Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015 Ran by Roberto (2015-12-07 09:14:35) Running from C:\Users\Roberto\Desktop Windows 8 (X64) (2015-09-21 11:23:04) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-626076182-1482156565-3366870657-500 - Administrator - Disabled) Guest (S-1-5-21-626076182-1482156565-3366870657-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-626076182-1482156565-3366870657-1004 - Limited - Enabled) Roberto (S-1-5-21-626076182-1482156565-3366870657-1002 - Administrator - Enabled) => C:\Users\Roberto ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-626076182-1482156565-3366870657-1002\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.) Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) Aggiornamenti NVIDIA 2.5.14.5 (Version: 2.5.14.5 - NVIDIA Corporation) Hidden AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.125 - PC-Doctor, Inc.) AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Alienware) Alienware Command Center (HKLM-x32\...\InstallShield_{714431C1-0D95-4844-BC9D-081C48729B2D}) (Version: 2.8.11.0 - Alienware Corp.) Alienware Command Center (Version: 2.8.11.0 - Alienware Corp.) Hidden Alienware Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender) Centro gestione Mouse e Tastiere Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation) Centro gestione Mouse e Tastiere Microsoft (Version: 2.6.140.0 - Microsoft Corporation) Hidden CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd) Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell) DSC/AA Factory Installer (Version: 3.2.6032.125 - PC-Doctor, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version: - ) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Logitech Gaming Software 8.74 (HKLM\...\Logitech Gaming Software) (Version: 8.74.80 - Logitech Inc.) Malwarebytes Anti-Malware versione 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Might and Magic Heroes VII (HKLM-x32\...\Might and Magic Heroes VII_is1) (Version: - ) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mozilla Firefox 42.0 (x86 it) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 it)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) MSI ODD Monitor (x32 Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) Hidden Neverwinter Nights 2 - Platinum Edition (HKLM-x32\...\Neverwinter Nights 2 - Platinum Edition_is1) (Version: - ) NVIDIA Driver 3D Vision 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Driver audio HD 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Driver grafico 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation) NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) Pannello di controllo NVIDIA 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden Patrician III - Impero dei Mari (HKLM-x32\...\Patrician III - Impero dei Mari) (Version: - FX Interactive) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Robin Hood - La Leggenda di Sherwood (HKLM-x32\...\Robin Hood - La Leggenda di Sherwood) (Version: - Wanadoo Edition) SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.) Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.56 - Stardock Software, Inc.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinRAR 5.30 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.4 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 05-12-2015 16:25:37 Installed Microsoft Office Word MUI (English) 2010 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0BE0DEE1-3699-4583-B86F-F918D858C9BE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation) Task: {0E15C5C5-89C0-4E84-82BE-050BDCFCF106} - System32\Tasks\{4EA74697-E8EA-4E1A-AE36-3094A17BA6C7} => pcalua.exe -a "C:\Games\Apps\SimCity 4.exe" -d C:\Games\ Task: {1649D2C8-8428-4046-94FF-C823D90F44F3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2013-02-14] (PC-Doctor, Inc.) Task: {1CC730A1-3988-4165-9165-590A6264B232} - System32\Tasks\PCDEventLauncher => C:\Program Files\AlienAutopsy\sessionchecker.exe [2013-02-14] (PC-Doctor, Inc.) Task: {28F5FB93-F016-42DE-9673-B69B8C121191} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation) Task: {2E725C73-D376-4C28-A879-E152B90F113C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation) Task: {310DF0CA-5B3A-48B6-AD33-D626FB01100F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-09-10] (Microsoft) Task: {378E29BB-1ED8-4CB0-B462-9F2E64A31C3C} - System32\Tasks\{714DC756-8FD7-4DC9-B5E7-BD140BF6992D} => pcalua.exe -a H:\x64\setup.exe -d H:\x64 Task: {56E343E8-5D2F-4BCF-A0FF-DB40F4B7B8C9} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink) Task: {6E471590-1369-4265-A78C-23F60DAB18D5} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.) Task: {6F97FA36-D18B-4C43-9508-877081D901E0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-12-06] () Task: {784748F3-F9D9-4594-BF33-4F8882A41AE1} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation) Task: {871DAEFC-E83C-4CE6-964F-C488C93D25CB} - System32\Tasks\{7CE40459-86FC-426A-855A-2B7C96F37F65} => pcalua.exe -a H:\Autorun.exe -d H:\ Task: {9F76EF57-D39B-480F-BB34-D09614F00AD8} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation) Task: {A2A057C3-CED6-4184-91AD-07364943746C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) Task: {ABDAD1B1-705A-4C9B-8DD2-F7D308548930} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated) Task: {C0BD3A09-1320-4789-9201-EAD66917A5FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) Task: {C8B23003-D0C8-4FF1-91A0-27B3A1502121} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {DE9175E6-25E7-4067-BDEE-39E0A262619E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {FA3BE887-839E-4DBB-BC00-2D363A53756B} - \ZQPIU -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ZQPIU.job => C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\dmloadere.dll ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-12-05 17:29 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll 2015-12-05 17:29 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll 2015-11-11 12:04 - 2012-09-29 13:25 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.DLL 2013-04-20 14:41 - 2012-04-25 03:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2013-04-20 23:44 - 2012-07-05 07:46 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll 2014-09-18 19:37 - 2014-07-03 05:55 - 00487144 _____ () C:\Program Files (x86)\AlienRespawn\Components\Shell\DBRCrawler.exe 2013-04-20 14:31 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2015-09-21 13:55 - 2015-08-27 01:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2013-04-20 14:40 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-09-18 19:37 - 2014-07-31 01:37 - 01906464 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\STRestoreAPI.dll 2013-04-20 14:43 - 2012-11-25 21:19 - 01153384 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\libxml2.dll 2014-09-18 19:37 - 2012-11-26 07:19 - 00117608 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\zlib1.dll 2015-12-03 20:50 - 2015-11-24 09:00 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libglesv2.dll 2015-12-03 20:50 - 2015-11-24 09:00 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libegl.dll 2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Roberto\Desktop\FRST64.exe:BDU AlternateDataStreams: C:\Users\Roberto\Downloads\HitmanPro_x64.exe:BDU AlternateDataStreams: C:\Users\Roberto\Downloads\mbam-setup-2.2.0.1024.exe:BDU AlternateDataStreams: C:\Users\Roberto\Downloads\RogueKiller.exe:BDU ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-626076182-1482156565-3366870657-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Roberto\Pictures\biohazard.jpg DNS Servers: 192.168.1.254 - 62.101.93.101 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "Launch LCore" HKU\S-1-5-21-626076182-1482156565-3366870657-1002\...\StartupApproved\Run: => "Skype" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{5ACF246E-555D-4D5A-8D12-5E4610CD24F3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{2704AFDD-B4AD-4AFC-80CB-7F5DA95AF123}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{D42C5B4B-B541-4630-919D-54C1B36E3621}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{6DB7BED4-8444-43DF-9F6F-523624D68B9B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{036ACA8F-F75C-48A5-A5CD-416CD04FC985}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{B5C928E9-1DB5-4099-A766-DD08E75C7406}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{F6684EBF-22CB-4BC7-85D1-1CB8C2F5D706}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{D6306D5A-5348-4A07-946A-D950168ABA75}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{45CD4414-C488-4762-9FAF-4876EC764D05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4598DEA5-857A-4DF2-BDEE-F0D83C482713}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{DACFB1E7-CA03-46E3-8BD0-2F6009476B3D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{7419E61F-F3C9-419E-9845-3A403CAD1B48}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{07D2477A-84AA