Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015 Ran by Roberto (administrator) on ALIENROB (07-12-2015 09:14:10) Running from C:\Users\Roberto\Desktop Loaded Profiles: Roberto (Available Profiles: Roberto) Platform: Windows 8 (X64) Language: Italiano (Italia) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\WINDOWS\System32\LogonUI.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe (Intel Corporation) C:\WINDOWS\System32\igfxpers.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe (SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe () C:\Program Files (x86)\AlienRespawn\Components\Shell\DBRCrawler.exe (PC-Doctor, Inc.) C:\Program Files\AlienAutopsy\uaclauncher.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-14] (Realtek Semiconductor) HKLM\...\Run: [] => [X] HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-07-25] (Alienware) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15003256 2015-09-19] (Logitech Inc.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179928 2013-01-03] (cyberlink) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-626076182-1482156565-3366870657-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd) HKU\S-1-5-21-626076182-1482156565-3366870657-1002\...\MountPoints2: {506c9113-6e61-11e5-be71-848f69f5f79f} - "H:\autorun.exe" HKU\S-1-5-21-626076182-1482156565-3366870657-1002\...\MountPoints2: {8e287f84-757a-11e5-be72-848f69f5f79f} - "F:\setup.exe" HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1 AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-01-18] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-01-18] (NVIDIA Corporation) Startup: C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_YOUR_FILES.HTML [2015-12-05] () Startup: C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_YOUR_FILES.PNG [2015-12-05] () Startup: C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_YOUR_FILES.TXT [2015-12-05] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{0A91B313-8321-4505-AEA3-28C71876C84D}: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250 Tcpip\..\Interfaces\{B63BE684-2ECF-45F9-9FA2-83F0689725AF}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-626076182-1482156565-3366870657-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-626076182-1482156565-3366870657-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alienwarearena.com/welcome-it SearchScopes: HKU\S-1-5-21-626076182-1482156565-3366870657-1002 -> DefaultScope {047885AF-E666-4128-B232-51AF7358A5BD} URL = SearchScopes: HKU\S-1-5-21-626076182-1482156565-3366870657-1002 -> {047885AF-E666-4128-B232-51AF7358A5BD} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-03] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-03] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\yockmldb.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-03] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Extension: CMediaPropertyBag - C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\yockmldb.default\extensions\{CDB03F5E-0916-64D3-E443-006FF42313DF} [2015-12-05] [not signed] FF Extension: Adblock Plus - C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\yockmldb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-26] FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed] Chrome: ======= CHR Profile: C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Presentazioni Google) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-21] CHR Extension: (Documenti Google) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-21] CHR Extension: (Google Drive) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Biohazard Theme 1920x1080) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmffemdapcblhlkimkcnjfbagamejjcn [2015-09-21] CHR Extension: (Google Search) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Fogli Google) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-21] CHR Extension: (Google Documenti offline) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17] CHR Extension: (AdBlock) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-05] CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-21] CHR Extension: (Gmail) - C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-21] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AlienFXWindowsService; C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe [13168 2012-07-25] (Alienware) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245888 2013-01-02] (CyberLink) S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed] R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation) R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-19] (Logitech Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MSI_ODD_Service; c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [76800 2011-10-05] (Micro-Star Int'l Co., Ltd.) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] () R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-12] (Stardock Software, Inc) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender) U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender) R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-10-11] (Disc Soft Ltd) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation) R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-10-27] (LogMeIn Inc.) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-07] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2015-11-17] (Macrovision Europe Ltd) [File not signed] U3 TrueSight; C:\WINDOWS\System32\Drivers\TrueSight.sys [30848 2015-12-07] () R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-07 09:14 - 2015-12-07 09:14 - 00020519 _____ C:\Users\Roberto\Desktop\FRST.txt 2015-12-07 09:14 - 2015-12-07 09:14 - 00000000 ____D C:\FRST 2015-12-07 09:11 - 2015-12-07 09:11 - 00000876 _____ C:\Users\Roberto\Desktop\BitDefender log.txt 2015-12-07 09:06 - 2015-12-07 09:06 - 02369024 _____ (Farbar) C:\Users\Roberto\Desktop\FRST64.exe 2015-12-06 16:08 - 2014-09-18 19:13 - 00000114 ____H C:\DBAR_Ver.txt 2015-12-06 16:01 - 2015-12-07 08:57 - 00000000 ____D C:\Users\Roberto\AppData\Local\CrashDumps 2015-12-06 15:32 - 2015-12-07 09:13 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-12-06 15:32 - 2015-12-06 15:57 - 00000000 ____D C:\ProgramData\RogueKiller 2015-12-06 15:30 - 2015-12-06 15:32 - 20826184 _____ C:\Users\Roberto\Downloads\RogueKiller.exe 2015-12-06 12:18 - 2015-12-06 14:00 - 00915466 _____ C:\Windows\ntbtlog.txt 2015-12-06 12:03 - 2015-12-06 12:03 - 00000316 _____ C:\Windows\system32\.crusader 2015-12-06 11:23 - 2015-12-06 11:53 - 00000000 ____D C:\ProgramData\HitmanPro 2015-12-06 11:22 - 2015-12-07 09:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-06 11:22 - 2015-12-06 11:23 - 11337112 _____ (SurfRight B.V.) C:\Users\Roberto\Downloads\HitmanPro_x64.exe 2015-12-06 11:22 - 2015-12-06 11:22 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-12-06 11:22 - 2015-12-06 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-12-06 11:22 - 2015-12-06 11:22 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-06 11:22 - 2015-12-06 11:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-12-06 11:22 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-12-06 11:22 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-12-06 11:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-12-06 11:18 - 2015-12-06 11:21 - 22908888 _____ (Malwarebytes ) C:\Users\Roberto\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-06 02:31 - 2015-12-06 16:01 - 00002902 _____ C:\Windows\System32\Tasks\AutoKMS 2015-12-06 02:31 - 2015-12-06 16:01 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job 2015-12-06 02:31 - 2015-12-06 11:41 - 00000000 ____D C:\Windows\AutoKMS 2015-12-06 02:28 - 2015-12-06 02:28 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2015-12-06 02:28 - 2015-12-06 02:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2015-12-06 02:28 - 2015-12-06 02:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-12-06 02:27 - 2015-12-06 02:27 - 00000000 ____D C:\Windows\PCHEALTH 2015-12-06 02:27 - 2015-12-06 02:27 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services 2015-12-06 02:27 - 2015-12-06 02:27 - 00000000 ____D C:\Program Files\Microsoft Sync Framework 2015-12-06 02:27 - 2015-12-06 02:27 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition 2015-12-06 02:27 - 2015-12-06 02:27 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2015-12-06 02:25 - 2015-12-06 02:27 - 00000000 ____D C:\Program Files\Microsoft Office 2015-12-06 02:25 - 2015-12-06 02:25 - 00000000 __RHD C:\MSOCache 2015-12-06 02:25 - 2015-12-06 02:25 - 00000000 ____D C:\Users\Roberto\AppData\Local\Microsoft Help 2015-12-06 02:25 - 2015-12-06 02:25 - 00000000 ____D C:\Program Files\Microsoft Analysis Services 2015-12-06 02:25 - 2015-12-06 02:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2015-12-06 02:25 - 2015-12-06 02:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-12-06 02:25 - 2015-12-06 02:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2015-12-05 19:42 - 2015-12-05 19:50 - 00000000 ____D C:\Users\Roberto\Downloads\Microsoft Office 2010 Pro Plus (x86x64 - NLUK) NLUPPER 2015-12-05 19:40 - 2015-12-06 02:30 - 00000000 ____D C:\Users\Roberto\Downloads\Office.2010.Toolkit.and.EZ-Activator.2.2.3 2015-12-05 17:30 - 2015-12-05 17:30 - 00259466 _____ C:\ProgramData\1449332720.bdinstall.bin 2015-12-05 17:29 - 2015-12-05 17:40 - 00002842 _____ C:\Windows\system32\lic2.xml135 2015-12-05 17:29 - 2015-12-05 17:29 - 00002174 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk 2015-12-05 17:29 - 2015-12-05 17:29 - 00000000 ____D C:\Windows\LastGood.Tmp 2015-12-05 17:29 - 2015-12-05 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition 2015-12-05 17:29 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys 2015-12-05 17:29 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys 2015-12-05 17:29 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys 2015-12-05 17:29 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2015-12-05 17:26 - 2015-12-05 17:29 - 00000000 ____D C:\Program Files\Bitdefender 2015-12-05 17:25 - 2015-12-05 17:26 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\QuickScan 2015-12-05 17:25 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys 2015-12-05 17:25 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys 2015-12-05 17:24 - 2015-12-05 17:25 - 10447328 _____ C:\Users\Roberto\Downloads\Antivirus_Free_Edition_x64.exe 2015-12-05 17:24 - 2015-12-05 17:24 - 00162208 _____ C:\Users\Roberto\Downloads\Antivirus_Free_Edition.exe 2015-12-05 16:39 - 2015-12-05 16:39 - 04096088 _____ C:\Users\Roberto\Documents\xpp9z.8v 2015-12-05 16:33 - 2015-12-05 16:33 - 11329040 _____ C:\Users\Roberto\Documents\3uf2b9008.ix8jk 2015-12-05 16:33 - 2015-12-05 16:33 - 04486844 _____ C:\Users\Roberto\Documents\8pg1b3a3j.0j 2015-12-05 16:33 - 2015-12-05 16:33 - 04094824 _____ C:\Users\Roberto\Documents\74adfhph8z.1uz4 2015-12-05 16:33 - 2015-12-05 16:33 - 00426012 _____ C:\Users\Roberto\Documents\1jb6x2.1v 2015-12-05 16:33 - 2015-12-05 16:33 - 00202716 _____ C:\Users\Roberto\Documents\jqljnb51p.9m 2015-12-05 16:33 - 2015-12-05 16:33 - 00159340 _____ C:\Users\Roberto\Documents\a8p2jy888v.h47ks 2015-12-05 16:16 - 2015-12-05 17:41 - 00000000 ____D C:\Users\Roberto\AppData\Local\Apworks 2015-12-05 16:15 - 2015-12-06 11:39 - 00000000 ____D C:\Users\Roberto\AppData\Local\USJmedia 2015-12-03 22:04 - 2015-12-03 22:05 - 10255360 _____ (MiKTeX.org) C:\Users\Roberto\Downloads\setup-2.9.5721-x64.exe 2015-12-03 00:23 - 2015-12-03 00:44 - 178712840 _____ (MiKTeX.org) C:\Users\Roberto\Downloads\basic-miktex-2.9.5721.exe 2015-11-21 19:57 - 2015-11-21 19:57 - 00001607 _____ C:\Users\Roberto\Desktop\Black & White.lnk 2015-11-21 12:58 - 2015-11-21 13:21 - 00000000 ____D C:\Users\Roberto\Desktop\Nuova cartella (2) 2015-11-21 11:41 - 2015-11-21 11:41 - 00001048 _____ C:\Users\Public\Desktop\Patrician III.lnk 2015-11-21 11:41 - 2015-11-21 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Patrician III - Impero dei Mari 2015-11-21 11:38 - 2015-11-21 11:41 - 00000000 ___HD C:\Program Files (x86)\FX Uninstall Information 2015-11-21 11:38 - 2015-11-21 11:41 - 00000000 ____D C:\Program Files (x86)\Patrician III - Impero dei Mari 2015-11-19 21:32 - 2015-12-05 01:12 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\vlc 2015-11-19 21:32 - 2015-12-05 01:05 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\dvdcss 2015-11-19 21:32 - 2015-11-19 21:32 - 00001068 _____ C:\Users\Public\Desktop\VLC media player.lnk 2015-11-19 21:32 - 2015-11-19 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-11-19 21:31 - 2015-11-19 21:31 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2015-11-19 21:28 - 2015-11-19 21:31 - 28849904 _____ C:\Users\Roberto\Downloads\vlc-2.2.1-win32.exe 2015-11-19 21:26 - 2015-12-05 16:28 - 00000000 ____D C:\Users\Roberto\AppData\Local\Cyberlink 2015-11-19 21:26 - 2015-11-19 21:26 - 00000000 ____D C:\Users\Roberto\Documents\CyberLink 2015-11-19 21:26 - 2015-11-19 21:26 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\CyberLink 2015-11-19 20:49 - 2015-11-19 20:49 - 00000000 ____D C:\Users\Roberto\Desktop\Robin hood temp 2015-11-19 20:43 - 2015-11-19 20:43 - 00000864 _____ C:\Users\Roberto\Desktop\Robin Hood - La Leggenda di Sherwood.lnk 2015-11-19 20:42 - 2015-11-19 20:42 