Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017 Ran by andre (09-02-2017 19:54:21) Running from C:\Users\andre\Downloads Windows 10 Pro Version 1607 (X64) (2016-08-06 10:14:48) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-145242487-1084527268-1276034731-500 - Administrator - Disabled) andre (S-1-5-21-145242487-1084527268-1276034731-1001 - Administrator - Enabled) => C:\Users\andre DefaultAccount (S-1-5-21-145242487-1084527268-1276034731-503 - Limited - Disabled) Guest (S-1-5-21-145242487-1084527268-1276034731-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 5-button Mouse Driver (HKLM-x32\...\InstallShield_{7B926DFB-431E-449F-B829-E45D928BCA55}) (Version: 6.1 - Targa GmbH) 5-button Mouse Driver (x32 Version: 6.1 - Targa GmbH) Hidden Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated) Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\{F83DD803-2467-4D07-9D6F-87AF0434410A}) (Version: 11.9.900.170 - Adobe Systems Incorporated) Aggiornamenti NVIDIA 2.11.4.0 (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Airfoil (HKLM-x32\...\Airfoil) (Version: 5.1.5 - Rogue Amoeba) American Truck Simulator (HKLM-x32\...\American Truck Simulator_is1) (Version: - ) Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.) Ansel (Version: 368.81 - NVIDIA Corporation) Hidden Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden Arduino (HKLM-x32\...\Arduino) (Version: 1.6.9 - Arduino LLC) Assetto Corsa (HKLM-x32\...\Assetto Corsa_is1) (Version: - ) Assetto Corsa Update v1.1 Incl. Dream Pack 1 (HKLM-x32\...\QXNzZXR0b0NvcnNh_is1) (Version: 1 - ) ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.8.3.0 - ASUSTek COMPUTER INC.) ASUS GPU Tweak (x32 Version: 2.8.3.0 - ASUSTek COMPUTER INC.) Hidden AtHomeVideoStreamer Version3.0.1 (HKLM-x32\...\{B659A0AE-7339-41DF-A7BA-81EBEBF91321}_is1) (Version: - iChano Inc.) Atom (HKU\S-1-5-21-145242487-1084527268-1276034731-1001\...\atom) (Version: 1.12.9 - GitHub Inc.) Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden Bitcoin Core (64-bit) (HKU\S-1-5-21-145242487-1084527268-1276034731-1001\...\Bitcoin Core (64-bit)) (Version: 0.13.0 - Bitcoin Core project) Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bus Simulator 16 Update v0.0.768.7023 (HKLM\...\YnVzc2ltdWxhdG9yMTY_is1) (Version: 1 - ) Call of Duty: Black Ops III (HKLM\...\Q2FsbG9mRHV0eUJsYWNrT3BzSUlJ_is1) (Version: 1 - ) Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version: - Cheat Engine) CINEMA 4D 16.011 (HKLM\...\MAXON8B6F11F9) (Version: 16.011 - MAXON Computer GmbH) Cisco Packet Tracer 7.0 64Bit (HKLM\...\Cisco Packet Tracer 7.0 64Bit_is1) (Version: - Cisco Systems, Inc.) City Car Driving Home Edition (HKLM\...\Q2l0eUNhckRyaXZpbmc=_is1) (Version: 1 - ) CL-Eye Driver (HKLM-x32\...\CL-Eye Driver) (Version: 5.3.0.0341 - Code Laboratories, Inc.) CodeBlocks (HKU\S-1-5-21-145242487-1084527268-1276034731-1001\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team) CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.2.7 - Foolish IT LLC) CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) DiRT Rally Update v1.03 (HKLM\...\ZGlydHJhbGx5_is1) (Version: 1 - ) Discord (HKU\S-1-5-21-145242487-1084527268-1276034731-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.) Dotfuscator and Analytics Community Edition 5.18.1 (x32 Version: 5.18.1.2898 - PreEmptive Solutions) Hidden Driver Updater (HKLM-x32\...\Driver Updater_is1) (Version: - driverlibs.com) EaseUS Partition Master 11.0 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS) EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies) Entity Framework 6.1.3 Tools for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation) Farming Simulator 17 (HKLM\...\ZmFybWluZ3NpbXVsYXRvcjE3_is1) (Version: 1 - ) Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation) FileZilla Client 3.20.1 (HKLM-x32\...\FileZilla Client) (Version: 3.20.1 - Tim Kosse) FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) FormatFactory 3.7.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.7.5.0 - Free Time) Franz (HKU\S-1-5-21-145242487-1084527268-1276034731-1001\...\Franz) (Version: 4.0.4 - Franz) Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.4 - Ellora Assets Corporation) GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.171.0 - International GeoGebra Institute) Git version 2.11.0.3 (HKLM\...\Git_is1) (Version: 2.11.0.3 - The Git Development Community) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games) Handset WinDriver 1.03.02.00 (HKLM-x32\...\Handset WinDriver) (Version: 1.03.02.00 - Huawei technologies Co., Ltd.) Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden HitLeap Viewer 2.8 (HKLM-x32\...\{31B12C11-AE4E-479F-8D6D-242DC265368D}) (Version: 2.8 - HitLeap Ltd.) HP Officejet Pro 8600 ? (HKLM-x32\...\{EBE7C6D9-9A3F-4C59-9574-07ABE2FDF7BE}) (Version: 28.0.0 - Hewlett Packard) HP Officejet Pro 8600 Software di base dispositivo (HKLM\...\{35D14F1B-CB25-4C40-9E77-0441D62183CB}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation) Intel® Hardware Accelerated Execution Manager (HKLM\...\{30F3FF94-225B-4319-A13C-E307FFDA3CFB}) (Version: 6.0.1 - Intel Corporation) IntelliJ IDEA Community Edition 15.0.4 (HKLM-x32\...\IntelliJ IDEA Community Edition 15.0.4) (Version: 143.2287.1 - JetBrains s.r.o.) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.20 - IObit) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation) Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation) JetBrains WebStorm 11.0.1 (HKLM-x32\...\WebStorm 11.0.1) (Version: 143.382.36 - JetBrains s.r.o.) KeePass Password Safe 1.31 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.31 - Dominik Reichl) Kingo ROOT version 1.4.9.2847 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.4.9.2847 - Kingosoft Technology Ltd.) KingRoot °æ±¾ 3.4.0.1142 (HKLM-x32\...\{FA3B7324-9EB4-4ADC-84D0-5461BE113832}_is1) (Version: 3.4.0.1142 - KingRoot) Language Pack del Visualizzatore della Guida Microsoft 2.2 - ITA (x32 Version: 2.2.23107 - Microsoft Corporation) Hidden Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech) Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MEmu (HKLM-x32\...\MEmu) (Version: 2.8.2.1 - Microvirt) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (Italiano) (HKLM-x32\...\{46539A2C-DCEB-4BB1-BBBF-CAA06967E509}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (Italiano) (HKLM-x32\...\{6F11CC18-8212-45BF-875B-EBF89F83068F}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation) Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{60B9E230-65C3-4A54-9659-1313FBC051B3}) (Version: 13.0.2164.0 - Microsoft Corporation) Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM-x32\...\{CEC7A6DA-4771-4617-BAFA-21F75263278F}) (Version: 13.0.2164.0 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation) Microsoft Help Viewer 2.2 Language Pack - ITA (HKLM-x32\...\Language Pack del Visualizzatore della Guida Microsoft 2.2 - ITA) (Version: 2.2.23107 - Microsoft Corporation) Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{0179E5DE-708A-4555-9BB9-7331718EEAE1}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1031 - Microsoft Corporation) Microsoft Office Language Pack 2013 - Italian/Italiano (HKLM\...