Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winsnare, hotcine, winsapvc


  • This topic is locked This topic is locked
5 replies to this topic

#1 BeerPower

BeerPower

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 02 April 2017 - 06:17 AM

Hello everyone

yesterday i've uninstalled winsnare and winsapvc with all connected files from control panel and registry editor, i've checked with malwarebytes and it didnt found anything.
this morning i've run malwarebytes again and it found over 7500 (!!!) malware as chromium or hotcine with related files, i've tried removing again everything (with registry editor too) but i'm still worried about having again troubles at the next boot. 
 
i've seen a similar topic but i couldnt answer under that so i've created a new one
 
thank you for any help that you can provide

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Paga (administrator) on DESKTOP-OT9A352 (02-04-2017 13:02:26)
Running from D:\download
Loaded Profiles: Paga (Available Profiles: defaultuser0 & Paga)
Platform: Windows 10 Home Version 1607 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\Windows\System32\PnkBstrA.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) D:\programmi\Origin\OriginWebHelperService.exe
(Malwarebytes) D:\programmi\Malwarebytes Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Users\stefa\AppData\Roaming\mobilevvserv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) D:\programmi\Malwarebytes Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(深圳微客百源科技有限公司) C:\Program Files\SUMLINK-G10\SUMLINK.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\stefa\AppData\Roaming\mobilevvserv.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\syswow64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16293496 2016-09-29] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9197568 2017-01-11] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => D:\PROGRAMMI\MALWAREBYTES ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\Run: [Steam] => D:\programmi\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\Run: [DAEMON Tools Lite Automount] => D:\programmi\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd)
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\Run: [Spotify Web Helper] => C:\Users\stefa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-01] (Spotify Ltd)
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\Run: [Discord] => C:\Users\stefa\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\MountPoints2: {d80f5f51-8c7d-11e6-b9a5-74d02b97cedf} - "E:\setup.exe"
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\MountPoints2: {d80f5fe8-8c7d-11e6-b9a5-74d02b97cedf} - "E:\setup.exe"
HKU\S-1-5-18\...\Run: [script_fcbd] => D:\giochi\Far Cry 3 Blood Dragon\fcbd.bat [302 2016-11-26] ()
HKU\S-1-5-18\...\Run: [] => [X]
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\fcbd.bat [2016-11-26] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-29]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\stefa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2017-01-08]
ShortcutTarget: Curse.lnk -> C:\Users\stefa\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\stefa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MobileVServ.vbs [2017-01-30] ()
Startup: C:\Users\stefa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\watchdogs2.vbs [2017-01-30] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.9
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{32fd4b91-4fc9-4f76-985a-4d5d442d3854}: [DhcpNameServer] 192.168.1.9
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-3378916298-4057020535-3286549860-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08] (Intel Security)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3378916298-4057020535-3286549860-1001 -> hxxp://www.google.com

FireFox:
========
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\programmi\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