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wanadoo Edition 2015-11-19 20:42 - 2015-11-19 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wanadoo Edition 2015-11-17 19:38 - 2015-11-17 19:38 - 00003082 _____ C:\Windows\System32\Tasks\{4EA74697-E8EA-4E1A-AE36-3094A17BA6C7} 2015-11-17 19:36 - 2015-11-17 19:51 - 00012400 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS 2015-11-17 19:36 - 2015-11-17 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis 2015-11-14 02:28 - 2015-11-14 02:28 - 00454625 _____ C:\Users\Roberto\Documents\IMSLP36894-PMLP02641-Chopin_-_Marche_Fun__bre__Op.72_No.2.pdf 2015-11-11 12:06 - 2015-11-11 12:06 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2015-11-11 12:04 - 2012-09-29 13:26 - 01366528 _____ C:\Windows\system32\HPM1210SM.exe 2015-11-11 12:04 - 2012-09-29 13:05 - 00350720 _____ C:\Windows\system32\mvhlewsi.DLL 2015-11-11 11:53 - 2012-11-08 04:00 - 00091648 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\m1210nwia2.dll 2015-11-11 11:53 - 2012-11-08 04:00 - 00056320 _____ C:\Windows\system32\HPM1210SMs.dll 2015-11-11 11:53 - 2012-11-08 04:00 - 00038912 _____ C:\Windows\system32\HPImgFlt.dll 2015-11-11 11:12 - 2015-11-11 11:33 - 222998632 _____ C:\Users\Roberto\Downloads\LJM1130_M1210_MFP_Full_Solution.exe 2015-11-10 07:49 - 2015-11-10 07:49 - 00780019 _____ C:\Users\Roberto\Downloads\A.Di.S.U._Ateneo_Federico_II_-_Azienda_Pubblica_della_Regione_Campania_per_il_Diritto_allo_Studio_Unversitario_-_Smart_card_ecco_come_averla_o_riattivarla_-_2013-11-11.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-07 09:14 - 2012-07-26 06:37 - 00000000 ____D C:\WINDOWS 2015-12-07 08:57 - 2015-09-21 13:51 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-626076182-1482156565-3366870657-1002 2015-12-07 08:57 - 2013-04-20 14:43 - 00000000 ____D C:\Program Files (x86)\AlienRespawn 2015-12-07 08:54 - 2015-09-21 13:44 - 00001176 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-07 08:52 - 2015-09-21 13:44 - 00001172 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-06 17:32 - 2015-09-21 13:25 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-06 16:45 - 2013-04-20 14:37 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-06 16:07 - 2012-07-26 10:55 - 00790138 _____ C:\Windows\system32\perfh010.dat 2015-12-06 16:07 - 2012-07-26 10:55 - 00153008 _____ C:\Windows\system32\perfc010.dat 2015-12-06 16:07 - 2012-07-26 08:28 - 01781840 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-06 16:07 - 2012-07-26 06:37 - 00000000 ____D C:\Windows\Inf 2015-12-06 16:01 - 2015-09-26 13:57 - 00215040 ___SH C:\Users\Roberto\Desktop\Thumbs.db 2015-12-06 16:00 - 2015-10-26 13:01 - 00000330 _____ C:\Windows\Tasks\ZQPIU.job 2015-12-06 16:00 - 2013-04-20 14:09 - 00000000 ____D C:\ProgramData\NVIDIA 2015-12-06 16:00 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-06 15:59 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-12-06 11:40 - 2015-09-21 15:48 - 00443968 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-06 11:39 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\Globalization 2015-12-06 02:27 - 2013-04-20 14:19 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-12-06 02:27 - 2012-07-26 10:58 - 00000000 ____D C:\Windows\ShellNew 2015-12-06 02:27 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-12-06 02:25 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Common Files\System 2015-12-06 02:25 - 2012-07-26 06:26 - 00000167 _____ C:\Windows\win.ini 2015-12-06 02:22 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-12-06 02:13 - 2015-10-07 11:38 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\uTorrent 2015-12-05 17:35 - 2015-09-21 14:47 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\Skype 2015-12-05 17:15 - 2015-10-02 00:10 - 00000000 ____D C:\Users\Roberto\Desktop\JDF Civpack 2015-12-05 16:41 - 2015-09-21 12:22 - 00000000 ____D C:\Users\Roberto 2015-12-05 16:39 - 2015-09-21 18:12 - 00000000 ____D C:\Users\Roberto\Documents\StarCraft II 2015-12-05 16:38 - 2015-10-11 19:41 - 00000000 ____D C:\Users\Roberto\Documents\Neverwinter Nights 2 2015-12-05 16:38 - 2015-09-21 22:29 - 00000000 ____D C:\Users\Roberto\Documents\My Games 2015-12-05 16:33 - 2015-10-11 16:53 - 00000000 ____D C:\Users\Roberto\Desktop\Neverwinter Nights 2 Platinum Edition [MULTI5][PCDVD][PROPHET][WwW.GamesTorrents.CoM] 2015-12-05 16:33 - 2015-10-07 11:31 - 00000000 ____D C:\Users\Roberto\Desktop\Microbiologia e