513FEFC}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015\Support Files\AfterFX.exe
FirewallRules: [{7A8A2CB2-291C-42D3-B380-A737AFBEB8D3}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015\Support Files\AfterFX.exe
FirewallRules: [{8562111E-4D35-40FF-A7D6-267D7FCADB88}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{A0C32A9F-31C9-45F1-BD26-3441F35F3F9F}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC\Adobe Audition CC.exe
FirewallRules: [{E3B14E9B-1E79-4A2E-A97E-E7BEB01BE9A7}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{8D4979D9-1B3F-4F64-BC3F-685443B592E7}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{9AED9F43-4BDD-42AE-9C71-C8A947D19C1D}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{E5465A7A-2CD7-48C0-9A43-620764D9F065}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{9BF8C29B-A9A1-4463-953D-12F3CF44C64A}] => (Block) %ProgramFiles%\Adobe\Adobe Character Animator (Preview)\Support Files\Character Animator.exe
FirewallRules: [{F4F5DED6-D613-4DE7-A2A7-38FFC47B1CD7}] => (Block) %ProgramFiles%\Adobe\Adobe Character Animator (Preview)\Support Files\Character Animator.exe
FirewallRules: [TCP Query User{835A92D8-835A-4521-BE47-5E259D7AE48F}D:\program files (x86)\cod4\iw3mp.exe] => (Allow) D:\program files (x86)\cod4\iw3mp.exe
FirewallRules: [UDP Query User{3B51FDEE-F295-4CBD-80DE-44DA5407BCB8}D:\program files (x86)\cod4\iw3mp.exe] => (Allow) D:\program files (x86)\cod4\iw3mp.exe
FirewallRules: [{676D622D-88B9-4B0C-8CBF-50EA2CE61E6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CCE2FD51-9A7F-41A9-B7A8-4A4337C2374F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{091C6F50-450E-4247-AF9B-71553CB2E991}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8577520E-3786-4115-9BB7-469226D7625E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C6E45DFD-8230-4117-A2E4-64D699CB28CA}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B9681802-82AF-4774-B7DB-2FBD82C644B3}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{2C86F456-4CA9-4852-A9CC-DF8634897607}D:\steam\steamapps\common\call of duty black ops ii\t6mp.exe] => (Allow) D:\steam\steamapps\common\call of duty black ops ii\t6mp.exe
FirewallRules: [UDP Query User{8D946978-14A4-4C1B-9BD1-F605026AD2B6}D:\steam\steamapps\common\call of duty black ops ii\t6mp.exe] => (Allow) D:\steam\steamapps\common\call of duty black ops ii\t6mp.exe
FirewallRules: [{7CF0873C-8CC6-45BB-B1EE-5A67FCA69227}] => (Allow) D:\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{DA4357BD-471E-43D5-A58E-3208137F5F2F}] => (Allow) D:\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{EA122337-6A73-40F4-83B5-2E248A4EFD79}] => (Allow) D:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{47E35548-8F1A-4BF7-BD9C-4A70E13F5C90}] => (Allow) D:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{F0405827-E2DB-4F0B-8112-0F1B115641C0}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{91C6DF17-B4AE-41AB-BF95-01E075008D36}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{249D55AB-8C75-487A-BD38-5F526664B96B}D:\tutto\giochi\repzmw2\iw4m.exe] => (Allow) D:\tutto\giochi\repzmw2\iw4m.exe
FirewallRules: [UDP Query User{8833F4CB-E8D9-4906-AFF9-52581C6098C0}D:\tutto\giochi\repzmw2\iw4m.exe] => (Allow) D:\tutto\giochi\repzmw2\iw4m.exe
FirewallRules: [TCP Query User{5727BDD2-493B-47FB-B3F4-7B2611782541}C:\users\edo\appdata\local\apps\2.0\pjykvzoa.0gx\0nwy5ydl.ta2\repz..tion_14c6f330b0eaf23d_0001.0000_8b80b3a54a980325\repzlauncher.exe] => (Allow) C:\users\edo\appdata\local\apps\2.0\pjykvzoa.0gx\0nwy5ydl.ta2\repz..tion_14c6f330b0eaf23d_0001.0000_8b80b3a54a980325\repzlauncher.exe
FirewallRules: [UDP Query User{4092D9C9-688F-44BA-A2FC-940ED7B6E4F9}C:\users\edo\appdata\local\apps\2.0\pjykvzoa.0gx\0nwy5ydl.ta2\repz..tion_14c6f330b0eaf23d_0001.0000_8b80b3a54a980325\repzlauncher.exe] => (Allow) C:\users\edo\appdata\local\apps\2.0\pjykvzoa.0gx\0nwy5ydl.ta2\repz..tion_14c6f330b0eaf23d_0001.0000_8b80b3a54a980325\repzlauncher.exe