Chrome:
=======
CHR Profile: C:\Users\stefa\AppData\Local\Google\Chrome\User Data\Default [2017-04-02]
CHR Extension: (Presentazioni Google) - C:\Users\stefa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-01]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\stefa\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-04-01]
CHR Extension: (Documenti Google) - C:\Users\stefa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-01]
CHR Extension: (Google Drive) - C:\Users\stefa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-01]
CHR Extension: (YouTube) - C:\Users\stefa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-01]
CHR Extension: (Adobe Acrobat) - C:\Users\stefa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-01]
CHR Extension: (Fogli Google) - C:\Users\stefa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-01]
CHR Extension: (Stylish - Personalizza i temi per siti web) - C:\Users\stefa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-04-01]
CHR Extension: (Google Documenti offline) - C:\Users\stefa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-01]
CHR Extension: (AdBlock) - C:\Users\stefa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\stefa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-01]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\stefa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-01]
CHR Extension: (Gmail) - C:\Users\stefa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\stefa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-01]
CHR HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-13] ()
S3 Disc Soft Lite Bus Service; D:\programmi\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [387856 2016-12-28] (EasyAntiCheat Ltd)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365032 2016-06-17] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-09-29] (Logitech Inc.)
R2 MBAMService; D:\programmi\Malwarebytes Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 MVCSrv; C:\ProgramData\Package Cache\{2A002F88-FD5D-379B-A350-A25D84AF128B}v14.0.25420\packages\VisualC_D14\VC_IDE.Base\VC_IDE_Base.dll [104960 2017-03-29] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-17] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S3 Origin Client Service; D:\programmi\Origin\OriginClientService.exe [2123240 2017-03-17] (Electronic Arts)
R2 Origin Web Helper Service; D:\programmi\Origin\OriginWebHelperService.exe [2184688 2017-03-17] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2017-02-24] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-10-23] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-15] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2016-01-11] (Wacom Technology, Corp.)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-11] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-11] (Disc Soft Ltd)
R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-09-29] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-02] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2504192 2016-07-16] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f37f8f12da8b10d7\nvlddmkm.sys [14574640 2017-03-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-03-17] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2044-03-18 17:46 - 2044-03-18 17:46 - 00000000 ____D C:\Users\stefa\Documents\VST3 Presets
2044-03-18 17:44 - 2044-03-18 17:44 - 00000000 ____D C:\ProgramData\Steinberg
2044-03-18 17:44 - 2044-03-18 17:44 - 00000000 ____D C:\Program Files\Common Files\Steinberg
2044-03-18 17:43 - 2044-03-18 17:43 - 00002892 _____ () C:\WINDOWS\SysWOW64\audcon.sys
2044-03-18 17:43 - 2044-03-18 17:43 - 00000049 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg
2044-03-18 17:43 - 2044-03-18 17:43 - 00000000 ____D C:\Users\stefa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 8 64bit
2044-03-18 17:43 - 2044-03-18 17:43 - 00000000 ____D C:\ProgramData\Syncrosoft
2044-03-18 17:43 - 2044-03-18 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2044-03-18 17:43 - 2044-03-18 17:43 - 00000000 ____D C:\Program Files\Steinberg
2044-03-18 17:43 - 2044-03-18 17:43 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2044-03-18 17:43 - 2044-03-18 17:43 - 00000000 ____D C:\Program Files (x86)\Syncrosoft
2044-03-18 17:43 - 2017-03-19 14:43 - 00000000 ____D C:\Users\stefa\AppData\Roaming\Steinberg
2044-03-18 17:43 - 2011-12-14 21:21 - 00086016 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe
2044-03-18 17:33 - 2044-03-18 17:43 - 00000000 ____D C:\ProgramData\eLicenser
2044-03-18 17:33 - 2044-03-18 17:43 - 00000000 ____D C:\Program Files (x86)\eLicenser
2044-03-18 17:33 - 2044-03-18 17:33 - 00000000 ____D C:\Program Files\eLicenser
2044-03-18 17:33 - 2012-12-07 17:48 - 01714176 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\system32\SYNSOACC.dll
2044-03-18 17:33 - 2012-12-07 17:48 - 01277952 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\SysWOW64\SYNSOACC.dll
2044-03-18 17:30 - 2044-03-18 17:30 - 00000000 ____D C:\Users\stefa\AppData\Roaming\Steinberg Installation Updater
2044-03-18 17:30 - 2044-03-18 17:30 - 00000000 ____D C:\Users\stefa\AppData\Local\Steinberg Installation Updater
2017-04-02 11:45 - 2017-03-16 07:17 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-04-02 11:45 - 2017-03-16 07:17 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-04-02 11:45 - 2017-03-16 06:47 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-04-02 11:45 - 2017-03-16 06:46 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-02 11:45 - 2017-03-16 06:38 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-04-02 11:45 - 2017-03-16 06:19 - 22565376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-02 11:45 - 2017-03-16 06:05 - 18362368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-02 11:45 - 2017-03-16 06:03 - 23676416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-02 10:52 - 2017-04-02 10:52 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-04-02 10:52 - 2017-04-02 10:52 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2017-04-02 10:24 - 2017-04-02 10:26 - 00000000 ____D C:\FRST
2017-04-01 15:33 - 2017-04-02 12:53 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-04-01 15:18 - 2017-04-01 15:18 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsigndff47ed5e4f0c69a
2017-04-01 15:14 - 2017-04-01 15:14 - 00000907 _____ C:\Users\stefa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adwcleaner_6.045.lnk
2017-04-01 14:23 - 2017-04-01 14:23 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\22342E3A.sys
2017-04-01 11:48 - 2017-04-01 11:48 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign0916707175bab679
2017-04-01 02:52 - 2017-04-01 02:52 - 00000000 ____D C:\Users\stefa\HhpmDdA1Bu
2017-03-31 18:06 - 2017-03-31 18:06 - 00000000 ____D C:\Users\stefa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome
2017-03-31 18:01 - 2017-03-31 18:02 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-31 18:01 - 2017-03-31 18:01 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-31 18:01 - 2017-03-31 18:01 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-31 18:00 - 2017-03-31 18:00 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-31 18:00 - 2017-03-31 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-31 18:00 - 2017-03-24 04:10 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-31 11:00 - 2017-04-01 13:00 - 00000000 ____D C:\Users\stefa\AppData\LocalLow\Mozilla
2017-03-31 11:00 - 2017-03-31 11:00 - 00000000 ____D C:\Users\stefa\AppData\Roaming\Mozilla
2017-03-31 10:59 - 2017-04-01 13:00 - 00002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-31 10:58 - 2017-04-01 12:59 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-31 10:58 - 2017-04-01 12:59 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-30 12:57 - 2017-04-01 11:08 - 00003588 _____ C:\WINDOWS\System32\Tasks\Windows-PG
2017-03-30 12:57 - 2017-03-30 12:57 - 00000000 ____D C:\Update
2017-03-30 12:53 - 2017-04-01 12:59 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-30 12:52 - 2017-04-01 11:03 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-03-26 16:43 - 2017-03-26 16:43 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign90192743f7a929fe
2017-03-26 16:41 - 2017-03-26 16:41 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsignb37275f8bfab6d24
2017-03-26 16:41 - 2017-03-26 16:41 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign33aba35499edaa5b
2017-03-25 17:50 - 2017-03-25 17:50 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign5d00146b0c05678b
2017-03-25 17:50 - 2017-03-25 17:50 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign3dc9ec977c92b924
2017-03-25 17:40 - 2017-03-25 17:40 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsignc051af4310edda40
2017-03-25 17:40 - 2017-03-25 17:40 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign2816c28a9dcab78f
2017-03-25 12:04 - 2017-03-25 12:04 - 00000000 ____D C:\Users\stefa\AppData\Roaming\Bulletstorm
2017-03-25 12:03 - 2017-03-25 12:03 - 00000000 ____D C:\WINDOWS\SysWOW64\xlive
2017-03-25 12:03 - 2017-03-25 12:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2017-03-24 23:58 - 2017-03-24 23:58 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-03-24 23:58 - 2017-03-24 23:58 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-03-22 00:44 - 2017-03-22 00:44 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsigne8a9d39dfa80b6ca
2017-03-22 00:40 - 2017-03-22 00:40 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign9faa84e571838151
2017-03-22 00:40 - 2017-03-22 00:40 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign61e9cbd344dbff5e
2017-03-21 22:27 - 2017-03-21 22:27 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsignc3f12f9f93074b09
2017-03-21 22:14 - 2017-03-21 22:26 - 00000000 ____D C:\Users\stefa\AppData\Roaming\NVIDIA
2017-03-21 22:14 - 2017-03-21 22:14 - 00000000 ____D C:\Users\stefa\Documents\SkidRow
2017-03-21 22:11 - 2017-03-21 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Binding of Isaac - Afterbirth Plus
2017-03-21 22:09 - 2017-03-21 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEF to JPG
2017-03-20 23:22 - 2017-03-20 23:22 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-20 23:22 - 2017-03-17 01:31 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-03-20 23:22 - 2017-03-17 01:16 - 06401984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-03-20 23:22 - 2017-03-17 01:16 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-03-20 23:22 - 2017-03-17 01:16 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-03-20 23:22 - 2017-03-17 01:16 - 00549944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-03-20 23:22 - 2017-03-17 01:16 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-03-20 23:22 - 2017-03-17 01:16 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-03-20 23:22 - 2017-03-17 01:16 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-03-20 23:22 - 2017-03-17 00:56 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-03-20 23:22 - 2017-03-16 11:39 - 07813427 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-03-20 23:22 - 2017-01-26 02:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-03-20 23:22 - 2017-01-26 02:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-03-20 23:22 - 2017-01-26 02:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-03-20 23:22 - 2017-01-26 02:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-03-20 23:19 - 2017-03-17 03:01 - 40190400 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 34991672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 28254264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 19006832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 11019888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 09306312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 08990256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 03597456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 03169848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 02716096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437892.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437892.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00944224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00719672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00687408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00618232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00605120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00573632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00500792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00217528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-03-20 23:19 - 2017-03-17 03:01 - 00059448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-03-20 23:19 - 2017-03-17 03:01 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-03-20 23:19 - 2017-03-17 03:01 - 00043636 _____ C:\WINDOWS\system32\nvinfo.pb