\Office15.OMUI.it-it) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Project Professional 2016 (HKLM\...\Office16.PRJPRO) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{61AB8577-B46C-492A-882E-C0F7AA6F49FB}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2016 ADOMD.NET (HKLM-x32\...\{8DA81888-037F-409C-AB2A-EA12706DEF17}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft SQL Server 2016 Analysis Management Objects (HKLM-x32\...\{F8E0BE4C-7CEE-4837-957E-768723C84C3F}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB (HKLM\...\{9B5F46D7-66AE-4796-B563-CA909FE87D4B}) (Version: 13.0.2151.0 - Microsoft Corporation) Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft SQL Server 2016 T-SQL Language Service (HKLM\...\{FE3BF1DD-677E-4793-9770-C07AECC88882}) (Version: 13.0.14500.10 - Microsoft Corporation) Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ITA (HKLM\...\{E7BFD3A1-2152-4DE1-9F82-A478DD6097C9}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (14.0.61021.0) (HKLM-x32\...\{22EDFCC2-E067-4E64-AFEA-30E84DD0EEA0}) (Version: 14.0.61021.0 - Microsoft Corporation) Microsoft SQL Server Data Tools - Visual Studio 2015 (HKLM-x32\...\{36239e0f-231f-49d5-a687-0ea260558484}) (Version: 14.0.61021.0 - Microsoft Corporation) Microsoft SQL Server Data-Tier Application Framework (x86) - it-IT (HKLM-x32\...\{6E70D3B6-8E62-426F-AFC3-C8A65FCA34AD}) (Version: 13.0.3225.4 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio Professional 2015 (HKLM-x32\...\{19ddbf98-aca3-4fef-9d77-7095b105dd73}) (Version: 14.0.23107.156 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation) Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation) MSI Afterburner 4.3.0 Beta 4 (HKLM-x32\...\Afterburner) (Version: 4.3.0 Beta 4 - MSI Co., LTD) Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden MySQL Workbench 6.3 CE (HKLM\...\{59958BAC-A61D-4A23-8082-CC2FDF17937F}) (Version: 6.3.6 - Oracle Corporation) Node.js (HKLM\...\{672B5547-D20B-4D19-9BFD-B93C32BC77DA}) (Version: 6.9.1 - Node.js Foundation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team) NVIDIA Driver 3D Vision 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation) NVIDIA Driver audio HD 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation) NVIDIA Driver del controller 3D Vision 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA Driver grafico 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Pannello di controllo NVIDIA 376.53 (Version: 376.53 - NVIDIA Corporation) Hidden Plex Media Server (HKLM-x32\...\{d685b3b4-91da-4364-9e7d-f365a614d42b}) (Version: 1.3.3.3148 - Plex, Inc.) Plex Media Server (x32 Version: 1.3.3148 - Plex, Inc.) Hidden Popcorn-Time (HKU\S-1-5-21-145242487-1084527268-1276034731-1001\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time) Potplayer-64 bit (HKLM\...\PotPlayer64) (Version: - Kakao Corp.) PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation) Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation) ProjectLibre (HKLM-x32\...\{8E2A530F-ABE9-45B4-B4EA-B9DF56698376}) (Version: 1.6.2.0 - ProjectLibre) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) RaceRoom Racing Experience (HKLM-x32\...\Steam App 211500) (Version: - Sector3 Studios) RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - Sector3 Studios) Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder) Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.5 - Rockstar Games) Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden RuCaptchaBot (HKLM-x32\...\{BD0D1571-1504-4A09-9F60-BE29E3769398}) (Version: 1.00.0000 - RuCaptcha) Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.2.0.37 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.) SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited) Skype Web Plugin (HKLM-x32\...\{E8A70371-2C4D-4B12-831D-6A4BB9AC7AEF}) (Version: 7.29.0.73 - Skype Technologies S.A.) Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16023.12 - Samsung Electronics Co., Ltd.) Smart Switch (x32 Version: 4.1.16023.12 - Samsung Electronics Co., Ltd.) Hidden Spotify (HKU\S-1-5-21-145242487-1084527268-1276034731-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB) SQL Server Data Tools Analysis Services (x32 Version: 13.0.1701.8 - Microsoft Corporation) Hidden SQL Server Data Tools Reporting Services (x32 Version: 13.0.1701.8 - Microsoft Corporation) Hidden SQL Server Integration Services (x32 Version: 13.0.2165.0 - Microsoft Corporation) Hidden SQL Server Integration Services 2012 (x32 Version: 11.3.6523.0 - Microsoft Corporation) Hidden SQL Server Integration Services 2014 (x32 Version: 12.1.4449.0 - Microsoft Corporation) Hidden SSDT (x32 Version: 14.0.60629.0 - Microsoft Corporation) Hidden Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.12 - Stardock Software, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stopping Plex (x32 Version: 1.3.3148 - Plex, Inc.) Hidden SuperBeam version 1.2.0 (HKLM-x32\...\{1E690789-503A-4733-B224-7FE1DA597F2A}_is1) (Version: 1.2.0 - MukaBits) Supporto applicazioni Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) System Requirements Lab Detection (HKLM-x32\...\{BD735CBC-04CD-4BE2-A2CB-E6DE77E9D747}) (Version: 6.1.6.0 - Husdawg, LLC) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden TeamSpeak 3 Client (HKU\S-1-5-21-145242487-1084527268-1276034731-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft) The Witness (HKLM\...\dGhld2l0bmVzcw_is1) (Version: 1 - ) theHunter (HKLM-x32\...\Steam App 253710) (Version: - Expansive Worlds) Trackmania Turbo (HKLM-x32\...\Trackmania Turbo_is1) (Version: - ) TypeScript Power Tool (x32 Version: 1.6.3.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.6.3.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2015 1.6.3.0 (HKLM-x32\...\{da31aa25-410a-4c1b-9ec0-114dd8dff786}) (Version: 1.6.23313.0 - Microsoft Corporation) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Uplay (HKLM-x32\...\Uplay) (Version: 22.2 - Ubisoft) Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony) Victory: The Age of Racing (HKLM-x32\...\Steam App 264120) (Version: - Vae Victis Games) Vovoid VSXu 0.5.0 (HKLM-x32\...\VSXu 0.5.0) (Version: 0.5.0 - Vovoid Media Technologies AB) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.1.0 - Azureus Software, Inc.) WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) XAMPP (HKLM-x32\...\xampp) (Version: 5.6.15-1 - Bitnami) 極速快感:生存競速 (HKLM-x32\...