Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

chrome survey, redirects of browser, 'upgrade your media player no


  • This topic is locked This topic is locked

#1
dezuha

dezuha

    Member

  • Member
  • PipPip
  • 10 posts

Hi there,

I' m having problems with chrome browser.

It started with chrome survey and then with a lot (more than usual)of ads on websites.

I open pages and after a while they deliberately redirect to other link, open virtual world/plays, open this 'upgrade your media player now' and also adult sites.

I have to use back button and sometimes it goes back to the page I was opening, sometimes I can't go back at all, it deletes previous page.

 

It's frustrating.

Could you help me?

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by dezuha (administrator) on LOUNGE-PC on 06-04-2015 17:51:25
Running from C:\Users\dezuha\Desktop
Loaded Profiles: dezuha (Available profiles: dezuha)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe
() C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe
() C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe
() C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe
() C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe
() C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe
() C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe
() C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe
() C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe
() C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe
() C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe
() C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [Bdagent] => "C:\Program Files\Bitdefender\Bitdefender BETA\bdagent.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-02-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [bdruninstaller] => C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe [701216 2014-04-14] (Bitdefender)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender BETA\bdwtxag.exe"
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\Run: [] => [X]
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-748861900-71194070-2566255496-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
Startup: C:\Users\dezuha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\dezuha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk
ShortcutTarget: Ritaglio schermata e avvio di OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\dezuha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__php the_title();__.lnk
ShortcutTarget: __php the_title();__.lnk -> C:\ProgramData\{a720ac9d-6e2c-f791-a720-0ac9d6e2b275}\__php the_title();__.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> {7FEF32CA-AD45-472B-8E79-BF13BCC9D89B} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {7FEF32CA-AD45-472B-8E79-BF13BCC9D89B} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-748861900-71194070-2566255496-1001 -> {7FEF32CA-AD45-472B-8E79-BF13BCC9D89B} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-748861900-71194070-2566255496-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54353-12130-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
Toolbar: HKU\S-1-5-21-748861900-71194070-2566255496-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-28] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender BETA\bdtbext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender BETA\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender BETA\bdtbext
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://isearch.avg.com/?cid={4ECE8E9D-F1EC-4E6D-BFD0-756BC6BAFF1D}&mid=4ecd65d8527647d6bd3a05c90cc3df57-22b44faccb4c43a676c5568e8e7ae9e347b6c0db&lang=it&ds=AVG&pr=pr&d=2012-10-05 12:37:13&v=14.2.0.1&pid=avg&sg=&sap=hp
CHR StartupUrls: Default -> "https://www.google.c...render#h|month"
CHR Profile: C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Unfriend Notify for Facebook) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2014-06-28]
CHR Extension: (Awesome Screenshot: Capture, Annotate & Share) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-11-04]
CHR Extension: (Google Docs) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-28]
CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2014-06-28]
CHR Extension: (Google Drive) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-04]
CHR Extension: (Sketch Mobile) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbilecdmpppjehlkpmdnnhaidegpacpc [2014-06-28]
CHR Extension: (Language Immersion for Chrome) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2014-08-28]
CHR Extension: (Fotor Photo Editor) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2014-06-28]
CHR Extension: (Quick Login for Google Accounts) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbgngpehipfmfmpjmhonhacgbkjpdidp [2015-04-01]
CHR Extension: (Telegram) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2014-06-28]
CHR Extension: (Lumin PDF Viewer) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkidnlfklnjanneifjjojofckpcogcl [2014-06-28]
CHR Extension: (Context Bookmarks) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednnkpljcbpjcoplcooifiblghkephlh [2014-08-28]
CHR Extension: (Google Calendar) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-06-28]
CHR Extension: (Google Sheets) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-06-28]
CHR Extension: (PicMonkey) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-06-28]
CHR Extension: (Annotate Attachments in Gmail - Framebench) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggfddmmbggnlhnelhlkbgaapbidkhcfa [2014-08-28]
CHR Extension: (Google Keep - notes and lists) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-06-28]
CHR Extension: (Fotomontaggi ed Effetti su Immagini e Foto) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpdmfmhphmmfjedjlnbjelgicoifffi [2014-06-28]
CHR Extension: (Facebook Unseen) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2015-04-02]
CHR Extension: (Fotomontaggi ed photoshop on-line) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildlgnmldoacjjmmacbhkifiahoebfoo [2014-06-28]
CHR Extension: (Color Picker) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcmgligingjhdnhdhgepemlckgcgmgaj [2014-06-28]
CHR Extension: (Photo Raster) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadhjegjmnnhlmkbmlmnjobjpeniinmp [2014-06-28]
CHR Extension: (Improved Google Tasks Panel) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgnappcencbgllhghhhgjnfjanfijdpn [2014-11-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Photo Editor Online) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgfajpjaafojlacndbcblnfdmkajckeh [2014-06-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-05]
CHR Extension: (Google Maps) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-28]
CHR Extension: (Google Drawings) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2014-06-28]
CHR Extension: (Free Online PDF Unlocker) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdknbehfogkgogcennnagfokmnimpab [2014-06-28]
CHR Extension: (Compare Hatke) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbeifcmllbkkjebeahalgcadeblbbfbe [2014-10-05]
CHR Extension: (MultiLogin) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccllfnllopfpcbjdgjdlfmomnfgnnbk [2015-04-01]
CHR Extension: (Keepa.com - Price Tracker) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2014-10-06]
CHR Extension: (Google Wallet) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-05]
CHR Extension: (Facebook Chat Pop-Outs) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnocoggcoknkjehhjjpanophojgknbpd [2014-10-05]
CHR Extension: (DriveConverter) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnijkabgdodbjffhlmbnhlccpkfappil [2014-06-28]
CHR HKU\S-1-5-21-748861900-71194070-2566255496-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\dezuha\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-31]
CHR HKU\S-1-5-21-748861900-71194070-2566255496-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-10-28] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-10-28] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-20] (Realtek Semiconductor)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-03-18] (Enigma Software Group USA, LLC.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender BETA\bdparentalservice.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260656 2014-04-30] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2014-07-03] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [648264 2014-04-30] (BitDefender)
U5 bdelam; C:\Windows\System32\Drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
U5 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-03-18] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-10-28] (Intel Corporation)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [448072 2013-02-02] (RTS Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-10-28] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-10-28] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S1 BdfNdisf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [X]
S1 bdfwfpf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [X]
S3 bdfwfpf_pc; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [X]
U4 bdselfpr; \??\C:\Program Files\Bitdefender\Bitdefender BETA\bdselfpr.sys
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U4 vsserv; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-06 17:51 - 2015-04-06 17:53 - 00029108 _____ () C:\Users\dezuha\Desktop\FRST.txt
2015-04-06 17:50 - 2015-04-06 17:51 - 00000000 ____D () C:\FRST
2015-04-06 17:45 - 2015-04-06 17:45 - 02095616 _____ (Farbar) C:\Users\dezuha\Desktop\FRST64.exe
2015-04-06 10:54 - 2015-04-06 10:54 - 00000000 ____D () C:\WINDOWS\pss
2015-04-06 00:02 - 2015-04-06 00:04 - 41840320 _____ (Microsoft Corporation) C:\Users\dezuha\Desktop\Windows-KB890830-x64-V5.22.exe
2015-04-02 15:16 - 2014-04-16 01:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-04-02 15:16 - 2014-04-16 01:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-04-02 15:08 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-04-02 15:08 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-04-02 15:08 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-04-02 15:08 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-04-02 15:08 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-04-02 15:08 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-04-02 15:08 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-04-02 15:08 - 2014-11-10 04:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-04-02 15:08 - 2014-11-10 03:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-04-02 15:07 - 2015-02-07 01:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-04-02 15:07 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-04-02 15:07 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-04-02 15:07 - 2014-10-31 01:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-04-02 15:07 - 2014-10-31 01:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-04-02 15:06 - 2015-01-16 00:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-04-02 15:06 - 2015-01-16 00:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-04-02 15:06 - 2015-01-14 06:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-04-02 15:06 - 2015-01-14 05:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-04-02 15:06 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-04-02 15:06 - 2014-12-19 10:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-04-02 15:06 - 2014-10-29 04:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-04-02 15:06 - 2014-10-29 04:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-04-02 15:06 - 2014-10-29 04:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-04-02 15:06 - 2014-10-29 04:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-04-02 15:06 - 2014-10-29 03:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-04-02 15:06 - 2014-10-13 04:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-04-02 15:06 - 2014-10-11 02:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-04-02 15:06 - 2014-10-11 02:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-04-02 15:06 - 2014-10-08 09:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-04-02 15:06 - 2014-10-08 09:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-04-02 15:06 - 2014-10-08 08:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2015-04-02 15:05 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-04-02 15:05 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-04-02 15:05 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-04-02 15:05 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-04-02 15:05 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-04-02 15:05 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-04-02 15:05 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-04-02 15:04 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-04-02 15:04 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-04-02 15:04 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-04-02 15:04 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-04-02 15:04 - 2014-12-13 23:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-04-02 15:04 - 2014-12-13 23:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-04-02 15:04 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-04-02 15:04 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-04-02 15:04 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-04-02 15:04 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-04-02 15:04 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-04-02 15:04 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-04-02 15:04 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-04-02 15:04 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-04-02 15:04 - 2014-10-29 03:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-04-02 15:04 - 2014-10-29 03:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-04-02 15:04 - 2014-10-29 03:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-04-02 15:04 - 2014-10-29 03:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-04-02 15:03 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-04-02 15:03 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-04-02 15:03 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-04-02 15:03 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-04-02 15:03 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-04-02 15:03 - 2015-01-30 05:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-04-02 15:03 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-04-02 15:03 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-04-02 15:03 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-04-02 15:03 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-04-02 15:03 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-04-02 15:03 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-04-02 15:03 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-04-02 15:03 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-04-02 15:03 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-04-02 15:03 - 2014-10-29 04:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe
2015-04-02 15:03 - 2014-10-29 04:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-04-02 15:03 - 2014-10-29 04:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2015-04-02 15:03 - 2014-10-29 03:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe
2015-04-02 15:03 - 2014-10-29 03:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2015-04-02 15:03 - 2014-10-29 03:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-04-02 15:03 - 2014-10-29 03:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-04-02 15:03 - 2014-10-29 03:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2015-04-02 15:03 - 2014-10-29 03:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2015-04-02 15:03 - 2014-10-29 03:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-04-02 15:03 - 2014-10-29 03:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2015-04-02 15:03 - 2014-10-29 02:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-04-02 15:03 - 2014-10-29 02:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2015-04-02 15:03 - 2014-10-29 02:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-04-02 15:03 - 2014-10-29 02:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2015-04-02 15:02 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-02 15:02 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-02 15:02 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-04-02 15:02 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-04-02 15:02 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-02 15:02 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-02 15:02 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-02 15:02 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-04-02 15:02 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-04-02 15:02 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-04-02 15:02 - 2014-10-29 04:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2015-04-02 15:02 - 2014-10-29 04:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2015-04-02 15:02 - 2014-10-29 04:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-02 15:02 - 2014-10-29 04:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-02 15:02 - 2014-10-29 03:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-04-02 15:02 - 2014-10-29 03:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-04-02 15:02 - 2014-10-29 03:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-04-02 15:02 - 2014-10-29 03:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-04-02 15:02 - 2014-10-29 03:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-04-02 15:02 - 2014-10-29 03:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-04-02 15:02 - 2014-10-29 03:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-04-02 15:02 - 2014-10-29 02:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-04-02 15:01 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-02 15:01 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-02 15:01 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-02 15:01 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-04-02 15:01 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-04-02 15:01 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-04-02 15:01 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-04-02 15:01 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-04-02 15:01 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-04-02 15:01 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-04-02 15:01 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-04-02 15:01 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-04-02 15:01 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-04-02 15:01 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-04-02 15:01 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-04-02 15:01 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-04-02 15:01 - 2014-10-29 03:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2015-04-02 15:01 - 2014-10-29 02:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2015-04-02 15:00 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-02 15:00 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-04-02 15:00 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-04-02 15:00 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-02 15:00 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-02 15:00 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-04-02 15:00 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-02 15:00 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-02 15:00 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-04-02 15:00 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-02 15:00 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-04-02 15:00 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-02 15:00 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-04-02 15:00 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-04-02 15:00 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-04-02 15:00 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-02 15:00 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-02 15:00 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-02 15:00 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-04-02 15:00 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-02 15:00 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-04-02 15:00 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-04-02 15:00 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-02 15:00 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-02 15:00 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-04-02 15:00 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-02 15:00 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-04-02 15:00 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-04-02 15:00 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-02 15:00 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-02 15:00 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-02 15:00 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-02 15:00 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-02 15:00 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-02 15:00 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-04-02 15:00 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-02 15:00 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-04-02 15:00 - 2015-01-12 03:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-04-02 14:59 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-04-02 14:59 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-04-02 14:59 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-04-02 14:59 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-04-02 14:59 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-04-02 14:57 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-04-02 14:57 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-04-02 14:57 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-04-02 14:57 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-04-02 14:57 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-04-02 14:57 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-04-02 14:57 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-02 14:57 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-31 11:14 - 2015-03-31 11:16 - 00000000 ____D () C:\Users\dezuha\Desktop\aiuto quanto al virus
2015-03-28 23:58 - 2015-03-28 23:58 - 00001151 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-28 23:55 - 2015-03-28 23:56 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\dezuha\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-27 21:20 - 2015-03-27 21:20 - 00071223 _____ () C:\Users\dezuha\Desktop\dddwwwww.jpeg
2015-03-27 20:52 - 2015-03-27 20:52 - 00094206 _____ () C:\Users\dezuha\Desktop\dddddddddddeeee.jpeg
2015-03-22 20:58 - 2015-03-22 20:58 - 00075480 _____ () C:\Users\dezuha\Desktop\149  MANGIAPALERMO......e ttttt149 .jpeg
2015-03-18 19:25 - 2015-03-18 19:25 - 00000000 _____ () C:\autoexec.bat
2015-03-18 19:24 - 2015-03-18 19:24 - 00003332 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-03-18 19:24 - 2015-03-18 19:24 - 00000000 ____D () C:\Users\dezuha\AppData\Roaming\Enigma Software Group
2015-03-18 19:22 - 2015-03-18 19:22 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-03-18 19:21 - 2015-03-18 19:21 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-03-18 18:36 - 2015-03-18 18:36 - 00072695 _____ () C:\Users\dezuha\Desktop\poinx2.jpeg
2015-03-18 18:35 - 2015-03-18 18:35 - 00211198 _____ () C:\Users\dezuha\Desktop\poinx3.jpeg
2015-03-18 18:35 - 2015-03-18 18:35 - 00187788 _____ () C:\Users\dezuha\Desktop\poinx4.jpeg
2015-03-18 18:34 - 2015-03-18 18:34 - 00201898 _____ () C:\Users\dezuha\Desktop\poinx1.jpeg
2015-03-15 21:53 - 2015-03-15 21:53 - 00050745 _____ () C:\Users\dezuha\Desktop\SEMOL.jpeg
2015-03-12 12:30 - 2015-03-12 12:30 - 00021748 _____ () C:\Users\dezuha\Desktop\2s.jpeg
2015-03-12 12:19 - 2015-03-12 12:19 - 00021505 _____ () C:\Users\dezuha\Desktop\c.jpeg
2015-03-12 10:35 - 2015-03-12 10:35 - 00027036 _____ () C:\Users\dezuha\Desktop\i.jpeg
2015-03-12 10:31 - 2015-03-12 10:31 - 00027739 _____ () C:\Users\dezuha\Desktop\1s.jpeg
2015-03-10 20:58 - 2015-03-10 20:58 - 00045897 _____ () C:\Users\dezuha\Desktop\66   3  Mangiare e Bere sano in Sicilia  66 .jpeg
2015-03-09 01:18 - 2015-03-09 01:18 - 00064232 _____ () C:\Users\dezuha\Desktop\Cesta de compra Amazon.es.jpeg
2015-03-07 23:57 - 2015-03-07 23:57 - 00046776 _____ () C:\Users\dezuha\Desktop\hhhhh.jpeg
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-06 17:44 - 2014-12-15 12:25 - 00000000 ____D () C:\Users\dezuha\AppData\Local\Popcorn-Time
2015-04-06 17:39 - 2014-02-21 20:02 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-06 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-06 14:52 - 2014-04-10 14:40 - 00003172 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFordezuha
2015-04-06 14:52 - 2014-04-10 14:40 - 00000356 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFordezuha.job
2015-04-06 14:36 - 2014-04-22 20:03 - 01461865 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-06 14:18 - 2014-04-22 20:16 - 00000000 ___DO () C:\Users\dezuha\OneDrive
2015-04-06 14:18 - 2014-03-25 10:41 - 00000000 ___RD () C:\Users\dezuha\Google Drive
2015-04-06 14:18 - 2014-02-21 20:02 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-06 11:25 - 2014-03-18 17:26 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-06 11:17 - 2014-03-18 10:16 - 00664270 _____ () C:\WINDOWS\PFRO.log
2015-04-06 11:17 - 2013-08-22 16:46 - 00346939 _____ () C:\WINDOWS\setupact.log
2015-04-06 11:17 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-06 11:16 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-05 22:51 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-05 08:56 - 2014-07-02 17:19 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-05 01:59 - 2014-03-24 18:59 - 00000000 ___RD () C:\Users\dezuha\Dropbox
2015-04-04 22:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-04 22:39 - 2014-02-05 20:33 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-748861900-71194070-2566255496-1001
2015-04-04 19:50 - 2015-02-27 00:06 - 00000020 _____ () C:\Users\dezuha\AppData\Roaming\appdataFr3.bin
2015-04-03 22:43 - 2014-10-06 22:42 - 00002242 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-03 08:29 - 2014-05-29 14:57 - 00003100 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-748861900-71194070-2566255496-1001
2015-04-02 19:31 - 2013-08-22 16:44 - 00490656 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-02 19:30 - 2015-02-14 11:19 - 00000000 ____D () C:\ProgramData\{a720ac9d-6e2c-f791-a720-0ac9d6e2b275}
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-02 16:08 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-02 15:56 - 2014-03-24 18:55 - 00000000 ____D () C:\Users\dezuha\AppData\Roaming\Dropbox
2015-04-02 15:49 - 2014-02-10 12:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-02 14:34 - 2014-02-27 15:50 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-03-29 16:21 - 2014-07-02 16:31 - 00000000 ____D () C:\AdwCleaner
2015-03-28 23:58 - 2014-07-02 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-28 23:58 - 2014-07-02 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-27 10:42 - 2015-02-14 20:43 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time
2015-03-25 08:09 - 2014-02-20 11:26 - 00000000 ____D () C:\Users\dezuha\Desktop\screen pick
2015-03-24 10:51 - 2014-03-03 11:57 - 00000000 ____D () C:\Users\dezuha\Desktop\volant
2015-03-22 11:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\schemas
2015-03-18 19:24 - 2014-04-22 19:48 - 00000000 ____D () C:\Users\dezuha
2015-03-18 19:10 - 2014-06-16 09:36 - 00000000 ____D () C:\Users\dezuha\Documents\foto da sviluppare
2015-03-17 07:15 - 2014-07-02 17:19 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-17 07:15 - 2014-07-02 17:19 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-17 07:15 - 2014-07-02 17:19 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-14 21:22 - 2015-02-14 20:47 - 00000000 ____D () C:\Users\dezuha\Downloads\PopcornTime
2015-03-14 10:41 - 2014-03-25 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-13 10:16 - 2014-03-24 18:59 - 00001079 _____ () C:\Users\dezuha\Desktop\Dropbox.lnk
2015-03-13 10:16 - 2014-03-24 18:56 - 00000000 ____D () C:\Users\dezuha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-11 18:48 - 2014-02-10 12:57 - 122905856 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-11 18:08 - 2014-06-16 09:34 - 00000000 ____D () C:\Users\dezuha\Desktop\ad oggi
 