2017-03-20 23:19 - 2017-03-17 03:01 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-03-20 23:19 - 2017-03-17 03:01 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-03-19 19:23 - 2017-03-19 19:23 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign7c77c5011de298a3
2017-03-19 14:43 - 2017-03-19 14:43 - 00000000 ____D C:\Users\stefa\Documents\Steinberg
2017-03-19 14:36 - 2017-03-19 14:36 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign69d734887c6e0bb8
2017-03-17 19:37 - 2016-05-29 20:38 - 08886976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSetup.exe
2017-03-12 16:59 - 2017-03-12 16:59 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsignf58d592046716601
2017-03-12 16:59 - 2017-03-12 16:59 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign87e956fea243fda2
2017-03-12 16:59 - 2017-03-12 16:59 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign02478b789ce8b9f2
2017-03-11 14:27 - 2017-03-11 14:27 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign27d0e12672120e8e
2017-03-11 14:05 - 2017-03-11 14:05 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsignbbd1c429b8e217af
2017-03-07 11:25 - 2017-03-07 11:25 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign852c142282913a7a
2017-03-07 11:25 - 2017-03-07 11:25 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign80ffbbcab8c364ea
2017-03-07 11:24 - 2017-03-07 11:24 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign5ee2172f1e4c6fac
2017-03-07 11:23 - 2017-03-07 11:23 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsignd82342223aac7e32
2017-03-07 11:23 - 2017-03-07 11:23 - 00000000 ____D C:\Users\stefa\AppData\Local\Tempzxpsign7bd404cd35b80c80
2017-03-07 02:26 - 2017-04-01 15:24 - 00000000 ____D C:\AdwCleaner
2017-03-07 02:05 - 2017-03-07 02:05 - 00003258 _____ C:\WINDOWS\System32\Tasks\{974BFCB6-CBB9-4DEC-A8C4-9B9015E4AA0A}
2017-03-07 01:55 - 2017-03-07 01:55 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-07 01:55 - 2017-03-07 01:55 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-03-07 01:51 - 2017-04-01 11:03 - 00000000 ____D C:\Program Files (x86)\Cliweghtferhition
2017-03-07 01:51 - 2017-03-07 01:59 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-03-06 22:30 - 2017-03-06 22:30 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk
2017-03-06 22:30 - 2017-03-06 22:30 - 00000000 ____D C:\Users\Public\Documents\Adobe
2017-03-03 22:39 - 2017-03-03 22:39 - 00000000 ____D C:\Users\stefa\Documents\Battlefield 1
2017-03-03 19:07 - 2017-03-03 19:07 - 00000000 ___HD C:\Program Files\Common FilesEAInstaller
2017-03-03 12:46 - 2017-03-03 16:20 - 00000000 ____D C:\Users\stefa\AppData\Local\Origin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2044-03-18 17:59 - 2016-10-11 13:01 - 00000000 ____D C:\WINDOWS\system32\config\RegBack
2044-03-18 17:44 - 2016-10-11 13:01 - 00000000 ___HD C:\ProgramData
2044-03-18 17:44 - 2016-10-11 12:49 - 00000000 ____D C:\Program Files\Common Files
2044-03-18 17:43 - 2016-10-11 12:49 - 00000000 ___RD C:\Program Files
2044-03-18 17:30 - 2017-01-04 17:07 - 00004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9B584BEF-9ED1-4D20-97AB-4F29F821B574}
2017-04-02 13:00 - 2016-10-23 18:07 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-02 12:56 - 2016-10-11 13:04 - 02895032 _____ C:\WINDOWS\system32\perfh010.dat
2017-04-02 12:56 - 2016-10-11 13:04 - 00808982 _____ C:\WINDOWS\system32\perfc010.dat
2017-04-02 12:56 - 2016-10-11 12:26 - 00005710 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-02 12:51 - 2016-10-23 17:28 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-04-02 12:50 - 2016-10-11 16:47 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-02 12:50 - 2016-10-11 12:49 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-04-02 12:50 - 2016-10-11 12:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-02 12:49 - 2016-10-11 13:01 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-04-02 12:06 - 2016-10-11 12:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-02 12:05 - 2016-10-11 12:52 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-02 10:52 - 2016-10-21 17:47 - 00000000 ____D C:\ProgramData\Adobe
2017-04-02 10:52 - 2016-10-21 17:47 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-04-02 10:52 - 2016-10-11 12:26 - 00000000 ____D C:\Users\stefa\AppData\Roaming\Adobe
2017-04-02 10:51 - 2016-10-21 17:47 - 00000000 ____D C:\Users\stefa\AppData\Local\Adobe
2017-04-02 10:06 - 2016-10-11 13:01 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-02 01:56 - 2016-10-11 13:00 - 00000000 ____D C:\WINDOWS\INF
2017-04-02 01:56 - 2016-10-11 12:17 - 00000000 ____D C:\Users\stefa
2017-04-01 16:08 - 2016-10-11 15:25 - 00000000 ____D C:\ProgramData\Origin
2017-04-01 16:07 - 2016-10-11 15:29 - 00000000 ____D C:\Users\stefa\AppData\Roaming\Origin
2017-04-01 15:37 - 2016-10-13 01:19 - 00000000 ____D C:\Users\stefa\AppData\Local\CrashDumps
2017-04-01 15:17 - 2016-10-12 11:40 - 00000000 ____D C:\Users\stefa\AppData\Roaming\Spotify
2017-04-01 14:49 - 2017-01-03 12:09 - 00007607 _____ C:\Users\stefa\AppData\Local\Resmon.ResmonCfg
2017-04-01 14:27 - 2016-10-12 11:40 - 00000000 ____D C:\Users\stefa\AppData\Local\Spotify
2017-04-01 14:26 - 2016-12-24 11:48 - 00000000 ____D C:\ProgramData\69B6DBD2-8E05-476F-B662-CF8D235FD499
2017-04-01 14:15 - 2016-10-11 16:42 - 00000000 ____D C:\Users\stefa\AppData\Roaming\DAEMON Tools Lite
2017-04-01 14:15 - 2016-10-11 15:42 - 00000000 ____D C:\Users\stefa\AppData\Roaming\BitTorrent
2017-04-01 13:14 - 2016-10-11 12:38 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-01 13:14 - 2016-10-11 12:37 - 00000000 ____D C:\Users\stefa\AppData\Local\Google
2017-04-01 13:14 - 2016-10-11 12:37 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-01 01:29 - 2016-10-11 13:01 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-31 19:09 - 2016-10-11 15:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-31 18:42 - 2017-02-01 22:42 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-03-31 18:00 - 2016-10-11 15:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-31 09:54 - 2016-10-11 18:44 - 00513192 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-03-27 00:31 - 2016-10-11 12:26 - 00000000 ____D C:\Users\stefa\AppData\Local\Packages
2017-03-26 16:40 - 2016-11-26 12:42 - 00000033 _____ C:\Users\stefa\AppData\Roaming\AdobeWLCMCache.dat
2017-03-26 03:24 - 2016-11-20 14:14 - 00000000 ____D C:\Users\stefa\AppData\Roaming\obs-studio
2017-03-25 12:29 - 2016-09-30 12:29 - 00000000 ____D C:\Users\stefa\Documents\My Games
2017-03-24 23:58 - 2017-01-30 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-22 00:10 - 2016-10-11 15:49 - 00000000 ____D C:\Users\stefa\AppData\Roaming\IObit
2017-03-20 23:23 - 2016-10-23 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-20 23:23 - 2016-10-11 12:13 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-20 23:23 - 2016-10-11 12:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-20 23:22 - 2016-10-23 18:07 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-20 23:22 - 2016-10-11 13:01 - 00000000 ____D C:\WINDOWS\Help
2017-03-19 14:49 - 2016-10-10 16:49 - 00000000 ____D C:\Users\stefa\Documents\Smith Micro
2017-03-18 11:17 - 2016-10-11 13:01 - 00000000 ____D C:\WINDOWS\rescache
2017-03-17 22:08 - 2016-09-27 21:49 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-17 22:06 - 2016-10-11 12:08 - 05244016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-17 22:02 - 2016-10-11 13:01 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-03-17 22:02 - 2016-10-11 13:01 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-03-17 22:02 - 2016-10-11 13:01 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-03-17 22:02 - 2016-10-11 13:01 - 00000000 ____D C:\WINDOWS\system32\setup
2017-03-17 22:02 - 2016-10-11 13:01 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-03-17 22:01 - 2016-10-11 13:01 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-03-17 22:01 - 2016-10-11 13:01 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-03-17 22:01 - 2016-10-11 13:01 - 00000000 ___RD C:\Program Files\Windows Defender
2017-03-17 22:01 - 2016-10-11 13:01 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-03-17 22:01 - 2016-10-11 13:01 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-03-17 22:01 - 2016-10-11 13:01 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-17 22:01 - 2016-10-11 13:01 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-17 22:01 - 2016-10-11 13:01 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-17 21:43 - 2016-10-11 18:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-17 21:35 - 2016-10-11 18:38 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-14 00:41 - 2016-10-23 17:14 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-14 00:40 - 2016-10-23 17:05 - 00000000 ____D C:\Program Files\TrueKey
2017-03-13 20:24 - 2016-10-23 17:05 - 00000000 ____D C:\ProgramData\McAfee
2017-03-12 23:08 - 2016-11-07 20:33 - 00000000 ____D C:\Users\stefa\AppData\Roaming\vlc
2017-03-12 13:19 - 2016-11-11 20:08 - 00000000 ____D C:\Users\stefa\AppData\Local\Ubisoft Game Launcher
2017-03-11 13:14 - 2016-10-23 17:14 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-03-10 12:17 - 2016-10-11 15:58 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-10 12:16 - 2016-12-21 01:36 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-10 12:16 - 2016-10-11 15:58 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-10 12:16 - 2016-10-11 15:58 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-10 12:16 - 2016-10-11 15:58 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-10 12:16 - 2016-10-11 15:58 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-10 12:16 - 2016-10-11 15:58 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-10 07:17 - 2016-10-11 13:02 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-10 07:17 - 2016-10-11 13:02 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-07 11:25 - 2017-02-08 20:13 - 00000000 ___RD C:\Users\stefa\Creative Cloud Files
2017-03-07 11:25 - 2017-02-08 20:13 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-07 02:14 - 2016-10-11 13:05 - 00000000 ____D C:\WINDOWS\Setup
2017-03-06 22:53 - 2017-01-30 21:01 - 00000000 ___RD C:\Users\stefa\Google Drive
2017-03-06 22:33 - 2016-10-21 17:53 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-03-06 22:31 - 2016-10-21 17:53 - 00000000 ____D C:\Users\stefa\Documents\Adobe
2017-03-06 22:30 - 2017-01-06 14:18 - 00000000 ___HD C:\adobeTemp
2017-03-06 22:30 - 2016-10-21 17:50 - 00000000 ____D C:\Program Files\Adobe
2017-03-06 01:04 - 2016-12-28 20:25 - 00520440 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-03-04 09:09 - 2016-10-11 12:11 - 02717184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-03 12:39 - 2016-10-11 15:50 - 00000000 ____D C:\ProgramData\ProductData