FirewallRules: [{93BFA075-DAE0-4EAE-9078-C869AD597F63}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{21E1D985-9CF2-48B7-A084-DA79165BD812}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8F114BDF-FA10-4874-9B86-90C191AF1403}] => (Allow) D:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{9DF6B441-86A3-462E-8950-89252CF942C1}D:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe
FirewallRules: [UDP Query User{95ED1E0C-3EDB-484B-BAC7-8C6DB45FE0FA}D:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe
FirewallRules: [TCP Query User{CD1A2AC9-2AA1-43BD-BFA2-7ECB8B470793}D:\program files (x86)\cod4\iw3mp.exe] => (Allow) D:\program files (x86)\cod4\iw3mp.exe
FirewallRules: [UDP Query User{54920709-ABD5-4F49-9C47-EC43B08BD1BB}D:\program files (x86)\cod4\iw3mp.exe] => (Allow) D:\program files (x86)\cod4\iw3mp.exe
FirewallRules: [TCP Query User{E6588481-2A93-4818-AD1F-01B6C5FA64AE}C:\users\edo\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\edo\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{30667DAD-0200-4BDE-8F0C-D44055C906F6}C:\users\edo\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\edo\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{F141E2EF-0389-421B-8A9D-4BB95EED1FB4}D:\tutto\giochi\metin2\aroka2\aroka2.exe] => (Allow) D:\tutto\giochi\metin2\aroka2\aroka2.exe
FirewallRules: [UDP Query User{3956B98A-F0E1-4605-B8C0-74809ECBBEFA}D:\tutto\giochi\metin2\aroka2\aroka2.exe] => (Allow) D:\tutto\giochi\metin2\aroka2\aroka2.exe
FirewallRules: [{05A1B13D-382E-4C2D-BF49-80924976CB74}] => (Allow) D:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{458A51C9-7440-411A-8368-B15789741888}] => (Allow) D:\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{9D2C80EE-6377-4AB5-BAF8-F0F536B50ED1}] => (Allow) D:\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [TCP Query User{82D6172D-AB69-4758-88BC-AE19E4BCAE2C}D:\tutto\giochi\urbanterror42\quake3-urt.exe] => (Allow) D:\tutto\giochi\urbanterror42\quake3-urt.exe
FirewallRules: [UDP Query User{C59EA3E5-AEE1-47D2-90C7-3184BA9E3C37}D:\tutto\giochi\urbanterror42\quake3-urt.exe] => (Allow) D:\tutto\giochi\urbanterror42\quake3-urt.exe
FirewallRules: [TCP Query User{36D57D74-E3C9-4574-9C79-0B32A2B78F9A}D:\tutto\giochi\urbanterror42\quake3-urt-ded.exe] => (Allow) D:\tutto\giochi\urbanterror42\quake3-urt-ded.exe
FirewallRules: [UDP Query User{5343EE71-336D-4713-A95C-1D4188F0F5F2}D:\tutto\giochi\urbanterror42\quake3-urt-ded.exe] => (Allow) D:\tutto\giochi\urbanterror42\quake3-urt-ded.exe
FirewallRules: [TCP Query User{400A2162-A6F9-40B6-AC99-91FCDC9F2764}D:\program files (x86)\popcorn\popcorn-time\nw.exe] => (Allow) D:\program files (x86)\popcorn\popcorn-time\nw.exe
FirewallRules: [UDP Query User{C7733605-0ECD-4A6D-B54C-87ADEE529C17}D:\program files (x86)\popcorn\popcorn-time\nw.exe] => (Allow) D:\program files (x86)\popcorn\popcorn-time\nw.exe
FirewallRules: [TCP Query User{4A4809AA-83B4-4AE9-B403-61D6C7BB7A62}D:\program files (x86)\popcorn\popcorn-time\popcorn-time.exe] => (Allow) D:\program files (x86)\popcorn\popcorn-time\popcorn-time.exe
FirewallRules: [UDP Query User{21390E9A-BAF3-42AE-AC54-B1B99FBA7D3C}D:\program files (x86)\popcorn\popcorn-time\popcorn-time.exe] => (Allow) D:\program files (x86)\popcorn\popcorn-time\popcorn-time.exe
FirewallRules: [TCP Query User{30CDD089-0805-40ED-A323-CB3023530BA4}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{D3F6D1D0-D8FB-4CFF-9176-392859F95F07}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{601F1561-CD09-4D36-AD3F-F02BC515C8A0}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{3E6F19DF-0DE2-41A7-8B8D-182F48A62618}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{41C186D5-CF3A-4314-84EE-0DBC2080EF3B}D:\program files (x86)\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) D:\program files (x86)\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [UDP Query User{A29FEF75-3C84-40A1-AD04-A91D5CB9EECD}D:\program files (x86)\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) D:\program files (x86)\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [TCP Query User{7ABC262D-3333-441E-9B48-5F0F6166A7EC}D:\program files (x86)\cod4 (game backup)\iw3mp.exe] => (Allow) D:\program files (x86)\cod4 (game backup)\iw3mp.exe