\{F8643E83-A868-4EE8-A0B9-389386830453}) (Version: 1.1.0.0 - Electronic Arts) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-145242487-1084527268-1276034731-1001_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-145242487-1084527268-1276034731-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\andre\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) CustomCLSID: HKU\S-1-5-21-145242487-1084527268-1276034731-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\andre\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Sidebar7.6 (the data entry has 16 more characters). CustomCLSID: HKU\S-1-5-21-145242487-1084527268-1276034731-1001_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-145242487-1084527268-1276034731-1001_Classes\CLSID\{A03A51A2-5B59-4ECE-96D1-037F7F2A0D8F}\localserver32 -> C:\Users\andre\AppData\Local\SkypePlugin\7.29.0.73\GatewayVersion-x64.exe (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-145242487-1084527268-1276034731-1001_Classes\CLSID\{A4FEF2CE-E494-419e-ABCC-B2E993FB6BC0}\InprocServer32 -> C:\Users\andre\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GlassyCPUMonitor.gadget\Release\ProcessMonitor64.dll (TODO: ) CustomCLSID: HKU\S-1-5-21-145242487-1084527268-1276034731-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\andre\AppData\Local\SkypePlugin\7.29.0.73\EdgeCalling.exe (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-145242487-1084527268-1276034731-1001_Classes\CLSID\{FE0A3EA9-4DDA-4B0A-9981-5ABE8F0186CD}\InprocServer32 -> C:\Users\andre\AppData\Local\SkypePlugin\7.29.0.73\GatewayActiveX-x64.dll (Skype Technologies S.A.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {197F7F5D-B542-443C-BF8F-507CF6C3C54C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {28AF8268-2070-420A-A0A6-503DFB64659E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation) Task: {477E1847-AADD-417B-AC13-E46F4D460432} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {4A9631D0-C403-4478-96EA-E5918452C7B1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for GAMING-PC-andre Gaming-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation) Task: {4C844597-1F93-4E94-BFF4-DF78A2A8A249} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-21] (Adobe Systems Incorporated) Task: {4CDA70D0-8B66-45AD-A886-641C06EFB2A0} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-andrea.cascina@alice.it => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated) Task: {4EBE56AB-0706-491A-874B-BC75A868F001} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-01-14] (Intel(R) Corporation) Task: {696F8A5A-CBBE-4FD5-A747-1A421D9599B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.) Task: {767EC888-5BF1-421D-BE18-9A05DD86A56F} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate] Task: {780FB7A3-B0A1-4A83-A9DF-C04784B6147B} - System32\Tasks\Uninstaller_SkipUac_andre => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-11-01] (IObit) Task: {789CA2A0-B01A-4C94-8C09-39A66168ECC7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.) Task: {7DA3D954-9143-47FC-9AEE-3297B86B2097} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation) Task: {938D825C-0658-4C03-B739-D80B9586FEAB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {AF1B596C-8001-4F13-A15E-14E9752B738E} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe Task: {B53A430E-9F16-4137-A524-2B28AB17FF63} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {BF774D97-74B0-4DBD-B5AC-E653F2678004} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2016-05-30] () Task: {C1A049EB-CA42-4787-B5D2-C9EF7E132AB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {C651275C-BC56-40FF-8A42-7648DD8BC9C5} - System32\Tasks\{C9D44086-2AEB-43A7-AF2A-A9AC49B782CF} => pcalua.exe -a C:\ProgramData\Poposhidu\uninstall.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_andre.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\andre\AppData\Local\Google\Chrome\User Data\perpckplewerpydolerck\Web Applications\_crx_hnpfjngllnobngcgfapefoaidbinmjnm\(1) WhatsApp Web.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hnpfjngllnobngcgfapefoaidbinmjnm ShortcutWithArgument: C:\Users\andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\AllCast Receiver.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=perpckplewerpydolerck --app-id=hjbljnpdahefgnopeohlaeohgkiidnoe ShortcutWithArgument: C:\Users\andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\Mopify.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=perpckplewerpydolerck --app-id=opachcjmboaadmggggggeegnaajchbod ShortcutWithArgument: C:\Users\andre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f42507a5493c1e9c\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=perpckplewerpydolerck ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 17:06 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2012-01-16 20:24 - 2012-01-16 20:24 - 00055296 _____ () C:\Windows\syswow64\ASGT.exe 2017-01-15 12:24 - 2017-01-15 12:23 - 00017376 _____ () C:\Users\andre\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe 2016-02-22 23:36 - 2016-06-14 21:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2015-12-19 11:11 - 2016-06-14 21:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-04-26 14:16 - 2016-06-14 21:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-02-22 23:36 - 2016-06-14 21:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2016-08-06 10:57 - 2016-12-29 13:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-04-26 14:16 - 2016-06-14 21:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-04-26 14:16 - 2016-06-14 21:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-04-26 14:16 - 2016-06-14 21:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-01-18 19:18 - 2016-06-14 21:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-04-26 14:16 - 2016-06-14 21:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-04-26 14:16 - 2016-06-14 21:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-05-30 19:13 - 2016-05-30 19:13 - 00586952 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe 2016-12-14 17:06 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-08-06 11:18 - 2016-08-06 11:18 - 00959168 _____ () C:\Users\andre\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-08-03 16:45 - 2016-08-03 16:45 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2016-09-14 23:22 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-10 22:24 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-10 22:23 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-10 22:23 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-10 22:23 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-10 22:23 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-10 22:23 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-10 22:23 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-02-06 18:11 - 2017-02-06 18:11 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-02-06 18:11 - 2017-02-06 18:11 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-12-05 21:37 - 2016-09-06 14:52 - 02259968 _____ () C:\Users\andre\AppData\Local\Franz\app-4.0.4\ffmpeg.dll 2016-12-05 21:37 - 2016-09-06 14:52 - 02865152 _____ () C:\Users\andre\AppData\Local\Franz\app-4.0.4\libglesv2.dll 2016-12-05 21:37 - 2016-09-06 14:52 - 00095232 _____ () C:\Users\andre\AppData\Local\Franz\app-4.0.4\libegl.dll 2017-02-06 23:11 - 2017-02-01 10:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-06 23:11 - 2017-02-01 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll 2017-01-11 16:13 - 2017-01-11 16:13 - 31167576 _____ () C:\Users\andre\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll 2015-11-24 20:50 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2015-11-24 20:50 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2015-11-24 20:50 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2016-12-15 13:53 - 2016-12-15 13:53 - 00083440 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll 2016-12-15 13:53 - 2016-12-15 13:53 - 00203248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll 2016-05-30 18:50 - 2016-05-30 18:50 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2016-05-30 18:50 - 2016-05-30 18:50 - 00057856 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2016-05-30 18:50 - 2016-05-30 18:50 - 00225792 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2016-05-30 18:50 - 2016-05-30 18:50 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2016-05-30 18:50 - 2016-05-30 18:50 - 00504320 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2015-10-30 23:07 - 2016-06-14 21:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2017-02-09 19:45 - 2017-02-09 19:45 - 00098816 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\win32api.