Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome search hijacked by chromesearch.today


  • This topic is locked This topic is locked
8 replies to this topic

#1 tasver

tasver

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 02 November 2017 - 03:03 AM

Hello yesterday i've installed a fake software, i've recognized when it was adding junk extension to my browser, i stopped during the installation...

 

1)I've deleted manually the extension handy helper (or similar),

2)and i launched mbam updated, that didn't found nothing of strange,

3) i've launched adw cleaner it detects something of firefox but nothing in chrome (i've deleted anyway)

4)then i've launched hitman pro latest version and he didn't find nothing,

5)then i've launched avast latest update and no results.

 

I use always sandboxie, but this time i didn't tryied the software on that, and now i've that results:


When i search in the search i'll be redirected to a reasearch from chrome.searchtoday, 

6)i've changed the new page open to www.google.com , because if i open a new page\tab chrome search today was enabled by default

7)i tryied to disable the default search engine from chrome.searchtoday to www.google.it, but i can't delete or make another search engine the primary or the default one

8)i've used junkware removal tool, no results

9)i've do a reset of google and disable all extension, i can't switch the default chrome.searchtoday search engine to www.google.com

 

Here is the log of farbar64

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-11-2017

Ran by Pinco (administrator) on PINCO-PC (02-11-2017 08:45:53)

Running from C:\Users\Pinco\Desktop

Loaded Profiles: Pinco (Available Profiles: Pinco & Guest)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Italiano (Italia)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

() C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe

(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe

(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe

() C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe

() C:\Program Files (x86)\Google\Drive\googledrivesync.exe

() C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-07] (AVAST Software)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [40419144 2017-10-05] ()

HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799880 2017-10-23] (Sandboxie Holdings, LLC)

HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

GroupPolicy: Restriction - Chrome <==== ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{36601AA8-7EA7-4266-9BA8-406344488DD3}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-3875199424-4264934349-213251160-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/ncr?q={searchTerms}

HKU\S-1-5-21-3875199424-4264934349-213251160-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=it-it

HKU\S-1-5-21-3875199424-4264934349-213251160-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://google.com/?q={searchTerms}

HKU\S-1-5-21-3875199424-4264934349-213251160-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.google.com/ncr

HKU\S-1-5-21-3875199424-4264934349-213251160-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://google.com/?q={searchTerms}

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-18] (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-18] (Oracle Corporation)

BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)

BHO-x32: Guida per l'accesso all'account Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

 

FireFox:

========

FF DefaultProfile: 0q7osha9.default-1494939221175

FF ProfilePath: C:\Users\Pinco\AppData\Roaming\Mozilla\Firefox\Profiles\0q7osha9.default-1494939221175 [2017-11-02]

FF HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-01-27]

FF HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

FF HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Pinco\AppData\Roaming\IDM\idmmzcc5

FF Extension: (IDM CC) - C:\Users\Pinco\AppData\Roaming\IDM\idmmzcc5 [2016-09-18] [not signed]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_129.dll [2017-06-18] ()

FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-18] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-18] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/AdobeReader -> C:\Users\Pinco\Desktop\Browser normali\OperaPortable_upload_by_speedzodiac\CommonFiles\Plugins\nppdf32.dll [No File]

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_129.dll [2017-06-18] ()

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3875199424-4264934349-213251160-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Pinco\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF Plugin HKU\S-1-5-21-3875199424-4264934349-213251160-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Pinco\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

FF Plugin HKU\S-1-5-21-3875199424-4264934349-213251160-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Pinco\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

FF Plugin HKU\S-1-5-21-3875199424-4264934349-213251160-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pinco\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)

 

Chrome: 

=======

CHR DefaultProfile: Default

CHR HomePage: Default -> hxxps://www.google.it/

CHR StartupUrls: Default -> "hxxps://www.google.it/"

CHR Profile: C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default [2017-11-02]

CHR Extension: (Presentazioni) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-28]

CHR Extension: (Documenti) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-28]

CHR Extension: (Google Drive) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-02]

CHR Extension: (Authenticator) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2017-09-02]

CHR Extension: (YouTube) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-02]

CHR Extension: (uBlock Origin) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-10-28]

CHR Extension: (Google Search) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-02]

CHR Extension: (iMacros for Chrome) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp [2017-10-16]

CHR Extension: (Tampermonkey) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-28]

CHR Extension: (Contrasto elevato) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2017-07-30]

CHR Extension: (Block site) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2017-09-18]

CHR Extension: (Video Downloader professional) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-08-03]

CHR Extension: (MyJDownloader Browser Extension) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2017-11-02]

CHR Extension: (Fogli) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-28]

CHR Extension: (Google Documenti offline) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-02]

CHR Extension: (NEnhancer) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijanohecbcpdgnpiabdfehfjgcapepbm [2017-06-27]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-02]

CHR Extension: (Netflix Categories) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnbopcabgddpanjmeabponnjngbmemml [2017-03-06]

CHR Extension: (Bookmark Checker) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnboppjpcdnckcklbmjmdahfkpmgglec [2017-06-27]

CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2017-10-28]

CHR Extension: (Video Downloader GetThemAll) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-08-03]

CHR Extension: (MetaMask) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2017-10-28]

CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]

CHR Extension: (Proxy SwitchyOmega) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\padekgcemlokbadohgkifijomclgjgif [2017-10-28]

CHR Extension: (uBlock Origin Extra) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgdnlhfefecpicbbihgmbmffkjpaplco [2017-10-28]

CHR Extension: (SpeakIt!) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2016-12-19]

CHR Extension: (Gmail) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-02]

CHR Extension: (Chrome Media Router) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-28]

CHR Profile: C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 3 [2017-11-01]

CHR Extension: (Presentazioni Google) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-19]

CHR Extension: (Documenti Google) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-19]

CHR Extension: (Google Drive) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-19]

CHR Extension: (YouTube) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-19]

CHR Extension: (Fogli Google) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-19]

CHR Extension: (Google Documenti offline) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-19]

CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-19]

CHR Extension: (Proxy SwitchyOmega) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\padekgcemlokbadohgkifijomclgjgif [2017-02-19]

CHR Extension: (Gmail) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-19]

CHR Extension: (Chrome Media Router) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-19]

CHR Profile: C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-11-01]

CHR Extension: (Presentazioni) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-30]

CHR Extension: (Documenti) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-30]

CHR Extension: (Google Drive) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-19]

CHR Extension: (YouTube) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-19]

CHR Extension: (Adobe Acrobat) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]

CHR Extension: (Avast SafePrice) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-30]

CHR Extension: (Fogli) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-30]

CHR Extension: (Google Documenti offline) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-19]

CHR Extension: (Avast Online Security) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-30]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-02-19]

CHR Extension: (IDM Integration Module) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-02-19]

CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-30]

CHR Extension: (Proxy SwitchyOmega) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\padekgcemlokbadohgkifijomclgjgif [2017-10-30]

CHR Extension: (Gmail) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-19]

CHR Extension: (Chrome Media Router) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-30]

CHR Profile: C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5 [2017-11-01]

CHR Extension: (Presentazioni Google) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-19]

CHR Extension: (Documenti Google) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-19]

CHR Extension: (Google Drive) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-19]

CHR Extension: (YouTube) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-19]

CHR Extension: (Adobe Acrobat) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]

CHR Extension: (Avast SafePrice) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-02-19]

CHR Extension: (Fogli Google) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-19]

CHR Extension: (Sicurezza browser Avira) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-02-19]

CHR Extension: (Google Documenti offline) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-19]

CHR Extension: (Avast Online Security) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-19]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-02-19]

CHR Extension: (IDM Integration Module) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-02-19]

CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-19]

CHR Extension: (Proxy SwitchyOmega) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\padekgcemlokbadohgkifijomclgjgif [2017-03-05]

CHR Extension: (Gmail) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-19]

CHR Extension: (Chrome Media Router) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-19]

CHR Profile: C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6 [2017-11-01]

CHR Extension: (Presentazioni Google) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-19]

CHR Extension: (Documenti Google) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-19]

CHR Extension: (Google Drive) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-19]

CHR Extension: (YouTube) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-19]

CHR Extension: (uBlock Origin) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-18]

CHR Extension: (Tampermonkey) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-03-18]

CHR Extension: (Adobe Acrobat) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-18]

CHR Extension: (Avast SafePrice) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-18]

CHR Extension: (Fogli Google) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-19]

CHR Extension: (Sicurezza browser Avira) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-02-19]

CHR Extension: (Google Documenti offline) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-19]

CHR Extension: (Avast Online Security) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-18]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-02-19]

CHR Extension: (IDM Integration Module) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-02-19]

CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-18]

CHR Extension: (Proxy SwitchyOmega) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\padekgcemlokbadohgkifijomclgjgif [2017-03-18]

CHR Extension: (uBlock Origin Extra) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pgdnlhfefecpicbbihgmbmffkjpaplco [2017-03-18]

CHR Extension: (Gmail) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-19]

CHR Extension: (Chrome Media Router) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-19]

CHR Profile: C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7 [2017-11-01]

CHR Extension: (Presentazioni Google) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-19]

CHR Extension: (Documenti Google) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-19]

CHR Extension: (Google Drive) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-19]

CHR Extension: (YouTube) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-19]

CHR Extension: (Adobe Acrobat) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]

CHR Extension: (Avast SafePrice) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-02-19]

CHR Extension: (Fogli Google) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-19]

CHR Extension: (Sicurezza browser Avira) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-02-19]

CHR Extension: (Google Documenti offline) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-19]

CHR Extension: (Avast Online Security) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-19]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-02-19]

CHR Extension: (IDM Integration Module) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-02-19]

CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-19]

CHR Extension: (Proxy SwitchyOmega) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\padekgcemlokbadohgkifijomclgjgif [2017-03-04]

CHR Extension: (Gmail) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-19]

CHR Extension: (Chrome Media Router) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-19]

CHR Profile: C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 8 [2017-11-01]

CHR Extension: (Documenti Google) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-20]

CHR Extension: (Google Drive) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-20]

CHR Extension: (YouTube) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-20]

CHR Extension: (Google Documenti offline) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-20]

CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-19]

CHR Extension: (Proxy SwitchyOmega) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\padekgcemlokbadohgkifijomclgjgif [2017-03-05]

CHR Extension: (Gmail) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-20]

CHR Extension: (Chrome Media Router) - C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-20]

CHR Profile: C:\Users\Pinco\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-01]

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11]

CHR HKU\S-1-5-21-3875199424-4264934349-213251160-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [clgckgfbhciacomhlchmgdnplmdiadbj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11]

StartMenuInternet: Google Chrome Canary.TEDHFCYSOLABQ7MFZKAFNCGOMQ - C:\Users\Pinco\AppData\Local\Google\Chrome SxS\Application\chrome.exe

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-07] (AVAST Software s.r.o.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-07] (AVAST Software)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-03-16] ()

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]

S4 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-11-25] ()

S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)

S4 MGE Service module; C:\Program Files (x86)\MGE\PersonalSolutionPac\RunSC.exe [126976 2007-04-25] () [File not signed]

S4 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2014-11-06] (NETGEAR)

S4 NovabenchService; C:\Program Files\Novawave\Novabench\NovabenchService.exe [313392 2017-08-10] (Novawave Inc.)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-10-30] (Electronic Arts)

S4 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]

R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-10-23] (Sandboxie Holdings, LLC)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)

S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1053048 2014-09-24] (Western Digital Technologies, Inc.)

S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296824 2014-09-18] (Western Digital Technologies, Inc.)

S4 WFilterFree; C:\Program Files (x86)\IMFirewall\WFilter Free\wfilter_web.exe [408408 2014-03-14] (IMFirewall Software)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S4 WinGateEngine; C:\Program Files (x86)\WinGate\WinGate.exe [3697216 2014-09-05] (Qbik New Zealand Limited)

S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe [415232 2016-08-09] (Wondershare) [File not signed]

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40720 2016-09-18] (Google Inc)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [321032 2017-10-07] (AVAST Software s.r.o.)

R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-10-07] (AVAST Software s.r.o.)