==================== Files in the root of some directories =======

2016-11-26 12:42 - 2017-03-26 16:40 - 0000033 _____ () C:\Users\stefa\AppData\Roaming\AdobeWLCMCache.dat
2016-12-30 23:46 - 2016-12-30 23:46 - 0937776 _____ (AutoIt Team) C:\Users\stefa\AppData\Roaming\BIbZ.exe
2016-12-29 14:34 - 2016-12-29 14:34 - 0000000 _____ () C:\Users\stefa\AppData\Roaming\iBMhK
2017-01-29 12:58 - 2017-01-29 12:58 - 1011712 _____ () C:\Users\stefa\AppData\Roaming\mobilevvserv.exe
2016-12-28 13:47 - 2016-12-28 13:47 - 0000112 _____ () C:\Users\stefa\AppData\Roaming\Preferenze JP2K CS6
2016-12-28 20:49 - 2016-12-28 20:49 - 0937776 _____ (AutoIt Team) C:\Users\stefa\AppData\Roaming\RLDi.exe
2016-12-29 14:34 - 2016-12-29 14:34 - 0937776 _____ (AutoIt Team) C:\Users\stefa\AppData\Roaming\WLGT.exe
2017-01-03 12:09 - 2017-04-01 14:49 - 0007607 _____ () C:\Users\stefa\AppData\Local\Resmon.ResmonCfg
2017-02-01 22:43 - 2017-02-01 22:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-21 01:36 - 2017-01-24 23:27 - 0009275 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-21 01:36 - 2017-01-13 18:14 - 0003355 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2044-03-18 17:59