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00110080 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\pywintypes27.dll 2017-02-09 19:45 - 2017-02-09 19:45 - 00364544 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\pythoncom27.dll 2017-02-09 19:45 - 2017-02-09 19:45 - 00320512 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\win32com.shell.shell.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00914432 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\_hashlib.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 01176576 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\wx._core_.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00806400 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\wx._gdi_.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00816128 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\wx._windows_.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 01067008 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\wx._controls_.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00733184 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\wx._misc_.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00682496 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\pysqlite2._sqlite.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00088064 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\_ctypes.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00686080 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\unicodedata.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00119808 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\win32file.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00108544 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\win32security.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00007168 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\hashobjs_ext.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00017920 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\thumbnails_ext.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00088064 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\usb_ext.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00012800 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\common.time34.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00018432 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\win32event.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00167936 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\win32gui.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00046080 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\_socket.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 01303552 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\_ssl.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00128512 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\_elementtree.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00127488 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\pyexpat.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00038912 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\win32inet.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00036864 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\_psutil_windows.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00524248 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\windows._lib_cacheinvalidation.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00011264 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\win32crypt.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00123392 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\wx._wizard.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00077312 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\wx._html2.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00027648 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\_multiprocessing.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00020480 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\_yappi.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00035840 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\win32process.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00078848 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\wx._animate.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00024064 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\win32pipe.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00010240 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\select.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00025600 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\win32pdh.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00017408 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\win32profile.pyd 2017-02-09 19:45 - 2017-02-09 19:45 - 00022528 ____R () C:\Users\andre\AppData\Local\Temp\_MEI84602\win32ts.pyd 2016-12-15 13:53 - 2016-12-15 13:53 - 01083376 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll 2016-12-15 13:53 - 2016-12-15 13:53 - 00115696 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll 2016-12-15 13:53 - 2016-12-15 13:53 - 00059888 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll 2016-12-15 13:53 - 2016-12-15 13:53 - 00772080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll 2016-12-15 13:53 - 2016-12-15 13:53 - 01741296 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll 2016-12-15 13:53 - 2016-12-15 13:53 - 01962992 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll 2016-12-15 13:53 - 2016-12-15 13:53 - 00025584 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll 2009-12-16 15:50 - 2009-12-16 15:50 - 00088576 _____ () C:\Program Files (x86)\5-button mouse\statuskey.dll 2009-12-16 15:10 - 2009-12-16 15:10 - 00090624 _____ () C:\Program Files (x86)\5-button mouse\keydll.dll 2008-06-16 09:06 - 2008-06-16 09:06 - 00053248 _____ () C:\Program Files (x86)\5-button mouse\MouseHook.dll 2016-06-20 20:31 - 2016-03-16 08:24 - 00877056 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\platforms\qwindows.dll 2016-06-20 20:31 - 2016-04-26 00:28 - 