Immunologia 2015-12-05 16:28 - 2015-10-20 18:49 - 00000000 ____D C:\Users\Roberto\AppData\Local\LogMeIn Hamachi 2015-12-05 16:28 - 2015-10-11 16:57 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\DAEMON Tools Lite 2015-12-05 16:28 - 2015-09-22 20:14 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\TS3Client 2015-12-05 16:28 - 2015-09-21 18:10 - 00000000 ____D C:\Users\Roberto\AppData\Local\Blizzard Entertainment 2015-12-05 16:28 - 2015-09-21 14:47 - 00000000 ____D C:\Users\Roberto\AppData\Local\Skype 2015-12-05 16:28 - 2015-09-21 13:44 - 00000000 ____D C:\Users\Roberto\AppData\Local\Google 2015-12-05 16:28 - 2015-09-21 12:34 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\Mozilla 2015-12-05 16:28 - 2015-09-21 12:26 - 00000000 ____D C:\Users\Roberto\AppData\Local\Stardock 2015-12-05 16:28 - 2015-09-21 12:23 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\Adobe 2015-12-05 16:27 - 2015-09-21 18:10 - 00000000 ____D C:\Users\Roberto\AppData\Local\Battle.net 2015-12-05 16:27 - 2015-09-21 18:00 - 00000000 ____D C:\ProgramData\Battle.net 2015-12-05 16:27 - 2015-09-21 14:09 - 00000000 ____D C:\ProgramData\LogiShrd 2015-12-05 16:27 - 2013-04-20 14:38 - 00000000 ____D C:\ProgramData\PCDr 2015-12-05 16:27 - 2013-04-20 14:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-12-05 12:49 - 2015-09-21 13:44 - 00004148 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-05 12:49 - 2015-09-21 13:44 - 00003912 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-03 22:01 - 2013-04-20 14:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-12-03 20:50 - 2015-09-21 13:46 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-03 20:16 - 2015-09-21 13:41 - 00000000 ____D C:\Users\Roberto\.oracle_jre_usage 2015-12-03 20:16 - 2015-09-21 13:41 - 00000000 ____D C:\ProgramData\Oracle 2015-12-03 20:16 - 2015-09-21 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-12-03 20:16 - 2015-09-21 13:40 - 00000000 ____D C:\Program Files (x86)\Java 2015-12-03 20:15 - 2015-09-21 13:41 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-12-02 17:12 - 2015-10-26 13:02 - 00000000 ____D C:\Users\Roberto\AppData\Local\ElevatedDiagnostics 2015-12-02 10:49 - 2015-09-21 14:47 - 00000000 ____D C:\ProgramData\Skype 2015-11-27 23:22 - 2015-10-26 13:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-21 13:30 - 2015-09-21 15:24 - 00000000 ____D C:\Games 2015-11-19 21:26 - 2013-04-20 14:39 - 00000000 ____D C:\ProgramData\CyberLink 2015-11-17 19:52 - 2015-10-28 12:43 - 00000000 ____D C:\Users\Roberto\AppData\Roaming\GameRanger 2015-11-17 00:23 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\LiveKernelReports 2015-11-10 22:32 - 2015-09-21 13:25 - 00003866 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-09 00:34 - 2015-11-04 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-09 00:34 - 2015-09-21 12:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-11-09 00:31 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF ==================== Files in the root of some directories ======= 2015-12-05 16:28 - 2015-12-05 16:28 - 0047755 _____ () C:\Users\Roberto\AppData\Roaming\HELP_YOUR_FILES.PNG 2015-12-05 16:28 - 2015-12-05 16:28 - 0047755 _____ () C:\Users\Roberto\AppData\Local\HELP_YOUR_FILES.PNG 2015-12-05 17:30 - 2015-12-05 17:30 - 0259466 _____ () C:\ProgramData\1449332720.bdinstall.bin 2015-12-05 16:27 - 2015-12-05 16:27 - 0047755 _____ () C:\ProgramData\HELP_YOUR_FILES.PNG 2013-04-20 14:42 - 2013-04-20 14:42 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-04-20 14:40 - 2013-04-20 14:40 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-04-20 14:40 - 2013-04-20 14:41 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-04-20 14:39 - 2013-04-20 14:40 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-04-20 14:41 - 2013-04-20 14:42 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log Some files in TEMP: ==================== C:\Users\Roberto\AppData\Local\Temp\AutoRun.exe C:\Users\Roberto\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Roberto\AppData\Local\Temp\COMAP.EXE C:\Users\Roberto\AppData\Local\Temp\DJAPI.dll C:\Users\Roberto\AppData\Local\Temp\dllnt_dump.dll C:\Users\Roberto\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\Roberto\AppData\Local\Temp\ose00000.exe C:\Users\Roberto\AppData\Local\Temp\siuninst.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-30 13:17 ==================== End of FRST.txt ============================