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Paga (02-04-2017 13:03:34)
Running from D:\download
Windows 10 Home Version 1607 (X64) (2016-10-11 10:25:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3378916298-4057020535-3286549860-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3378916298-4057020535-3286549860-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3378916298-4057020535-3286549860-1000 - Limited - Enabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3378916298-4057020535-3286549860-501 - Limited - Disabled)
Paga (S-1-5-21-3378916298-4057020535-3286549860-1001 - Administrator - Enabled) => C:\Users\stefa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe After (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_0_1) (Version: 14.0.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_0_0) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0) (Version: 17.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Aggiornamenti NVIDIA 23.23.30.0 (Version: 23.23.30.0 - NVIDIA Corporation) Hidden
Ansel (Version: 378.92 - NVIDIA Corporation) Hidden
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
BattleBlock Theater (HKLM\...\Steam App 238460) (Version: - The Behemoth)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.8.2.48475 - Electronic Arts)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.49.28890 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BitTorrent (HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\BitTorrent) (Version: 7.9.9.43389 - BitTorrent Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games)
Bulletstorm (HKLM-x32\...\Bulletstorm_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Call of Duty: Advanced Warfare - Multiplayer (HKLM\...\Steam App 209660) (Version: - Sledgehammer Games)
Call of Duty: Advanced Warfare (HKLM\...\Steam App 209650) (Version: - Sledgehammer Games)
Call of Duty: Black Ops III Salvation DLC (HKLM\...\Q2FsbG9mRHV0eUJsYWNrT3BzSUlJ_is1) (Version: 1 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
CINEMA 4D 18.041 (HKLM\...\MAXON7F5B8786) (Version: 18.041 - MAXON Computer GmbH)
Core Temp 1.5.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.5.1 - ALCPU)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crysis 3 (HKLM-x32\...\Q3J5c2lzMw==_is1) (Version: 1 - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
DOOM (HKLM\...\Steam App 379720) (Version: - id Software)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.8.5.1160 - Steinberg Media Technologies GmbH)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Far Cry 3 Blood Dragon (HKLM-x32\...\Uplay Install 205) (Version: - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version: - Daybreak Game Company)
H1Z1: King of the Kill Test Server (HKLM\...\Steam App 439700) (Version: - Daybreak Game Company)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Imaging Tools Support (x32 Version: 10.1.14393.0 - Microsoft) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.13.125.1 - Intel Security)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4474 - Intel Corporation)
Kits Configuration Installer (x32 Version: 10.1.14393.0 - Microsoft) Hidden
Logitech Gaming Software 8.88 (HKLM\...\Logitech Gaming Software) (Version: 8.88.30 - Logitech Inc.)
Malwarebytes versione 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.6 - Smith Micro)
Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NEF to JPG (HKLM-x32\...\{13D87B39-2A3B-4675-A0D9-B8B01EA2F8E3}_is1) (Version: - neftojpg.com)
No Man's Sky (HKLM\...\Steam App 275850) (Version: - Hello Games)
NVIDIA Driver 3D Vision 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.92 - NVIDIA Corporation)
NVIDIA Driver audio HD 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA Driver del controller 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Driver grafico 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.30491 - Electronic Arts, Inc.)
Pannello di controllo NVIDIA 378.92 (Version: 378.92 - NVIDIA Corporation) Hidden
Portal 2 (HKLM\...\Steam App 620) (Version: - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Resident Evil 7: Biohazard (HKLM-x32\...\Resident Evil 7: Biohazard_is1) (Version: - )
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.)
SDK ARM Additions (x32 Version: 10.1.14393.0 - Microsoft Corporation) Hidden
SDK ARM Additions EULA (x32 Version: 10.1.14393.0 - Microsoft Corporations) Hidden
SDK ARM Redistributables (x32 Version: 10.1.14393.0 - Microsoft Corporation) Hidden
SDK Debuggers ARM (x32 Version: 10.1.14393.0 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Songr (HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\Songr) (Version: 2.1 - Xamasoft)
Spotify (HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\Spotify) (Version: 1.0.52.725.g943b26a8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steep (HKLM-x32\...\Uplay Install 3279) (Version: - Ubisoft)
Steinberg Cubase LE AI Elements 8 64bit (HKLM\...\{C801D1E6-30E3-46BE-368D-0106B42CCE17}) (Version: 8.0.10 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE 64bit (HKLM\...\{A5AB0D21-21BD-4DB8-F097-02E8FC8C486A}) (Version: 4.1.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE Content (HKLM-x32\...\{AFC9D1CE-F050-437C-35A5-62DEDB262DC7}) (Version: 1.2.1 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 2.0.2 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 2.0.1 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
SUMLINK-G10.exe (HKLM-x32\...\{7B7EDA54-33BA-45DB-A664-794AE4AE926C}}_is1) (Version: 1.0 - )
Supporto applicazioni Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Tavoletta Wacom (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-3 - Wacom Technology Corp.)
TeamSpeak 3 Client (HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Binding of Isaac - Afterbirth Plus version 1.0 (HKLM-x32\...\The Binding of Isaac - Afterbirth Plus_is1) (Version: 1.0 - Nicalis Inc) <==== ATTENTION
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
Titanfall™ 2 (HKLM-x32\...\{4BD80373-FEE7-45B6-8249-6E8E98717405}) (Version: 1.0.0.5 - Electronic Arts, Inc.)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal)
Tom Clancy's The Division (HKLM\...\Steam App 365590) (Version: - Massive Entertainment)
Twixtor 6, After Effects-compatible plugin set (HKLM-x32\...\Twixtor 6, After Effects-compatible plugin set) (Version: - )
Twixtor v6 for After Effects and Premiere Pro (HKLM\...\Twixtor v6 for After Effects and Premiere Pro 6.2.6) (Version: 6.2.6 - RE:Vision Effects)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Driver Kit - Windows 10.0.14393.0 (HKLM-x32\...\{a2dc32b2-d7ac-425c-9947-551c3b16f848}) (Version: 10.1.14393.0 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3378916298-4057020535-3286549860-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-1663F47506CF}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3378916298-4057020535-3286549860-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09E02467-67C3-4846-890E-0BE11732FF08} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-stefanopaga95@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {10E2FA6C-A8F0-45B9-B750-6D2D8E70D21B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {21FDD772-15CB-4D09-9AAA-D58A0E41FFE1} - System32\Tasks\Update\mobilevserva => C:\Users\stefa\AppData\Roaming\mobilevvserv.exe [2017-01-29] () <==== ATTENTION
Task: {3319D5B1-61E3-4D9B-8FD0-4C6609DB5F9C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {3B93DB19-65ED-4249-8282-5201CF81EDFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-11] (Google Inc.)
Task: {495C1FF3-82EC-4D25-9207-60AE03C2CFB1} - System32\Tasks\{974BFCB6-CBB9-4DEC-A8C4-9B9015E4AA0A} => pcalua.exe -a "C:\Program Files (x86)\QForlLgs0EYm\unins000.exe"
Task: {57FA84A5-3DA1-47D7-AF17-51FD10274795} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {5CAABFD5-7E65-460E-A675-DB32CB5499F5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {5F45BBED-A08D-47C1-8615-67F339FB2520} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {6F42B890-0B6B-4525-A44C-6D9F441C6A15} - \Therzatherkawerch -> No File <==== ATTENTION
Task: {808C234F-AD99-4109-A703-750CA7181FE0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {882046AA-7887-4E89-A5D4-2B10951A0C5E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {8E741C2C-E63E-46EC-9DF1-36CC66CD7C01} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {9F6AB271-55D3-431A-B4FF-48694C7C72A2} - System32\Tasks\SUMLINK-G10-GmTaskPlan => C:\Program Files\SUMLINK-G10\SUMLINK.exe [2016-06-02] (深圳微客百源科技有限公司)