R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-10-07] (AVAST Software s.r.o.)

R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-10-07] (AVAST Software s.r.o.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47008 2017-10-07] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147776 2017-10-07] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-10-07] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-10-07] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1029872 2017-10-26] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [587168 2017-10-07] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [201352 2017-10-07] (AVAST Software)

R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [363440 2017-10-07] (AVAST Software)

S3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [58368 2009-06-25] (Atheros Communications, Inc.)

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-14] (Disc Soft Ltd)

S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18816 2016-11-25] (Huawei Technologies Co., Ltd.)

S1 hwinterface; C:\Windows\SysWOW64\Drivers\hwinterface.sys [3026 2017-06-02] (Logix4u) [File not signed]

U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-11-25] (Huawei Technologies Co., Ltd.)

S3 IMNPF; C:\Windows\System32\drivers\IMNPF.sys [38768 2010-08-18] (IMFirewall Software)

R1 LeapdroidVMDrv; C:\Program Files\Leapdroid\VM\LeapdroidVMDrv.sys [300952 2016-08-26] (Leapdroid Inc.)

S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44448 2014-01-27] (hxxp://libusb-win32.sourceforge.net)

S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-11-01] (Malwarebytes)

R3 mcdevice; C:\Windows\System32\DRIVERS\mcdevice.sys [334400 2011-05-19] (ShiningMorning Inc.)

S3 NovabenchDriver; C:\Program Files\Novawave\Novabench\NovabenchDriver.sys [26976 2017-03-30] ()

R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()

R1 QbikHkVista; C:\Windows\System32\DRIVERS\QbikHkVistaamd64.sys [243872 2014-09-05] ()

S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [52736 2014-11-25] (Realtek Semiconductor Corporation )

R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [209544 2017-10-23] (Sandboxie Holdings, LLC)

S3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2015-08-06] (Windows ® Win 7 DDK provider)

S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()

S3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37088 2015-10-15] (Windows ® Win 7 DDK provider)

R1 SPVDPort; C:\Windows\System32\DRIVERS\spvdbus.sys [92152 2014-02-03] ()

R1 SPVVEngine; C:\Windows\system32\Drivers\spvve.sys [339960 2014-02-03] ()

R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2016-12-01] (Windows ® Win 7 DDK provider)

R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [196040 2017-09-13] (Oracle Corporation)

R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [206976 2017-09-13] (Oracle Corporation)

S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [137920 2017-04-28] (Oracle Corporation)

S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )

R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-05-21] (BigNox Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Driver Fusion\DriverFusion.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-11-02 08:45 - 2017-11-02 08:46 - 000038497 _____ C:\Users\Pinco\Desktop\FRST.txt

2017-11-02 08:43 - 2017-11-02 08:43 - 002403328 _____ (Farbar) C:\Users\Pinco\Desktop\FRST64.exe

2017-11-01 23:56 - 2017-11-01 23:56 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys

2017-10-30 09:33 - 2017-10-30 09:30 - 000256000 _____ C:\Windows\SysWOW64\amd_ags.dll

2017-10-30 09:33 - 2017-10-30 09:30 - 000256000 _____ C:\Windows\system32\amd_ags.dll

2017-10-30 09:32 - 2017-10-30 20:33 - 000001012 _____ C:\Users\Pinco\Desktop\Browser Web nell'area virtuale.lnk

2017-10-30 09:32 - 2017-10-30 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie

2017-10-27 14:09 - 2017-10-27 14:10 - 000000000 ____D C:\ProgramData\Novabench

2017-10-27 14:09 - 2017-10-27 14:09 - 000000000 ____D C:\Users\Pinco\AppData\Roaming\Novabench

2017-10-27 14:09 - 2017-10-27 14:09 - 000000000 ____D C:\Users\Pinco\AppData\Local\Novabench

2017-10-27 14:08 - 2017-10-27 14:08 - 000000991 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novabench.lnk

2017-10-27 14:08 - 2017-10-27 14:08 - 000000000 ____D C:\Program Files\Novawave

2017-10-20 16:38 - 2017-10-20 16:53 - 000001425 _____ C:\Users\Pinco\Desktop\new 1

2017-10-16 11:53 - 2017-10-18 12:14 - 000000000 ____D C:\Users\Pinco\Desktop\Per Alessandro

2017-10-14 22:38 - 2017-10-14 22:56 - 1373044736 _____ C:\Users\Pinco\Desktop\bodhi-4.3.1-apppack-64.iso

2017-10-14 22:22 - 2017-09-13 10:04 - 000965984 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys

2017-10-14 22:22 - 2017-09-13 10:04 - 000149816 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys

2017-10-12 08:42 - 2017-10-12 08:42 - 001481728 _____ C:\Users\Pinco\Desktop\Luciano.xls

2017-10-07 20:17 - 2017-10-07 20:16 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2017-10-07 15:24 - 2017-10-07 15:24 - 001200822 _____ C:\Users\Pinco\Desktop\Custode.pdf

2017-10-03 19:23 - 2017-10-03 19:23 - 000000000 ____D C:\Users\Pinco\Documents\Garmin

2017-10-03 18:26 - 2017-10-07 18:35 - 000000000 ____D C:\ProgramData\Garmin

2017-10-03 18:26 - 2017-10-03 18:27 - 000000000 ____D C:\Users\Pinco\AppData\Local\Garmin_Ltd._or_its_subsid

2017-10-03 18:26 - 2017-10-03 18:26 - 000000000 ____D C:\Users\Pinco\AppData\Roaming\Garmin

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-11-02 08:45 - 2016-06-10 11:55 - 000000000 ____D C:\FRST

2017-11-02 08:33 - 2013-11-10 15:42 - 000002436 _____ C:\Users\Pinco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk

2017-11-02 08:32 - 2009-07-14 05:45 - 000026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-11-02 08:32 - 2009-07-14 05:45 - 000026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-11-02 08:28 - 2011-04-12 11:49 - 000741062 _____ C:\Windows\system32\perfh010.dat

2017-11-02 08:28 - 2011-04-12 11:49 - 000147116 _____ C:\Windows\system32\perfc010.dat

2017-11-02 08:28 - 2009-07-14 06:13 - 001659852 _____ C:\Windows\system32\PerfStringBackup.INI

2017-11-02 08:28 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf

2017-11-02 08:21 - 2014-05-07 16:28 - 000065536 _____ C:\Windows\system32\Ikeext.etl

2017-11-02 08:20 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-11-02 01:24 - 2016-12-28 12:15 - 000065536 _____ C:\Windows\system32\spu_storage.bin

2017-11-02 01:12 - 2014-01-26 19:07 - 000000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3875199424-4264934349-213251160-1001UA.job

2017-11-02 01:06 - 2015-05-30 12:18 - 000000000 ____D C:\Users\Pinco\AppData\Local\CrashDumps

2017-11-02 01:05 - 2013-09-30 19:13 - 000003582 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2017-11-02 01:05 - 2013-09-30 19:13 - 000003454 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2017-11-02 00:28 - 2013-11-25 13:35 - 000000000 ____D C:\AdwCleaner

2017-11-02 00:22 - 2016-12-20 13:31 - 000000000 ____D C:\Users\Pinco\AppData\LocalLow\Mozilla

2017-11-02 00:06 - 2017-07-13 18:29 - 000000000 ____D C:\Program Files (x86)\Bethesda.net Launcher

2017-11-01 23:56 - 2017-02-25 08:51 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys

2017-11-01 22:51 - 2013-11-15 17:48 - 015593984 ___SH C:\Users\Pinco\Desktop\Thumbs.db

2017-11-01 22:47 - 2013-10-07 10:28 - 000000000 ____D C:\Users\Pinco\AppData\Roaming\TeamViewer

2017-11-01 22:47 - 2013-09-30 20:10 - 000000000 ____D C:\Program Files (x86)\Steam

2017-11-01 22:38 - 2017-06-18 11:53 - 000001862 _____ C:\Windows\Sandboxie.ini

2017-11-01 22:38 - 2016-06-21 13:46 - 000001824 __RSH C:\ProgramData\ntuser.pol

2017-11-01 22:24 - 2013-09-30 22:10 - 000000000 ____D C:\Users\Pinco\Documents\My Games

2017-11-01 22:23 - 2014-10-07 20:31 - 000000000 ____D C:\Users\Pinco\AppData\Local\Spotify

2017-11-01 22:22 - 2014-10-07 20:30 - 000000000 ____D C:\Users\Pinco\AppData\Roaming\Spotify

2017-11-01 21:12 - 2017-06-18 11:45 - 000000000 ____D C:\Users\Pinco\AppData\Roaming\vlc

2017-11-01 20:55 - 2013-09-30 19:59 - 000000000 ____D C:\Users\Pinco\AppData\Local\JDownloader v2.0

2017-11-01 19:12 - 2014-01-26 19:07 - 000000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3875199424-4264934349-213251160-1001Core.job

2017-11-01 10:28 - 2017-07-13 18:30 - 000027478 _____ C:\Windows\SysWOW64\report.txt

2017-10-30 09:32 - 2016-05-10 15:28 - 000000000 ____D C:\Program Files\Sandboxie

2017-10-30 08:36 - 2013-10-01 10:47 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2017-10-30 08:36 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2017-10-30 08:30 - 2017-09-18 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google

2017-10-28 15:10 - 2013-11-08 08:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2017-10-28 14:09 - 2017-06-18 11:47 - 000000000 ____D C:\Program Files\Mozilla Firefox

2017-10-28 08:29 - 2014-02-18 15:16 - 000000000 ____D C:\Users\Pinco\.VirtualBox

2017-10-27 13:42 - 2017-05-06 16:40 - 000001481 _____ C:\Users\Pinco\Desktop\Google Drive.lnk

2017-10-27 13:25 - 2013-09-30 19:07 - 000000000 ____D C:\Users\Pinco

2017-10-26 22:34 - 2014-08-27 13:50 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-10-26 20:18 - 2016-01-22 21:37 - 001029872 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2017-10-14 22:31 - 2014-02-18 15:31 - 000000000 ____D C:\Users\Pinco\VirtualBox VMs

2017-10-14 14:48 - 2014-05-09 18:47 - 000000000 ____D C:\Program Files (x86)\TeamViewer

2017-10-12 20:49 - 2013-12-01 14:51 - 000000000 ____D C:\Users\Pinco\AppData\Roaming\Skype

2017-10-09 21:53 - 2017-05-21 12:57 - 000000000 ____D C:\Users\Pinco\AppData\Local\Nox

2017-10-09 21:52 - 2016-03-12 21:14 - 000000000 ____D C:\Users\Pinco\.android

2017-10-09 21:51 - 2017-05-21 12:59 - 000000000 ____D C:\Users\Pinco\vmlogs

2017-10-09 21:51 - 2017-05-21 12:58 - 000000000 ____D C:\Users\Pinco\.BigNox

2017-10-07 20:17 - 2017-02-08 13:05 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update

2017-10-07 20:17 - 2016-01-22 21:36 - 000000000 ____D C:\ProgramData\AVAST Software

2017-10-07 20:16 - 2017-02-08 13:05 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys

2017-10-07 20:16 - 2017-02-08 13:05 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys

2017-10-07 20:16 - 2017-02-08 13:05 - 000201352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2017-10-07 20:16 - 2017-02-08 13:05 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys

2017-10-07 20:16 - 2017-02-08 13:05 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2017-10-07 20:16 - 2017-02-08 13:05 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys

2017-10-07 20:16 - 2016-01-22 21:37 - 000587168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2017-10-07 20:16 - 2016-01-22 21:37 - 000363440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys

2017-10-07 20:16 - 2016-01-22 21:37 - 000147776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2017-10-07 20:16 - 2016-01-22 21:37 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2017-10-07 20:16 - 2016-01-22 21:37 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2017-10-07 18:35 - 2013-09-30 20:13 - 000000000 ____D C:\ProgramData\Package Cache

2017-10-03 18:26 - 2017-08-19 10:06 - 000000000 ____D C:\Program Files\DIFX

 

==================== Files in the root of some directories =======

 