FirewallRules: [UDP Query User{930911EF-6315-4C62-8E73-CE311239DD3A}D:\program files (x86)\cod4 (game backup)\iw3mp.exe] => (Allow) D:\program files (x86)\cod4 (game backup)\iw3mp.exe
FirewallRules: [TCP Query User{4302EAE2-B8D8-499F-935A-EEC1C718CDF3}D:\tutto\giochi\reactmw2\iw4m.exe] => (Allow) D:\tutto\giochi\reactmw2\iw4m.exe
FirewallRules: [UDP Query User{DC99DC8C-92A2-4361-9397-08C05319100D}D:\tutto\giochi\reactmw2\iw4m.exe] => (Allow) D:\tutto\giochi\reactmw2\iw4m.exe
FirewallRules: [TCP Query User{AD49DCA4-6798-4262-8D3E-4753E79EE9A3}D:\tutto\giochi\rektmw2\nuova cartella\launchiw4m.exe] => (Allow) D:\tutto\giochi\rektmw2\nuova cartella\launchiw4m.exe
FirewallRules: [UDP Query User{45114D8F-EE9D-4A76-8844-EBF00BA16156}D:\tutto\giochi\rektmw2\nuova cartella\launchiw4m.exe] => (Allow) D:\tutto\giochi\rektmw2\nuova cartella\launchiw4m.exe
FirewallRules: [TCP Query User{F185662E-AC18-4F8D-AA4E-FF6795955D99}D:\tutto\giochi\battle.net\overwatch\overwatch.exe] => (Allow) D:\tutto\giochi\battle.net\overwatch\overwatch.exe
FirewallRules: [UDP Query User{8AE14C77-47DB-4F80-8F32-B89D81E6F2E3}D:\tutto\giochi\battle.net\overwatch\overwatch.exe] => (Allow) D:\tutto\giochi\battle.net\overwatch\overwatch.exe
FirewallRules: [{E173B4A5-95A1-422B-A8CE-768A9E08C14A}] => (Allow) D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{2C6C6479-C543-4546-930A-716466306DDB}] => (Allow) D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{17A7ED91-BFE9-4E28-B301-86DD7D60F335}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{C48110F1-1E1C-48A3-A45A-2BD0E8135465}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{9AA05A8F-4903-4F2E-8CB0-39799299702D}D:\program files (x86)\eclipse\workspace\tcp\debug\tcp.exe] => (Allow) D:\program files (x86)\eclipse\workspace\tcp\debug\tcp.exe
FirewallRules: [UDP Query User{3C25CA5F-26F5-42B7-8310-5A06EA387DF5}D:\program files (x86)\eclipse\workspace\tcp\debug\tcp.exe] => (Allow) D:\program files (x86)\eclipse\workspace\tcp\debug\tcp.exe
FirewallRules: [{375E6467-3516-4850-8DF9-5D3E2405266C}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{81822310-A1D2-4A53-9D24-9F13C4E7840B}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{48678764-C77A-458B-9463-1C631FEBC831}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{43212F61-8667-4C1F-8E9A-97A66FAC540E}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{A7C5BD6C-7211-49C9-8D2A-D8FBF70D631E}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{48C92702-5FB0-4E97-97D4-77FD6F7B2FC8}] => (Allow) D:\Tutto\Giochi\Age Of Empires II\age2_x1\age2_x2.exe
FirewallRules: [{20049911-F208-4BEC-A83D-DD89885B825C}] => (Allow) D:\Tutto\Giochi\Age Of Empires II\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{89039E00-2FA5-48C6-BF46-D893969D38EB}D:\tutto\giochi\age of empires ii\age2_x1\age2_x1.exe] => (Allow) D:\tutto\giochi\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{DD12517F-0739-4D08-9593-99EEA1048BD2}D:\tutto\giochi\age of empires ii\age2_x1\age2_x1.exe] => (Allow) D:\tutto\giochi\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{A7CCF457-3136-4C83-AF83-BA03BE5A5A86}D:\tutto\giochi\react server\iw4m.exe] => (Allow) D:\tutto\giochi\react server\iw4m.exe
FirewallRules: [UDP Query User{378A00AE-B260-43B1-9694-260F1E2746FB}D:\tutto\giochi\react server\iw4m.exe] => (Allow) D:\tutto\giochi\react server\iw4m.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Controller PCI Simple Communications
Description: Controller PCI Simple Communications
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Controller video
Description: Controller video
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Controller USB ( Universal Serial Bus)
Description: Controller USB ( Universal Serial Bus)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2016 08:52:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Impossibile leggere le stringhe dei contatori delle prestazioni definite per l'ID lingua 010. Il primo valore DWORD nella sezione Data contiene il codice di errore Win32.