Task: {B3518ED7-BD55-414E-8A03-A3A93D96CF2D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {D0A8F73A-42D6-428B-A08F-BACC6EE0774F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {D5E314AB-B1A9-456E-8871-58020B403B22} - System32\Tasks\Windows-PG => powershell.exe C:\Update\psgo\psgo.ps1
Task: {F85F174A-3A4F-4135-8A5F-C21C9171D44E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-11] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 ____N () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-03-17 19:39 - 2017-03-04 09:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-20 23:22 - 2017-03-17 01:16 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-24 14:41 - 2017-02-24 14:41 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2016-10-23 18:07 - 2017-02-23 20:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-23 18:07 - 2017-02-23 20:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-31 18:00 - 2017-03-24 04:09 - 02271520 _____ () D:\PROGRAMMI\MALWAREBYTES ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-29 12:58 - 2017-01-29 12:58 - 01011712 _____ () C:\Users\stefa\AppData\Roaming\mobilevvserv.exe
2017-03-17 19:39 - 2017-03-04 09:19 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-25 10:57 - 2016-10-25 10:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-10-30 12:16 - 2016-01-11 19:30 - 01349824 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-09-28 00:12 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-17 19:38 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-17 19:39 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-17 19:39 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-17 19:39 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-17 19:39 - 2017-03-04 08:05 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-03-17 19:39 - 2017-03-04 08:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-17 19:39 - 2017-03-04 08:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-13 20:35 - 2017-03-13 20:35 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-13 20:35 - 2017-03-13 20:35 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-13 20:35 - 2017-03-13 20:35 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-13 20:35 - 2017-03-13 20:35 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-09-29 23:13 - 2016-09-29 23:13 - 01096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-09-29 23:13 - 2016-09-29 23:13 - 00241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-04-01 13:14 - 2017-03-29 10:47 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-01 13:14 - 2017-03-29 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2017-03-17 22:36 - 2017-03-17 22:36 - 02493440 _____ () D:\programmi\Origin\libGLESv2.dll
2016-10-23 18:07 - 2017-02-23 20:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-23 18:07 - 2017-02-23 20:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-23 18:07 - 2017-02-23 20:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-31 10:59 - 2017-03-29 10:00 - 00104960 _____ () c:\programdata\package cache\{2a002f88-fd5d-379b-a350-a25d84af128b}v14.0.25420\packages\visualc_d14\vc_ide.base\vc_ide_base.dll
2016-10-23 18:07 - 2017-02-23 16:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-23 18:07 - 2017-02-23 16:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-23 18:07 - 2017-02-23 16:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-23 18:07 - 2017-02-23 16:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-23 18:07 - 2017-02-23 16:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-23 18:07 - 2017-02-23 16:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-10-11 13:01 - 2017-01-29 18:06 - 00001186 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 www.googletagservices.com
0.0.0.0 gads.pubmatic.com
0.0.0.0 ads.pubmatic.com
0.0.0.0 spclient.wg.spotify.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\Control Panel\Desktop\\Wallpaper -> D:\cazzate\i sfondi\WDF_884358.jpg
DNS Servers: 192.168.1.9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\StartupApproved\StartupFolder: => "MobileVServ.vbs"
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\StartupApproved\StartupFolder: => "watchdogs2.vbs"
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D56F3B76F5A9637417A66989E698E414"
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3378916298-4057020535-3286549860-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3245DCC9-19C6-4B45-A76B-D9306F41F57E}] => (Allow) D:\programmi\Steam\Steam.exe
FirewallRules: [{CF488E53-F584-41B7-9C01-37CE52451230}] => (Allow) D:\programmi\Steam\Steam.exe
FirewallRules: [{19500A02-69E0-4FEE-A89C-25B0AA39466E}] => (Allow) D:\programmi\Steam\bin\steamwebhelper.exe
FirewallRules: [{18F83960-DDA3-47EC-A17B-E0AB33A1374B}] => (Allow) D:\programmi\Steam\bin\steamwebhelper.exe
FirewallRules: [{501E07F9-A3C7-4334-B034-1CB8363F7097}] => (Allow) D:\programmi\Steam.exe
FirewallRules: [{96EE8FA4-037B-4D59-ABE6-4D5D2DE4BD30}] => (Allow) D:\programmi\Steam.exe
FirewallRules: [{AF553F58-35EF-4BB0-B8ED-EBA36BFC092E}] => (Allow) D:\programmi\bin\steamwebhelper.exe
FirewallRules: [{DAEE281A-FDC2-43EE-9D78-7399305007FA}] => (Allow) D:\programmi\bin\steamwebhelper.exe
FirewallRules: [{977BE6EB-8798-47B2-97D3-762FFC363E80}] => (Allow) D:\giochi\Titanfall\Titanfall.exe
FirewallRules: [{A7FC8FF1-68E4-48F7-B6BE-A2E821231DB8}] => (Allow) D:\giochi\Titanfall\Titanfall.exe
FirewallRules: [{3D95A621-6603-4073-A44C-51BF2BC063E5}] => (Allow) C:\Users\stefa\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{092CEB5A-366F-4310-BB69-ADEB59233AA2}] => (Allow) C:\Users\stefa\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C79BD02D-3E84-43A9-9CAB-6E52B1848F6A}] => (Allow) C:\Users\stefa\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FB6CA53B-57FA-4486-9138-FFFF62A56F35}] => (Allow) C:\Users\stefa\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F74C8012-CE10-4411-A08E-250376157137}] => (Allow) C:\Users\stefa\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A164F30F-F852-4F35-BF4D-5547B7D90524}] => (Allow) C:\Users\stefa\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1FC57B53-EC33-4B77-B271-A2F130202DB2}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{6270CBF6-3E8F-495D-AD15-174193756243}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{384C015F-BBC4-4DD9-B899-6088F9962127}] => (Allow) D:\giochi\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{0970E074-D843-4A71-AC0E-45BFB24E99FB}] => (Allow) D:\giochi\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{13465ECC-91E2-4469-A45D-C7DE0BB98193}] => (Allow) D:\giochi\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{61575A25-65D3-4C80-8C51-D3CFCE033465}] => (Allow) D:\giochi\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{ED2CE6A1-C286-4E87-98D7-D58B3BF0059C}] => (Allow) E:\programmi\Steam\Steam.exe
FirewallRules: [{13808BEA-D9E5-4DAF-B4F5-0B93990B1EBD}] => (Allow) E:\programmi\Steam\Steam.exe
FirewallRules: [{3A6BD75C-C832-4E53-8FC6-E638609923ED}] => (Allow) E:\programmi\Steam\bin\steamwebhelper.exe
FirewallRules: [{0B494767-6677-4F02-A328-E887D1B75C54}] => (Allow) E:\programmi\Steam\bin\steamwebhelper.exe
FirewallRules: [{B5EF9BE5-A644-40FA-9CEE-1EA74DD1E2F2}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{4D99D45D-3DDC-4DD2-9CDE-D1D26497068F}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [TCP Query User{1C41075E-0D4C-4B3C-8AA4-3FBAD439811D}D:\giochi\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\giochi\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{7F32B903-7E7B-4BD8-9693-AAAB2A3AB70D}D:\giochi\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\giochi\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{CED074E9-C9ED-4CE7-B3CE-ABECD587AB5D}D:\giochi\steamlibrary\steamapps\common\doom\doomx64vk.exe] => (Allow) D:\giochi\steamlibrary\steamapps\common\doom\doomx64vk.exe
FirewallRules: [UDP Query User{31BE0344-C69F-4208-98FB-7F5C834A9713}D:\giochi\steamlibrary\steamapps\common\doom\doomx64vk.exe] => (Allow) D:\giochi\steamlibrary\steamapps\common\doom\doomx64vk.exe