2016-06-22 22:52 - 2016-06-22 22:52 - 000000096 _____ () C:\Users\Pinco\AppData\Roaming\version2.xml

2016-12-01 16:59 - 2016-12-04 17:16 - 000004021 _____ () C:\Users\Pinco\AppData\Roaming\VoiceMeeterDefault.xml

2017-05-02 14:43 - 2017-05-02 14:43 - 000003584 _____ () C:\Users\Pinco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2016-11-04 14:47 - 2016-11-04 14:47 - 000000857 _____ () C:\Users\Pinco\AppData\Local\recently-used.xbel

2013-12-11 16:55 - 2017-01-06 10:25 - 000007652 _____ () C:\Users\Pinco\AppData\Local\Resmon.ResmonCfg

2016-09-18 18:12 - 2016-09-18 18:12 - 025397336 _____ (One Click Root) C:\Users\Pinco\AppData\Local\TempOneClickRoot.exe

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2017-10-30 10:47

 

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

This is the addition.txt

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2017

Ran by Pinco (02-11-2017 08:46:57)

Running from C:\Users\Pinco\Desktop

Windows 7 Ultimate Service Pack 1 (X64) (2013-09-30 18:07:14)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3875199424-4264934349-213251160-500 - Administrator - Disabled)

Guest (S-1-5-21-3875199424-4264934349-213251160-501 - Limited - Enabled) => C:\Users\TEMP

HomeGroupUser$ (S-1-5-21-3875199424-4264934349-213251160-1002 - Limited - Enabled)

Pinco (S-1-5-21-3875199424-4264934349-213251160-1001 - Administrator - Enabled) => C:\Users\Pinco

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}) (Version:  - Microsoft) Hidden

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}) (Version:  - Microsoft) Hidden

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}) (Version:  - Microsoft) Hidden

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}) (Version:  - Microsoft) Hidden

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}) (Version:  - Microsoft) Hidden

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}) (Version:  - Microsoft) Hidden

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}) (Version:  - Microsoft) Hidden

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}) (Version:  - Microsoft) Hidden

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}) (Version:  - Microsoft) Hidden

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}) (Version:  - Microsoft) Hidden

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}) (Version:  - Microsoft) Hidden

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-002A-0410-1000-0000000FF1CE}_ENTERPRISE_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}) (Version:  - Microsoft) Hidden

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}) (Version:  - Microsoft) Hidden

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}) (Version:  - Microsoft) Hidden

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}) (Version:  - Microsoft) Hidden

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}) (Version:  - Microsoft) Hidden

4K Video Downloader 4.0 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.0.0.2016 - Open Media LLC)

60 seconds (HKLM-x32\...\60 seconds_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)

7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)

Acrylic Wi-Fi Home v3.1 (HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 3.1 - Tarlogic Security S.L.)

Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)

Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.129 - Adobe Systems Incorporated)

Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)

Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Application Profiles (HKLM-x32\...\{B8E20853-E9B8-3682-CFB8-AC80B2E44720}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)

Applicazione Blizzard (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

ArcSoft WebCam Companion 3 (HKLM-x32\...\{55FB8585-9F5F-482E-BDE3-57F338C1DE97}) (Version: 3.0.15.182 - ArcSoft)

Aurora 2 (HKLM-x32\...\{FCBB56F9-D88E-45DB-8EB6-50C14928DDB8}) (Version: 2.00.0000 - Kak Abbas)

AutoREALM Version 2.2.1 (HKLM-x32\...\AutoREALM_is1) (Version:  - )

AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)

Backup and Sync from Google (HKLM-x32\...\{35943B6E-FA28-4261-B1C6-7BC128CBEB7B}) (Version: 3.37.7121.2026 - Google, Inc.)

Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)

Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.18.5 - Bethesda Softworks)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Brother MFL-Pro Suite DCP-J125 (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)

Catalyst Control Center Next Localization BR (HKLM\...\{5DCEBB59-93CD-AD9E-8000-E4A49B3EE012}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHS (HKLM\...\{7325E8EF-F664-9246-C312-F8AF6E4FA9C2}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHT (HKLM\...\{95559126-CF4B-0197-811B-AA38CF399BDC}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CS (HKLM\...\{86AB99A0-60AF-8C66-2303-F3D9BA559098}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DA (HKLM\...\{A60E1EA5-6472-8BC1-A829-FC3F4FE375CA}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DE (HKLM\...\{02AB47D1-1904-1448-604A-CDCF5C9C7466}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization EL (HKLM\...\{C54E56B8-88A6-6F54-70E6-35A21EA76CED}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization ES (HKLM\...\{6DE8FC40-F3F8-9718-066F-A84444CCC31A}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FI (HKLM\...\{212AF81E-A506-D11B-29FD-DEC9E0FE6E20}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FR (HKLM\...\{7AACFA74-2E71-48F9-EC72-6BEA1655C3D2}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization HU (HKLM\...\{96E7C95D-5001-8B28-A010-0F51086B816D}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization IT (HKLM\...\{CC565FF3-8082-D0C0-691E-AFB43F280C04}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization JA (HKLM\...\{9345C64E-CCFD-6074-02BE-FD7B65A4860B}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization KO (HKLM\...\{457BF38F-FF83-8795-353E-3B9C87DA4B8E}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NL (HKLM\...\{D146DC9D-0C01-0ECA-0410-8D24E04412B9}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NO (HKLM\...\{315BA4BE-3EC9-C4D3-1B5C-043F781C3BFB}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization PL (HKLM\...\{D7FBC128-C70B-F064-6975-CC9CC602CC00}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization RU (HKLM\...\{E7818F8E-67DB-52D9-09F7-786C679ADFF7}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization SV (HKLM\...\{01E4B649-DF50-4353-139B-D52E67B8126E}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TH (HKLM\...\{924D5D20-6A63-4BDA-F564-81D4E395B7C3}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TR (HKLM\...\{03253ABB-55FB-29A5-275B-4B6AF45F9FF5}) (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)

Dead Rising 3 Apocalypse Edition versione 1.0 u5 (HKLM-x32\...\{F660E9B3-D4BD-48D5-A30B-972E2085470B}_is1) (Version: 1.0 u5 - Capcom)

DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.2 - DivX, Inc.)

Driver Fusion (HKLM-x32\...\Driver Fusion) (Version: 2.0 - Treexy)

EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)

Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft)

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Fallout Shelter (HKLM-x32\...\Fallout Shelter) (Version:  - Bethesda Softworks)

FileZilla Client 3.20.1 (HKLM-x32\...\FileZilla Client) (Version: 3.20.1 - Tim Kosse)

Freemake Audio Converter versione 1.1.8 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.8 - Ellora Assets Corporation)

Fushicai VIDEO DVR (HKLM-x32\...\{989BAFE8-E777-43D7-9749-9810E0E9FF48}) (Version: 2013.5.6 - Fushicai)

gBurner (HKLM-x32\...\gBurner) (Version: 4.1 - Power Software Ltd)

GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.75 - Google Inc.)

Google Chrome Canary (HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\Google Chrome SxS) (Version: 64.0.3256.0 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )

HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)

honestechTVR2.5 (HKLM-x32\...\{ABADD11D-1B48-4F23-BEBA-6B22CE8F5E58}) (Version: 2.5 - honestech)

honestechTVR2.5 (HKLM-x32\...\{B1DE0E2A-C1B1-4A61-A622-1F52CB37B183}) (Version: 2.5 - honestech) Hidden

InfinityTV Plugin (HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\3198782650.d1.rtinfinitysf.edgesuite.net) (Version:  - d1.rtinfinitysf.edgesuite.net)

Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)

Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)

JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)

JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)

King's Bounty - Armored Princess (HKLM-x32\...\King's Bounty - Armored Princess) (Version:  - FX Interactive)

Kobo (HKLM-x32\...\Kobo) (Version: 3.11.0 - Rakuten Kobo Inc.)

Kodi (HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\Kodi) (Version:  - XBMC-Foundation)

LeapdroidVM (HKLM-x32\...\LeapdroidVM) (Version:  - LeapdroidVM)

LibreOffice 5.2.6.2 (HKLM-x32\...\{443795BA-BBA0-46CF-A07F-DB5B461785F7}) (Version: 5.2.6.2 - The Document Foundation)

Lumia Phone Test Application 6.1.38 (HKLM-x32\...\{6391d942-5f72-4a50-8ab4-6e32a2e248cd}) (Version: 6.1.38 - Microsoft)

Lumia Phone Test Application 6.1.38 (HKLM-x32\...\{E3D3F2FE-D32C-42A2-B126-99867AC3BC5C}) (Version: 6.1.38 - Microsoft) Hidden

Lumia UEFI Blue Driver (HKLM-x32\...\{9D2A75FE-8CE1-4297-AEC1-A097D47BACE9}) (Version: 1.1.10.1526 - Microsoft)

MagicCamera 8.5.0 (HKLM-x32\...\{70376A8D-C6E7-4A61-9E30-42AD268CD45D}_is1) (Version: 8.5.0 - ShiningMorning Inc.)

Malwarebytes versione 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)

MediaInfo 0.7.70 (HKLM\...\MediaInfo) (Version: 0.7.70 - MediaArea.net)

MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)

Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Client Profile ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)

Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)

Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office Excel 2007 Help - Aggiornamento (KB963678) (HKLM-x32\...\{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{9F57BDED-B51B-4D2F-B360-5B4EFAAF0F1A}) (Version:  - Microsoft)

Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677) (HKLM-x32\...\{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{2278E02A-AB15-4BF7-B2B4-5C0EEB4B7EEB}) (Version:  - Microsoft)

Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669) (HKLM-x32\...\{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{C76C02F1-B07F-4974-876A-A18DEC9887C8}) (Version:  - Microsoft)

Microsoft Office Word 2007 Help - Aggiornamento (KB963665) (HKLM-x32\...\{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{E5B82DB3-DD7D-4C45-BC5E-09864B26F9BC}) (Version:  - Microsoft)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Might & Magic X Legacy Deluxe Edition (HKLM-x32\...\Uplay Install 401) (Version:  - Ubisoft)

MKVToolNix 15.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 15.0.0 - Moritz Bunkus)

Mozilla Firefox 53.0.3 (x86 it) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 it)) (Version: 53.0.3 - Mozilla)

Mozilla Firefox 56.0.2 (x64 it) (HKLM\...\Mozilla Firefox 56.0.2 (x64 it)) (Version: 56.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)

NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.5 - Notepad++ Team)

Novabench (HKLM\...\{CC27A05D-9D9A-43C7-B202-96A0BAAC86B9}) (Version: 4.0.1 - Novawave Inc.)

Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.2.0 - Duodian Technology Co. Ltd.)

NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)

One Unit Whole Blood (HKLM-x32\...\GOGPACKONEUNITWHOLEBLOOD_is1) (Version: 2.0.0.21 - GOG.com)

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

Oracle VM VirtualBox 5.1.28 (HKLM\...\{11BAF690-37C7-4A56-B518-3696BD15592F}) (Version: 5.1.28 - Oracle Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)

Pacchetto driver Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)

paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)

PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )

Personal Solution Pac (HKLM-x32\...\{0335E386-9ECB-11D4-BA6E-0020AFBCF620}) (Version:  - )

Piante contro Zombi™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)

Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.20 - Portforward, LLC)

PS TO PC CONVERTER (HKLM-x32\...\{A483F88A-41E9-45B2-AAC9-A823DD9B4873}) (Version: 2007.01.01 - )

Punch Club (HKLM\...\cHVuY2hjbHVi_is1) (Version: 1 - )

qBittorrent 3.3.13 (HKLM-x32\...\qBittorrent) (Version: 3.3.13 - The qBittorrent project)

Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.31.0 - Ralink)

Sandboxie 5.21.7 (64-bit) (HKLM\...\Sandboxie) (Version: 5.21.7 - Sandboxie Holdings, LLC)

Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)

SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)

SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)

Servizi di stampa Bonjour (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)

SharePoint Client Components (HKLM\...\{95160001-1163-0409-1000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden

Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)

Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)

Spotify (HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\Spotify) (Version: 1.0.66.478.g1296534d - Spotify AB)

StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Stremio (HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\Stremio) (Version: 3.6.5 - Smart Code Ltd.)

Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)

Supporto applicazioni Apple (64 bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)

TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.81460 - TeamViewer)

Test of Time Patch (HKLM-x32\...\Test of Time Patch) (Version:  - )

The Elder Scrolls Legends (HKLM-x32\...\The Elder Scrolls Legends) (Version:  - Bethesda Softworks)

The Walking Dead - 400 Days (HKLM-x32\...\The Walking Dead: 400 Days_is1) (Version: 2.0.0.1 - GOG.com)

The Walking Dead - Season 1 (HKLM-x32\...\1432207977_is1) (Version: 2.1.0.5 - GOG.com)

Ufo-Wardriving (HKLM-x32\...\Ufo-Wardriving) (Version: 4 Invasion - UW-Team)

Unity Web Player (HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Outlook 2007 Junk Email Filter (kb975960) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F1AB1BED-7477-4D5A-BD0C-04C2109459A5}) (Version:  - Microsoft)

Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)

USB TV Device Driver (HKLM-x32\...\{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}) (Version: 1.00.0000 - Nome società) Hidden

USB2.0 ATV (HKLM-x32\...\USB2.0 ATV) (Version:  - )

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)

Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)

Voltura1 (HKLM-x32\...\A9D22611-32B5-40C2-88BF-6A39245A0C76) (Version: 1.1 - Sogei)

VSDC Free Video Editor versione 5.5.0.601 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.5.0.601 - Flash-Integro LLC)

Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)

WD Beta Tools (HKLM-x32\...\{4CFDBD15-FE17-48FF-BB18-8007DDBCAF6F}) (Version: 1.139.03.01 - Western Digital)

WD Link (HKLM-x32\...\WD Link) (Version: 1.00.03 - Western Digital)

WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)

WD Quick View (HKLM-x32\...\{AAA69AE6-9648-4CFE-9F27-1164C8C3BD53}) (Version: 2.5.0.78 - Western Digital Technologies, Inc.)

WD SmartWare (HKLM\...\{E8EBE5D7-2578-4F54-BF46-73778732A174}) (Version: 2.5.0.78 - Western Digital Technologies, Inc.)

WD SmartWare Installer (HKLM-x32\...\{965472ec-e96c-4faf-9f4b-f6a327803249}) (Version: 2.5.0.78 - Western Digital Technologies, Inc.)

WFilter Free 1.0 (HKLM-x32\...\{C5C4D4E1-0ECB-441E-9B49-654634A12154}_is1) (Version: 1.0 - IMFirewall Softwall)

WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)

Windows Device Recovery Tool 3.1.2 (HKLM-x32\...\{9e156ead-3518-4112-999a-4188770fc8ad}) (Version: 3.1.2 - Microsoft)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinGate (HKLM-x32\...\WinGate8.2) (Version: 8.2 - Qbik New Zealand)

WinHTTrack Website Copier 3.48-22 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)

WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)

WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)

WinUSB Drivers ext (HKLM-x32\...\{29BAAF65-09E5-4F52-8D15-2FAF2E23A8DC}) (Version: 1.1.24.1544 - Microsoft)

World of Dread (HKLM-x32\...\{EBCCF034-0629-48F6-BDB8-C0AEF5710F53}) (Version: 1.14.4 - D.S. Edad Perdida S.L.)

XAMPP (HKLM-x32\...\xampp) (Version: 5.6.23-0 - Bitnami)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-3875199424-4264934349-213251160-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3875199424-4264934349-213251160-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3875199424-4264934349-213251160-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3875199424-4264934349-213251160-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3875199424-4264934349-213251160-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3875199424-4264934349-213251160-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3875199424-4264934349-213251160-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Pinco\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3875199424-4264934349-213251160-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pinco\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)

ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-05] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-05] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-05] (Google)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-07] (AVAST Software)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-07] (AVAST Software)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()

ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-07] (AVAST Software)

ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2015-08-31] (Foxit Software Inc.)

ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-05] (Google)

ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-09-24] (Western Digital Technologies, Inc.)

ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2011-08-08] (SysProgs.org)

ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-09-24] (Western Digital Technologies, Inc.)

ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2011-08-08] (SysProgs.org)

ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-07] (AVAST Software)

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)

ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-05] (Google)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-01-25] (Advanced Micro Devices, Inc.)

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)

ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-07] (AVAST Software)

ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-09-24] (Western Digital Technologies, Inc.)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {17E91B92-17C3-4DAD-A658-7493DEC85CAC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3875199424-4264934349-213251160-1001UA => C:\Users\Pinco\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {20F722E8-7CDA-4D0F-B223-D2117FE45975} - System32\Tasks\{D76C95CA-671B-4931-8399-3F66046ED13E} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.24.0.104&LastError=-3

Task: {451A65A2-8246-44D3-8EF0-76A97AC73522} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe

Task: {4CD2578D-F602-40DB-B3AE-9E13B82513BF} - System32\Tasks\Western Digital\SmartWare\____Volume_5bd0bd45_29fa_11e3_b848_806e6f6e6963__uuid_73656761_7465_7375_636b_0090a9f722ce_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-09-24] (Western Digital Technologies, Inc.)

Task: {4E62EF7F-581B-45F5-91DC-DEF0235F4941} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)

Task: {657415C9-D5D6-4BC0-BBF2-7956FC1671C6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3875199424-4264934349-213251160-1001Core => C:\Users\Pinco\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-26] (Facebook Inc.)

Task: {6A67C392-841F-4324-BE0E-5441523CABEA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)

Task: {87DFBC2C-9800-4621-B6C6-480941763573} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3875199424-4264934349-213251160-1001Core => C:\Users\Pinco\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {CE2FF57A-C2EA-44B3-971C-489C4AA1EF27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {DF594C3D-79E9-4A16-BB9F-6D1E237F7EB4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-07] (AVAST Software)

Task: {E8CABE43-BF31-4B75-ACE0-FF2C9BBC1497} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {F33D7F9A-7477-422A-8A97-174B683EA86A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-01-25] (Advanced Micro Devices, Inc.)

Task: {F99C8500-8C3E-4080-BD28-DB1005CCEFBB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3875199424-4264934349-213251160-1001UA => C:\Users\Pinco\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-26] (Facebook Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3875199424-4264934349-213251160-1001Core.job => C:\Users\Pinco\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3875199424-4264934349-213251160-1001UA.job => C:\Users\Pinco\AppData\Local\Facebook\Update\FacebookUpdate.exe

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

ShortcutWithArgument: C:\Users\Pinco\Desktop\Giochi\Chrome\enrico - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"

ShortcutWithArgument: C:\Users\Pinco\Desktop\Giochi\Chrome\lintasclarke - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 6"

ShortcutWithArgument: C:\Users\Pinco\Desktop\Giochi\Chrome\motherthehat - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"

ShortcutWithArgument: C:\Users\Pinco\Desktop\Giochi\Chrome\noryslintas85 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 8"

ShortcutWithArgument: C:\Users\Pinco\Desktop\Giochi\Chrome\tasver85 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 5"

ShortcutWithArgument: C:\Users\Pinco\Desktop\Giochi\Chrome\tasverclarke - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 7"

ShortcutWithArgument: C:\Users\Pinco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ff13ca23fee04978\tasver85 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 5"

ShortcutWithArgument: C:\Users\Pinco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d755e1040e5d38ac\noryslintas85 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 8"

ShortcutWithArgument: C:\Users\Pinco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b42be1c9c51179ef\noryslintas85 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 7"

ShortcutWithArgument: C:\Users\Pinco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default

ShortcutWithArgument: C:\Users\Pinco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\enrico - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"

ShortcutWithArgument: C:\Users\Pinco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\lintasclarke - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 6"

ShortcutWithArgument: C:\Users\Pinco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3005816c25afaa\Rossa - Chrome.lnk -> C:\Users\Pinco\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

ShortcutWithArgument: C:\Users\Pinco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\motherthehat - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"

 

==================== Loaded Modules (Whitelisted) ==============

 

2016-08-03 16:45 - 2016-08-03 16:45 - 000052400 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2017-10-05 15:13 - 2017-10-05 15:13 - 040419144 _____ () C:\Program Files (x86)\Google\Drive\googledrivesync.exe

2014-11-27 18:20 - 2013-06-17 17:40 - 000035944 _____ () C:\Windows\system32\ddmon4-64x.dll

2015-03-20 17:12 - 2015-03-20 17:12 - 000085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-03-20 17:12 - 2015-03-20 17:12 - 001346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2016-08-29 17:54 - 2016-08-29 17:54 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll

2016-08-29 17:54 - 2016-08-29 17:54 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll

2016-08-29 17:54 - 2016-08-29 17:54 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

2016-08-29 17:54 - 2016-08-29 17:54 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll

2016-08-29 17:54 - 2016-08-29 17:54 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll

2016-08-29 17:54 - 2016-08-29 17:54 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll

2016-08-29 17:54 - 2016-08-29 17:54 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll

2017-10-07 20:16 - 2017-10-07 20:16 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll

2017-10-07 20:16 - 2017-10-07 20:16 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll

2017-10-25 23:43 - 2017-10-25 23:43 - 000851928 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll

2017-10-07 20:16 - 2017-10-07 20:16 - 000286712 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll

2017-10-07 20:16 - 2017-10-07 20:16 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll

2017-10-07 20:16 - 2017-10-07 20:16 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2017-10-07 20:16 - 2017-10-07 20:16 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll

2017-10-07 20:16 - 2017-10-07 20:16 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll

2017-10-07 20:16 - 2017-10-07 20:16 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll

2017-11-01 18:46 - 2017-11-01 18:46 - 005882552 _____ () C:\Program Files\AVAST Software\Avast\defs\17110104\algo.dll

2017-10-25 23:43 - 2017-10-25 23:43 - 000703336 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2017-11-02 08:27 - 2017-11-02 08:27 - 005882552 _____ () C:\Program Files\AVAST Software\Avast\defs\17110200\algo.dll

2017-07-10 17:39 - 2017-07-10 17:39 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2017-11-02 08:20 - 2017-11-02 08:20 - 000088064 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\_ctypes.pyd

2017-11-02 08:20 - 2017-11-02 08:20 - 000918528 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\_hashlib.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000098816 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\win32api.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000110080 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\pywintypes27.dll

2017-11-02 08:21 - 2017-11-02 08:21 - 000364544 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\pythoncom27.dll

2017-11-02 08:21 - 2017-11-02 08:21 - 000686080 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\unicodedata.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000320512 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\win32com.shell.shell.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 001177088 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\wx._core_.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000806912 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\wx._gdi_.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000816640 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\wx._windows_.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 001067520 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\wx._controls_.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000733696 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\wx._misc_.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000736256 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\pysqlite2._sqlite.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000119808 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\win32file.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000108544 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\win32security.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000007168 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\hashobjs_ext.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000017920 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\thumbnails_ext.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000082432 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\usb_ext.pyd

2017-11-02 08:20 - 2017-11-02 08:20 - 000013824 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\common.time34.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000018432 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\win32event.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000027648 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\windows.conditional.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000017408 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\windows.winwrap.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000089088 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\windows.volumes.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000167936 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\win32gui.pyd

2017-11-02 08:20 - 2017-11-02 08:20 - 000046080 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\_socket.pyd

2017-11-02 08:20 - 2017-11-02 08:20 - 001309696 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\_ssl.pyd

2017-11-02 08:20 - 2017-11-02 08:20 - 000129536 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\_elementtree.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000127488 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\pyexpat.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000038912 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\win32inet.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000077824 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\wx._html2.pyd

2017-11-02 08:20 - 2017-11-02 08:20 - 000036864 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\_psutil_windows.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000525208 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\windows._lib_cacheinvalidation.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000011264 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\win32crypt.pyd

2017-11-02 08:20 - 2017-11-02 08:20 - 000218624 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\PIL._imaging.pyd

2017-11-02 08:20 - 2017-11-02 08:20 - 000027648 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\_multiprocessing.pyd