Error: (06/20/2016 08:52:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Impossibile leggere le stringhe dei contatori delle prestazioni definite per l'ID lingua 009. Il primo valore DWORD nella sezione Data contiene il codice di errore Win32.

Error: (06/20/2016 08:52:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Impossibile leggere le stringhe dei contatori delle prestazioni definite per l'ID lingua 010. Il primo valore DWORD nella sezione Data contiene il codice di errore Win32.

Error: (06/20/2016 08:52:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Impossibile leggere le stringhe dei contatori delle prestazioni definite per l'ID lingua 009. Il primo valore DWORD nella sezione Data contiene il codice di errore Win32.

Error: (06/20/2016 03:47:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Impossibile leggere le stringhe dei contatori delle prestazioni definite per l'ID lingua 010. Il primo valore DWORD nella sezione Data contiene il codice di errore Win32.

Error: (06/20/2016 03:47:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Impossibile leggere le stringhe dei contatori delle prestazioni definite per l'ID lingua 009. Il primo valore DWORD nella sezione Data contiene il codice di errore Win32.

Error: (06/20/2016 03:47:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Impossibile leggere le stringhe dei contatori delle prestazioni definite per l'ID lingua 010. Il primo valore DWORD nella sezione Data contiene il codice di errore Win32.

Error: (06/20/2016 03:47:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Impossibile leggere le stringhe dei contatori delle prestazioni definite per l'ID lingua 009. Il primo valore DWORD nella sezione Data contiene il codice di errore Win32.