-476D-8F16-00CD77D29AF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{98A7736D-4096-402E-88CE-65CED2254C97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{2475B2A0-CFE6-4F28-9CCE-E69ED2382D0A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{646D768D-DD2C-4199-BEE9-3B1F0610A498}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{AE7075EB-2499-47BF-9864-4FBFD8C46A87}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{9AB7FA57-88D9-4A46-89AF-D74F69EC97A1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [{F169D258-68D0-40B8-883C-D6009CFC706F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{D97390B1-D88B-42A5-B33F-6BEB6AC1D9C0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F19FEA27-74B7-4B7D-A532-34F8D30BE709}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D20FBF78-D728-4D3B-9AB2-AD69468B37B1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{42254EAD-4F66-4681-9615-609607E8BC7B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{48C9C39D-EBB4-4165-939F-8F8E12C9760D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{4E7F1AA6-C845-4E5D-8F50-0273EFA48CAF}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{F041107B-8DDF-430E-B582-4AB2F0695942}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [{E29C1941-AB9F-4C5F-BA2B-8D5296EFB6E6}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [{1BCF207E-182C-4606-B8F3-D3DFE26AE424}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{E7B10066-E879-4A11-8570-FB86CED79404}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [TCP Query User{DCBBD98E-317A-499B-A4D7-A4FD0D007DD4}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe FirewallRules: [UDP Query User{86A2F21F-1FC9-40A6-B3CE-913473D4DFA2}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe FirewallRules: [{B520E4F4-A6ED-41DA-B43D-A306CDBD4389}] => (Allow) C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{BEBA5D5E-D60E-4CC7-9835-AD5ABAA82219}] => (Allow) C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{28CEC576-7768-49C1-B54C-D022BA18C5B3}] => (Allow) C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{C9AD9E07-CE2E-4BE2-BE12-0A0588E414FD}] => (Allow) C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{03F6D1A1-C0EC-458D-937B-79022A3BD4C7}] => (Allow) C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{AEEED0DD-7F48-45C8-BA31-03B839E71873}] => (Allow) C:\Users\Roberto\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{00033AFD-CE29-40F2-B3D1-BDEDA697A305}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe FirewallRules: [{12A567FF-FCCF-47B2-8F95-EFE9476F3DF5}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe FirewallRules: [TCP Query User{01DDA379-57C4-4907-AD4C-5EFB9498824C}C:\program files (x86)\atari\neverwinter nights 2 - platinum edition\nwn2main.exe] => (Block) C:\program files (x86)\atari\neverwinter nights 2 - platinum edition\nwn2main.exe FirewallRules: [UDP Query User{0909A9B1-7310-4708-B2BE-82898AB2F9A4}C:\program files (x86)\atari\neverwinter nights 2 - platinum edition\nwn2main.exe] => (Block) C:\program files (x86)\atari\neverwinter nights 2 - platinum edition\nwn2main.exe FirewallRules: [TCP Query User{E12909FB-43D5-4E5F-B65B-042D01BC34C4}C:\users\roberto\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\roberto\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [UDP Query User{3D74C7D5-18C3-4FA8-B86D-D164F78A74FA}C:\users\roberto\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\roberto\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [TCP Query User{4EE59889-F223-4867-B496-5234E6365E88}C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe] => (Allow) C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe FirewallRules: [UDP Query User{019C0845-5AFE-464A-8526-E2DC0711C861}C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe] => (Allow) C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe FirewallRules: [{587FF000-0918-478F-8D22-533E7E41C8EB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3FD6E2F4-C2CB-40B0-A023-BBE837D50C0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5C58D239-66C8-4B17-9A86-C48A5246694F}] => (Allow) C:\Users\Roberto\AppData\Local\Temp\7zS2B68\ProductInst64.exe FirewallRules: [{16CF085F-9A69-4A76-9431-A553692BEEF3}] => (Allow) C:\Users\Roberto\AppData\Local\Temp\7zS2B68\ProductInst64.exe FirewallRules: [{DEB628D2-644A-4C86-9ADE-ACCD26C0F27A}] => (Allow) LPort=9100 FirewallRules: [{1C4A2625-EDDC-4740-84C2-370B70C80444}] => (Allow) LPort=427 FirewallRules: [{F492964F-2C74-4F71-950C-2567CC8975C9}] => (Allow) LPort=161 FirewallRules: [{81597D9D-8099-46D5-A25B-831DFD73A983}] => (Allow) LPort=427 FirewallRules: [TCP Query User{92C95AC5-2D47-44E3-90F9-DFAA9E04C7F9}C:\games\black & white\runblack.exe] => (Block) C:\games\black & white\runblack.exe FirewallRules: [UDP Query User{5A339732-981E-42CC-9E98-982D2303C19E}C:\games\black & white\runblack.exe] => (Block) C:\games\black & white\runblack.exe FirewallRules: [{904AF852-5D74-44D5-980C-F06C2F8B0044}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{E8AC2270-4B3F-42D5-B921-CF78C7F98F84}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{26956551-9620-44BA-9DEB-2E853EB5418E}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [TCP Query User{7DFAFBE8-973D-4295-A8AE-6F894A7B47C6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{77FA1DBE-0F0C-4020-B615-D414513F44B8}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{DB170BD3-4A5C-4FF9-BAE8-D32588450F9F}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe FirewallRules: [{7CD7FFB3-623C-4AF2-B757-A0B40C68C7ED}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe StandardProfile\AuthorizedApplications: [C:\Windows\system32\rundll32.exe] => *:Enabled:rundll32 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/07/2015 08:57:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: mbam.exe, versione: 2.3.125.0, timestamp: 0x5612a56b Nome del modulo che ha generato l'errore: MSVCR100.dll, versione: 10.0.40219.325, timestamp: 0x4df2be1e Codice eccezione: 0x40000015 Offset errore 0x0008d6fd ID processo che ha generato l'errore: 0x143c Ora di avvio dell'applicazione che ha generato l'errore: 0xmbam.exe0 Percorso dell'applicazione che ha generato l'errore: mbam.exe1 Percorso del modulo che ha generato l'errore: mbam.exe2 ID segnalazione: mbam.exe3 Nome completo pacchetto che ha generato l'errore: mbam.exe4 ID applicazione relativo al pacchetto che ha generato l'errore: mbam.exe5 Error: (12/06/2015 04:32:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: mbam.exe, versione: 2.3.125.0, timestamp: 0x5612a56b Nome del modulo che ha generato l'errore: MSVCR100.dll, versione: 10.0.40219.325, timestamp: 0x4df2be1e Codice eccezione: 0x40000015 Offset errore 0x0008d6fd ID processo che ha generato l'errore: 0xa94 Ora di avvio dell'applicazione che ha generato l'errore: 0xmbam.exe0 Percorso dell'applicazione che ha generato l'errore: mbam.exe1 Percorso del modulo che ha generato l'errore: mbam.exe2 ID segnalazione: mbam.exe3 Nome completo pacchetto che ha generato l'errore: mbam.exe4 ID applicazione relativo al pacchetto che ha generato l'errore: mbam.exe5 Error: (12/06/2015 04:01:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: RtkNGUI64.exe, versione: 1.0.0.196, timestamp: 0x4fd6d0a9 Nome del modulo che ha generato l'errore: RtkNGUI64.exe, versione: 1.0.0.196, timestamp: 0x4fd6d0a9 Codice eccezione: 0xc0000005 Offset errore 0x00000000000e8ee4 ID processo che ha generato l'errore: 0xd60 Ora di avvio dell'applicazione che ha generato l'errore: 0xRtkNGUI64.exe0 Percorso dell'applicazione che ha generato l'errore: RtkNGUI64.exe1 Percorso del modulo che ha generato l'errore: RtkNGUI64.exe2 ID segnalazione: RtkNGUI64.exe3 Nome completo pacchetto che ha generato l'errore: RtkNGUI64.exe4 ID applicazione relativo al pacchetto che ha generato l'errore: RtkNGUI64.exe5 Error: (12/06/2015 02:45:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: mbam.exe, versione: 2.3.125.0, timestamp: 0x5612a56b Nome del modulo che ha generato l'errore: MSVCR100.dll, versione: 10.0.40219.325, timestamp: 0x4df2be1e Codice eccezione: 0x40000015 Offset errore 0x0008d6fd ID processo che ha generato l'errore: 0xc18 Ora di avvio dell'applicazione che ha generato l'errore: 0xmbam.exe0 Percorso dell'applicazione che ha generato l'errore: mbam.exe1 Percorso del modulo che ha generato l'errore: mbam.exe2 ID segnalazione: mbam.exe3 Nome completo pacchetto che ha generato l'errore: mbam.exe4 ID applicazione relativo al pacchetto che ha generato l'errore: mbam.exe5 Error: (12/06/2015 01:47:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALIENROB) Description: Attivazione dell'app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos non riuscita con errore: -2144980991 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo. Error: (12/06/2015 01:46:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: mbam.exe, versione: 2.3.125.0, timestamp: 0x5612a56b Nome del modulo che ha generato l'errore: MSVCR100.dll, versione: 