FirewallRules: [TCP Query User{597B82FB-36C4-46B5-AD29-34256B899004}C:\users\stefa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\stefa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FAB8FAAD-5910-44C1-85EA-08AAB8B29045}C:\users\stefa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\stefa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{487D5ED9-76B5-449C-A993-A4DC54A5AD19}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{590C6765-39B0-46EA-B729-F09051845CB8}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{72284F40-D403-468F-8FAD-1ED56BE84792}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [{884D0868-B79A-47FB-82DE-095D05AB8C25}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [{5AC7C882-A889-433D-85F3-FA82003F36D1}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\H1Z1 King of the Kill Test Server\LaunchPad.exe
FirewallRules: [{44BF0F24-E785-43A6-82EB-C7DA8FB100E2}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\H1Z1 King of the Kill Test Server\LaunchPad.exe
FirewallRules: [{917C9937-BEBB-41D6-A109-B02EF2438D09}] => (Allow) D:\giochi\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{26FE3EDF-CB36-4810-BC20-D3EC4038E999}] => (Allow) D:\giochi\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{D6C03EFE-9854-4D01-BF27-D0D0391B3BEA}] => (Allow) D:\giochi\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11_b.exe
FirewallRules: [{7C58E498-1F05-4C05-879F-301D1F26CA31}] => (Allow) D:\giochi\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11_b.exe
FirewallRules: [{90F9C558-E365-489C-A125-84397254ADFA}] => (Allow) D:\giochi\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{24FF9FA9-9FDE-4C9D-A704-295367D1ECB9}] => (Allow) D:\giochi\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{5DEF0615-6330-40FC-AA47-063777879121}] => (Block) D:\programmi\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{2B765DD0-9F7C-463B-A776-D88C6EED5524}] => (Block) D:\programmi\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{AF869747-3D90-4718-A922-221FBBA1202D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D9849F9B-417A-44E8-B3A8-FFD0FD4AA977}] => (Allow) D:\programmi\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{36A66890-D6DB-481D-A0D6-96BB0D99E44A}] => (Allow) D:\programmi\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4A25FD00-3F62-40DD-A665-404768DD8256}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\Tom Clancy's The Division\thedivision.exe
FirewallRules: [{C56BD908-0A35-47FA-97BA-067671D6194F}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\Tom Clancy's The Division\thedivision.exe
FirewallRules: [{32168DBE-9C05-41D9-AE6E-33A4F46FA633}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{B5B53F9D-B6AF-45AB-B8A3-4968FA5801D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{3600F7FF-3D37-4C3D-8962-A5E7AA17E621}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2F3306C8-25D5-418B-A885-9912AC36D99E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E7F4296D-AA49-4D26-944E-F9B8BCB39075}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B3AEA812-BCFF-4F22-A392-C3CC7C7AC5FC}] => (Allow) LPort=21
FirewallRules: [{CC12B1C1-3FBE-4BA6-8B29-466DE3C72D80}] => (Allow) LPort=29817
FirewallRules: [{9CB2C2AF-7E81-45AB-94DC-1A3DF4622BF7}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\Call of Duty Advanced Warfare\s1_sp64_ship.exe
FirewallRules: [{3789D7A6-B668-45D9-9847-EEAB0386FDBE}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\Call of Duty Advanced Warfare\s1_sp64_ship.exe
FirewallRules: [{E67EBF66-BE27-45DC-83DC-BD0BF395B183}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{4388CCBF-D68D-4F93-8CBC-00AC3D4173BC}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{B4F5633B-7FD8-4186-B022-0A137691AEEC}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{EE0457E0-ED3B-4BDC-988A-EB2A0D20D040}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{605794C4-D92B-4049-A16A-769BA982D0D6}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{0F12177C-D9DC-4650-A24C-27099AEFF493}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{A861EE24-D562-4951-A520-0F340AE75704}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{EBB1B5FB-CEBF-434A-8F98-EAC67573E85A}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{1DF2E4BB-99F3-4ED0-BD80-BF8C2D93DF40}] => (Allow) D:\giochi\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{7A0C66CD-13D6-4514-BF48-1B3DF5673D9C}] => (Allow) D:\giochi\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{F4666393-9A75-40B2-B3A5-0068BBFC4898}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{8C9FB4DE-C6CD-43FE-B553-D80C25D99E4A}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{585D07EF-C6A6-4DCD-8C41-E66828DF3119}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{ED2DC027-3D26-41FA-BCA5-1B1B109A9903}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{8E5C89A0-06B7-4946-A206-F6A24DA4651F}D:\giochi\call of duty black ops iii\blackops3.exe] => (Allow) D:\giochi\call of duty black ops iii\blackops3.exe
FirewallRules: [UDP Query User{317B0DF0-DC7A-4C5C-B30B-81629A5ED740}D:\giochi\call of duty black ops iii\blackops3.exe] => (Allow) D:\giochi\call of duty black ops iii\blackops3.exe
FirewallRules: [{916E5D8F-0D70-43B3-8655-0F83ED0352AA}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{9CB846B1-AB1D-424F-956E-FCCE31628E85}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{19BDC47C-68E3-4BBA-B96C-4662C47D0CF0}] => (Block) %ProgramFiles%\Adobe\Adobe InDesign CC 2017\InDesign.exe
FirewallRules: [{12AD5F32-5C73-44DA-98A3-69739EDCDB8B}] => (Block) %ProgramFiles%\Adobe\Adobe InDesign CC 2017\InDesign.exe
FirewallRules: [{A3473D09-7A1B-4D9A-B435-D4C27293AB6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11902D6F-B83F-4F91-A82C-6CAC3AE55E04}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A83211FA-20F5-4183-9662-FBC7C3AD785C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{59209CAC-6946-4C15-B292-A530DCB335EA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B573E2E7-535C-4B5B-B075-2A0251D7B2AA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E2EC8239-D269-4F4F-A37D-9ACAED4C5843}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C5D20640-CE90-4E40-9185-680B25289AAF}] => (Allow) D:\giochi\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{52B301AC-77A1-47D9-A4C0-EBF01C3E9CA6}] => (Allow) D:\giochi\Steep\steep.exe
FirewallRules: [{06984D8F-20C9-4493-9F71-BA9C4E2C5A89}] => (Allow) D:\giochi\Battlefield 1\bf1Trial.exe
FirewallRules: [{D05988D0-A770-49CD-A2B7-9231DAD3B5BC}] => (Allow) D:\giochi\Battlefield 1\bf1Trial.exe
FirewallRules: [{BDD21CD5-2A1B-49AE-94BE-5462FF0CE9D7}] => (Allow) D:\giochi\Battlefield 1\bf1.exe
FirewallRules: [{A53970D9-E1B5-40B0-9986-428795D0EF7D}] => (Allow) D:\giochi\Battlefield 1\bf1.exe
FirewallRules: [{3A17E1C5-F361-4F4B-A907-DC349796A832}] => (Allow) D:\giochi\Battlefield 4\BFLauncher.exe
FirewallRules: [{45C83789-F2D3-4B22-B79B-61129E392895}] => (Allow) D:\giochi\Battlefield 4\BFLauncher.exe
FirewallRules: [{1BFF5F8D-2BCD-4420-9EAD-1AF5B49B2AB7}] => (Allow) D:\giochi\Battlefield 4\BFLauncher_x86.exe
FirewallRules: [{A8E9EA64-415E-43D3-8A82-5C55E89155BF}] => (Allow) D:\giochi\Battlefield 4\BFLauncher_x86.exe
FirewallRules: [{18CE82C4-2142-4A0F-A24F-39F4FE8726AF}] => (Allow) D:\giochi\Titanfall2\Titanfall2.exe
FirewallRules: [{566FA391-CA03-4EE2-9B76-6364B67466D6}] => (Allow) D:\giochi\Titanfall2\Titanfall2.exe
FirewallRules: [{202D5D2B-43D6-456F-B1DE-66F5FC7DDF9B}] => (Allow) D:\giochi\Titanfall2\Titanfall2_trial.exe
FirewallRules: [{B3C8B06B-878F-409F-B26A-F623D0414878}] => (Allow) D:\giochi\Titanfall2\Titanfall2_trial.exe
FirewallRules: [{91AE0E54-3AE9-438F-BB3D-94EEFAC80FBC}] => (Allow) C:\Program Files (x86)\MIO\loader\toshibaxdt01aca100_439mb32nsxx439mb32nsx.dat
FirewallRules: [{458D196B-0AD7-49F5-BD35-30335A8D8AC8}] => (Allow) C:\Program Files (x86)\MIO\loader\toshibaxdt01aca100_439mb32nsxx439mb32nsx.dat
FirewallRules: [{DC947E53-D408-4479-B073-48A9A3682518}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{7D1CB34B-0E6B-4F13-8689-3FA1BD15EB41}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{8A85F45F-D6AE-4F06-977A-4B25238E5E7F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-03-2017 22:35:31 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
31-03-2017 17:48:42 Removed WinSnare
31-03-2017 17:52:06 Removed deskapp
01-04-2017 13:00:51 Removed WinSnare
01-04-2017 19:00:46 Windows Backup
18-03-2044 17:30:28 Windows Backup