==================== Files in the root of some directories =======
 
2015-01-21 19:59 - 2015-02-24 21:34 - 11509994 _____ () C:\Program Files (x86)\update.exe
2015-02-27 00:06 - 2015-04-04 19:50 - 0000020 _____ () C:\Users\dezuha\AppData\Roaming\appdataFr3.bin
2014-10-10 19:35 - 2014-10-10 19:35 - 0007616 _____ () C:\Users\dezuha\AppData\Local\Resmon.ResmonCfg
2014-07-03 20:27 - 2014-07-03 20:27 - 3030879 _____ () C:\ProgramData\1404407500.bdinstall.bin
2014-07-04 09:02 - 2014-07-04 09:02 - 0001090 _____ () C:\ProgramData\1404457277.1004.bin
2014-07-04 09:02 - 2014-07-04 09:02 - 0001089 _____ () C:\ProgramData\1404457277.128.bin
2014-07-04 09:01 - 2014-07-04 09:09 - 0117509 _____ () C:\ProgramData\1404457277.1980.bin
2014-07-04 09:01 - 2014-07-04 09:02 - 0005296 _____ () C:\ProgramData\1404457277.3928.bin
2014-07-04 09:01 - 2014-07-04 09:02 - 0244877 _____ () C:\ProgramData\1404457277.5260.bin
2014-07-04 09:01 - 2014-07-04 09:03 - 0100398 _____ () C:\ProgramData\1404457277.7100.bin
2014-11-15 18:25 - 2014-11-15 18:26 - 0099577 _____ () C:\ProgramData\1416068742.3620.bin
2014-11-15 18:25 - 2014-11-15 18:25 - 0074134 _____ () C:\ProgramData\1416068742.3644.bin
2014-11-15 18:25 - 2014-11-15 18:26 - 0022786 _____ () C:\ProgramData\1416068742.3804.bin
2014-11-15 18:25 - 2014-11-15 18:25 - 0003473 _____ () C:\ProgramData\1416068742.5600.bin
2014-11-15 18:25 - 2014-11-15 18:25 - 0002341 _____ () C:\ProgramData\1416068742.5744.bin
 
Some content of TEMP:
====================
C:\Users\dezuha\AppData\Local\Temp\5481051964126590670.exe
C:\Users\dezuha\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8lbkhp.dll
C:\Users\dezuha\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkoj8ey.dll
C:\Users\dezuha\AppData\Local\Temp\Extract.exe
C:\Users\dezuha\AppData\Local\Temp\ICReinstall_our-idiot-brother-ita-4427359.exe
C:\Users\dezuha\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\dezuha\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\dezuha\AppData\Local\Temp\ose00000.exe
C:\Users\dezuha\AppData\Local\Temp\Quarantine.exe
C:\Users\dezuha\AppData\Local\Temp\SP63342.exe
C:\Users\dezuha\AppData\Local\Temp\SP63343.exe
C:\Users\dezuha\AppData\Local\Temp\SP63344.exe
C:\Users\dezuha\AppData\Local\Temp\SP63353.exe
C:\Users\dezuha\AppData\Local\Temp\SP63357.exe
C:\Users\dezuha\AppData\Local\Temp\SP65168.exe
C:\Users\dezuha\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-06 14:51
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by dezuha at 2015-04-06 17:55:40
Running from C:\Users\dezuha\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{EA5160BE-7558-2716-01DB-FFE7F316957A}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Anti-Twin (Installation 19/10/2014) (HKLM-x32\...\Anti-Twin 2014-10-19 18.37.13) (Version:  - Joerg Rosenthal, Germany)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 4.0.2.0 - Auslogics Labs Pty Ltd)
Bitdefender Total Security BETA (HKLM\...\Bitdefender) (Version: 18.10.0.766 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3711 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5004 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6117 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
dupeGuru Picture Edition (HKLM-x32\...\{6BEBCD2F-81A5-4C1E-BC11-6E5BE0570156}) (Version: 2.7.0 - Hardcoded Software)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{CAD3347B-FAC8-4E69-A6B2-DEFBE08151C0}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F2481209-98FE-4943-8903-90D19E1B7062}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Quick Start (HKLM-x32\...\{9D45BA1F-03CC-4F27-9A8D-1F40B8784E95}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C27D60E4-3132-45A3-A71A-E3BD1DA3F794}) (Version: 1.0.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Nome società)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PicPick (HKLM-x32\...\PicPick) (Version: 3.3.2 - NTeWORKS)
Popcorn Time (HKLM-x32\...\Popcorn-Time) (Version: 0.3.1 - Popcorn Official)
Popcorn Time (HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\Popcorn Time) (Version:  - Popcorn Official)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6856 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}) (Version: 1.1.9200.007 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
ROOT´óʦ (HKLM-x32\...\{1295E43F-382A-4CB2-9E0F-079C0D7401BB}_is1) (Version: 1.7.9.10344 - ÉîÛÚÐÅÒ¼ÍøÂçÓÐÏÞ¹«Ë¾)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viber (HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\dezuha\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\dezuha\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\dezuha\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
22-03-2015 11:58:19 Scheduled Checkpoint
01-04-2015 17:38:51 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0257DAD4-50C0-48C2-854D-91B83C36992D} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {10E86C59-1F12-4D6B-9254-15BAF217F0C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2811F51A-864F-4DDC-B3B9-F5281551492B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {29977F1B-89E7-4C79-96E9-A292A98B8534} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2CA584A8-3D89-4CBD-8DF1-29079A5FEA1E} - System32\Tasks\{7DD7CC86-9475-4541-B3D7-3A6CAFF17AE9} => pcalua.exe -a C:\ProgramData\WPM\wprotectmanager.exe -c -uninstall
Task: {2ED896D3-D347-4E37-8C5A-2CFBA82CC211} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {4E5AF570-E878-4FA2-BD88-C9B0B7D65E17} - System32\Tasks\{B343F7D9-1D88-459F-9881-DFE83AD01F7C} => pcalua.exe -a C:\ProgramData\DivX\Setup\DivXSetup.exe -c /uninstall
Task: {5D3A941F-35AE-497A-80EF-72A058FBFA26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)
Task: {63553997-DC6E-47ED-8E62-E398480B6B8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {66D686C4-52B4-4385-A75F-5B6050620A16} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-10-28] (Synaptics Incorporated)
Task: {6967928C-7C90-40AD-B3D7-4CFEAA44D126} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard)
Task: {69A49C40-7831-48F6-8D71-EFBA08187894} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7B023E35-A0D7-46B2-9A10-B60C02CA7D76} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-01-17] (CyberLink)
Task: {8E4866AE-975A-43F4-B7D4-594047B4E12D} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {9558990F-D482-48BA-B45D-0663F66ED3E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard)
Task: {B9122D4A-823D-4EBF-8644-7F21F2D9539C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {BE20D361-7E83-45D8-8599-0BCE15F99E67} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D5231E2E-6B58-40E6-B02F-50A9C67FFEE2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {E2CEC4CE-4265-4E45-8668-7B29CF72EB36} - System32\Tasks\HPCeeScheduleFordezuha => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {E4D9A222-79FA-4906-B709-44B466D317C5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {F3877CEA-18F5-4C47-AC41-9C95D5371DF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)
Task: {FE68D048-8F02-4814-BE97-E9DEAEF5D62C} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-748861900-71194070-2566255496-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFordezuha.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2009-09-01 06:31 - 2009-09-01 06:31 - 00022016 _____ () C:\WINDOWS\System32\ssp2ml6.dll
2014-07-03 19:52 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2014-01-25 02:22 - 2014-01-25 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-16 14:54 - 2015-02-16 14:54 - 40723456 _____ () C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe
2014-10-28 18:10 - 2014-10-28 18:09 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-10-06 14:27 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-04-06 14:17 - 2015-04-06 14:17 - 00098816 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\win32api.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00110080 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\pywintypes27.dll
2015-04-06 14:16 - 2015-04-06 14:16 - 00364544 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\pythoncom27.dll
2015-04-06 14:17 - 2015-04-06 14:17 - 00045568 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\_socket.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 01161216 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\_ssl.pyd
2015-04-06 14:16 - 2015-04-06 14:16 - 00320512 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\win32com.shell.shell.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00713216 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\_hashlib.pyd
2015-04-06 14:16 - 2015-04-06 14:16 - 01175040 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\wx._core_.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00805888 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\wx._gdi_.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00811008 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\wx._windows_.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 01062400 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\wx._controls_.pyd
2015-04-06 14:16 - 2015-04-06 14:16 - 00735232 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\wx._misc_.pyd
2015-04-06 14:16 - 2015-04-06 14:17 - 00682496 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\pysqlite2._sqlite.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00128512 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\_elementtree.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00127488 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\pyexpat.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00087552 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\_ctypes.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00119808 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\win32file.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00108544 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\win32security.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00007168 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\hashobjs_ext.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00167936 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\win32gui.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00018432 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\win32event.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00038912 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\win32inet.pyd
2015-04-06 14:16 - 2015-04-06 14:16 - 00011264 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\win32crypt.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00070656 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\wx._html2.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00027136 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\_multiprocessing.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00020480 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\_yappi.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00035840 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\win32process.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00686080 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\unicodedata.pyd
2015-04-06 14:16 - 2015-04-06 14:16 - 00122368 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\wx._wizard.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00024064 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\win32pipe.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00010240 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\select.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00025600 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\win32pdh.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00525640 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\windows._lib_cacheinvalidation.pyd
2015-04-06 14:17 - 2015-04-06 14:17 - 00017408 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\win32profile.pyd
2015-04-06 14:16 - 2015-04-06 14:16 - 00022528 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\win32ts.pyd
2015-04-06 14:16 - 2015-04-06 14:16 - 00078336 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI14482\wx._animate.pyd
2015-04-03 22:42 - 2015-03-30 23:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 22:42 - 2015-03-30 23:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 22:42 - 2015-03-30 23:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-03 22:42 - 2015-03-30 23:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
2015-02-16 14:54 - 2015-02-16 14:54 - 00909824 _____ () C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\libglesv2.dll
2015-02-16 14:54 - 2015-02-16 14:54 - 00134144 _____ () C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\libegl.dll
2015-02-16 14:54 - 2015-02-16 14:54 - 02419712 _____ () C:\Users\dezuha\AppData\Local\Popcorn Time\node-webkit\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\dezuha\OneDrive:ms-properties
AlternateDataStreams: C:\Users\dezuha\Desktop\carta identità.jpg:com.dropbox.attributes
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-748861900-71194070-2566255496-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dezuha\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "bdruninstaller"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\StartupApproved\StartupFolder: => "Ritaglio schermata e avvio di OneNote 2007.lnk"
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\StartupApproved\Run: => "PicPick Start"
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\StartupApproved\Run: => "NokiaSuite.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-748861900-71194070-2566255496-500 - Administrator - Disabled)
dezuha (S-1-5-21-748861900-71194070-2566255496-1001 - Administrator - Enabled) => C:\Users\dezuha
Guest (S-1-5-21-748861900-71194070-2566255496-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-748861900-71194070-2566255496-1006 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/06/2015 02:15:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6691297
 