Error: (06/19/2016 11:40:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: Explorer.EXE, versione: 6.1.7601.17514, timestamp: 0x4ce7a144
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc000041d
Offset errore 0x0000000004a90fd8
ID processo che ha generato l'errore: 0x6d8
Ora di avvio dell'applicazione che ha generato l'errore: 0xExplorer.EXE0
Percorso dell'applicazione che ha generato l'errore: Explorer.EXE1
Percorso del modulo che ha generato l'errore: Explorer.EXE2
ID segnalazione: Explorer.EXE3

Error: (06/19/2016 11:40:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: Explorer.EXE, versione: 6.1.7601.17514, timestamp: 0x4ce7a144
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x0000000004a90fd8
ID processo che ha generato l'errore: 0x6d8
Ora di avvio dell'applicazione che ha generato l'errore: 0xExplorer.EXE0
Percorso dell'applicazione che ha generato l'errore: Explorer.EXE1
Percorso del modulo che ha generato l'errore: Explorer.EXE2
ID segnalazione: Explorer.EXE3


System errors:
=============
Error: (06/20/2016 08:46:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
cdrom

Error: (06/20/2016 08:45:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
cdrom

Error: (06/20/2016 03:42:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
cdrom

Error: (06/19/2016 02:09:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
cdrom

Error: (06/18/2016 06:19:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
cdrom

Error: (06/18/2016 03:14:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
cdrom

Error: (06/17/2016 09:29:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
cdrom

Error: (06/17/2016 07:09:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
cdrom

Error: (06/17/2016 06:32:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
cdrom

Error: (06/16/2016 11:59:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
cdrom


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8086 MB
Available physical RAM: 5487.83 MB
Total Virtual: 16170.19 MB
Available Virtual: 13598.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:67.12 GB) NTFS
Drive d: () (Fixed) (Total:931.5 GB) (Free:540 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 76A82BEE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 0825E04B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 

ckfiles.txt:

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\devkitpro\msys\bin\ssh-keygen.exe
c:\mingw\msys\1.0\bin\ssh-keygen.exe
c:\program files\git\usr\bin\ssh-keygen.exe
hosts 127.0.0.1 lmlicenses.wip4.adobe.com
hosts 127.0.0.1 lm.licenses.adobe.com
hosts 127.0.0.1 na1r.services.adobe.com
hosts 127.0.0.1 hlrcv.stage.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 activate.adobe.com
scanner sequence 3.ED.11.OWCPK0
 ----- EOF -----
 

Thanks in advance.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 AM

Posted 20 June 2016 - 02:34 PM

Thank you Edo, I appreciate your understanding.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
S3 HWiNFO32; \??\C:\Users\Edo\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Edo\AppData\Local\Temp\130972278783419649.exe
C:\Users\Edo\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Edo\AppData\Local\Temp\EBU2BFD.exe
C:\Users\Edo\AppData\Local\Temp\EBU2C5B.DLL
C:\Users\Edo\AppData\Local\Temp\handbrake-setup.exe
C:\Users\Edo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Edo\AppData\Local\Temp\nvStInst.exe
C:\Users\Edo\AppData\Local\Temp\procexp64.exe
C:\Users\Edo\AppData\Local\Temp\proxy_vole8182631914574726674.dll
C:\Users\Edo\AppData\Local\Temp\SIntf16.dll
C:\Users\Edo\AppData\Local\Temp\SIntf32.dll
C:\Users\Edo\AppData\Local\Temp\SIntfNT.dll
C:\Users\Edo\AppData\Local\Temp\utils.dll
C:\Users\Edo\AppData\Local\Temp\vsredistsetup.exe
C:\Users\Edo\AppData\Local\Temp\war3_Install.exe
CustomCLSID: HKU\S-1-5-21-3000302092-2520746345-460137575-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
AlternateDataStreams: C:\Windows\Temp:$DATA [16]
c:\devkitpro\msys\bin\ssh-keygen.exe
c:\mingw\msys\1.0\bin\ssh-keygen.exe
c:\program files\git\usr\bin\ssh-keygen.exe
hosts:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Adware Removal Tool by TSA