10.0.40219.325, timestamp: 0x4df2be1e Codice eccezione: 0x40000015 Offset errore 0x0008d6fd ID processo che ha generato l'errore: 0xbc0 Ora di avvio dell'applicazione che ha generato l'errore: 0xmbam.exe0 Percorso dell'applicazione che ha generato l'errore: mbam.exe1 Percorso del modulo che ha generato l'errore: mbam.exe2 ID segnalazione: mbam.exe3 Nome completo pacchetto che ha generato l'errore: mbam.exe4 ID applicazione relativo al pacchetto che ha generato l'errore: mbam.exe5 Error: (12/06/2015 01:38:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: delegate_execute.exe, versione: 47.0.2526.73, timestamp: 0x5653ef4a Nome del modulo che ha generato l'errore: delegate_execute.exe, versione: 47.0.2526.73, timestamp: 0x5653ef4a Codice eccezione: 0x80000003 Offset errore 0x00007f81 ID processo che ha generato l'errore: 0xfc0 Ora di avvio dell'applicazione che ha generato l'errore: 0xdelegate_execute.exe0 Percorso dell'applicazione che ha generato l'errore: delegate_execute.exe1 Percorso del modulo che ha generato l'errore: delegate_execute.exe2 ID segnalazione: delegate_execute.exe3 Nome completo pacchetto che ha generato l'errore: delegate_execute.exe4 ID applicazione relativo al pacchetto che ha generato l'errore: delegate_execute.exe5 Error: (12/06/2015 01:36:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: ) Description: Servizi di crittografia: impossibile inizializzare l'oggetto writer del sistema per il backup del servizio Copia Shadow del volume. Details: Could not query the status of the EventSystem service. System Error: È in corso l'arresto del sistema. . Error: (12/06/2015 12:14:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALIENROB) Description: Attivazione dell'app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos non riuscita con errore: -2144927142 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo. Error: (12/06/2015 12:14:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ALIENROB) Description: L'app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos non è stata avviata nell'intervallo di tempo consentito. System errors: ============= Error: (12/07/2015 09:13:28 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\WINDOWS\System32\Drivers\TrueSight.sys Error: (12/06/2015 04:03:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio Alienware Digital Delivery Service. Questo evento si è già verificato 1 volta(e). Error: (12/06/2015 03:32:25 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\WINDOWS\System32\Drivers\TrueSight.sys Error: (12/06/2015 02:03:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Arresto imprevista del servizio Alienware Digital Delivery Service. Questo evento si è già verificato 1 volta(e). Error: (12/06/2015 02:00:03 PM) (Source: DCOM) (EventID: 10005) (User: ALIENROB) Description: 1084ShellHWDetectionNon disponibile{DD522ACC-F821-461A-A407-50B198B896DC} Error: (12/06/2015 01:50:55 PM) (Source: DCOM) (EventID: 10005) (User: ALIENROB) Description: 1084ShellHWDetectionNon disponibile{DD522ACC-F821-461A-A407-50B198B896DC} Error: (12/06/2015 01:50:30 PM) (Source: DCOM) (EventID: 10005) (User: ALIENROB) Description: 1084ShellHWDetectionNon disponibile{DD522ACC-F821-461A-A407-50B198B896DC} Error: (12/06/2015 01:50:25 PM) (Source: DCOM) (EventID: 10005) (User: ALIENROB) Description: 1084WSearchNon disponibile{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (12/06/2015 01:50:25 PM) (Source: DCOM) (EventID: 10005) (User: ALIENROB) Description: 1084WSearchNon disponibile{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (12/06/2015 01:50:25 PM) (Source: DCOM) (EventID: 10005) (User: ALIENROB) Description: 1084WSearchNon disponibile{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz Percentage of memory in use: 31% Total physical RAM: 8087.2 MB Available physical RAM: 5559.83 MB Total Virtual: 9303.2 MB Available Virtual: 5790.99 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1854.25 GB) (Free:1732.39 GB) NTFS Drive d: (G90) (CDROM) (Total:7.51 GB) (Free:0 GB) UDF Drive e: (ESP) (Fixed) (Total:0.49 GB) (Free:0.19 GB) FAT32 ==>[system with boot components (obtained from drive)] Drive h: (IRMS430) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF Drive x: (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.19 GB) NTFS Drive y: (PBR Image) (Fixed) (Total:7.63 GB) (Free:0.27 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B6DBB400) Partition: GPT. ==================== End of Addition.txt ============================