Error: (04/06/2015 02:15:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6691297
 
Error: (04/06/2015 02:15:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/06/2015 00:24:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15484
 
Error: (04/06/2015 00:24:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15484
 
Error: (04/06/2015 00:24:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/06/2015 10:35:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31242140
 
Error: (04/06/2015 10:35:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31242140
 
Error: (04/06/2015 10:35:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/06/2015 01:55:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7906
 
 
System errors:
=============
Error: (04/06/2015 00:23:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/06/2015 11:16:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/06/2015 01:54:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/05/2015 10:50:38 PM) (Source: DCOM) (EventID: 10010) (User: LOUNGE-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (04/05/2015 10:50:08 PM) (Source: DCOM) (EventID: 10010) (User: LOUNGE-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (04/05/2015 10:49:33 PM) (Source: DCOM) (EventID: 10010) (User: LOUNGE-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (04/05/2015 10:37:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/05/2015 01:59:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/05/2015 01:56:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/04/2015 00:25:58 AM) (Source: DCOM) (EventID: 10010) (User: LOUNGE-PC)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-06 14:53:39.382
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-01 17:21:14.811
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-31 21:13:14.434
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-22 10:33:08.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-16 20:24:28.687
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-27 17:57:09.756
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-26 15:56:21.323
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-12 09:57:16.268
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-12 09:57:15.922
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-12 09:57:15.586
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 80%
Total physical RAM: 3988.27 MB
Available physical RAM: 791.59 MB
Total Pagefile: 6804.27 MB
Available Pagefile: 2030.36 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:444.71 GB) (Free:357.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.84 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4FE02B41)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

Attached Thumbnails

  • 20150326_160504.jpg
  • visitatore 2015.jpeg

Edited by dezuha, 07 April 2015 - 10:11 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi sorry for the delay

Could you re-run FRST please for a fresh look. Allow FRST to update if it asks
  • 0