--------------------
  • Downlaod Adware Removal Tool and save it to your Desktop
  • Richt click on the icon and select Run as administrator
  • Select Yes, I agree
  • Click Scan
  • If objects are found click OK
  • Review the log and uncheck any items you want to keep (somewhat uncommon)
  • Click Clean
  • If requested click OK to close any open browsers
  • Click OK after the cleaning process has Successfully Finished
  • Click Save this Result and save the file onto your Desktop as ART.txt
  • Confirm the file was successfully saved
  • Click Finished then close the browser that will open
  • Copy and paste ART.txt in your reply
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Cleaning
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ART.txt
  • AdwCleaner log
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 d0dUxDJ

d0dUxDJ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:02:03 PM

Posted 20 June 2016 - 03:04 PM

I have only been using uTorrent for trusted magnet links (such as game modifications like alterIWnet, now closed sadly), but apparently my brother installed a bad copy of The Witcher 3 (popular game nowadays, which, reading the specs required, would barely run on this machine anyway, but oh well), containing some kind of malware, and, after he realized the mistake, he promptly deleted it without telling me a thing. Welp, anyways; I'll be keeping it but won't be using it all that much, as I said I'm only using it for things I can actually trust (I'm not an expert - yet :P - but i can recognize malware from trustable files).

 

Also, I should specify; at the moment of writing this thread, 5 days ago, I had deleted a lot of files, but the problem was still there. Then, the day after, without touching any more files, the process that used to be sucking up 25% of my cpu isn't opening anymore. I am still afraid of a possible dormant infection, I've had one last year.

 

I have also noticed that your fix contains some files from the MinGW installation, devkitPro installation and Git installation. Those are legit files, and I wouldn't want them deleted if that's what the fix is doing, I'd have to reinstall the programs which is quite annoying.

 

If you could please answer my doubts I'd greatly appreciate it (I don't want to run anything yet, because i feel I'd have to run the fix first, and since I'm unsure about it I'm posting this).

It would also teach me some things I may have to learn in the future, so that would be a plus.

 

Thanks in advance.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 AM

Posted 20 June 2016 - 03:30 PM

These entries indicate they are cracked programs:
 

c:\devkitpro\msys\bin\ssh-keygen.exe
c:\mingw\msys\1.0\bin\ssh-keygen.exe
c:\program files\git\usr\bin\ssh-keygen.exe

 

If you are saying they are legal copies you can remove those entries from the fixlist.

 

Let's see how we are doing after running all the steps.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 d0dUxDJ

d0dUxDJ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:02:03 PM

Posted 20 June 2016 - 04:03 PM

Yes, they are all indeed legal copies, you can google the programs yourself; they are all free of charge.
 