2017-11-02 08:20 - 2017-11-02 08:20 - 000020480 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\_yappi.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000035840 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\win32process.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000024064 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\win32pipe.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000010240 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\select.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000025600 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\win32pdh.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000059392 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\windows.device_monitor.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000017408 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\win32profile.pyd

2017-11-02 08:21 - 2017-11-02 08:21 - 000022528 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI18282\win32ts.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000088064 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\_ctypes.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000918528 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\_hashlib.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000098816 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\win32api.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000110080 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\pywintypes27.dll

2017-11-02 08:25 - 2017-11-02 08:25 - 000364544 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\pythoncom27.dll

2017-11-02 08:25 - 2017-11-02 08:25 - 000686080 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\unicodedata.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000320512 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\win32com.shell.shell.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 001177088 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\wx._core_.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000806912 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\wx._gdi_.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000816640 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\wx._windows_.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 001067520 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\wx._controls_.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000733696 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\wx._misc_.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000736256 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\pysqlite2._sqlite.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000119808 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\win32file.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000108544 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\win32security.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000007168 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\hashobjs_ext.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000017920 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\thumbnails_ext.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000082432 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\usb_ext.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000013824 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\common.time34.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000018432 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\win32event.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000027648 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\windows.conditional.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000017408 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\windows.winwrap.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000089088 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\windows.volumes.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000167936 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\win32gui.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000046080 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\_socket.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 001309696 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\_ssl.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000129536 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\_elementtree.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000127488 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\pyexpat.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000038912 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\win32inet.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000077824 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\wx._html2.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000036864 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\_psutil_windows.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000525208 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\windows._lib_cacheinvalidation.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000011264 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\win32crypt.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000218624 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\PIL._imaging.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000027648 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\_multiprocessing.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000020480 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\_yappi.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000035840 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\win32process.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000024064 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\win32pipe.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000010240 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\select.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000025600 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\win32pdh.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000059392 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\windows.device_monitor.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000017408 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\win32profile.pyd

2017-11-02 08:25 - 2017-11-02 08:25 - 000022528 _____ () C:\Users\Pinco\AppData\Local\Temp\_MEI19682\win32ts.pyd

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:D24294C1 [147]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\fumbbl.com -> hxxps://fumbbl.com

IE trusted site: HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\fumbbl.com -> hxxp://fumbbl.com

IE trusted site: HKU\S-1-5-21-3875199424-4264934349-213251160-1001\...\hopto.org -> hxxp://camerestudio.hopto.org

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 03:34 - 2016-11-24 15:17 - 000000658 ____R C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

127.0.0.1 freshamateurpics.com

127.0.0.1 pornpicsamateur.com

127.0.0.1 secretnudes.net

127.0.0.1 amateurgirlshot.com

127.0.0.1 sexoflover.com

127.0.0.1 julielist.com

127.0.0.1 brendabox.com

127.0.0.1 amateurandreal.com

127.0.0.1 hmporn.net

127.0.0.1 sexnemo.com/

127.0.0.1 postyourgirls.ws

127.0.0.1 pamelapost.com

127.0.0.1 amateurslutspics.com

127.0.0.1 amateursolution.com

127.0.0.1 amateursbestporn.com

127.0.0.1 alicelove.com

127.0.0.1 bestpussypics.net

127.0.0.1 sexocean.com

127.0.0.1 bleepcat.com

127.0.0.1 nude911.com/

127.0.0.1 onlyteenstgp.com

127.0.0.1 sexadditions.com

127.0.0.1 allamateurxxx.com

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3875199424-4264934349-213251160-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pinco\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

Windows Firewall is disabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

MSCONFIG\Services: ACDaemon => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: Steam Client Service => 3

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Duplicati.lnk => C:\Windows\pss\Duplicati.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TVR Scheduler.lnk => C:\Windows\pss\TVR Scheduler.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinGate Engine Monitor.lnk => C:\Windows\pss\WinGate Engine Monitor.lnk.CommonStartup

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe

MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

MSCONFIG\startupreg: deskPDF Creator => "C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe" -minimize

MSCONFIG\startupreg: DiKe 6 => "C:\Program Files (x86)\Infocert\DiKe 6\Dike.exe" -o NO_SHELL -f "NO_MAIN_WIN"

MSCONFIG\startupreg: Google Update => "C:\Users\Pinco\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: PowerDVD15Agent => "C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe"

MSCONFIG\startupreg: pspNetSystray => C:\Program Files (x86)\MGE\PersonalSolutionPac\mgenetsystray.exe

MSCONFIG\startupreg: RAMDiskForWorkstations => "C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe" /hide

MSCONFIG\startupreg: Spotify => "C:\Users\Pinco\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized

MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Pinco\AppData\Roaming\Spotify\Spotify.exe --autostart

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: TIDAL => C:\Users\Pinco\AppData\Local\TIDAL\update.exe --processStart TIDAL.exe --process-start-args " -autostart -minimized"

MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{56FAB94A-A8E7-46A8-920C-007F81BE5D69}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{46A16DBB-BB7C-431A-A26F-E4B1CB24BC47}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [TCP Query User{3A4920C9-CEB6-46BB-9CDA-91DB5C5FA0D3}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe

FirewallRules: [UDP Query User{7D5B2AD0-03B5-499F-AE08-780E1E516D83}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe

FirewallRules: [TCP Query User{6B50409B-431A-4323-8218-083DBA98D06A}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe

FirewallRules: [UDP Query User{101A8728-4654-4A6A-95E4-0C48F0CAE46C}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe

FirewallRules: [TCP Query User{2C98049B-6595-463C-8673-ADE29565D80C}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

FirewallRules: [UDP Query User{1216294B-7F5F-45BD-AB5E-715CFF51DA24}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

FirewallRules: [{EF2524D7-5D84-4F8F-A2C1-CF8467878C81}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sengoku\Sengoku.exe

FirewallRules: [{A7B78C25-7570-4CF9-A8F4-81D5BE9491E9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sengoku\Sengoku.exe

FirewallRules: [{75020E6E-D14D-4895-8443-B6ABCEC9FB88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe

FirewallRules: [{3A91BA8D-131C-43A0-A0E1-B2DA6B837ADA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe

FirewallRules: [{33CB5500-F0EC-4673-BE8C-47CEAE0F4BE9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe

FirewallRules: [{37E7D0EC-0DDC-4DDB-9AEB-D6B97C73ECA0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe

FirewallRules: [{DDC934B3-B566-4BC5-8630-797EB4CEBDE6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Support\EA Help\Electronic_Arts_Technical_Support.htm

FirewallRules: [{DEFB9A33-B7BD-4804-9F4D-13D08F0251A7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Support\EA Help\Electronic_Arts_Technical_Support.htm

FirewallRules: [{8E9E2D15-3902-4984-8CEF-96F4E7151DD8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe

FirewallRules: [{1FAB29D7-C847-46F9-B93C-53AC7A52B4FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe

FirewallRules: [{33FE0AC7-9ECD-4465-B4FC-B23432ECBB2A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{6644ACAF-1977-4DAF-91CA-38FB5E99C6B3}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Might & Magic® X Legacy\Might and Magic X Legacy.exe

FirewallRules: [{7B1DBA78-6246-4E44-AE3E-9AFBF4FC3B05}] => (Allow) G:\utorrent.exe

FirewallRules: [{9C51E7FD-1CF4-437E-88DB-2D7019F0D0BD}] => (Allow) G:\utorrent.exe

FirewallRules: [{8C7F2F42-7129-4E17-B7BB-6D8CD6DA500F}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe

FirewallRules: [{90F4A245-1260-424F-B814-CA7DE9BE9FD7}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe

FirewallRules: [{4C311A68-4B69-4746-B1EA-954FD7B4F4BD}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe

FirewallRules: [{BA30CBB7-4C3A-4DB1-A00C-701D639137E3}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe

FirewallRules: [{2CDB57B7-B54A-461C-B143-92ED9852FBD5}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe

FirewallRules: [{93890A87-F28E-4F0B-89A6-9B1E070F694D}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe

FirewallRules: [{2CFC8566-F3D1-433D-92A5-8A446D1F936F}] => (Allow) C:\Program Files (x86)\Ralink\Common\ApUI.exe

FirewallRules: [{FA7CE50C-4067-4CBC-BA66-698F84264ABB}] => (Allow) C:\Program Files (x86)\Ralink\Common\ApUI.exe

FirewallRules: [{6A46728B-6F74-41E8-AAA4-6E09B3589E4B}] => (Allow) C:\Games\South Park - The Stick of Truth\South Park - The Stick of Truth.exe

FirewallRules: [{0D3F9DA4-8F52-4750-A470-A629AD3A08D3}] => (Allow) C:\Games\South Park - The Stick of Truth\South Park - The Stick of Truth.exe

FirewallRules: [{BAC5A0F0-2124-4EFE-94F6-1A9C5DA1D782}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{F466E34F-9832-48CF-B2AC-93B6BB71E859}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{ABB14F86-2593-4D73-9C51-2D8C2E1E2BA3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{466D6D05-D06C-4D4F-A774-027A36F505FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [TCP Query User{579EDEFB-2B9B-49FF-8DC1-79EB8881A873}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

FirewallRules: [UDP Query User{B753C2D6-28F6-48EC-A2A2-B5B7BF729417}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

FirewallRules: [TCP Query User{818EA96C-6006-4293-BF86-F646692E4F41}C:\program files (x86)\nutsaboutnets\netstress\netstress.exe] => (Allow) C:\program files (x86)\nutsaboutnets\netstress\netstress.exe

FirewallRules: [UDP Query User{42F7778A-F632-49ED-A903-A5FE7C19B364}C:\program files (x86)\nutsaboutnets\netstress\netstress.exe] => (Allow) C:\program files (x86)\nutsaboutnets\netstress\netstress.exe

FirewallRules: [TCP Query User{693FA13F-7FAB-420E-9388-9EF09D5FA881}C:\program files (x86)\nutsaboutnets\netstress\nan-finder.exe] => (Allow) C:\program files (x86)\nutsaboutnets\netstress\nan-finder.exe

FirewallRules: [UDP Query User{8DD97B0E-567C-4FCD-B9C5-3CA6C8C1F0C8}C:\program files (x86)\nutsaboutnets\netstress\nan-finder.exe] => (Allow) C:\program files (x86)\nutsaboutnets\netstress\nan-finder.exe

FirewallRules: [TCP Query User{990F91C1-8561-40AB-BA0F-1C91CED1DDC6}C:\program files (x86)\nutsaboutnets\netstress\netstress-tcpserver.exe] => (Allow) C:\program files (x86)\nutsaboutnets\netstress\netstress-tcpserver.exe

FirewallRules: [UDP Query User{44BD3D55-1B0F-4677-B3CD-1F7314750C4E}C:\program files (x86)\nutsaboutnets\netstress\netstress-tcpserver.exe] => (Allow) C:\program files (x86)\nutsaboutnets\netstress\netstress-tcpserver.exe

FirewallRules: [TCP Query User{28B41F1D-D026-4850-9B8B-73D4B783E6CD}C:\program files (x86)\nutsaboutnets\netstress\netstress-udpserver.exe] => (Allow) C:\program files (x86)\nutsaboutnets\netstress\netstress-udpserver.exe

FirewallRules: [UDP Query User{7C5B6C10-E3C8-4019-8161-43081630825D}C:\program files (x86)\nutsaboutnets\netstress\netstress-udpserver.exe] => (Allow) C:\program files (x86)\nutsaboutnets\netstress\netstress-udpserver.exe

FirewallRules: [TCP Query User{BA79B5D3-397A-4393-9526-248ED42591E8}C:\users\pinco\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\pinco\appdata\local\google\chrome sxs\application\chrome.exe

FirewallRules: [UDP Query User{5F88139D-2CED-4191-AF3E-D21C088A475A}C:\users\pinco\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\pinco\appdata\local\google\chrome sxs\application\chrome.exe

FirewallRules: [{C1F54009-83BB-4BA8-9255-48AE25DCF4F8}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe

FirewallRules: [{02DCF5C0-A4AC-45E2-A700-F4907966B218}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe

FirewallRules: [{21A2827C-B7E9-40FD-A797-FD1DA01E93CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DeadHungryDiner\DHDSteam.exe

FirewallRules: [{2348BDC9-C822-4EB6-BB6E-9A02526BD52B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DeadHungryDiner\DHDSteam.exe

FirewallRules: [{4459AD62-962F-4342-A144-5F3B826918E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe

FirewallRules: [{077F9E94-4609-40A3-B9E8-F312E2D81143}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe

FirewallRules: [{25F4997B-4580-4B99-AEE7-E2BAEA21C9EA}] => (Allow) C:\Users\Pinco\AppData\Roaming\Spotify\spotify.exe

FirewallRules: [{984ED85E-4359-4A90-AE7A-66840E5E371A}] => (Allow) C:\Users\Pinco\AppData\Roaming\Spotify\spotify.exe

FirewallRules: [{E481C75C-5614-463C-AC6D-7BE7AA53C80E}] => (Allow) C:\Users\Pinco\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

FirewallRules: [{B0A0C68E-117F-4D70-B58F-004194EDEC6E}] => (Allow) C:\Users\Pinco\AppData\Roaming\Spotify\spotify.exe

FirewallRules: [{C8135842-1C76-498A-B45D-41460AB76115}] => (Allow) C:\Users\Pinco\AppData\Roaming\Spotify\spotify.exe

FirewallRules: [{FEF4B2A8-E6EA-4CC0-A2FB-03D0C1CB8FFD}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe

FirewallRules: [{FE5DD7DD-201C-4543-A2A6-443658360A12}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe

FirewallRules: [TCP Query User{400FAA44-D06F-4CD7-B79F-44435E61B7D4}C:\program files (x86)\western digital\wd quick view\wddmstatus.exe] => (Allow) C:\program files (x86)\western digital\wd quick view\wddmstatus.exe

FirewallRules: [UDP Query User{C4E2BFDF-30F9-4939-B86B-23FB8FEA3F4F}C:\program files (x86)\western digital\wd quick view\wddmstatus.exe] => (Allow) C:\program files (x86)\western digital\wd quick view\wddmstatus.exe

FirewallRules: [TCP Query User{8F129045-BB2C-45A9-904E-BB19B1685209}H:\emule0.50a\emule.exe] => (Allow) H:\emule0.50a\emule.exe

FirewallRules: [UDP Query User{E936F021-6D40-461C-899B-596E3D37EE42}H:\emule0.50a\emule.exe] => (Allow) H:\emule0.50a\emule.exe

FirewallRules: [{36EEA8CB-2352-496F-87B4-5CC687AE4360}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\State of Decay\StateOfDecay.exe

FirewallRules: [{B4B2D94B-CC2B-4C78-BC81-5EBAC935431E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\State of Decay\StateOfDecay.exe

FirewallRules: [{1ED9FB67-D596-4CA2-828D-0992E8CD045F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe

FirewallRules: [{98885FBA-550C-408D-92B5-B0A40C0387D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe

FirewallRules: [{8AB80833-6BF5-4517-9AA9-EE2F13043BDF}] => (Allow) C:\Program Files (x86)\WinGate\WinGate.exe

FirewallRules: [{3FBCB7C1-2B8D-4EA8-9788-03E38B339C5D}] => (Allow) C:\Program Files (x86)\WinGate\WinGate.exe

FirewallRules: [{BE0E3C36-9922-4223-9911-0EABA1940A84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto\WINO\Grand Theft Auto.exe

FirewallRules: [{0AAEA56B-53FF-40B5-8A96-2CB4F565A0CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto\WINO\Grand Theft Auto.exe

FirewallRules: [TCP Query User{D58754A0-134F-467C-927B-8320183D2EF2}E:\download\emule0.50a\emule.exe] => (Allow) E:\download\emule0.50a\emule.exe

FirewallRules: [UDP Query User{5869A80B-9D35-49FF-B6FF-3A820C5613EF}E:\download\emule0.50a\emule.exe] => (Allow) E:\download\emule0.50a\emule.exe

FirewallRules: [{04CA11F4-8079-4A81-980B-F43AFCF673C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{6C0CDF5C-7F1F-49ED-959E-14FF9D87EB02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{B04669F3-2567-47E7-A632-BE15BCC2AA68}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe

FirewallRules: [{0DD9E754-28E4-41BA-A361-16AF29D21710}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe

FirewallRules: [{F714EA19-3536-425E-A51A-225190A4012D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Disciples 3\DisciplesIII.exe

FirewallRules: [{3A6A893D-152B-430F-A154-94406A146462}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Disciples 3\DisciplesIII.exe

FirewallRules: [{2D4F716E-1E5C-43CD-91C3-027492026F62}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Disciples III Resurrection\DisciplesIII.exe

FirewallRules: [{79B313A4-3EC1-4701-B229-8972F6590B3A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Disciples III Resurrection\DisciplesIII.exe

FirewallRules: [{672DE8A6-68B4-4B6D-97FB-835896E56274}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest\Titan Quest.exe

FirewallRules: [{2741F269-055F-40B1-83EC-1747448C6EB7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest\Titan Quest.exe

FirewallRules: [{5CEB38A1-32D7-40C5-8D4E-300D5AEE2163}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest Immortal Throne\Tqit.exe

FirewallRules: [{5093DC22-5EBF-47E0-B26B-4155F8C25A49}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest Immortal Throne\Tqit.exe

FirewallRules: [{58E69621-A69B-4674-9346-1D3E1A1988EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkside\KBDarkside.exe

FirewallRules: [{F58F29A8-491B-47A3-9459-676105B60DA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkside\KBDarkside.exe

FirewallRules: [{E2DDCB09-82CD-4092-8D74-2103BA08DFF8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sega Classics\SEGAGenesisClassics.exe

FirewallRules: [{CE2743D5-5079-4A69-8AC1-BB07A152BF17}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sega Classics\SEGAGenesisClassics.exe

FirewallRules: [TCP Query User{76CCA745-5BE0-4553-AD18-260BC41015B5}E:\download\emule0.50a\emule.exe] => (Allow) E:\download\emule0.50a\emule.exe

FirewallRules: [UDP Query User{BCDD4600-A7E5-4F97-90D4-3F739E8EAA96}E:\download\emule0.50a\emule.exe] => (Allow) E:\download\emule0.50a\emule.exe

FirewallRules: [{D3FD646D-D8C0-41A9-AB93-CCC849596EDD}] => (Allow) C:\Users\Pinco\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{A99B8E16-78DA-45BB-89A7-F1F8EC17F827}] => (Allow) C:\Users\Pinco\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{513B56D5-A4E2-4011-AE5F-2229EF0C469A}] => (Allow) C:\Users\Pinco\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{49685CF2-F65A-49DF-8FF3-36E9AF5F2C11}] => (Allow) C:\Users\Pinco\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{533198FC-9FA3-4193-A1D7-1CCC7F7A3747}] => (Allow) C:\Users\Pinco\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{9E130AA1-EE72-49EE-870B-AFF8F62787CA}] => (Allow) C:\Users\Pinco\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{EA8A3790-3E01-40AB-B5A1-DF5CD68E424C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{BEDE483A-B982-4980-8093-E9D287851E72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{5D2BC418-181B-40E8-8980-ACBBD1F4969C}] => (Allow) C:\Users\Pinco\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{CC12E23C-F6D0-4C3B-BEBC-1F8AA7C43EDB}] => (Allow) C:\Users\Pinco\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [TCP Query User{4EA5CCBD-B90E-44F7-B57B-F74ED1F8DD0A}E:\games\age of wonders 3\aow3.exe] => (Block) E:\games\age of wonders 3\aow3.exe

FirewallRules: [UDP Query User{6BF1C579-184B-4F4A-944D-592D2F93C286}E:\games\age of wonders 3\aow3.exe] => (Block) E:\games\age of wonders 3\aow3.exe

FirewallRules: [{2FA0B8A5-CC9E-4C7C-AFD9-5C81A4E4257B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe

FirewallRules: [{CC01B693-82AB-49E0-9C4A-C1438C8175A7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe

FirewallRules: [{46B5094A-F914-44B7-9963-BF1167118D8E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{3A8041A7-B827-4C3A-8C5E-811F83C1C91A}] => (Allow) LPort=2869

FirewallRules: [{FC67B141-06F0-4F3F-9CB2-EF5D484CC5C7}] => (Allow) LPort=1900

FirewallRules: [{ED4F07D1-F32C-493D-8673-2414F9B27D1B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Suits\Game.exe

FirewallRules: [{9F5E74AA-0A08-4419-9114-2D3AF9EF41ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Suits\Game.exe

FirewallRules: [{484FB1E6-E3FE-4B42-837F-F94E6BBAA595}] => (Allow) E:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe

FirewallRules: [{0AC92EBD-6614-446D-914F-12DC5F1E8A46}] => (Allow) E:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe

FirewallRules: [{08FB5D80-2E37-457B-9BB1-7AD7E4958D36}] => (Allow) E:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe

FirewallRules: [{C5B73F21-AA45-4251-9486-4973CC6AE52E}] => (Allow) E:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe

FirewallRules: [{0D97AC27-5BCD-4D05-B9E9-403E801FA945}] => (Allow) E:\SteamLibrary\steamapps\common\Wasteland\wasteland.exe

FirewallRules: [{0A506137-A606-45C5-950A-17874BE61219}] => (Allow) E:\SteamLibrary\steamapps\common\Wasteland\wasteland.exe

FirewallRules: [{E6FEA294-2ECD-4F0D-951C-B518623947DC}] => (Allow) E:\SteamLibrary\steamapps\common\Wasteland 2 Director's Cut\Build\WL2.exe

FirewallRules: [{CBF82C6D-307C-4B11-BFC8-8466771EBA56}] => (Allow) E:\SteamLibrary\steamapps\common\Wasteland 2 Director's Cut\Build\WL2.exe

FirewallRules: [{500BE008-70D1-412B-A148-188BFE4C2601}] => (Allow) E:\SteamLibrary\steamapps\common\BIT.TRIP RUNNER\RUNNER.exe

FirewallRules: [{33AB44A1-F6B9-4324-83A9-8DC5AF8741D5}] => (Allow) E:\SteamLibrary\steamapps\common\BIT.TRIP RUNNER\RUNNER.exe

FirewallRules: [TCP Query User{BBD3B9E6-1959-479B-96D9-BDBEF61978A1}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe

FirewallRules: [UDP Query User{FA15B1BD-F273-4BAA-8937-E23BAC568135}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe

FirewallRules: [{4080EF23-4B39-474C-B1A4-D846AA2D53F3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sega Classics\SEGAGameRoom.exe

FirewallRules: [{5C20152D-807C-4FEE-BF46-36BBE58D3838}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sega Classics\SEGAGameRoom.exe

FirewallRules: [{182E5E5D-934C-451C-BA72-EB360E9A14B3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D85993E8-391D-46AE-94D1-37CB7E060881}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E3325938-7008-4EE6-BF27-143D96911E5F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{1FD50C41-AA8A-4452-A306-0B073B917990}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [TCP Query User{9F80B286-00CA-410B-9F0D-1ED1C7FDABF7}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe

FirewallRules: [UDP Query User{DCFF5F20-714B-4D01-8FC6-CF34E7574460}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe

FirewallRules: [{4AB24E67-2069-4FA2-8373-E6EA7D94E5A3}] => (Allow) E:\SteamLibrary\steamapps\common\ZafehouseDiaries\ZafehouseDiaries.exe

FirewallRules: [{65869FDE-48A7-46B7-B80A-CA84F2360846}] => (Allow) E:\SteamLibrary\steamapps\common\ZafehouseDiaries\ZafehouseDiaries.exe

FirewallRules: [{0A071793-0AB6-4630-8392-5165CC509E6D}] => (Allow) E:\SteamLibrary\steamapps\common\ZafehouseDiaries\ZafeDiag.exe

FirewallRules: [{346213A8-F1EE-411B-A7A0-25DE5C33A966}] => (Allow) E:\SteamLibrary\steamapps\common\ZafehouseDiaries\ZafeDiag.exe

FirewallRules: [{619E9E50-0176-41D1-99FC-88BDE15FD920}] => (Allow) E:\SteamLibrary\steamapps\common\Underrail\underrail.exe

FirewallRules: [{286FFA25-0E4C-4452-B3E3-D8FDE688A01E}] => (Allow) E:\SteamLibrary\steamapps\common\Underrail\underrail.exe

FirewallRules: [{28EE7A78-B1CE-491E-A74F-D5926F4F7E3C}] => (Allow) E:\SteamLibrary\steamapps\common\Grim Fandango Remastered\GrimFandango.exe

FirewallRules: [{B0D31BE0-3409-4762-B7B3-482062827473}] => (Allow) E:\SteamLibrary\steamapps\common\Grim Fandango Remastered\GrimFandango.exe

FirewallRules: [{2F8B3484-0576-474C-A864-158E8AF6CA75}] => (Allow) E:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe

FirewallRules: [{4C6E9D1B-BF10-46B0-A460-C6884DCB1FDF}] => (Allow) E:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe

FirewallRules: [{3BE728E5-8FAF-46B4-806D-7094717D6686}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe

FirewallRules: [{9FDB58B3-E0A4-4D3F-A2C5-398BB94C7475}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe

FirewallRules: [{85D3A313-2413-433F-A5DA-B8299A264919}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe

FirewallRules: [{C19EF3DC-D162-4444-BA71-08F7A8193283}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe

FirewallRules: [{4DE5B05C-B256-4023-BD40-BCD6948EDFF8}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe

FirewallRules: [{B4D9396E-6B76-4A44-8681-F3018EF463A3}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe

FirewallRules: [{1A479DD5-8235-4630-A420-124A26CF1815}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{EE23E203-DC62-45E1-9D5D-1E3919469721}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{5DE8FD57-DA82-4AA6-B58F-296D8592F97C}] => (Allow) E:\SteamLibrary\steamapps\common\Might & Magic Heroes VII\Binaries\Win64\MMH7Game-Win64-Shipping.exe

FirewallRules: [{6EBEEC8D-C741-49A6-A5FF-A0064AA6EC53}] => (Allow) E:\SteamLibrary\steamapps\common\Might & Magic Heroes VII\Binaries\Win64\MMH7Game-Win64-Shipping.exe

FirewallRules: [{2D8CA471-4938-4D09-B4F7-C8E43F902427}] => (Allow) E:\SteamLibrary\steamapps\common\Might & Magic Heroes VII\Binaries\Win64\MMH7Editor-Win64-Shipping.exe

FirewallRules: [{2F65343C-CEF1-4C51-BE6D-2731FC5F7A62}] => (Allow) E:\SteamLibrary\steamapps\common\Might & Magic Heroes VII\Binaries\Win64\MMH7Editor-Win64-Shipping.exe

FirewallRules: [{9B3AEC9C-B57B-4D6A-B759-B36D975575C5}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe

FirewallRules: [{07A078A4-429F-4C5C-92B8-2146D4E2302B}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe

FirewallRules: [{2A5F23FC-5DB5-4ED3-8000-BD55C2FAB896}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe

FirewallRules: [{66C63650-CDBA-4755-B4D6-BE27B3D14ADB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Suits\Suits_Remastered\Game.exe

FirewallRules: [{0998198A-4629-433C-BD0E-BCB41BE28F8F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Suits\Suits_Remastered\Game.exe

FirewallRules: [{39CFF6AB-F627-46B2-AC6C-FFC180079A6A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe

FirewallRules: [{ADDB024A-38CF-4876-A749-4A98CB70A52B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe

FirewallRules: [{0EF49EEE-D635-426F-A407-1C4A419DC204}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe

FirewallRules: [{81445D90-FF36-4863-8790-342F7F5A62D8}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe

FirewallRules: [{C28E785F-B3B8-4DED-8A54-C8CD152E27AA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{36EF6C6F-2509-4400-8747-D249FE1970A7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{D3026F87-EDDF-4FA9-8393-D17C6F9F5B3E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gems of War\GemsOfWar.exe

FirewallRules: [{CDF812E7-5333-4BED-BAF4-B6E0FA23E70F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gems of War\GemsOfWar.exe

FirewallRules: [{1E037079-9063-4F6F-BB46-4D7524E06B81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{7B2D6CD3-502D-4E88-AC5F-43A2A3D00ADE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{AD47FDE2-5DC6-43C9-A524-A2CA094C23C8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{730C69E3-A4F8-4E43-B340-6D58AEFFF88C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{56F1AE6F-4073-41FF-9FA6-290C52CC038F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Rising\DeadRising.exe

FirewallRules: [{E0395D6A-0A6C-4E23-9996-9AA10594E691}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Rising\DeadRising.exe

FirewallRules: [{6BD463DE-C509-492C-883F-324557443C7F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Rising 2 Off the Record\deadrising2otr.exe

FirewallRules: [{1E9048DA-7311-4FEF-A8A2-95DB55C0DD81}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Rising 2 Off the Record\deadrising2otr.exe

FirewallRules: [{934405FE-70EE-4D59-B7BA-7AEB950A8ACF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe

FirewallRules: [{B2A38105-11D1-45FE-9823-4DA2500663A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe

FirewallRules: [{04A99881-DEC8-48CF-B4FA-1500FA51D033}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HeroSiege\bin\Hero_Siege.exe

FirewallRules: [{9C115E19-30F4-455D-883C-B2F953D3CA4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HeroSiege\bin\Hero_Siege.exe

FirewallRules: [{3BDCBDE4-1499-4E59-A71D-BB9156A1DF88}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{5AC86125-A04C-465B-BD86-9046AC939812}] => (Allow) C:\Users\Pinco\AppData\Local\Google\Chrome SxS\Application\chrome.exe

 

==================== Restore Points =========================

 

02-11-2017 00:56:30 Punto di controllo di HitmanPro

02-11-2017 00:56:57 Punto di controllo di HitmanPro

02-11-2017 00:58:58 Punto di controllo di HitmanPro

02-11-2017 01:11:06 JRT Pre-Junkware Removal

 

==================== Faulty Device Manager Devices =============

 

Name: Android Composite ADB Interface

Description: Android Composite ADB Interface

Class Guid: {f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}

Manufacturer: 51Cube

Service: androidusb

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

Name: Scheda Microsoft Teredo Tunneling

Description: Scheda Microsoft Teredo Tunneling

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

Name: 1-Bay Personal Cloud Storage (Gen2)

Description: 1-Bay Personal Cloud Storage (Gen2)

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/02/2017 08:22:16 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.

 

Error: (11/02/2017 01:24:20 AM) (Source: ATIeRecord) (EventID: 16387) (User: )

Description: ATI EEU Service event error

 

Error: (11/02/2017 01:23:31 AM) (Source: ATIeRecord) (EventID: 16387) (User: )

Description: ATI EEU Service event error

 

Error: (11/02/2017 01:12:44 AM) (Source: ATIeRecord) (EventID: 16387) (User: )

Description: ATI EEU Service event error

 

Error: (11/02/2017 01:06:08 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome dell'applicazione che ha generato l'errore: rundll32.exe, versione: 6.1.7600.16385, timestamp: 0x4a5bc637

Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000

Codice eccezione: 0xc0000005

Offset errore 0x80000008

ID processo che ha generato l'errore: 0xb94

Ora di avvio dell'applicazione che ha generato l'errore: 0x01d3536e60fa5a27

Percorso dell'applicazione che ha generato l'errore: C:\Windows\SysWOW64\rundll32.exe

Percorso del modulo che ha generato l'errore: unknown

ID segnalazione: 9ff2aa28-bf61-11e7-bb1e-00e04c692846

 

Error: (11/02/2017 12:32:14 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.

 

Error: (11/01/2017 11:04:03 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Il programma The Elder Scrolls Legends.exe versione 5.6.3.59581 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

 

ID processo: 2064

 

Ora di avvio: 01d3535d219e9954

 

Ora di chiusura: 25

 

Percorso applicazione: C:\program files (x86)\bethesda.net launcher\games\TESL\The Elder Scrolls Legends.exe

 

ID segnalazione: 90125626-bf50-11e7-8c61-00e04c692846

 

Error: (11/01/2017 10:41:51 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome dell'applicazione che ha generato l'errore: mbam.exe, versione: 3.0.0.1169, timestamp: 0x599723f1

Nome del modulo che ha generato l'errore: Qt5Core.dll, versione: 5.6.2.0, timestamp: 0x594d4411

Codice eccezione: 0xc0000005

Offset errore 0x001a9fd6

ID processo che ha generato l'errore: 0x22d8

Ora di avvio dell'applicazione che ha generato l'errore: 0x01d3535a25976d97

Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

Percorso del modulo che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll

ID segnalazione: 7826d7db-bf4d-11e7-8c61-00e04c692846

 

Error: (11/01/2017 10:41:35 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome dell'applicazione che ha generato l'errore: mbamservice.exe, versione: 3.1.0.556, timestamp: 0x5988c3f1

Nome del modulo che ha generato l'errore: mbamservice.exe, versione: 3.1.0.556, timestamp: 0x5988c3f1

Codice eccezione: 0xc0000005

Offset errore 0x00000000001b6596

ID processo che ha generato l'errore: 0x1cdc

Ora di avvio dell'applicazione che ha generato l'errore: 0x01d3535a2e962aa2

Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe

Percorso del modulo che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe

ID segnalazione: 6e4849ca-bf4d-11e7-8c61-00e04c692846

 

Error: (11/01/2017 10:33:08 PM) (Source: Application Error) (EventID: 1005) (User: )

Description: Impossibile accedere al file  per uno dei motivi seguenti: 

Si è verificato un problema relativo alla connessione di rete, al disco in cui è archiviato il file o ai driver

di archiviazione installati nel computer oppure il disco è assente.

Il programma Dead Rising 4 è stato chiuso a causa dell'errore.

 

Programma: Dead Rising 4

File: 

 

Il valore dell'errore è indicato nella sezione Dati aggiuntivi.

Azione utente

1. Aprire nuovamente il file.

Potrebbe trattarsi di un problema temporaneo che si risolverà automaticamente rieseguendo il programma.

2.

Se il file risulta comunque non accessibile e:

- Si trova in rete,

è necessario che l'amministratore della rete verifichi la presenza di eventuali problemi di rete e che sia possibile contattare il server.

- Si trova in un disco rimovibile, ad esempio un disco floppy o un CD, verificare che il disco sia inserito correttamente nel computer.

3. Controllare e ripristinare il file system eseguendo CHKDSK. Per eseguire CHKDSK, fare clic sul pulsante Start, scegliere Esegui, digitare CMD, quindi scegliere OK. Al prompt dei comandi, digitare CHKDSK /F, quindi premere INVIO.

4. Se il problema persiste, ripristinare il file da una copia di backup.

5. Determinare se è possibile aprire altri file nello stesso disco. Se non è possibile, il disco potrebbe essere danneggiato. Se si tratta di un disco rigido, contattare l'amministratore o il fornitore dell'hardware

del computer per ottenere assistenza.

 

Dati aggiuntivi

Valore errore: 00000000

Tipo disco: 0

 

 

System errors:

=============

Error: (11/02/2017 08:45:41 AM) (Source: atapi) (EventID: 11) (User: )

Description: Il driver ha rilevato un errore del controller su \Device\Ide\IdePort3.

 

Error: (11/02/2017 08:44:27 AM) (Source: atapi) (EventID: 11) (User: )

Description: Il driver ha rilevato un errore del controller su \Device\Ide\IdePort3.

 

Error: (11/02/2017 08:43:25 AM) (Source: atapi) (EventID: 11) (User: )

Description: Il driver ha rilevato un errore del controller su \Device\Ide\IdePort3.

 

Error: (11/02/2017 08:43:07 AM) (Source: atapi) (EventID: 11) (User: )

Description: Il driver ha rilevato un errore del controller su \Device\Ide\IdePort3.