#3
dezuha

dezuha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
 hi there Essexboy,
I have re-run.
Thanks for your help
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by dezuha (administrator) on LOUNGE-PC on 10-04-2015 16:02:09
Running from C:\Users\dezuha\Desktop
Loaded Profiles: dezuha (Available profiles: dezuha)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [Bdagent] => "C:\Program Files\Bitdefender\Bitdefender BETA\bdagent.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-02-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [bdruninstaller] => C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe [701216 2014-04-14] (Bitdefender)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender BETA\bdwtxag.exe"
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\Run: [] => [X]
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-748861900-71194070-2566255496-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
Startup: C:\Users\dezuha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\dezuha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk
ShortcutTarget: Ritaglio schermata e avvio di OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\dezuha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__php the_title();__.lnk
ShortcutTarget: __php the_title();__.lnk -> C:\ProgramData\{a720ac9d-6e2c-f791-a720-0ac9d6e2b275}\__php the_title();__.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> {7FEF32CA-AD45-472B-8E79-BF13BCC9D89B} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {7FEF32CA-AD45-472B-8E79-BF13BCC9D89B} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-748861900-71194070-2566255496-1001 -> {7FEF32CA-AD45-472B-8E79-BF13BCC9D89B} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-748861900-71194070-2566255496-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54353-12130-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
Toolbar: HKU\S-1-5-21-748861900-71194070-2566255496-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-28] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender BETA\bdtbext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender BETA\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender BETA\bdtbext
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://isearch.avg.com/?cid={4ECE8E9D-F1EC-4E6D-BFD0-756BC6BAFF1D}&mid=4ecd65d8527647d6bd3a05c90cc3df57-22b44faccb4c43a676c5568e8e7ae9e347b6c0db&lang=it&ds=AVG&pr=pr&d=2012-10-05 12:37:13&v=14.2.0.1&pid=avg&sg=&sap=hp
CHR StartupUrls: Default -> "https://www.google.c...render#h|month"
CHR Profile: C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Unfriend Notify for Facebook) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2014-06-28]
CHR Extension: (Awesome Screenshot: Capture, Annotate & Share) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-11-04]
CHR Extension: (Google Docs) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-28]
CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2014-06-28]
CHR Extension: (Google Drive) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-04]
CHR Extension: (Sketch Mobile) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbilecdmpppjehlkpmdnnhaidegpacpc [2014-06-28]
CHR Extension: (Language Immersion for Chrome) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2014-08-28]
CHR Extension: (Fotor Photo Editor) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2014-06-28]
CHR Extension: (Quick Login for Google Accounts) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbgngpehipfmfmpjmhonhacgbkjpdidp [2015-04-01]
CHR Extension: (Telegram) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2014-06-28]
CHR Extension: (Lumin PDF Viewer) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkidnlfklnjanneifjjojofckpcogcl [2014-06-28]
CHR Extension: (Context Bookmarks) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednnkpljcbpjcoplcooifiblghkephlh [2014-08-28]
CHR Extension: (Google Calendar) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-06-28]
CHR Extension: (Google Sheets) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-06-28]
CHR Extension: (PicMonkey) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-06-28]
CHR Extension: (Annotate Attachments in Gmail - Framebench) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggfddmmbggnlhnelhlkbgaapbidkhcfa [2014-08-28]
CHR Extension: (Google Keep - notes and lists) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-06-28]
CHR Extension: (Fotomontaggi ed Effetti su Immagini e Foto) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpdmfmhphmmfjedjlnbjelgicoifffi [2014-06-28]
CHR Extension: (Facebook Unseen) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2015-04-02]
CHR Extension: (Fotomontaggi ed photoshop on-line) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildlgnmldoacjjmmacbhkifiahoebfoo [2014-06-28]
CHR Extension: (Color Picker) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcmgligingjhdnhdhgepemlckgcgmgaj [2014-06-28]
CHR Extension: (Photo Raster) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadhjegjmnnhlmkbmlmnjobjpeniinmp [2014-06-28]
CHR Extension: (Improved Google Tasks Panel) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgnappcencbgllhghhhgjnfjanfijdpn [2014-11-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-09]
CHR Extension: (Photo Editor Online) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgfajpjaafojlacndbcblnfdmkajckeh [2014-06-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-05]
CHR Extension: (Google Maps) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-28]
CHR Extension: (Google Drawings) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2014-06-28]
CHR Extension: (Free Online PDF Unlocker) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdknbehfogkgogcennnagfokmnimpab [2014-06-28]
CHR Extension: (Compare Hatke) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbeifcmllbkkjebeahalgcadeblbbfbe [2014-10-05]
CHR Extension: (MultiLogin) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccllfnllopfpcbjdgjdlfmomnfgnnbk [2015-04-01]
CHR Extension: (Keepa.com - Price Tracker) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2014-10-06]
CHR Extension: (Google Wallet) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-05]
CHR Extension: (Facebook Chat Pop-Outs) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnocoggcoknkjehhjjpanophojgknbpd [2014-10-05]
CHR Extension: (DriveConverter) - C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnijkabgdodbjffhlmbnhlccpkfappil [2014-06-28]
CHR HKU\S-1-5-21-748861900-71194070-2566255496-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\dezuha\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-31]
CHR HKU\S-1-5-21-748861900-71194070-2566255496-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-10-28] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-10-28] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-20] (Realtek Semiconductor)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-03-18] (Enigma Software Group USA, LLC.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender BETA\bdparentalservice.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260656 2014-04-30] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2014-07-03] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [648264 2014-04-30] (BitDefender)
U5 bdelam; C:\Windows\System32\Drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
U5 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-03-18] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-10-28] (Intel Corporation)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [448072 2013-02-02] (RTS Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-10-28] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-10-28] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S1 BdfNdisf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [X]
S1 bdfwfpf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [X]
S3 bdfwfpf_pc; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [X]
U4 bdselfpr; \??\C:\Program Files\Bitdefender\Bitdefender BETA\bdselfpr.sys
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U4 vsserv; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-09 19:43 - 2015-04-09 19:43 - 00060240 _____ () C:\Users\dezuha\Desktop\4  Mangiare e Bere sano in Sicilia  4 .jpeg
2015-04-08 15:35 - 2015-04-08 15:35 - 00044410 _____ () C:\Users\dezuha\Desktop\Poinx   FAQ.jpeg
2015-04-07 20:44 - 2015-04-07 20:44 - 00052104 _____ () C:\Users\dezuha\Desktop\ffffffffffffffffffff.jpeg
2015-04-06 17:55 - 2015-04-06 18:00 - 00036145 _____ () C:\Users\dezuha\Desktop\Addition.txt
2015-04-06 17:51 - 2015-04-10 16:06 - 00028363 _____ () C:\Users\dezuha\Desktop\FRST.txt
2015-04-06 17:50 - 2015-04-10 16:02 - 00000000 ____D () C:\FRST
2015-04-06 17:45 - 2015-04-06 17:45 - 02095616 _____ (Farbar) C:\Users\dezuha\Desktop\FRST64.exe
2015-04-06 10:54 - 2015-04-06 10:54 - 00000000 ____D () C:\WINDOWS\pss
2015-04-06 00:02 - 2015-04-06 00:04 - 41840320 _____ (Microsoft Corporation) C:\Users\dezuha\Desktop\Windows-KB890830-x64-V5.22.exe
2015-04-02 15:16 - 2014-04-16 01:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-04-02 15:16 - 2014-04-16 01:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-04-02 15:08 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-04-02 15:08 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-04-02 15:08 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-04-02 15:08 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-04-02 15:08 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-04-02 15:08 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-04-02 15:08 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-04-02 15:08 - 2014-11-10 04:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-04-02 15:08 - 2014-11-10 03:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-04-02 15:07 - 2015-02-07 01:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-04-02 15:07 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-04-02 15:07 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-04-02 15:07 - 2014-10-31 01:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-04-02 15:07 - 2014-10-31 01:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-04-02 15:06 - 2015-01-16 00:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-04-02 15:06 - 2015-01-16 00:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-04-02 15:06 - 2015-01-14 06:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-04-02 15:06 - 2015-01-14 05:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-04-02 15:06 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-04-02 15:06 - 2014-12-19 10:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-04-02 15:06 - 2014-10-29 04:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-04-02 15:06 - 2014-10-29 04:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-04-02 15:06 - 2014-10-29 04:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-04-02 15:06 - 2014-10-29 04:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-04-02 15:06 - 2014-10-29 03:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-04-02 15:06 - 2014-10-13 04:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-04-02 15:06 - 2014-10-11 02:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-04-02 15:06 - 2014-10-11 02:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-04-02 15:06 - 2014-10-08 09:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-04-02 15:06 - 2014-10-08 09:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-04-02 15:06 - 2014-10-08 08:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2015-04-02 15:05 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-04-02 15:05 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-04-02 15:05 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-04-02 15:05 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-04-02 15:05 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-04-02 15:05 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-04-02 15:05 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-04-02 15:04 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-04-02 15:04 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-04-02 15:04 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-04-02 15:04 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-04-02 15:04 - 2014-12-13 23:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-04-02 15:04 - 2014-12-13 23:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-04-02 15:04 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-04-02 15:04 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-04-02 15:04 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-04-02 15:04 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-04-02 15:04 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-04-02 15:04 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-04-02 15:04 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-04-02 15:04 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-04-02 15:04 - 2014-10-29 03:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-04-02 15:04 - 2014-10-29 03:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-04-02 15:04 - 2014-10-29 03:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-04-02 15:04 - 2014-10-29 03:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-04-02 15:03 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-04-02 15:03 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-04-02 15:03 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-04-02 15:03 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-04-02 15:03 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-04-02 15:03 - 2015-01-30 05:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-04-02 15:03 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-04-02 15:03 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-04-02 15:03 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-04-02 15:03 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-04-02 15:03 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-04-02 15:03 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-04-02 15:03 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-04-02 15:03 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-04-02 15:03 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-04-02 15:03 - 2014-10-29 04:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe
2015-04-02 15:03 - 2014-10-29 04:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-04-02 15:03 - 2014-10-29 04:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2015-04-02 15:03 - 2014-10-29 03:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe
2015-04-02 15:03 - 2014-10-29 03:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2015-04-02 15:03 - 2014-10-29 03:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-04-02 15:03 - 2014-10-29 03:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-04-02 15:03 - 2014-10-29 03:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2015-04-02 15:03 - 2014-10-29 03:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2015-04-02 15:03 - 2014-10-29 03:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-04-02 15:03 - 2014-10-29 03:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2015-04-02 15:03 - 2014-10-29 02:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-04-02 15:03 - 2014-10-29 02:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2015-04-02 15:03 - 2014-10-29 02:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-04-02 15:03 - 2014-10-29 02:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2015-04-02 15:02 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-02 15:02 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-02 15:02 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-04-02 15:02 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-04-02 15:02 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-02 15:02 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-02 15:02 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-02 15:02 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-04-02 15:02 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-04-02 15:02 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-04-02 15:02 - 2014-10-29 04:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2015-04-02 15:02 - 2014-10-29 04:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2015-04-02 15:02 - 2014-10-29 04:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-02 15:02 - 2014-10-29 04:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-02 15:02 - 2014-10-29 03:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-04-02 15:02 - 2014-10-29 03:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-04-02 15:02 - 2014-10-29 03:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-04-02 15:02 - 2014-10-29 03:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-04-02 15:02 - 2014-10-29 03:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-04-02 15:02 - 2014-10-29 03:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-04-02 15:02 - 2014-10-29 03:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-04-02 15:02 - 2014-10-29 02:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-04-02 15:01 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-02 15:01 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-02 15:01 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-02 15:01 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-04-02 15:01 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-04-02 15:01 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-04-02 15:01 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-04-02 15:01 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-04-02 15:01 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-04-02 15:01 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-04-02 15:01 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-04-02 15:01 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-04-02 15:01 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-04-02 15:01 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-04-02 15:01 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-04-02 15:01 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-04-02 15:01 - 2014-10-29 03:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2015-04-02 15:01 - 2014-10-29 02:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2015-04-02 15:00 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-02 15:00 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-04-02 15:00 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-04-02 15:00 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-02 15:00 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-02 15:00 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-04-02 15:00 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-02 15:00 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-02 15:00 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-04-02 15:00 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-02 15:00 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-04-02 15:00 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-02 15:00 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-04-02 15:00 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-04-02 15:00 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-04-02 15:00 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-02 15:00 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-02 15:00 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-02 15:00 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-04-02 15:00 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-02 15:00 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-04-02 15:00 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-04-02 15:00 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-02 15:00 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-02 15:00 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-04-02 15:00 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-02 15:00 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-04-02 15:00 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-04-02 15:00 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-02 15:00 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-02 15:00 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-02 15:00 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-02 15:00 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-02 15:00 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-02 15:00 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-04-02 15:00 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-02 15:00 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-04-02 15:00 - 2015-01-12 03:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-04-02 14:59 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-04-02 14:59 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-04-02 14:59 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-04-02 14:59 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-04-02 14:59 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-04-02 14:57 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-04-02 14:57 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-04-02 14:57 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-04-02 14:57 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-04-02 14:57 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-04-02 14:57 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-04-02 14:57 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-02 14:57 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-31 11:14 - 2015-04-09 09:56 - 00000000 ____D () C:\Users\dezuha\Desktop\aiuto quanto al virus
2015-03-28 23:58 - 2015-03-28 23:58 - 00001151 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-28 23:55 - 2015-03-28 23:56 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\dezuha\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-27 21:20 - 2015-03-27 21:20 - 00071223 _____ () C:\Users\dezuha\Desktop\dddwwwww.jpeg
2015-03-27 20:52 - 2015-03-27 20:52 - 00094206 _____ () C:\Users\dezuha\Desktop\dddddddddddeeee.jpeg
2015-03-22 20:58 - 2015-03-22 20:58 - 00075480 _____ () C:\Users\dezuha\Desktop\149  MANGIAPALERMO......e ttttt149 .jpeg
2015-03-18 19:25 - 2015-03-18 19:25 - 00000000 _____ () C:\autoexec.bat
2015-03-18 19:24 - 2015-03-18 19:24 - 00003332 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-03-18 19:24 - 2015-03-18 19:24 - 00000000 ____D () C:\Users\dezuha\AppData\Roaming\Enigma Software Group
2015-03-18 19:22 - 2015-03-18 19:22 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-03-18 19:21 - 2015-03-18 19:21 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-03-18 18:36 - 2015-03-18 18:36 - 00072695 _____ () C:\Users\dezuha\Desktop\poinx2.jpeg
2015-03-18 18:35 - 2015-03-18 18:35 - 00211198 _____ () C:\Users\dezuha\Desktop\poinx3.jpeg
2015-03-18 18:35 - 2015-03-18 18:35 - 00187788 _____ () C:\Users\dezuha\Desktop\poinx4.jpeg
2015-03-18 18:34 - 2015-03-18 18:34 - 00201898 _____ () C:\Users\dezuha\Desktop\poinx1.jpeg
2015-03-15 21:53 - 2015-03-15 21:53 - 00050745 _____ () C:\Users\dezuha\Desktop\SEMOL.jpeg
2015-03-12 12:30 - 2015-03-12 12:30 - 00021748 _____ () C:\Users\dezuha\Desktop\2s.jpeg
2015-03-12 12:19 - 2015-03-12 12:19 - 00021505 _____ () C:\Users\dezuha\Desktop\c.jpeg
2015-03-12 10:35 - 2015-03-12 10:35 - 00027036 _____ () C:\Users\dezuha\Desktop\i.jpeg
2015-03-12 10:31 - 2015-03-12 10:31 - 00027739 _____ () C:\Users\dezuha\Desktop\1s.jpeg
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-10 16:00 - 2014-04-22 20:03 - 01727242 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-10 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-10 15:39 - 2014-02-21 20:02 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-10 14:52 - 2014-04-10 14:40 - 00003172 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFordezuha
2015-04-10 14:52 - 2014-04-10 14:40 - 00000356 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFordezuha.job
2015-04-10 14:29 - 2014-03-25 10:41 - 00000000 ___RD () C:\Users\dezuha\Google Drive
2015-04-10 14:28 - 2014-04-22 20:16 - 00000000 __RDO () C:\Users\dezuha\OneDrive
2015-04-10 14:28 - 2014-02-21 20:02 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 21:01 - 2014-12-15 12:25 - 00000000 ____D () C:\Users\dezuha\AppData\Local\Popcorn-Time
2015-04-09 09:05 - 2015-02-27 00:06 - 00000020 _____ () C:\Users\dezuha\AppData\Roaming\appdataFr3.bin
2015-04-07 09:33 - 2014-03-18 17:26 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-07 09:32 - 2013-08-22 16:46 - 00347735 _____ () C:\WINDOWS\setupact.log
2015-04-06 11:17 - 2014-03-18 10:16 - 00664270 _____ () C:\WINDOWS\PFRO.log
2015-04-06 11:17 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-06 11:16 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-05 22:51 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-05 08:56 - 2014-07-02 17:19 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-05 01:59 - 2014-03-24 18:59 - 00000000 ___RD () C:\Users\dezuha\Dropbox
2015-04-04 22:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-04 22:39 - 2014-02-05 20:33 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-748861900-71194070-2566255496-1001
2015-04-03 22:43 - 2014-10-06 22:42 - 00002242 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-03 08:29 - 2014-05-29 14:57 - 00003100 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-748861900-71194070-2566255496-1001
2015-04-02 19:31 - 2013-08-22 16:44 - 00490656 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-02 19:30 - 2015-02-14 11:19 - 00000000 ____D () C:\ProgramData\{a720ac9d-6e2c-f791-a720-0ac9d6e2b275}
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-02 19:27 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-02 16:08 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-02 15:56 - 2014-03-24 18:55 - 00000000 ____D () C:\Users\dezuha\AppData\Roaming\Dropbox
2015-04-02 15:49 - 2014-02-10 12:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-02 14:34 - 2014-02-27 15:50 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-03-29 16:21 - 2014-07-02 16:31 - 00000000 ____D () C:\AdwCleaner
2015-03-28 23:58 - 2014-07-02 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-28 23:58 - 2014-07-02 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-27 10:42 - 2015-02-14 20:43 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time
2015-03-25 08:09 - 2014-02-20 11:26 - 00000000 ____D () C:\Users\dezuha\Desktop\screen pick
2015-03-24 10:51 - 2014-03-03 11:57 - 00000000 ____D () C:\Users\dezuha\Desktop\volant
2015-03-22 11:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\schemas
2015-03-18 19:24 - 2014-04-22 19:48 - 00000000 ____D () C:\Users\dezuha
2015-03-18 19:10 - 2014-06-16 09:36 - 00000000 ____D () C:\Users\dezuha\Documents\foto da sviluppare
2015-03-17 07:15 - 2014-07-02 17:19 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-17 07:15 - 2014-07-02 17:19 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-17 07:15 - 2014-07-02 17:19 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-14 21:22 - 2015-02-14 20:47 - 00000000 ____D () C:\Users\dezuha\Downloads\PopcornTime
2015-03-14 10:41 - 2014-03-25 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-13 10:16 - 2014-03-24 18:59 - 00001079 _____ () C:\Users\dezuha\Desktop\Dropbox.lnk
2015-03-13 10:16 - 2014-03-24 18:56 - 00000000 ____D () C:\Users\dezuha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-11 18:48 - 2014-02-10 12:57 - 122905856 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-11 18:08 - 2014-06-16 09:34 - 00000000 ____D () C:\Users\dezuha\Desktop\ad oggi
 