Fixlog:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01
Ran by Edo (2016-06-20 22:37:43) Run:1
Running from C:\Users\Edo\Desktop
Loaded Profiles: Edo (Available Profiles: Edo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
S3 HWiNFO32; \??\C:\Users\Edo\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Edo\AppData\Local\Temp\130972278783419649.exe
C:\Users\Edo\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Edo\AppData\Local\Temp\EBU2BFD.exe
C:\Users\Edo\AppData\Local\Temp\EBU2C5B.DLL
C:\Users\Edo\AppData\Local\Temp\handbrake-setup.exe
C:\Users\Edo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Edo\AppData\Local\Temp\nvStInst.exe
C:\Users\Edo\AppData\Local\Temp\procexp64.exe
C:\Users\Edo\AppData\Local\Temp\proxy_vole8182631914574726674.dll
C:\Users\Edo\AppData\Local\Temp\SIntf16.dll
C:\Users\Edo\AppData\Local\Temp\SIntf32.dll
C:\Users\Edo\AppData\Local\Temp\SIntfNT.dll
C:\Users\Edo\AppData\Local\Temp\utils.dll
C:\Users\Edo\AppData\Local\Temp\vsredistsetup.exe
C:\Users\Edo\AppData\Local\Temp\war3_Install.exe
CustomCLSID: HKU\S-1-5-21-3000302092-2520746345-460137575-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
AlternateDataStreams: C:\Windows\Temp:$DATA [16]
hosts:
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HWiNFO32 => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
C:\Users\Edo\AppData\Local\Temp\130972278783419649.exe => moved successfully
C:\Users\Edo\AppData\Local\Temp\CmdLineExt02.dll => moved successfully
C:\Users\Edo\AppData\Local\Temp\EBU2BFD.exe => moved successfully
C:\Users\Edo\AppData\Local\Temp\EBU2C5B.DLL => moved successfully
C:\Users\Edo\AppData\Local\Temp\handbrake-setup.exe => moved successfully
C:\Users\Edo\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Edo\AppData\Local\Temp\nvStInst.exe => moved successfully
"C:\Users\Edo\AppData\Local\Temp\procexp64.exe" => not found.
C:\Users\Edo\AppData\Local\Temp\proxy_vole8182631914574726674.dll => moved successfully
C:\Users\Edo\AppData\Local\Temp\SIntf16.dll => moved successfully
C:\Users\Edo\AppData\Local\Temp\SIntf32.dll => moved successfully
C:\Users\Edo\AppData\Local\Temp\SIntfNT.dll => moved successfully
C:\Users\Edo\AppData\Local\Temp\utils.dll => moved successfully
C:\Users\Edo\AppData\Local\Temp\vsredistsetup.exe => moved successfully
C:\Users\Edo\AppData\Local\Temp\war3_Install.exe => moved successfully
"HKU\S-1-5-21-3000302092-2520746345-460137575-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
C:\Windows\Temp => ":$DATA" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.


The system needed a reboot.

==== End of Fixlog 22:37:44 ====
 
ART:
 
[-] Deleted ->> File ->> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader.lnk
[-] Deleted ->> File ->> C:\Users\Edo\Appdata\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\YTD Video Downloader.lnk
[-] Deleted ->> File ->> C:\ProgramData\Application Data\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader.lnk
[-] Deleted ->> File ->> C:\ProgramData\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader.lnk
[-] Deleted ->> File ->> C:\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader.lnk
[-] Deleted ->> Folder ->> C:\ProgramData\YTD Video Downloader
[-] Deleted ->> Folder ->> C:\ProgramData\Application Data\Start Menu\Programs\YTD Video Downloader
[-] Deleted ->> Folder ->> C:\ProgramData\Start Menu\Programs\YTD Video Downloader
[-] Deleted ->> Folder ->> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[-] Deleted ->> Folder ->> C:\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fd7e1bf1_0\ <RegValue:>  <RegData:> {0.0.0.00000000}.{1e029b49-b074-4a9e-ae36-4faa30f570ce}|\Device\HarddiskVolume2\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe%b{00000000-0000-0000-0000-000000000000} : {0.0.0.00000000}.{1e029b49-b074-4a9e-ae36-4faa30f570ce}|\Device\HarddiskVolume2\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe%b{00000000-0000-0000-0000-000000000000}
[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fd7e1bf1_0\ <RegValue:>  <RegData:> {0.0.0.00000000}.{1e029b49-b074-4a9e-ae36-4faa30f570ce}|\Device\HarddiskVolume2\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe%b{00000000-0000-0000-0000-000000000000} : {0.0.0.00000000}.{1e029b49-b074-4a9e-ae36-4faa30f570ce}|\Device\HarddiskVolume2\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe%b{00000000-0000-0000-0000-000000000000}
[-] Repaired ->> File ->> C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Web Data
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\microsoft\windows\Currentversion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
 
AdwCleaner:
 
# AdwCleaner v5.200 - Logfile created 20/06/2016 at 22:50:36
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-20.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Edo - HAF-X
# Running from : C:\Users\Edo\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[-] Folder Deleted : C:\Windows\SysWOW64\TData

***** [ Files ] *****

[-] File Deleted : C:\Users\Public\Desktop\YTD Video Downloader.lnk

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key Deleted : HKCU\Software\WIN
[-] Key Deleted : HKCU\Software\GreenTree Applications\YTD

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1557 bytes] - [20/06/2016 22:50:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [1723 bytes] - [20/06/2016 22:49:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1703 bytes] ##########
 
The .nfo file has been zipped and attached to this post. Can't really update on that as it seems the same as before, which is good since the 16th. I'm afraid the program who kept popping up in different places may still be around.
 