00308928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\GarbageGather.dll 2016-06-20 20:31 - 2016-04-26 00:28 - 00110272 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\FHProcess.dll 2016-06-20 20:31 - 2016-03-16 08:24 - 00013824 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\fsclog.dll 2016-06-20 20:31 - 2016-04-26 00:27 - 00174784 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\BigFileGather.dll 2016-06-20 20:31 - 2016-04-26 00:28 - 00088256 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\EnumVolumes.dll 2016-06-20 20:31 - 2016-04-26 00:28 - 00168128 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\FragAnalysis.dll 2016-06-20 20:31 - 2016-03-25 00:00 - 00024064 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\imageformats\qico.dll 2016-06-20 20:31 - 2016-03-25 00:00 - 00023552 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\imageformats\qgif.dll 2016-12-15 13:53 - 2016-12-15 13:53 - 00050160 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd 2016-12-15 13:53 - 2016-12-15 13:53 - 00071664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd 2016-12-15 13:53 - 2016-12-15 13:53 - 00024560 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd 2016-12-15 13:53 - 2016-12-15 13:53 - 00041456 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd 2016-12-15 13:53 - 2016-12-15 13:53 - 00930288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd 2016-12-15 13:53 - 2016-12-15 13:53 - 00074736 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll 2016-12-15 13:53 - 2016-12-15 13:53 - 00190960 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll 2016-12-15 13:53 - 2016-12-15 13:53 - 00218096 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd 2016-12-15 13:53 - 2016-12-15 13:53 - 00018928 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd 2016-12-15 13:53 - 2016-12-15 13:53 - 00095728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd 2016-12-15 13:53 - 2016-12-15 13:53 - 00143344 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd 2016-12-15 13:53 - 2016-12-15 13:53 - 00694256 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd 2016-02-11 17:47 - 2016-02-11 17:47 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0] AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [230] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rohos => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Rohos => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %* ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 22:24 - 2016-01-11 17:25 - 00001039 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-145242487-1084527268-1276034731-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\andre\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray" HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent" HKU\S-1-5-21-145242487-1084527268-1276034731-1001\...\StartupApproved\Run: => "SideSync" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [UDP Query User{E179CA48-2367-4040-BB67-C91FA1853576}C:\program files (x86)\arduino\java\bin\javaw.exe] => C:\program files (x86)\arduino\java\bin\javaw.exe FirewallRules: [TCP Query User{0382DFE3-69E6-4C6D-9BA4-20ED28CDC7EF}C:\program files (x86)\arduino\java\bin\javaw.exe] => C:\program files (x86)\arduino\java\bin\javaw.exe FirewallRules: [UDP Query User{38142C78-C421-46EB-B88B-69F4B0406B88}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => C:\program files\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [TCP Query User{C52D15C6-1135-49A6-96A7-A1D7A53CE4E5}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => C:\program files\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [UDP Query User{5EA13B2E-0AA3-4AED-8C28-25291D7C250C}E:\game\next car game wreckfest\wreckfest.exe] => E:\game\next car game wreckfest\wreckfest.exe FirewallRules: [TCP Query User{EBC15A44-BC37-4F6F-B079-A75061C86788}E:\game\next car game wreckfest\wreckfest.exe] => E:\game\next car game wreckfest\wreckfest.exe FirewallRules: [{C8D1C3D6-E57F-4E27-A8E1-D247B58B3442}] => C:\Program Files\Vuze\Azureus.exe FirewallRules: [{FE24931D-12EF-4F67-A596-331ADCA0B6E8}] => C:\Program Files\Vuze\Azureus.exe FirewallRules: [{163112A7-5D52-41B6-9E22-DEA2D4D4C54C}] => E:\Game\NeedForSpeed\Setup\Need for Speed\NFS16_trial.exe FirewallRules: [{55D14602-D201-4D9A-96DD-52148D5725A6}] => E:\Game\NeedForSpeed\Setup\Need for Speed\NFS16_trial.exe FirewallRules: [{8805710B-9864-4BF3-8164-56C59E1CA085}] => E:\Game\NeedForSpeed\Setup\Need for Speed\NFS16.exe FirewallRules: [{670E91EE-FF43-4311-BDF3-EFD5032D1FF6}] => E:\Game\NeedForSpeed\Setup\Need for Speed\NFS16.exe FirewallRules: [{2E9ACE9E-532A-4917-B88B-474ACF9269BE}] => E:\Game\SteamLibrary\steamapps\common\Victory\Victory.exe FirewallRules: [{F4F5DEF5-235F-4CAC-91DE-B0DCEB0888D7}] => E:\Game\SteamLibrary\steamapps\common\Victory\Victory.exe FirewallRules: [UDP Query User{B8B6BD20-6947-45D6-B5FC-75A4059C41AB}C:\program files\java\jdk1.8.0_73\bin\java.exe] => C:\program files\java\jdk1.8.0_73\bin\java.exe FirewallRules: [TCP Query User{689EC93C-F474-4E09-BCB0-1848D1CFC322}C:\program files\java\jdk1.8.0_73\bin\java.exe] => C:\program files\java\jdk1.8.0_73\bin\java.exe FirewallRules: [UDP Query User{041556BC-C1F8-4B31-B596-91ED574E2B38}C:\program files\android\android studio\bin\studio64.exe] => C:\program files\android\android studio\bin\studio64.exe FirewallRules: [TCP Query User{71B6E27C-DFD7-4B50-B16F-990459B285FC}C:\program files\android\android studio\bin\studio64.exe] => C:\program files\android\android studio\bin\studio64.exe FirewallRules: [{67411900-AE62-4374-BEAB-06BBB2F4AF49}] => LPort=1688 FirewallRules: [{AEDD8B58-DD1E-4FE8-AD7A-90DA2C65240C}] => C:\Program Files (x86)\MEmu\MEmu\MEmu.exe FirewallRules: [{95B72819-E2BF-4A98-961A-DE01ABE2FFDB}] => C:\Program Files (x86)\MEmu\MEmu\MEmu.exe FirewallRules: [{91F40E78-CD95-46A3-88F9-91BAE6DFC4BB}] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [UDP Query User{170166E1-BD55-4421-8D8A-CD2A3CEA8142}C:\xampp\filezillaftp\filezillaserver.exe] => C:\xampp\filezillaftp\filezillaserver.exe FirewallRules: [TCP Query User{9C80489E-8D5E-44E8-BB76-104FEF9C0306}C:\xampp\filezillaftp\filezillaserver.exe] => C:\xampp\filezillaftp\filezillaserver.exe FirewallRules: [UDP Query User{98E17B40-6BA9-44DE-A07B-5234C4ED81AA}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{34978EF0-9F84-4389-89EB-4BFE025C0ABD}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{B66B5A1F-D8AE-4AC3-9679-45B640E5BE6D}E:\game\callofduty3\call of duty black ops iii\blackops3.exe] => E:\game\callofduty3\call of duty black ops iii\blackops3.exe FirewallRules: [TCP Query User{95AFA386-88CE-47AD-AF54-37D3877045BD}E:\game\callofduty3\call of duty black ops iii\blackops3.exe] => E:\game\callofduty3\call of duty black ops iii\blackops3.exe FirewallRules: [UDP Query User{3D65066F-74BE-4DC5-A043-94C55814EA51}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{E0D97E4A-DF49-4513-BCB2-0FA521159A5F}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe FirewallRules: [{E0FE87E7-9C7B-4FE0-BD64-E0348FDD4099}] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe FirewallRules: [{7F073216-AD26-4E79-938E-3F41FA27E39A}] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe FirewallRules: [{6BC26805-E159-486D-83B1-ED4971628C9C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{50790C13-3EEB-450C-A858-D8CB1F6462D1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{6B87AE44-A6C3-4CF1-BD2A-CD2CEF92A2E6}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{CC0011BB-D7EE-4F20-849E-F5E772A95BC1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{23E2EF62-8A01-4AF9-85A2-AC25D6B4CF17}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{05A9F9D4-84B2-4B38-9146-4709E63CEE98}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{309FE108-EF95-4F0C-A11E-54B6604932A5}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{6F9A3FE4-0DC8-47B9-AC6D-23F3AF786B01}C:\users\andre\appdata\roaming\spotify\spotify.exe] => C:\users\andre\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{341A8FE0-C821-488B-AFF9-AC9450B6F9B6}C:\users\andre\appdata\roaming\spotify\spotify.exe] => C:\users\andre\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{97F145A3-2AF3-44AE-8AE3-B4ECC83BC670}C:\program files (x86)\athomevideostreamer\athomevideostreamer.exe] => C:\program files (x86)\athomevideostreamer\athomevideostreamer.exe FirewallRules: [UDP Query User{629090D9-4194-4854-A5BD-91A5ACBCB9BD}C:\program files (x86)\athomevideostreamer\athomevideostreamer.exe] => C:\program files (x86)\athomevideostreamer\athomevideostreamer.exe FirewallRules: [{F3EEE5A8-2F14-4261-96A1-974CDECD908A}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{93B4E10D-A165-405A-962A-EA5D29E2CBFD}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{08D74C01-CC9B-415C-AF8F-49EC5EFCFC85}E:\game\steamlibrary\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => E:\game\steamlibrary\steamapps\common\rocketleague\binaries\win32\rocketleague.exe FirewallRules: [UDP Query User{E441E4C8-80F5-420D-B1C4-B70E678BFAC5}E:\game\steamlibrary\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => E:\game\steamlibrary\steamapps\common\rocketleague\binaries\win32\rocketleague.exe FirewallRules: [{BE45FF66-D596-4E56-8172-D5F0ACA9F0C2}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{E08957C8-692F-41F6-846D-E38CBE5F13E2}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{63915E8C-5684-4514-80C3-FB60903F9D20}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{0DFDB547-8301-484A-8190-2C9151CF7394}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{052BE5F9-5E8F-4287-A542-5CBB8DD9466F}] => C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{4C959980-FFB9-464B-8D78-BACDF9C5D1D1}] => C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{27085D52-B6EB-4107-AD27-A17C4896D748}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{8A5E965D-9E00-44F7-A9B3-4A2F3E13D3CB}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{2DC71093-1BCA-4E73-8ED3-A29EAB379D88}] => C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe FirewallRules: [{33DFCEBC-0B57-4916-B74F-8F2A9D6A8507}] => C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe FirewallRules: [{FD8EEF51-82F5-480B-B9E8-A79D79EBE4F7}] => C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe FirewallRules: [{F88AD56C-099E-4880-8D03-A4E69A8B5CB0}] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe FirewallRules: [{119C61B5-C290-4DF6-8509-03D6791D0C89}] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe FirewallRules: [{8B51A734-D716-4CB4-A7E8-EEC2F95351A9}] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [TCP Query User{EA63732E-0FF9-4665-83F2-63A456CB6562}K:\backup\track mania\tmnationsforever\tmforever.exe] => K:\backup\track mania\tmnationsforever\tmforever.exe FirewallRules: [UDP Query User{B97E14B7-4649-4D47-BE4F-F545394F80EB}K:\backup\track mania\tmnationsforever\tmforever.exe] => K:\backup\track mania\tmnationsforever\tmforever.exe FirewallRules: [TCP Query User{B6D615D4-929B-461C-90A3-ABF685B979BD}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [UDP Query User{CE5B8CE7-C461-484A-9072-128F4D4EDFB6}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [{FB97BDFD-B524-49AD-BE16-F68B310FE2A8}] => C:\Windows\KMS-R@1n.exe FirewallRules: [{768DDDFA-8520-4881-8825-C4DE9A03C598}] => C:\Windows\KMS-R@1n.exe FirewallRules: [TCP Query User{7D201078-D256-4B31-A7E9-862E5EC8D16C}E:\game\assettocorsa\assetto corsa\assettocorsa.exe] => E:\game\assettocorsa\assetto corsa\assettocorsa.exe FirewallRules: [UDP Query User{AC52B351-1FBE-4974-9D1B-C3A356663886}E:\game\assettocorsa\assetto corsa\assettocorsa.exe] => E:\game\assettocorsa\assetto corsa\assettocorsa.exe FirewallRules: [TCP Query User{05636236-BB45-4875-9034-3C3278CDA06B}E:\game\assettocorsa\assetto corsa\steamstatisticsreader.exe] => E:\game\assettocorsa\assetto corsa\steamstatisticsreader.exe FirewallRules: [UDP Query User{2F0BCBDC-CE86-4FF1-8800-F9936BC06D65}E:\game\assettocorsa\assetto corsa\steamstatisticsreader.exe] => E:\game\assettocorsa\assetto corsa\steamstatisticsreader.exe FirewallRules: [TCP Query User{CF1E4565-EFD1-4A0F-94D4-651409EE8844}E:\game\assettocorsa\assetto corsa\acs.exe] => E:\game\assettocorsa\assetto corsa\acs.exe FirewallRules: [UDP Query User{51DA5CDB-0F95-4618-97B3-B1B1D39C6093}E:\game\assettocorsa\assetto corsa\acs.exe] => E:\game\assettocorsa\assetto corsa\acs.exe FirewallRules: [TCP Query User{EDEB6544-7650-4C39-8ABD-4DFCC6D14546}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [UDP Query User{8118BE47-2889-4541-B2F2-F7B9F90030A8}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [TCP Query User{E5EAC479-6314-471B-96F6-B7AC02E31FCB}E:\game\tmnationsforever\tmforever.exe] => E:\game\tmnationsforever\tmforever.exe FirewallRules: [UDP Query User{71D70D69-03FC-41B4-9323-BFF292A31364}E:\game\tmnationsforever\tmforever.exe] => E:\game\tmnationsforever\tmforever.exe FirewallRules: [TCP Query User{C4D8F501-B282-4AC4-B0FE-DEE3EED8EE94}E:\game\city car driving\bin\win32\starter.exe] => E:\game\city car driving\bin\win32\starter.exe FirewallRules: [UDP Query User{916AEA4A-D0C7-4F27-B5C0-7061F735A9FA}E:\game\city car driving\bin\win32\starter.exe] => E:\game\city car driving\bin\win32\starter.exe FirewallRules: [TCP Query User{ABBCFAA6-BCA6-4FFF-ABF8-EDFFF2921470}E:\game\portal 2\portal2.exe] => E:\game\portal 2\portal2.exe FirewallRules: [UDP Query User{607F0590-2637-43D9-B92F-D085D4DE8CA0}E:\game\portal 2\portal2.exe] => E:\game\portal 2\portal2.exe FirewallRules: [TCP Query User{82748BBB-8A52-48B8-B876-D1B2F99BC3DE}E:\game\steamlibrary\steamapps\common\thehunter\game\thehunter.exe] => E:\game\steamlibrary\steamapps\common\thehunter\game\thehunter.exe FirewallRules: [UDP Query User{CF83341E-42E3-4BC1-BA2E-6F6143706C9A}E:\game\steamlibrary\steamapps\common\thehunter\game\thehunter.exe] => E:\game\steamlibrary\steamapps\common\thehunter\game\thehunter.exe FirewallRules: [{E00EF373-7683-420B-AED7-28D96F32D7EE}] => C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{6531C8B8-F16A-4886-A6B8-3D47050A4CAC}] => C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{31F62B0B-8A5C-41B1-A94D-FE5CA5D2E3D6}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A3DEFC51-D89F-4464-BD3C-49EEF9553674}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{61D87ACB-0009-40AC-9DFA-9A8E501D2974}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{CB738304-A0F5-4C15-AD44-B4A852B7E7C2}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{D9470D6A-8B10-4D50-884B-D49758781A4B}C:\program