==================== Files in the root of some directories =======
 
2015-01-21 19:59 - 2015-02-24 21:34 - 11509994 _____ () C:\Program Files (x86)\update.exe
2015-02-27 00:06 - 2015-04-09 09:05 - 0000020 _____ () C:\Users\dezuha\AppData\Roaming\appdataFr3.bin
2014-10-10 19:35 - 2014-10-10 19:35 - 0007616 _____ () C:\Users\dezuha\AppData\Local\Resmon.ResmonCfg
2014-07-03 20:27 - 2014-07-03 20:27 - 3030879 _____ () C:\ProgramData\1404407500.bdinstall.bin
2014-07-04 09:02 - 2014-07-04 09:02 - 0001090 _____ () C:\ProgramData\1404457277.1004.bin
2014-07-04 09:02 - 2014-07-04 09:02 - 0001089 _____ () C:\ProgramData\1404457277.128.bin
2014-07-04 09:01 - 2014-07-04 09:09 - 0117509 _____ () C:\ProgramData\1404457277.1980.bin
2014-07-04 09:01 - 2014-07-04 09:02 - 0005296 _____ () C:\ProgramData\1404457277.3928.bin
2014-07-04 09:01 - 2014-07-04 09:02 - 0244877 _____ () C:\ProgramData\1404457277.5260.bin
2014-07-04 09:01 - 2014-07-04 09:03 - 0100398 _____ () C:\ProgramData\1404457277.7100.bin
2014-11-15 18:25 - 2014-11-15 18:26 - 0099577 _____ () C:\ProgramData\1416068742.3620.bin
2014-11-15 18:25 - 2014-11-15 18:25 - 0074134 _____ () C:\ProgramData\1416068742.3644.bin
2014-11-15 18:25 - 2014-11-15 18:26 - 0022786 _____ () C:\ProgramData\1416068742.3804.bin
2014-11-15 18:25 - 2014-11-15 18:25 - 0003473 _____ () C:\ProgramData\1416068742.5600.bin
2014-11-15 18:25 - 2014-11-15 18:25 - 0002341 _____ () C:\ProgramData\1416068742.5744.bin
 