Again, thanks in advance Gary.

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 AM

Posted 20 June 2016 - 05:30 PM

OK, let's monitor your computer for a day or so and while doing so please run these.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Check Uninstall application on close
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 d0dUxDJ

d0dUxDJ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:02:03 PM

Posted 20 June 2016 - 06:55 PM

ESET found a file which isn't malware for sure; .dat file used by Cheat Engine. Used the "restore" function to remove it from the quarantine.

 

Eset.txt:

 

C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    cleaned by deleting
C:\Users\Edo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8AYP90R1\JDownloader2Setup[1].exe    a variant of Win32/InstallCore.ACZ potentially unwanted application    cleaned by deleting
D:\Tutto\Download\MEGA\ridomale.exe    a variant of Win32/RiskWare.GameHack.X application    cleaned by deleting

 

Security Check log:

 

notcheckup31.txt
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Waiting for more instructions. Thanks in advance.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 AM

Posted 20 June 2016 - 07:20 PM

Is there more to the Security Check report?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 d0dUxDJ

d0dUxDJ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:02:03 PM

Posted 20 June 2016 - 07:28 PM

No, in fact it looked quite strange to me as well. I ran it a second time to make sure, but it ended up giving me the same result.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 AM

Posted 20 June 2016 - 07:41 PM

No problem, that happens periodically. Use your computer for a day then check back in and let me know how things are going.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 d0dUxDJ

d0dUxDJ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:02:03 PM

Posted 20 June 2016 - 07:44 PM

Sure thing Gary. Again thanks for your efforts. I'm heading to bed since it is indeed quite late here. I'll report back in approximately 24 hours as requested.

#14 d0dUxDJ

d0dUxDJ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:02:03 PM

Posted 21 June 2016 - 03:27 PM

The PC has been the same since the 16th.

 

I'll recap: the infection ran under two processes for a couple of days minimum (with restarts in-between), svchost.exe (the legit one) and Steam * (a fake Steam.exe process, not by Valve of course),

and I managed to get rid of the files needed to run "Steam *". The issue was still present when I shut my PC off the 15th.

However, when I booted the machine on the 16th, the process taking 25% of my CPU was gone.

 

Now, it apparently works smoothly, with no noticeable difference from before. Is there any other tool we can run to make sure no sneaky infection is still present?

Thanks in advance.

 

EDIT: I don't mind long scans. I'd much rather use a powerful but slow tool rather than a quick "forgiving" tool.


Edited by d0dUxDJ, 21 June 2016 - 03:28 PM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 AM

Posted 21 June 2016 - 04:20 PM

Though I don't find any evidence necessitating the running of these programs you can run these.

===================================================

Malwarebytes Anti-Rootkit - Scan Only

--------------------
  • Download Malwarebytes Anti-Rootkit (mbar) and save it to your desktop
  • Double click the mbar icon and select Run
  • Click OK to install it on your desktop
  • If you receive a User Account Control prompt allow it to run
  • If you receive the following screen select Yes and your computer will be restarted

dda-driver-warning.png

  • Click Next on the following screen (or something that looks similar)

start-screen.png

  • On the Update Database: screen click Update to download the latest definition updates then click Next

database-update.png

  • On the Scan System: screen place checkmarks in the Drivers, Sectors, and System boxes (should be checked by default) then click Scan. Please be patient and allow the process to complete

scan-system.png

  • Click the Exit button not Cleanup
  • A system-log report will be created in the mbar folder, please copy and paste the contents in your reply
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • If you receive a warning you are running a 32 bit version, ignore the warning and click Yes to continue anywar
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MBAR report
  • RogueKiller report
  • TDSSKiller report
  • aswMBR report.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users