files (x86)\airfoil\airfoil.exe] => C:\program files (x86)\airfoil\airfoil.exe FirewallRules: [UDP Query User{64C6B60D-5DDB-4232-B3F7-A4C9135272AC}C:\program files (x86)\airfoil\airfoil.exe] => C:\program files (x86)\airfoil\airfoil.exe FirewallRules: [TCP Query User{C32B2D16-58EB-41B6-A466-51D3B5CABDC6}C:\program files (x86)\airfoil\airfoilsatellite.exe] => C:\program files (x86)\airfoil\airfoilsatellite.exe FirewallRules: [UDP Query User{764BA530-3910-4A4C-8D8D-B1F3BBD15EC4}C:\program files (x86)\airfoil\airfoilsatellite.exe] => C:\program files (x86)\airfoil\airfoilsatellite.exe FirewallRules: [{53659019-32DC-4E11-A719-08D827216225}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{1FC0FA40-ABF4-44AA-8EAE-C4E0147DB005}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{4FF3A889-2281-4623-8897-317B8517935E}] => C:\Windows\System32\LogonUI.exe FirewallRules: [{ADF97DB4-DF26-49F0-B491-AC6AC3923133}] => C:\Windows\System32\LogonUI.exe FirewallRules: [{88BE0B07-106B-42C1-AADE-741C92FD3A1C}] => C:\Windows\System32\LogonUI.exe FirewallRules: [{E06B2DE8-B66F-4E2C-9E5A-DCC123B3308C}] => C:\Windows\System32\LogonUI.exe FirewallRules: [{5FF18D25-8CF7-4B14-AF32-E66930269F8E}] => E:\Game\TheCrew\The Crew (Worldwide)\TheCrew.exe FirewallRules: [{13EAB612-1281-4654-86EB-1F17C379C4ED}] => E:\Game\TheCrew\The Crew (Worldwide)\TheCrew.exe FirewallRules: [{CBF85B84-1511-4D17-819B-4BEF860C0B2C}] => E:\Game\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe FirewallRules: [{94F1E67D-B9D7-4C44-81B8-878454F8613A}] => E:\Game\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe FirewallRules: [TCP Query User{4301E807-0280-4692-9010-47917E8B3F8A}C:\users\andre\appdata\local\popcorn-time\nw.exe] => C:\users\andre\appdata\local\popcorn-time\nw.exe FirewallRules: [UDP Query User{7148D2EB-73AD-45C7-8E34-D42D3CD52B07}C:\users\andre\appdata\local\popcorn-time\nw.exe] => C:\users\andre\appdata\local\popcorn-time\nw.exe FirewallRules: [TCP Query User{CBE01194-580B-49B0-A347-4DC175297BF8}E:\game\gtav\gta5.exe] => E:\game\gtav\gta5.exe FirewallRules: [UDP Query User{E22DC2CB-BFFE-41FD-B48E-6B96B6CAD75B}E:\game\gtav\gta5.exe] => E:\game\gtav\gta5.exe FirewallRules: [{BA62CF23-1BFD-4CC8-9EB4-4FE3734992A6}] => D:\rl16\KMSpico.v10.2.0\KMSpico Portable\KMSELDI.exe FirewallRules: [{F0305FB7-BEE8-48E8-B0C2-1457D0204CFA}] => D:\rl16\KMSpico.v10.2.0\KMSpico Portable\KMSELDI.exe FirewallRules: [{B023D641-5612-4592-A5BB-6BF8BB8F444F}] => E:\Game\SteamLibrary\steamapps\common\theHunter\launcher\launcher.exe FirewallRules: [{EC0E00AC-D23A-4F6A-BF91-037BD7708891}] => E:\Game\SteamLibrary\steamapps\common\theHunter\launcher\launcher.exe FirewallRules: [{9A039CFD-1AFF-4172-B792-4CFD68BF29F6}] => E:\Game\SteamLibrary\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe FirewallRules: [{F9DD8AE6-7228-4567-B66C-DC245F502657}] => E:\Game\SteamLibrary\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe FirewallRules: [{C3F6FE52-2487-4371-B0F8-F2C5B2AF9B8E}] => E:\Game\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{9945EA9F-F4BD-4E59-829D-98DC791A93D0}] => E:\Game\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [TCP Query User{C49169C1-B5FE-4D34-B31C-5468D49AE397}C:\program files\bitcoin\bitcoin-qt.exe] => C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [UDP Query User{FE307DE5-D096-42C8-9504-0401A930B01E}C:\program files\bitcoin\bitcoin-qt.exe] => C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [TCP Query User{1B960155-DA3A-4C5E-82F9-D4544B47367D}C:\users\andre\appdata\local\skypeplugin\pluginhost.exe] => C:\users\andre\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [UDP Query User{FCEF5A18-29E3-4DEE-B9A9-5EE142C58F79}C:\users\andre\appdata\local\skypeplugin\pluginhost.exe] => C:\users\andre\appdata\local\skypeplugin\pluginhost.exe FirewallRules: [TCP Query User{E5AD6993-80D1-430B-AF7A-51E63ED92D09}C:\program files\cisco packet tracer 7.0\bin\packettracer7.exe] => C:\program files\cisco packet tracer 7.0\bin\packettracer7.exe FirewallRules: [UDP Query User{A15ACBBC-1342-4EA9-A456-D07D65A7F38C}C:\program files\cisco packet tracer 7.0\bin\packettracer7.exe] => C:\program files\cisco packet tracer 7.0\bin\packettracer7.exe FirewallRules: [TCP Query User{31CF73B7-18E3-429E-A27A-F26441D5B215}C:\program files (x86)\formatfactory\formatfactory.exe] => C:\program files (x86)\formatfactory\formatfactory.exe FirewallRules: [UDP Query User{40A71E8D-ECA2-447C-8231-F95DBA89FC9D}C:\program files (x86)\formatfactory\formatfactory.exe] => C:\program files (x86)\formatfactory\formatfactory.exe FirewallRules: [{90EE83A1-B899-463E-80A6-5388A614FEB1}] => C:\program files (x86)\formatfactory\formatfactory.exe FirewallRules: [{5654EABF-CEC8-49FD-B35A-33E725203A48}] => C:\program files (x86)\formatfactory\formatfactory.exe FirewallRules: [TCP Query User{C3EBDCA6-4EE4-47EB-A409-114092C292CA}C:\windows\explorer.exe] => C:\windows\explorer.exe FirewallRules: [UDP Query User{CBBA6AA3-C7D0-45AD-A938-E714D527D664}C:\windows\explorer.exe] => C:\windows\explorer.exe FirewallRules: [{2C7954FD-F964-49CC-8498-2132E39DB991}] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe FirewallRules: [{7645E305-472B-41B1-9905-130079C80951}] => C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe FirewallRules: [{F829DE88-BC8A-43D1-810E-F7DFA29F8E72}] => C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe FirewallRules: [TCP Query User{91FEB54A-E047-4DF3-87F5-F51D63755872}C:\program files\nodejs\node.exe] => C:\program files\nodejs\node.exe FirewallRules: [UDP Query User{5AF8C952-A8D8-4AAC-8A5F-318B6D93EA83}C:\program files\nodejs\node.exe] => C:\program files\nodejs\node.exe FirewallRules: [{69159F2E-F362-4B03-B9D6-A3AC6C682E76}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 09-02-2017 17:54:18 Punto di controllo pianificato ==================== Faulty Device Manager Devices ============= Name: TAP-Windows Adapter V9 Description: TAP-Windows Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: tap0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Mouse PS/2 Microsoft Description: Mouse PS/2 Microsoft Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Lenovo ThinkPad PS/2 keyboard Description: Lenovo ThinkPad PS/2 keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (02/09/2017 07:45:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: FreemakeUtilsService.exe, versione: 1.0.0.0, timestamp: 0x5804aeb6 Nome del modulo che ha generato l'errore: KERNELBASE.dll, versione: 10.0.14393.479, timestamp: 0x58256d37 Codice eccezione: 0xe0434352 Offset errore 0x000da832 ID processo che ha generato l'errore: 0x988 Ora di avvio dell'applicazione che ha generato l'errore: 0x01d28304ad364723 Percorso dell'applicazione che ha generato l'errore: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe Percorso del modulo che ha generato l'errore: C:\WINDOWS\System32\KERNELBASE.dll ID