 

Error: (11/02/2017 08:42:56 AM) (Source: atapi) (EventID: 11) (User: )

Description: Il driver ha rilevato un errore del controller su \Device\Ide\IdePort3.

 

Error: (11/02/2017 08:42:54 AM) (Source: atapi) (EventID: 11) (User: )

Description: Il driver ha rilevato un errore del controller su \Device\Ide\IdePort3.

 

Error: (11/02/2017 08:42:45 AM) (Source: atapi) (EventID: 11) (User: )

Description: Il driver ha rilevato un errore del controller su \Device\Ide\IdePort3.

 

Error: (11/02/2017 08:39:05 AM) (Source: atapi) (EventID: 11) (User: )

Description: Il driver ha rilevato un errore del controller su \Device\Ide\IdePort3.

 

Error: (11/02/2017 08:38:59 AM) (Source: atapi) (EventID: 11) (User: )

Description: Il driver ha rilevato un errore del controller su \Device\Ide\IdePort3.

 

Error: (11/02/2017 08:38:31 AM) (Source: atapi) (EventID: 11) (User: )

Description: Il driver ha rilevato un errore del controller su \Device\Ide\IdePort3.

 

 

CodeIntegrity:

===================================

  Date: 2017-03-06 00:54:34.669

  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\PROCEXP152.SYS. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

 

  Date: 2017-03-06 00:54:34.669

  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\PROCEXP152.SYS. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

 

  Date: 2016-08-19 08:07:58.886

  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\farflt.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

 

  Date: 2016-08-19 08:06:05.756

  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

 

  Date: 2016-08-19 08:05:25.236

  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

 

  Date: 2016-08-19 08:05:25.220

  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

 

  Date: 2016-08-19 08:05:25.173

  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

 

  Date: 2016-08-19 08:05:25.095

  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

 

  Date: 2016-08-19 08:05:24.955

  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

 

  Date: 2016-08-19 08:05:24.814

  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz

Percentage of memory in use: 24%

Total physical RAM: 8191.12 MB

Available physical RAM: 6145.85 MB

Total Virtual: 16380.42 MB

Available Virtual: 14116.11 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:394.3 GB) (Free:33.2 GB) NTFS

Drive e: (Volume) (Fixed) (Total:537.11 GB) (Free:204.09 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 20C95F21)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=394.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=537.1 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

 

 

 

Thanks for your attention and support

 

P.s.

 

I know i've a lot of profile in google Chrome, i used it for testing purpose ;)


Edited by tasver, 02 November 2017 - 03:06 AM.


BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:06 AM

Posted 05 November 2017 - 09:02 AM

Greetings tasver and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin-x32: @adobe.com/AdobeReader -> C:\Users\Pinco\Desktop\Browser normali\OperaPortable_upload_by_speedzodiac\CommonFiles\Plugins\nppdf32.dll
2016-09-18 18:12 - 2016-09-18 18:12 - 025397336 _____ (One Click Root) C:\Users\Pinco\AppData\Local\TempOneClickRoot.exe
AlternateDataStreams: C:\ProgramData\TEMP:D24294C1 [147]
ExportKey: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate
Virustotal: C:\Windows\SysWOW64\amd_ags.dll
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check your browser performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Browser performance

Edited by Oh My!, 05 November 2017 - 09:38 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#3 tasver

tasver
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 05 November 2017 - 03:52 PM

Many many many thanks Oh My! It worked very well and all it's ok now.

I have a question : what means these line? Line 1 means that plugin was a dead link? Line 2 that file was moved where??? Line 3 i think i had an ADS, i know very well what is, and i see it is removed. Is right????

 

FF Plugin-x32: @adobe.com/AdobeReader -> C:\Users\Pinco\Desktop\Browser normali\OperaPortable_upload_by_speedzodiac\CommonFiles\Plugins\nppdf32.dll => not found.

C:\Users\Pinco\AppData\Local\TempOneClickRoot.exe => moved successfully
C:\ProgramData\TEMP => ":D24294C1" ADS removed successfully.

 

Browser performance is perfect!

 

This is the fixlog

 

Thanks for the help!

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by Pinco (05-11-2017 21:23:13) Run:1
Running from C:\Users\Pinco\Desktop
Loaded Profiles: Pinco (Available Profiles: Pinco & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin-x32: @adobe.com/AdobeReader -> C:\Users\Pinco\Desktop\Browser normali\OperaPortable_upload_by_speedzodiac\CommonFiles\Plugins\nppdf32.dll
2016-09-18 18:12 - 2016-09-18 18:12 - 025397336 _____ (One Click Root) C:\Users\Pinco\AppData\Local\TempOneClickRoot.exe
AlternateDataStreams: C:\ProgramData\TEMP:D24294C1 [147]
ExportKey: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate
Virustotal: C:\Windows\SysWOW64\amd_ags.dll
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/AdobeReader => key removed successfully
FF Plugin-x32: @adobe.com/AdobeReader -> C:\Users\Pinco\Desktop\Browser normali\OperaPortable_upload_by_speedzodiac\CommonFiles\Plugins\nppdf32.dll => not found.
C:\Users\Pinco\AppData\Local\TempOneClickRoot.exe => moved successfully
C:\ProgramData\TEMP => ":D24294C1" ADS removed successfully.
================== ExportKey: ===================
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate" => not found
 
=== End of ExportKey ===
 
========= netsh winsock reset catalog =========
 
 
Reimpostazione catalogo Winsock completata.
Ô necessario riavviare il computer per completare l'operazione.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reimpostazione di Globale in corso. Completata.
Reimpostazione di Interfaccia in corso. Completata.
Reimpostazione di Indirizzo Unicast in corso. Completata.
Reimpostazione di Route in corso. Completata.
Reimpostazione di Sottointerfaccia in corso. Completata.
Riavviare il computer per completare l'azione.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
OK.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
OK.
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Configurazione IP di Windows
 
Cache del resolver DNS svuotata.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-3875199424-4264934349-213251160-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3875199424-4264934349-213251160-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3875199424-4264934349-213251160-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21990150 B
Java, Flash, Steam htmlcache => 259173607 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 69966930 B
Firefox => 36475808 B
Opera => 113971800 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 136848 B
systemprofile32 => 231834 B
LocalService => 16384 B
NetworkService => 0 B
Pinco => 623827863 B
TEMP => 56498 B
Guest => 170545 B
 
RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:26:36 ====


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:06 AM

Posted 05 November 2017 - 04:14 PM

Greetings.

:thumbsup2:

Yes, the first one doesn't exist. The second 2 were moved into quarantine and will be deleted when we finish up and run a last tool.

Let's run these now.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#5 tasver

tasver
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 08 November 2017 - 03:03 AM

I've used eset online scanner it took something like 8-9 hour to finish the scan.

It founded only two real threat, that's because it deleted all the crack of thegames and software, crack that are simply legit, they didn't nothing bad to my pc, everytime i check on another pc that have comodo firewall too, and never that crack tryied to go on web... I'm sure that the AV company are been payed from the software house to insert the crack of the software...

Btw all antivirus, antimalware never found these two real thread and i'm happy, these are the two real thread that i've deleted, the other i've restored...

 

 

Here is the log of ESET

C:\Games\South Park - The Stick of Truth\Rollback Last Update\Backup\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application cleaned by deleting
C:\Program Files (x86)\1C-SoftClub\King's Bounty - Warriors of the North\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application cleaned by deleting
C:\Program Files (x86)\Dead Rising 3 Apocalypse Edition\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting
C:\Program Files (x86)\Freemake\Freemake Audio Converter\SetupUpdate.exe a variant of Win32/FusionCore.K potentially unwanted application cleaned by deleting
C:\Program Files (x86)\R.G.Freedom\Kings Bounty Dark Side\steam_api.dll a variant of Win32/HackTool.Crack.CM potentially unsafe application cleaned by deleting
C:\Program Files (x86)\William Hill Casino Italy\regtrk.exe a variant of Win32/Toolbar.CrossRider.DS potentially unwanted application cleaned by deleting
C:\Windows\Installer\MSI5BBF.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting
E:\Download\Caratteri-Media-Compressione\FoxitReader606.0722_enu_Setup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
E:\Download\Caratteri-Media-Compressione\Nero PR 7.9.6.0 Multilanguage\Keygen.exe Win32/Keygen.AJ potentially unsafe application cleaned by deleting
E:\Download\Caratteri-Media-Compressione\WinRAR 5.01 Final (x86-x64) [ITA]\FFF\KEYGEN-FFF.exe a variant of Win32/Keygen.AI potentially unsafe application cleaned by deleting
E:\Download\Giochi\The Evil Within [Steam-Rip]\Crack\files\steam_api64.dll a variant of Win64/HackTool.Crack.F potentially unsafe application cleaned by deleting
E:\Download\Giochi\Warriors.of.the.North.Valhalla.EditionIce&Fire\Crack\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application cleaned by deleting
E:\Download\Software\CyberLink.PowerDVD.Ultra.15.0.1510.58 (menin).zip a variant of Win32/Keygen.AU potentially unsafe application deleted
E:\Download\Software\KMSpico_10.1.8.2_by_Gionick.rar a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application deleted
E:\Download\Software\WIN7SP1ULTAIOESD.03.2015.ByCilindrico74.iso Win32/HackTool.WinActivator.I potentially unsafe application deleted
E:\Download\Software\Windows.10.Pro.RS2.v1703-64Bit..Office.2016.Pro.Plus.Attivo.Ago17.rar a variant of MSIL/HackTool.WinActivator.J potentially unsafe application deleted
E:\Download\Software\KMSpico 10.2.0 Final + Portable\KMSpico Install\KMSpico_setup.exe a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application cleaned by deleting
E:\Download\Software\KMSpico 10.2.0 Final + Portable\KMSpico Portable\AutoPico.exe a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application cleaned by deleting
E:\Download\Software\KMSpico 10.2.0 Final + Portable\KMSpico Portable\KMSELDI.exe MSIL/HackTool.IdleKMS.I potentially unsafe application cleaned by deleting
E:\Download\Software\MS Office 2010\OTK2010V201.zip a variant of MSIL/HackKMS.A potentially unsafe application deleted
E:\Google Drive\Famiglia\Enrico\CISCO&VESTAS&DOC\Vario\utility\Dvd\Nero 8\Nero-8.3.2.1_ita_trial.exe Win32/Toolbar.AskSBar potentially unwanted application cleaned by deleting
 

 

 

 

 

And the log of Security Analysis 

 

 

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 27th October, 2017
Running from:C:\Users\Pinco\Desktop (19:21:16 - 11/06/2017)
***---------------------------------------------------------***
Microsoft Windows 7 Ultimate X64 Service Pack 1
UAC is Disabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Kaspersky Free (Enabled - up to Date)
Kaspersky Free (Enabled - up to Date)
Windows Defender (Enabled - Not up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (27.0.0.180) ==> is out of Date
CCleaner (5.35)
Google Chrome (62.0.3202.75)
Java (8.0.1310.11)
Malwarebytes (3.2.2.2018)
Microsoft Silverlight (5.1.50905.0)
Mozilla Firefox (56.0.2)
Opera (48.0.2685.52)
Windows Live Essentials (16.4.3528.0331) ==> is no longer supported
 
***----------------Analysis Complete-------------------------***

 

 

 

Thanks for your help ;)



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:06 AM

Posted 08 November 2017 - 12:02 PM

You are very welcome

We need to update one program. Please do this.

===================================================

Update Adobe Flash Player

--------------------
  • Download Adobe Flash Player here and save it to your desktop. Uncheck optional offers
  • Close any open browsers
  • Click on Install Now
  • Click Save File and save the file to your Desktop
  • Double click on the FlashPlayer icon on your Desktop and allow the installer to run
  • When completed click Finish
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Adobe update?
  • Are there any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#7 tasver

tasver
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 10 November 2017 - 03:36 AM

Many many many thanks oh my! All is updated and all is working good :o

 

See you soo in the forum ;)



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:06 AM

Posted 10 November 2017 - 10:05 AM

Excellent.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:06 AM

Posted 12 November 2017 - 01:41 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users