Some content of TEMP:
====================
C:\Users\dezuha\AppData\Local\Temp\5481051964126590670.exe
C:\Users\dezuha\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8lbkhp.dll
C:\Users\dezuha\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkoj8ey.dll
C:\Users\dezuha\AppData\Local\Temp\Extract.exe
C:\Users\dezuha\AppData\Local\Temp\ICReinstall_our-idiot-brother-ita-4427359.exe
C:\Users\dezuha\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\dezuha\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\dezuha\AppData\Local\Temp\ose00000.exe
C:\Users\dezuha\AppData\Local\Temp\Quarantine.exe
C:\Users\dezuha\AppData\Local\Temp\SP63342.exe
C:\Users\dezuha\AppData\Local\Temp\SP63343.exe
C:\Users\dezuha\AppData\Local\Temp\SP63344.exe
C:\Users\dezuha\AppData\Local\Temp\SP63353.exe
C:\Users\dezuha\AppData\Local\Temp\SP63357.exe
C:\Users\dezuha\AppData\Local\Temp\SP65168.exe
C:\Users\dezuha\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-06 14:51
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by dezuha at 2015-04-10 16:07:38
Running from C:\Users\dezuha\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{EA5160BE-7558-2716-01DB-FFE7F316957A}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Anti-Twin (Installation 19/10/2014) (HKLM-x32\...\Anti-Twin 2014-10-19 18.37.13) (Version:  - Joerg Rosenthal, Germany)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 4.0.2.0 - Auslogics Labs Pty Ltd)
Bitdefender Total Security BETA (HKLM\...\Bitdefender) (Version: 18.10.0.766 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3711 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5004 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6117 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
dupeGuru Picture Edition (HKLM-x32\...\{6BEBCD2F-81A5-4C1E-BC11-6E5BE0570156}) (Version: 2.7.0 - Hardcoded Software)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{CAD3347B-FAC8-4E69-A6B2-DEFBE08151C0}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F2481209-98FE-4943-8903-90D19E1B7062}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Quick Start (HKLM-x32\...\{9D45BA1F-03CC-4F27-9A8D-1F40B8784E95}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C27D60E4-3132-45A3-A71A-E3BD1DA3F794}) (Version: 1.0.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Nome società)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PicPick (HKLM-x32\...\PicPick) (Version: 3.3.2 - NTeWORKS)
Popcorn Time (HKLM-x32\...\Popcorn-Time) (Version: 0.3.1 - Popcorn Official)
Popcorn Time (HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\Popcorn Time) (Version:  - Popcorn Official)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6856 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}) (Version: 1.1.9200.007 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
ROOT´óʦ (HKLM-x32\...\{1295E43F-382A-4CB2-9E0F-079C0D7401BB}_is1) (Version: 1.7.9.10344 - ÉîÛÚÐÅÒ¼ÍøÂçÓÐÏÞ¹«Ë¾)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viber (HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\dezuha\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\dezuha\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dezuha\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\dezuha\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
22-03-2015 11:58:19 Scheduled Checkpoint
01-04-2015 17:38:51 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0257DAD4-50C0-48C2-854D-91B83C36992D} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {10E86C59-1F12-4D6B-9254-15BAF217F0C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2811F51A-864F-4DDC-B3B9-F5281551492B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {29977F1B-89E7-4C79-96E9-A292A98B8534} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2CA584A8-3D89-4CBD-8DF1-29079A5FEA1E} - System32\Tasks\{7DD7CC86-9475-4541-B3D7-3A6CAFF17AE9} => pcalua.exe -a C:\ProgramData\WPM\wprotectmanager.exe -c -uninstall
Task: {2ED896D3-D347-4E37-8C5A-2CFBA82CC211} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {4E5AF570-E878-4FA2-BD88-C9B0B7D65E17} - System32\Tasks\{B343F7D9-1D88-459F-9881-DFE83AD01F7C} => pcalua.exe -a C:\ProgramData\DivX\Setup\DivXSetup.exe -c /uninstall
Task: {56B96D31-BC53-4ACD-85B6-0CA703A34115} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {5D3A941F-35AE-497A-80EF-72A058FBFA26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)
Task: {63553997-DC6E-47ED-8E62-E398480B6B8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {66D686C4-52B4-4385-A75F-5B6050620A16} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-10-28] (Synaptics Incorporated)
Task: {69A49C40-7831-48F6-8D71-EFBA08187894} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7B023E35-A0D7-46B2-9A10-B60C02CA7D76} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-01-17] (CyberLink)
Task: {8E4866AE-975A-43F4-B7D4-594047B4E12D} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {9558990F-D482-48BA-B45D-0663F66ED3E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {AE30787A-CCFC-4E64-A5ED-C06DE84ED3F4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {B9122D4A-823D-4EBF-8644-7F21F2D9539C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {BE20D361-7E83-45D8-8599-0BCE15F99E67} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D5231E2E-6B58-40E6-B02F-50A9C67FFEE2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {E2CEC4CE-4265-4E45-8668-7B29CF72EB36} - System32\Tasks\HPCeeScheduleFordezuha => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {F3877CEA-18F5-4C47-AC41-9C95D5371DF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)
Task: {FE68D048-8F02-4814-BE97-E9DEAEF5D62C} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-748861900-71194070-2566255496-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFordezuha.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2009-09-01 06:31 - 2009-09-01 06:31 - 00022016 _____ () C:\WINDOWS\System32\ssp2ml6.dll
2014-07-03 19:52 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2014-01-25 02:22 - 2014-01-25 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-28 18:10 - 2014-10-28 18:09 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-10-06 14:27 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-04-10 14:29 - 2015-04-10 14:29 - 00098816 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\win32api.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00110080 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\pywintypes27.dll
2015-04-10 14:29 - 2015-04-10 14:29 - 00364544 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\pythoncom27.dll
2015-04-10 14:29 - 2015-04-10 14:29 - 00045568 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\_socket.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 01161216 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\_ssl.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00320512 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\win32com.shell.shell.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00713216 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\_hashlib.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 01175040 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\wx._core_.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00805888 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\wx._gdi_.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00811008 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\wx._windows_.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 01062400 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\wx._controls_.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00735232 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\wx._misc_.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00682496 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\pysqlite2._sqlite.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00128512 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\_elementtree.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00127488 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\pyexpat.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00087552 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\_ctypes.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00119808 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\win32file.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00108544 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\win32security.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00007168 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\hashobjs_ext.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00167936 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\win32gui.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00018432 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\win32event.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00038912 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\win32inet.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00011264 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\win32crypt.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00070656 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\wx._html2.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00027136 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\_multiprocessing.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00020480 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\_yappi.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00035840 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\win32process.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00686080 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\unicodedata.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00122368 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\wx._wizard.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00024064 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\win32pipe.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00010240 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\select.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00025600 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\win32pdh.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00525640 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\windows._lib_cacheinvalidation.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00017408 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\win32profile.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00022528 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\win32ts.pyd
2015-04-10 14:29 - 2015-04-10 14:29 - 00078336 _____ () C:\Users\dezuha\AppData\Local\Temp\_MEI765522\wx._animate.pyd
2015-04-03 22:42 - 2015-03-30 23:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 22:42 - 2015-03-30 23:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 22:42 - 2015-03-30 23:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-03 22:42 - 2015-03-30 23:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\dezuha\OneDrive:ms-properties
AlternateDataStreams: C:\Users\dezuha\Desktop\carta identità.jpg:com.dropbox.attributes
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-748861900-71194070-2566255496-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dezuha\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "bdruninstaller"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\StartupApproved\StartupFolder: => "Ritaglio schermata e avvio di OneNote 2007.lnk"
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\StartupApproved\Run: => "PicPick Start"
HKU\S-1-5-21-748861900-71194070-2566255496-1001\...\StartupApproved\Run: => "NokiaSuite.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-748861900-71194070-2566255496-500 - Administrator - Disabled)
dezuha (S-1-5-21-748861900-71194070-2566255496-1001 - Administrator - Enabled) => C:\Users\dezuha
Guest (S-1-5-21-748861900-71194070-2566255496-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-748861900-71194070-2566255496-1006 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/10/2015 02:28:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25012984
 
Error: (04/10/2015 02:28:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25012984
 
Error: (04/10/2015 02:28:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/09/2015 09:01:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15266
 
Error: (04/09/2015 09:01:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15266
 
Error: (04/09/2015 09:01:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/09/2015 06:45:59 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (04/09/2015 04:35:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15344
 
Error: (04/09/2015 04:35:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15344
 
Error: (04/09/2015 04:35:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (04/10/2015 07:31:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/09/2015 09:01:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/09/2015 04:34:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/09/2015 10:50:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/09/2015 00:37:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/08/2015 03:36:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/08/2015 03:28:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/08/2015 09:10:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/08/2015 07:45:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/07/2015 10:12:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-06 14:53:39.382
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-01 17:21:14.811
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-31 21:13:14.434
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-22 10:33:08.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-16 20:24:28.687
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-27 17:57:09.756
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-26 15:56:21.323
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-12 09:57:16.268
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-12 09:57:15.922
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-12 09:57:15.586
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 89%
Total physical RAM: 3988.27 MB
Available physical RAM: 405.23 MB
Total Pagefile: 7057.8 MB
Available Pagefile: 1693.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:444.71 GB) (Free:356.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.84 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4FE02B41)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, looking at the log there is the probability that Chrome has been subverted. I will run this fix first and if it does not work we may need to re-install Chrome