segnalazione: 9a6967d7-b5b2-4daf-93e5-2cdcc7fce386 Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Error: (02/09/2017 07:45:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Applicazione: FreemakeUtilsService.exe Versione framework: v4.0.30319 Descrizione: il processo è stato terminato a causa di un'eccezione non gestita. Informazioni sull'eccezione: System.IO.FileNotFoundException in FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs() in FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs) in FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs) in System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs) in System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object) in System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) in System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) in System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() in System.Threading.ThreadPoolWorkQueue.Dispatch() in System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (02/09/2017 07:45:25 PM) (Source: KMS-QAD) (EventID: 1001) (User: ) Description: Event-ID 1001 Error: (02/09/2017 07:44:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GAMING-PC) Description: Attivazione dell'app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 non riuscita con errore: -2144927141 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo. Error: (02/09/2017 07:44:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GAMING-PC) Description: Attivazione dell'app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 non riuscita con errore: -2144927141 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo. Error: (02/09/2017 07:43:15 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files (x86)\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe". Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:. Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Error: (02/09/2017 07:43:14 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Generazione del contesto di attivazione non riuscita per "e:\game\steamlibrary\steamapps\common\thehunter\launcher\launcher.exe". Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:. Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (02/09/2017 07:43:07 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe". Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:. Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (02/09/2017 07:33:37 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Generazione del contesto di attivazione non riuscita per "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe". Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:. Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest. Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest. Error: (02/09/2017 07:33:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: FreemakeUtilsService.exe, versione: 1.0.0.0, timestamp: 0x5804aeb6 Nome del modulo che ha generato l'errore: KERNELBASE.dll, versione: 10.0.14393.479, timestamp: 0x58256d37 Codice eccezione: 0xe0434352 Offset errore 0x000da832 ID processo che ha generato l'errore: 0xa24 Ora di avvio dell'applicazione che ha generato l'errore: 0x01d28302f29362e6 Percorso dell'applicazione che ha generato l'errore: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe Percorso del modulo che ha generato l'errore: C:\WINDOWS\System32\KERNELBASE.dll ID segnalazione: a218f869-b5ae-49ac-81ba-3850fee2b4f8 Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: System errors: ============= Error: (02/09/2017 07:45:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} all'utente NT AUTHORITY\SID SYSTEM (S-1-5-18) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (02/09/2017 07:45:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio Freemake Improver. Questo evento si è già verificato 1 volta(e). Error: (02/09/2017 07:45:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Servizio KMS-R@1n terminato con l'errore: Parametro non corretto. Error: (02/09/2017 07:45:23 PM) (Source: volmgr) (EventID: 49) (User: ) Description: Impossibile configurare il file di paging per i dettagli arresto anomalo del sistema. Assicurarsi che la partizione di avvio contenga un file di paging e che lo spazio disponibile sia sufficiente a contenere tutta la memoria fisica. Error: (02/09/2017 07:45:18 PM) (Source: volmgr) (EventID: 49) (User: ) Description: Impossibile configurare il file di paging per i dettagli arresto anomalo del sistema. Assicurarsi che la partizione di avvio contenga un file di paging e che lo spazio disponibile sia sufficiente a contenere tutta la memoria fisica. Error: (02/09/2017 07:44:41 PM) (Source: DCOM) (EventID: 10010) (User: GAMING-PC) Description: Il server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} non ha effettuato la registrazione con DCOM nel tempo richiesto. Error: (02/09/2017 07:44:41 PM) (Source: DCOM) (EventID: 10010) (User: GAMING-PC) Description: Il server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} non ha effettuato la registrazione con DCOM nel tempo richiesto. Error: (02/09/2017 07:44:41 PM) (Source: DCOM) (EventID: 10010) (User: GAMING-PC) Description: Il server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} non ha effettuato la registrazione con DCOM nel tempo richiesto. Error: (02/09/2017 07:44:41 PM) (Source: DCOM) (EventID: 10010) (User: GAMING-PC) Description: Il server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} non ha effettuato la registrazione con DCOM nel tempo richiesto. Error: (02/09/2017 07:44:41 PM) (Source: DCOM) (EventID: 10010) (User: GAMING-PC) Description: Il server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} non ha effettuato la registrazione con DCOM nel tempo richiesto. CodeIntegrity: =================================== Date: 2017-02-09 19:45:32.346 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-09 19:45:32.340 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-09 19:45:31.889 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-09 19:45:31.883 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-09 19:45:30.818 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-09 19:45:30.812 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-09 19:45:30.350 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-09 19:45:30.344 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-09 19:45:29.898 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-09 19:45:29.882 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Xeon(R) CPU E5-1620 v2 @ 3.70GHz Percentage of memory in use: 52% Total physical RAM: 8120.07 MB Available physical RAM: 3887.66 MB Total Virtual: 16088.07 MB Available Virtual: 11555.12 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:237.52 GB) (Free:47.47 GB) NTFS Drive e: (Game) (Fixed) (Total:917.83 GB) (Free:55.18 GB) NTFS Drive f: (HP_RECOVERY) (Fixed) (Total:12.67 GB) (Free:1.77 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 0335966A) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A65EEEEC) Partition 1: (Not Active) - (Size=930.5 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================