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: Scheda LAN wireless 802.11n
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2017 01:00:18 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-OT9A352)
Description: 7.488: il servizio EFS non è riuscito a eseguire il provisioning di un utente per Protezione dei dati aziendali. Codice di errore: 0x80070005.

Error: (04/02/2017 12:51:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: Wacom_TouchUser.exe, versione: 6.3.15.3, timestamp: 0x5693e579
Nome del modulo che ha generato l'errore: Wacom_TouchUser.exe, versione: 6.3.15.3, timestamp: 0x5693e579
Codice eccezione: 0xc0000005
Offset errore 0x0000000000214bfc
ID processo che ha generato l'errore: 0xe08
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d2ab9efcd6390d
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Percorso del modulo che ha generato l'errore: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
ID segnalazione: 6e2e792d-ac7c-4688-b715-f5e646d6c7eb
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (04/02/2017 12:40:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files (x86)\Hotcine\Application\chrome.exe".
Impossibile trovare l'assembly dipendente 57.0.2987.98,language="*",type="win32",version="57.0.2987.98".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.

Error: (04/02/2017 11:06:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files (x86)\Windows Kits\10\Tools\arm\wiatrcvw.exe".
Impossibile trovare l'assembly dipendente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.

Error: (04/02/2017 11:06:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files (x86)\Windows Kits\10\Tools\arm\traceview.exe".
Impossibile trovare l'assembly dipendente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.

Error: (04/02/2017 11:06:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files (x86)\Windows Kits\10\Tools\arm64\wiatrcvw.exe".
Impossibile trovare l'assembly dipendente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.

Error: (04/02/2017 11:06:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files (x86)\Windows Kits\10\Tools\arm64\traceview.exe".
Impossibile trovare l'assembly dipendente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.

Error: (04/02/2017 11:00:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files (x86)\Windows Kits\10\bin\arm\filetypeverifier.exe".
Impossibile trovare l'assembly dipendente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.

Error: (04/02/2017 11:00:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files (x86)\Windows Kits\10\bin\arm\WiLogUtl.exe".
Impossibile trovare l'assembly dipendente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.

Error: (04/02/2017 10:56:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe". Errore nel file manifesto o dei criteri "", alla riga .
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.


System errors:
=============
Error: (04/02/2017 01:03:54 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-OT9A352)
Description: Impossibile avviare un server DCOM {9AA46009-3CE0-458A-A354-715610A075E6} come Non disponibile/Non disponibile. L'errore
"%%740 = Per eseguire l'operazione richiesta è necessaria l'esecuzione con privilegi elevati."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (04/02/2017 01:03:54 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-OT9A352)
Description: Impossibile avviare un server DCOM {9AA46009-3CE0-458A-A354-715610A075E6} come Non disponibile/Non disponibile. L'errore
"%%740 = Per eseguire l'operazione richiesta è necessaria l'esecuzione con privilegi elevati."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (04/02/2017 01:03:54 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-OT9A352)
Description: Impossibile avviare un server DCOM {9AA46009-3CE0-458A-A354-715610A075E6} come Non disponibile/Non disponibile. L'errore
"%%740 = Per eseguire l'operazione richiesta è necessaria l'esecuzione con privilegi elevati."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (04/02/2017 01:03:37 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-OT9A352)
Description: Impossibile avviare un server DCOM {9AA46009-3CE0-458A-A354-715610A075E6} come Non disponibile/Non disponibile. L'errore
"%%740 = Per eseguire l'operazione richiesta è necessaria l'esecuzione con privilegi elevati."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (04/02/2017 01:03:36 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-OT9A352)
Description: Impossibile avviare un server DCOM {9AA46009-3CE0-458A-A354-715610A075E6} come Non disponibile/Non disponibile. L'errore
"%%740 = Per eseguire l'operazione richiesta è necessaria l'esecuzione con privilegi elevati."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (04/02/2017 01:03:36 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-OT9A352)
Description: Impossibile avviare un server DCOM {9AA46009-3CE0-458A-A354-715610A075E6} come Non disponibile/Non disponibile. L'errore
"%%740 = Per eseguire l'operazione richiesta è necessaria l'esecuzione con privilegi elevati."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (04/02/2017 01:03:36 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-OT9A352)
Description: Impossibile avviare un server DCOM {9AA46009-3CE0-458A-A354-715610A075E6} come Non disponibile/Non disponibile. L'errore
"%%740 = Per eseguire l'operazione richiesta è necessaria l'esecuzione con privilegi elevati."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (04/02/2017 01:03:36 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-OT9A352)
Description: Impossibile avviare un server DCOM {9AA46009-3CE0-458A-A354-715610A075E6} come Non disponibile/Non disponibile. L'errore
"%%740 = Per eseguire l'operazione richiesta è necessaria l'esecuzione con privilegi elevati."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (04/02/2017 01:03:36 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-OT9A352)
Description: Impossibile avviare un server DCOM {9AA46009-3CE0-458A-A354-715610A075E6} come Non disponibile/Non disponibile. L'errore
"%%740 = Per eseguire l'operazione richiesta è necessaria l'esecuzione con privilegi elevati."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (04/02/2017 01:03:36 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-OT9A352)
Description: Impossibile avviare un server DCOM {9AA46009-3CE0-458A-A354-715610A075E6} come Non disponibile/Non disponibile. L'errore
"%%740 = Per eseguire l'operazione richiesta è necessaria l'esecuzione con privilegi elevati."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding


CodeIntegrity:
===================================
Date: 2017-04-01 13:12:44.684
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-04-01 13:12:40.062
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-03-27 00:29:04.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-03-02 15:51:34.597
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-17 00:44:17.962
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-01 21:30:22.086
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2016-12-29 13:16:40.297
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-28 12:56:50.671
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-27 12:55:07.760
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-25 20:07:06.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 42%
Total physical RAM: 8100.21 MB
Available physical RAM: 4636.66 MB
Total Virtual: 15780.21 MB
Available Virtual: 11940.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.02 GB) (Free:838.12 GB) NTFS
Drive d: (Volume) (Fixed) (Total:2672.32 GB) (Free:1128.97 GB) NTFS
Drive k: (ESD-USB) (Removable) (Total:7.47 GB) (Free:7.29 GB) FAT32
Drive r: (Ripristino) (Fixed) (Total:122.07 GB) (Free:59.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 222AAE07)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 5D9FBE39)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 03 April 2017 - 05:27 PM.
Posted shortened logs


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:15 PM

Posted 03 April 2017 - 05:25 PM

Greetings BeerPower and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Your computer is very heavily infected.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall All Adobe Products and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Edited by Oh My!, 03 April 2017 - 06:05 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:15 PM

Posted 06 April 2017 - 09:42 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 BeerPower

BeerPower
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 06 April 2017 - 09:57 AM

Hello Gary! sorry for the late of my answer but in these days i'm not at home so i cant check my pc, anyways my name is Stefano and thank you for all the replies

i'm going to get back home tomorrow evening because during the week i have to go to university and, for the same reason, i dont know if i can uninstall the cracked version of the adobe's programs (i study at a graphic design university and we don't have the regular license to work on these).

 

so tomorrow i will give a look at my pc, checking malwarebytes or the control panel, (wishing i've uninstalled everything related to the virus) and then i let you know if i will remove the cracked programs or not

thank you anyways for your availabilty and have a good day!

 

(p.s sorry for my bad english, maybe i've done many mistakes)



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:15 PM

Posted 09 April 2017 - 08:02 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:15 PM

Posted 11 April 2017 - 03:21 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users