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Startup: C:\Users\dezuha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__php the_title();__.lnk
ShortcutTarget: __php the_title();__.lnk -> C:\ProgramData\{a720ac9d-6e2c-f791-a720-0ac9d6e2b275}\__php the_title();__.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-748861900-71194070-2566255496-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
CHR HomePage: Default -> hxxp://isearch.avg.com/?cid={4ECE8E9D-F1EC-4E6D-BFD0-756BC6BAFF1D}&mid=4ecd65d8527647d6bd3a05c90cc3df57-22b44faccb4c43a676c5568e8e7ae9e347b6c0db&lang=it&ds=AVG&pr=pr&d=2012-10-05 12:37:13&v=14.2.0.1&pid=avg&sg=&sap=hp
CHR HKU\S-1-5-21-748861900-71194070-2566255496-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\dezuha\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-31]
2015-04-02 19:30 - 2015-02-14 11:19 - 00000000 ____D () C:\ProgramData\{a720ac9d-6e2c-f791-a720-0ac9d6e2b275}
2015-01-21 19:59 - 2015-02-24 21:34 - 11509994 _____ () C:\Program Files (x86)\update.exe
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\dezuha\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\dezuha\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {2CA584A8-3D89-4CBD-8DF1-29079A5FEA1E} - System32\Tasks\{7DD7CC86-9475-4541-B3D7-3A6CAFF17AE9} => pcalua.exe -a C:\ProgramData\WPM\wprotectmanager.exe -c -uninstall
C:\ProgramData\WPM
C:\Users\dezuha\AppData\Local\Temp\_MEI765522
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#5
dezuha

dezuha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
hi Essexboy,
I have only Chrome browser on my notebook. How could I reinstall it?
Here it is logfile.
Thanks
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by dezuha at 2015-04-10 17:33:52 Run:1
Running from C:\Users\dezuha\Desktop
Loaded Profiles: dezuha (Available profiles: dezuha)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
Startup: C:\Users\dezuha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__php the_title();__.lnk
ShortcutTarget: __php the_title();__.lnk -> C:\ProgramData\{a720ac9d-6e2c-f791-a720-0ac9d6e2b275}\__php the_title();__.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => [MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-748861900-71194070-2566255496-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
CHR HomePage: Default -> hxxp://isearch.avg.com/?cid={4ECE8E9D-F1EC-4E6D-BFD0-756BC6BAFF1D}&mid=4ecd65d8527647d6bd3a05c90cc3df57-22b44faccb4c43a676c5568e8e7ae9e347b6c0db&lang=it&ds=AVG&pr=pr&d=2012-10-05 12:37:13&v=14.2.0.1&pid=avg&sg=&sap=hp
CHR HKU\S-1-5-21-748861900-71194070-2566255496-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\dezuha\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-31]
2015-04-02 19:30 - 2015-02-14 11:19 - 00000000 ____D () C:\ProgramData\{a720ac9d-6e2c-f791-a720-0ac9d6e2b275}
2015-01-21 19:59 - 2015-02-24 21:34 - 11509994 _____ () C:\Program Files (x86)\update.exe
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\dezuha\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\dezuha\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {2CA584A8-3D89-4CBD-8DF1-29079A5FEA1E} - System32\Tasks\{7DD7CC86-9475-4541-B3D7-3A6CAFF17AE9} => pcalua.exe -a C:\ProgramData\WPM\wprotectmanager.exe -c -uninstall
C:\ProgramData\WPM
C:\Users\dezuha\AppData\Local\Temp\_MEI765522
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
C:\Users\dezuha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__php the_title();__.lnk => Moved successfully.
C:\ProgramData\{a720ac9d-6e2c-f791-a720-0ac9d6e2b275}\__php the_title();__.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox1" => Key deleted successfully.
"HKCR\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox2" => Key deleted successfully.
"HKCR\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox3" => Key deleted successfully.
"HKCR\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox4" => Key deleted successfully.
"HKCR\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-748861900-71194070-2566255496-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
Chrome HomePage deleted successfully.
"HKU\S-1-5-21-748861900-71194070-2566255496-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key deleted successfully.
C:\Users\dezuha\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx => Moved successfully.
C:\ProgramData\{a720ac9d-6e2c-f791-a720-0ac9d6e2b275} => Moved successfully.
C:\Program Files (x86)\update.exe => Moved successfully.
"HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-748861900-71194070-2566255496-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CA584A8-3D89-4CBD-8DF1-29079A5FEA1E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CA584A8-3D89-4CBD-8DF1-29079A5FEA1E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7DD7CC86-9475-4541-B3D7-3A6CAFF17AE9} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DD7CC86-9475-4541-B3D7-3A6CAFF17AE9}" => Key deleted successfully.
"C:\ProgramData\WPM" => File/Directory not found.
 
"C:\Users\dezuha\AppData\Local\Temp\_MEI765522" directory move:
 
Could not move "C:\Users\dezuha\AppData\Local\Temp\_MEI765522" directory. => Scheduled to move on reboot.
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-748861900-71194070-2566255496-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-748861900-71194070-2566255496-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 13.3 GB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-10 17:47:19)<=
 
C:\Users\dezuha\AppData\Local\Temp\_MEI765522 => Is moved successfully.
 
==== End of Fixlog 17:47:19 ====
 
 
 
 
# AdwCleaner v4.201 - Logfile created 10/04/2015 at 17:56:18
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : dezuha - LOUNGE-PC
# Running from : C:\Users\dezuha\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : gokficnebmomagijbakglkcmhdbchbhn
[C:\Users\dezuha\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://isearch.avg.com/?cid={4ECE8E9D-F1EC-4E6D-BFD0-756BC6BAFF1D}&mid=4ecd65d8527647d6bd3a05c90cc3df57-22b44faccb4c43a676c5568e8e7ae9e347b6c0db&lang=it&ds=AVG&pr=pr&d=2012-10-05 12:37:13&v=14.2.0.1&pid=avg&sg=&sap=hp
 
*************************
 
AdwCleaner[R0].txt - [6657 bytes] - [02/07/2014 16:32:00]
AdwCleaner[R10].txt - [1726 bytes] - [29/03/2015 01:15:52]
AdwCleaner[R11].txt - [1786 bytes] - [29/03/2015 16:17:21]
AdwCleaner[R12].txt - [2311 bytes] - [10/04/2015 17:53:21]
AdwCleaner[R1].txt - [1349 bytes] - [02/07/2014 16:50:12]
AdwCleaner[R2].txt - [5764 bytes] - [02/07/2014 21:27:54]
AdwCleaner[R3].txt - [1760 bytes] - [03/07/2014 08:39:29]
AdwCleaner[R4].txt - [1838 bytes] - [03/07/2014 16:31:29]
AdwCleaner[R5].txt - [1958 bytes] - [03/07/2014 16:56:14]
AdwCleaner[R6].txt - [3784 bytes] - [28/03/2015 23:37:48]
AdwCleaner[R7].txt - [1488 bytes] - [28/03/2015 23:46:42]
AdwCleaner[R8].txt - [1548 bytes] - [28/03/2015 23:53:00]
AdwCleaner[R9].txt - [2060 bytes] - [29/03/2015 00:59:26]
AdwCleaner[S0].txt - [5600 bytes] - [02/07/2014 16:43:01]
AdwCleaner[S1].txt - [1416 bytes] - [02/07/2014 16:52:02]
AdwCleaner[S2].txt - [3212 bytes] - [02/07/2014 21:36:05]
AdwCleaner[S3].txt - [1563 bytes] - [03/07/2014 09:06:34]
AdwCleaner[S4].txt - [1907 bytes] - [03/07/2014 16:32:43]
AdwCleaner[S5].txt - [2864 bytes] - [28/03/2015 23:45:10]
AdwCleaner[S6].txt - [2130 bytes] - [29/03/2015 01:03:25]
AdwCleaner[S7].txt - [2239 bytes] - [10/04/2015 17:56:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2298  bytes] ##########
 

 


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still getting the popups in Chrome ?

If so then do the following :

Re-install Chrome

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome, do this from the Control Panel > Programs and Features.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.
  • 0

#7
dezuha

dezuha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
problems' problem.
I'm totally without browser now.
Thanks for everything
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK now download a fresh copy of Chrome from here https://www.google.c...ktop/index.html
  • 0

#9
dezuha

dezuha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I'm writing from somewhere else.
I' ll have to go to a tech shop.
Thanks!
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Why is that ? You can use IE to download Chrome
  • 0

Advertisements


#11
dezuha

dezuha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
chrome, was the only one I had on computer.
Is there a way to put it on Drive?
Thanks!
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you open windows explorer and go to C:\Program Files\Internet Explorer
You will find iexplore
Click that and IE will open


  • 0

#13
dezuha

dezuha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I have opened and it sort of says it's incompatible.
Should I buy it?
Thanks!

Attached Thumbnails

  • 20150410_202056.jpg
  • 20150410_202110.jpg

Edited by dezuha, 10 April 2015 - 12:28 PM.

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try it this way

Go start and in the search box type iexplore.exe
Click the top programme that appears in the list

Capture.JPG
  • 0

#15
dezuha

dezuha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
zero solution,.
What in this cases?
Thanks a lot!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP