Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to remove "Ad by Advertise"


  • This topic is locked This topic is locked
16 replies to this topic

#1 furetto

furetto

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 03 March 2016 - 12:01 PM

Hi there, 

 

i have this kind of problem:i seem to have some sort ofMALWAREarrow-10x10.png that I just cannot get rid of. It only seems to be affecting Chrome as best I can tell. I am running Windows 7,

I take this examples from another similar post because are the same:

 

1.JPG?dl=0  https://www.dropbox.com/s/sn1xhoozkqba50q/1.JPG?dl=0

 

2.JPG?dl=0 https://www.dropbox.com/s/6zlse2i9vyf7mr7/2.JPG?dl=0

 

3.JPG?dl=0 https://www.dropbox.com/s/77g84vihk56io4p/3.JPG?dl=0

 

I have tried Avast, Malware Bytes, AdAware, ADW, Chrome Clean-up Tool & totally uninstalling and reinstalling Chrome. I've checked through my programs and processes and nothing is standing out. The files that I've seen listed as one that bdt.femurssculler usually hides, are not showing up (yes, I did show hidden files before checking). 

 

At this point I am at a bit of a loss on how to fix this.MALWAREarrow-10x10.png Bytes is blocking whatever it is from opening ads in new tabs now, but I doesn't seem to find the root of the problem.

 

This is my Minitoolbox log: 

 

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by (administrator) on 03-03-2016 at 16:17:59
Running from "C:\"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Configurazione IP di Windows
 
Cache del resolver DNS svuotata.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================
 
Broadcom 4313 802.11b/g/n = Connessione rete wireless (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
Microsoft Virtual WiFi Miniport Adapter = Connessione rete wireless 2 (Hardware not present)
Realtek PCIe GBE Family Controller = Connessione alla rete locale (LAN) (Media disconnected)
 
 
# ----------------------------------
# Configurazione IPv4
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Connessione rete wireless" nexthop=192.168.1.254 publish=SÞ
add address name="Connessione rete wireless 2" address=192.168.137.1 mask=255.255.255.0
add address name="Connessione rete wireless" address=192.168.1.138 mask=255.255.255.0
 
 
popd
# Fine configurazione IPv4
 
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 10 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 10 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/03/2016 11:28:04 AM) (Source: SideBySide) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/03/2016 07:58:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16505
 
Error: (03/03/2016 07:58:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16505
 
Error: (03/03/2016 07:58:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/03/2016 07:58:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15506
 
Error: (03/03/2016 07:58:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15506
 
Error: (03/03/2016 07:58:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/03/2016 07:58:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14508
 
Error: (03/03/2016 07:58:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14508
 
Error: (03/03/2016 07:58:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (03/03/2016 04:22:47 AM) (Source: Service Control Manager) (User: )
Description: Arresto imprevista del servizio Diagnostics Tracking Service. Questo evento si è già verificato 4 volta(e).
 
Error: (03/03/2016 04:22:33 AM) (Source: Service Control Manager) (User: )
Description: Arresto imprevista del servizio Diagnostics Tracking Service. Questo evento si è già verificato 3 volta(e).
 
Error: (03/03/2016 04:22:17 AM) (Source: Service Control Manager) (User: )
Description: Il servizio Diagnostics Tracking Service è stato arrestato in modo imprevisto. Questo problema si è verificato 2 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.
 
Error: (03/03/2016 04:22:01 AM) (Source: Service Control Manager) (User: )
Description: Il servizio Diagnostics Tracking Service è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.
 
Error: (03/03/2016 03:35:20 AM) (Source: Service Control Manager) (User: )
Description: Il servizio eapihdrv non è stato avviato per il seguente errore: 
%%1275
 
Error: (03/03/2016 03:35:20 AM) (Source: Application Popup) (User: )
Description: Caricamento del driver \??\C:\Users\Leo\AppData\Local\Temp\ehdrv.sys bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore del software per richiedere una versione compatibile del driver.
 
Error: (03/03/2016 03:35:19 AM) (Source: Service Control Manager) (User: )
Description: Il servizio eapihdrv non è stato avviato per il seguente errore: 
%%1275
 
Error: (03/03/2016 03:35:19 AM) (Source: Application Popup) (User: )
Description: Caricamento del driver \??\C:\Users\Leo\AppData\Local\Temp\ehdrv.sys bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore del software per richiedere una versione compatibile del driver.
 
Error: (03/03/2016 03:35:19 AM) (Source: Service Control Manager) (User: )
Description: Il servizio eapihdrv non è stato avviato per il seguente errore: 
%%1275
 
Error: (03/03/2016 03:35:19 AM) (Source: Application Popup) (User: )
Description: Caricamento del driver \??\C:\Users\Leo\AppData\Local\Temp\ehdrv.sys bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore del software per richiedere una versione compatibile del driver.
 
 
Microsoft Office Sessions:
=========================
Error: (03/03/2016 11:28:04 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Leo\Downloads\esetsmartinstaller_enu.exe
 
Error: (03/03/2016 07:58:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16505
 
Error: (03/03/2016 07:58:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16505
 
Error: (03/03/2016 07:58:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/03/2016 07:58:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15506
 
Error: (03/03/2016 07:58:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15506
 
Error: (03/03/2016 07:58:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/03/2016 07:58:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14508
 
Error: (03/03/2016 07:58:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14508
 
Error: (03/03/2016 07:58:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-11-26 22:06:02.991
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\fveapibase.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-11-26 22:06:02.882
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\fveapibase.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-11-26 22:06:02.774
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\fveapibase.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-11-26 22:06:02.666
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\fveapibase.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-11-26 22:01:53.515
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\drivers\appid.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-11-26 22:01:53.409
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\drivers\appid.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-11-26 22:01:53.302
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\drivers\appid.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-11-26 22:01:53.196
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\drivers\appid.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-11-26 20:14:00.737
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\DIVX nero wd\Violetta\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
  Date: 2015-11-26 20:14:00.585
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\DIVX nero wd\Violetta\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.33497 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
Active@ File Recovery Professional 11 (HKLM-x32\...\{C34F36E0-4D8B-42E8-90AD-50C76E1AE282}_is1) (Version: 11 - LSoft Technologies Inc)
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AKVIS Sketch (HKLM-x32\...\{AC0BAA05-28E6-4911-B3F3-0AE2EB0F54A1}) (Version: 13.0.2470.8432 - AKVIS)
Alice Mobile Olicard 100 (HKLM-x32\...\{93D35783-AD34-4CDB-8E7F-71CC730026EC}) (Version: 1.0.3.0 - )
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{9A11B072-9CE7-ABB9-2F65-EC971A7B839D}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
AuthenTec TrueAPI (HKLM\...\{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}) (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden
AVS Document Converter 2.2.5 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.2.5.218 - Online Media Technologies Ltd.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.95 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.61 - Broadcom Corporation)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Cadence SPB/OrCAD 16.6 (HKLM-x32\...\{4CA5F148-A11D-4D37-A2D3-CCFC671F113C}) (Version: 16.60.000 - Cadence Design Systems, Inc.)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5844 - CDBurnerXP)
Centro gestione dispositivi Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
CSVed 2.2.3 (HKLM-x32\...\CSVed_is1) (Version: 2.2.3 - Sam Francke)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2705 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0315.0262 - DT Soft Ltd)
Defraggler (HKLM-x32\...\Defraggler) (Version:  - )
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DIY DataRecovery CHK-Mate (HKLM-x32\...\CHK-Mate_is1) (Version: 1.0 - DIY DataRecovery.nl)
DriverTools 1.0 (HKLM-x32\...\DriverTools) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
DVD2one V2.4.2 (HKLM-x32\...\DVD2one V2) (Version: 2.4.2 - Eximius B.V.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Enterprise Architect 11 (HKLM-x32\...\{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}) (Version: 11.10.1106.5 - Sparx Systems)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 - ESET, spol s r. o.)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}) (Version: 2.5.5 - Garmin Ltd or its subsidiaries)
Google Books Downloader version 2.5 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.5 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hard Disk Low Level Format Tool 4.40 (HKLM-x32\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
High-Definition Video Playback (HKLM-x32\...\{9193490D-5229-4FC4-9BB9-A6D63C09574A}) (Version: 11.1.10400.2.65 - Nero AG) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 32.610.28.00.06 - Huawei Technologies Co.,Ltd)
HP 3D DriveGuard (HKLM\...\{0D743827-157D-4B3F-841C-50BABDB1461A}) (Version: 4.1.5.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet 3050 J610 series ? (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Software di base dispositivo (HKLM\...\{8788854E-B122-41B8-909D-FFA58730A3A6}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Studio per il miglioramento dei prodotti HP (HKLM\...\{D97F91FB-4DCE-4347-A508-133F517D1F13}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Software Framework (HKLM-x32\...\{79786F23-644F-4C6A-87A7-DF4311A3EEE0}) (Version: 4.0.110.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{6E737837-0D56-4217-9BD6-2FA01A711A3E}) (Version: 12.0.26.54 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.6 - Hewlett-Packard) Hidden
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
iCarbon 2.2.1 (HKLM-x32\...\iCarbon_is1) (Version: 2.2.1 - iDev.ch)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6329.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt))
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
L&H TTS3000 Italiano (HKLM-x32\...\LHTTSITI) (Version:  - )
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Malwarebytes Anti-Malware versione 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Malwarebytes Anti-Ransomware version 0.9.4.299 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.4.299 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office a portata di clic 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Italiano (HKLM-x32\...\{90140011-0066-0410-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 it) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 it)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
MySQL Connector C++ 1.1.4 (HKLM-x32\...\{DEF0D0C1-511C-4F89-BCF7-75F421DDE591}) (Version: 1.1.4 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{9779CE68-28F8-4E19-A70C-48BEA184C656}) (Version: 5.1.33 - Oracle Corporation)
MySQL Connector Net 6.9.4 (HKLM-x32\...\{7FE04B43-4187-46F5-A9DE-9ECB5177B8C1}) (Version: 6.9.4 - Oracle)
MySQL Connector Python v2.0.1 for Python v3.4 (HKLM-x32\...\{DA0895B8-8820-417D-BDCA-379862106A3A}) (Version: 2.0.1 - Oracle)
MySQL Connector/C 6.1 (HKLM-x32\...\{97FEF94D-9E6D-4778-AFF1-77C53C933634}) (Version: 6.1.5 - Oracle Corporation)
MySQL Connector/ODBC 5.3 (HKLM-x32\...\{4C6A664C-DCA0-4CC6-8752-ED0850E3135A}) (Version: 5.3.4 - Oracle Corporation)
MySQL Documents 5.6 (HKLM-x32\...\{A28A3025-2B78-4E6F-AB69-F8886C920817}) (Version: 5.6.21 - Oracle Corporation)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{9619274B-02D7-491C-A6A2-0FA915129985}) (Version: 5.6.21 - Oracle Corporation)
MySQL Fabric 1.5.2 & MySQL Utilities 1.5.2 (HKLM-x32\...\{268B25AC-15D9-4825-82AF-CADDF3B72E3E}) (Version: 1.5.2 - Oracle Corporation)
MySQL Installer - Community (HKLM-x32\...\{854E11AD-BE2D-4897-BA72-9C3A3DEA5798}) (Version: 1.4.2.0 - Oracle Corporation)
MySQL Notifier 1.1.6 (HKLM-x32\...\{CB76A6E9-B184-461D-A8BE-7D0D73199545}) (Version: 1.1.6 - Oracle)
MySQL Server 5.6 (HKLM\...\{73F1E510-FC76-4E6D-A020-472DBD0A3207}) (Version: 5.6.21 - Oracle Corporation)
MySQL Workbench 6.2 CE (HKLM\...\{916D6512-97A8-470D-AEC8-53A1654E74BF}) (Version: 6.2.3 - Oracle Corporation)
Nero 11 (HKLM-x32\...\{9FC86590-AC98-4845-80D4-3EB37B51947B}) (Version: 11.0.15800 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
Network64 (HKLM\...\{48C0866E-57EB-444C-8371-8E4321066BC3}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nitro Pro 9 (HKLM\...\{BAEC0BFE-B056-40A6-A8EC-12BFAE6025CD}) (Version: 9.5.3.8 - Nitro)
nLite 1.4.9.3 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}) (Version: 7.1.180.94 - Nokia) Hidden
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Ontrack EasyRecovery Professional (HKLM-x32\...\{668CC71A-C2AD-4D56-866D-CF300BD1D5BE}_is1) (Version: 11.0.1.0 - Kroll Ontrack Inc.)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.5001 - ooVoo LLC.)
Opera Stable 35.0.2066.82 (HKLM-x32\...\Opera 35.0.2066.82) (Version: 35.0.2066.82 - Opera Software)
Oracle VM VirtualBox 4.3.2 (HKLM\...\{49C9FDFF-6056-4E8C-B9AF-B7B4D78023E2}) (Version: 4.3.2 - Oracle Corporation)
Pacchetto di codec della fotocamera Microsoft (HKLM-x32\...\{FFC81DE8-F2D4-49A6-9286-23F6E75DE022}) (Version: 16.4.1734.1104 - Microsoft Corporation)
Pacchetto driver Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Pacchetto driver Windows - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Pacchetto driver Windows - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Pacchetto driver Windows - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF OCR 4.2 (HKLM-x32\...\{3D122AF9-1E02-4035-8003-334D378C1B62}_is1) (Version:  - PDF OCR)
PhoenixSuit (HKLM-x32\...\{EBF1BED9-4321-40D7-8837-177AE54C457C}) (Version: 1.0.5 - AllWinnertech)
PS_AIO_06_B209a-m_SW_Min (HKLM-x32\...\{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
PX Profile Update (HKLM-x32\...\{56709CD7-06E8-B205-56A6-110DC5090A9A}) (Version: 1.00.1. - AMD) Hidden
Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{DBCD5E64-7379-4648-9444-8A6558DCB614}) (Version: 2.0.0 - Hewlett-Packard) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (HKLM-x32\...\{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sisal Poker (HKLM-x32\...\sisalpoker_real) (Version:  - )
Sky Go Player (HKLM-x32\...\{32df31d2-9751-425f-ab51-eec25cf7296a}) (Version: 3.0 - Sky Italia)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{2FB9EA69-51D4-4913-9AD5-762C034DE811}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Stellar Phoenix Windows Data Recovery - Home (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Home_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd)
Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Supporto applicazioni Apple (64 bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Torque (HKCU\...\Torque) (Version: 4.2.5.28819 - BitTorrent Inc.)
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
Video Download Capture versione 5.0.3 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 5.0.3 - APOWERSOFT LIMITED)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebPocket (HKLM-x32\...\WebPocket) (Version: 1.01.01.12 - Huawei Technologies Co.,Ltd)
welcome (HKLM-x32\...\{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}) (Version: 11.0.21500.0.4 - Nero AG) Hidden
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/27/2012 7.0.0000.00001) (HKLM\...\450B7CBC371CAEC6A328083977AA7A09E7AE5D29) (Version: 08/27/2012 7.0.0000.00001 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wondershare Streaming Audio Recorder(Build 2.2.1) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.2.1.2 - Wondershare Software)
XnView 1.99.5 (HKLM-x32\...\XnView_is1) (Version: 1.99.5 - Gougelet Pierre-e)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
========================= Devices: ================================
 
Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: SugarSync
Service: SSCBFS3
Device ID: ROOT\STORLIB\0000
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: Scheda miniport WiFi virtuale Microsoft
Description: Scheda miniport WiFi virtuale Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&299094EE&0&01
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 73%
Total physical RAM: 8139.86 MB
Available physical RAM: 2117.85 MB
Total Virtual: 16277.92 MB
Available Virtual: 7800.92 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:448.07 GB) (Free:23.06 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:17.39 GB) (Free:1.87 GB) NTFS
4 Drive f: () (Fixed) (Total:237.99 GB) (Free:184.8 GB) NTFS
 
========================= Users: ========================================
 
Account utente per \\GATE
 
Administrator            Guest                    Leo                      
Esecuzione comando riuscita.
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
03-03-2016 04:59:47 Punto di controllo pianificato
 
**** End of log ****
 

 

Thanks for any kind of help


Edited by hamluis, 15 March 2016 - 01:52 PM.
Moved from AII to MRL, closed topic per request of MRT member - Hamluis.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 03 March 2016 - 07:03 PM

Hello furetto and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.

 

Please do the following:

Internet Explorer 9, 10 and 11 (Win) - Clearing Cache and Cookies
https://kb.wisc.edu/page.php?id=15141
Next >>
How to reset Internet Explorer settings
https://support.microsoft.com/en-us/kb/923737

 

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141

 

For Chrome:
Delete your cache, history, and other browser data
https://support.google.com/chrome/answer/95582?hl=en
Next >>
Reset Chrome browser settings

https://support.google.com/chrome/answer/3296214?hl=en

 

Please PC restart now.

=============================================================================================

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Edited by olgun52, 03 March 2016 - 07:06 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 furetto

furetto
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 04 March 2016 - 05:34 AM

Hi Yilmaz, thanks a lot for your help, now i post the results


This is FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-03-2016
Platform: Windows 7 Home Premium Service Pack 1 (X64)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Flexera Software, Inc.) C:\Cadence\LicenseManager\lmgrd.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Flexera Software, Inc.) C:\Cadence\LicenseManager\lmgrd.exe
(Nitro PDF Software) C:\Program Files\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(NDS Technologies) C:\Users\Leo\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe
(Akamai Technologies, Inc.) C:\Users\Leo\AppData\Local\Akamai\netsession_win.exe
(Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Akamai Technologies, Inc.) C:\Users\Leo\AppData\Local\Akamai\netsession_win.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
() C:\Program Files (x86)\Alice Mobile Olicard 100\ConnMonitor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.82_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.82_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.82_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.82_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.82_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.82_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.82_0\opera.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Leo\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.82_0\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Leo\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe
() C:\Cadence\LicenseManager\cdslmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790176 2011-03-31] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657056 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [ConnMonitor] => C:\Program Files (x86)\Alice Mobile Olicard 100\ConnMonitor.exe [401408 2009-06-18] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [263128 2013-03-05] (CyberLink Corp.)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-17] (Easybits)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd)
HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-07-27] (Samsung)
HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-07-27] (Samsung)
HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\Run: [PCShowServer] => C:\Users\Leo\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe [1335632 2013-02-11] (NDS Technologies)
HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Leo\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation)
HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\Run: [Dropbox Update] => C:\Users\Leo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\Run: [Google Update] => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {39D54CC2-69CF-43b4-B167-577D25E7F496} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
ShellIconOverlayIdentifiers: [SugarSyncSharedPending] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-03-05]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-03-03]
ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{962C8D2C-A8AC-42D1-9FBA-66DD036EC12A}: [DhcpNameServer] 62.13.173.92 62.13.173.93
Tcpip\..\Interfaces\{CCC635CE-901F-4E33-8500-17CF90808EFA}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1458585565-512590629-857725284-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1458585565-512590629-857725284-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/
HKU\S-1-5-21-1458585565-512590629-857725284-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {64BFBF4C-1C26-4840-85EC-D38792AE12F4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://it.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://it.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1458585565-512590629-857725284-1000 -> DefaultScope {3CB0BE55-2A10-4EF6-9D8F-DF1DEBC49554} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1458585565-512590629-857725284-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1458585565-512590629-857725284-1000 -> {3CB0BE55-2A10-4EF6-9D8F-DF1DEBC49554} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1458585565-512590629-857725284-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1458585565-512590629-857725284-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://it.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1458585565-512590629-857725284-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-02-17] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-02-17] (HP)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-31] (Atheros Commnucations)
BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\lgvf7yw2.default-1436724614773
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-09-23] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1458585565-512590629-857725284-1000: @nds.com/PlayerPlugin -> C:\Users\Leo\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll [2013-02-11] (Sky Italia)
FF Plugin HKU\S-1-5-21-1458585565-512590629-857725284-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Leo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1458585565-512590629-857725284-1000: @talk.google.com/O1DPlugin -> C:\Users\Leo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1458585565-512590629-857725284-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Leo\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1458585565-512590629-857725284-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Leo\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1458585565-512590629-857725284-1000: NDS.com/PlayerPlugin -> C:\Users\Leo\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll [2013-02-11] (Sky Italia)
FF Plugin ProgramFiles/Appdata: C:\Users\Leo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Leo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-12-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-03-05] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.it/
CHR StartupUrls: Default -> "hxxp://www.google.it/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Website Logon) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe [2011-12-07]
CHR Extension: (Download) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2015-09-26]
CHR Extension: (Awesome Screenshot: Cattura e annota.) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-29]
CHR Extension: (Google Drive) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (MEGA) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-03-01]
CHR Extension: (Pulsate) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjilkkfelgjefpjbjfnfdhmmoglpbhli [2014-12-12]
CHR Extension: (YouTube) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Minimalist for Everything) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek [2014-12-12]
CHR Extension: (Google Cast) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-02-24]
CHR Extension: (History 2) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp [2014-12-12]
CHR Extension: (Adblock Plus) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-05]
CHR Extension: (Pushbullet) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-01-31]
CHR Extension: (Adblock per Youtube™) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-10-17]
CHR Extension: (Google Search) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Zamzar - Conversione file) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkddichhdneakoipnkclldommdcplil [2014-12-12]
CHR Extension: (Sinonimi Contrari) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfohgoaimodlniknkkjgdcfglmoejcp [2014-12-12]
CHR Extension: (500px) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpociadnldbkfkjpmjoaibnbcoeplja [2014-12-12]
CHR Extension: (Black Menu for Google™) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2016-03-01]
CHR Extension: (Gmail Offline) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-12-12]
CHR Extension: (Box) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-04-29]
CHR Extension: (MobilyTrip) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fakamibpbibpgcakaghpajekgpaejppl [2014-12-12]
CHR Extension: (Chrome Notepad) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp [2014-12-23]
CHR Extension: (PicMonkey) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-12-12]
CHR Extension: (Songza) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikbbcifofebbnlfffhdlolcgjnleofo [2014-12-12]
CHR Extension: (qo - Quotidiani Online) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjgihlgkabklkgdfebkjacffgcflmbp [2015-06-06]
CHR Extension: (Google Documenti offline) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-16]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-07-26]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-06-15] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
CHR Extension: (BitTorrent Surf (Beta)) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpbofogepkkeoockhkfcgngjkimndlp [2013-07-24]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-12-12]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-12-17]
CHR Extension: (Dropbox) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-07-01]
CHR Extension: (SoundCloud) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2015-07-05]
CHR Extension: (Disconnect) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-22]
CHR Extension: (Journey (Diary, Journal)) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlncjaehedpdoinepaejmlpbmdkgmpog [2016-03-03]
CHR Extension: (Autodesk Homestyler) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2014-12-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-29]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-12-12]
CHR Extension: (SPOI Options) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\medeknkggnkeffoahbphecmjoakbpiab [2016-02-12]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-02-24]
CHR Extension: (Incredible StartPage - Productive Start Page) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh [2014-12-12]
CHR Extension: (WeatherBug) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-12-12]
CHR Extension: (FreshStart – Gestore di Sessioni Browser) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2014-12-12]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (365Scores - Risultati, Notizie e Notifiche) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpppefjehmjbiplimkfjeamnohldmko [2014-12-12]
CHR Extension: (Sidekick by HubSpot) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2016-02-29]
CHR Extension: (Rdio) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchjhmiapbbphflbgejhigbmfmmgbngn [2014-12-12]
CHR Extension: (Gmail) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKU\S-1-5-21-1458585565-512590629-857725284-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Leo\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-29]
CHR HKU\S-1-5-21-1458585565-512590629-857725284-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

Opera:
=======
OPR Extension: (YouTube Downloader) - C:\Users\Leo\AppData\Roaming\Opera Software\Opera Stable\Extensions\kclijeogghhkmenkommbnjobhnndpfba [2015-04-20]
OPR Extension: (Applicazione Amazon 1Button) - C:\Users\Leo\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2015-05-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [75936 2011-03-31] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 Cadence License Manager; C:\Cadence\LicenseManager\lmgrd.exe [1379664 2012-12-17] (Flexera Software, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138272 2014-09-05] ()
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company)
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [219680 2014-09-05] ()
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3125728 2016-02-11] (Malwarebytes)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [13031424 2014-09-11] () [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool9; C:\Program Files\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-08-01] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Pro 9\Nitro_UpdateService.exe [418312 2014-08-01] ()
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-12-13] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 farflt; C:\Windows\system32\drivers\farflt.sys [56704 2016-03-03] (Malwarebytes)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2016-03-01] ()
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2014-07-29] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2014-07-29] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-03-03] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 pmx3gmdm; C:\Windows\System32\DRIVERS\pmx3gmdm.sys [118016 2009-03-26] (Olivetti)
S3 pmx3gnet; C:\Windows\System32\DRIVERS\pmx3gnet.sys [137216 2009-03-26] (Olivetti)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2015-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [18392 2013-01-25] (Scott)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2014-07-31] (Wondershare)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-04 11:22 - 2016-03-04 11:25 - 00072221 _____ C:\Users\Leo\Downloads\Addition.txt
2016-03-04 11:20 - 2016-03-04 11:25 - 00048238 _____ C:\Users\Leo\Downloads\FRST.txt
2016-03-04 11:19 - 2016-03-04 11:25 - 00000000 ____D C:\FRST
2016-03-04 11:14 - 2016-03-04 11:14 - 00008812 _____ C:\Users\Leo\Downloads\Fattura_NA_1349155.pdf
2016-03-04 11:13 - 2016-03-04 11:13 - 00048601 _____ C:\Users\Leo\Downloads\Waybill_AD_500054.pdf
2016-03-04 10:47 - 2016-03-04 10:47 - 02371584 _____ (Farbar) C:\Users\Leo\Downloads\FRST64.exe
2016-03-04 08:48 - 2016-03-04 08:48 - 00008864 _____ C:\Users\Leo\Downloads\Fattura_NA_1350079.pdf
2016-03-04 08:36 - 2016-03-04 08:36 - 00008788 _____ C:\Users\Leo\Downloads\Fattura_NA_1349153.pdf
2016-03-03 20:42 - 2016-03-03 21:15 - 1281317211 _____ C:\Users\Leo\Downloads\MT7-L09_C900B329_Firmware_Malaysia_Singapore_Channel-Others_Android 5.1.1_EMUI 3.1_05012PUY.zip
2016-03-03 17:46 - 2016-03-03 17:51 - 1260333495 _____ C:\Users\Leo\Downloads\Huawei%20Mate7%20Firmware%28JAZZ-L09%2C%20Andriod%205.1.1%2C%20EMUI%203.1%2C%20C900B331%2C%20Croatia%2C%20Channel-Others%29.zip
2016-03-03 16:52 - 2016-03-03 18:21 - 1546421790 _____ C:\Users\Leo\Downloads\TWRP MARSHMELLOW 511 BACKUP.zip
2016-03-03 16:35 - 2016-03-03 16:46 - 00255680 _____ C:\TDSSKiller.3.1.0.9_03.03.2016_16.35.41_log.txt
2016-03-03 16:18 - 2016-03-03 16:19 - 00054117 _____ C:\Users\Leo\Downloads\MTB.txt
2016-03-03 16:15 - 2016-03-03 16:23 - 00056704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-03-03 16:15 - 2016-03-03 16:15 - 00891392 _____ (Farbar) C:\Users\Leo\Downloads\MiniToolBox.exe
2016-03-03 16:14 - 2016-03-03 16:22 - 00001901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Ransomware.lnk
2016-03-03 16:13 - 2016-03-03 16:13 - 00000000 ____D C:\Program Files\Malwarebytes
2016-03-03 16:12 - 2016-03-03 16:13 - 37537616 _____ (Malwarebytes ) C:\Users\Leo\Downloads\MBARW_Setup.exe
2016-03-03 16:12 - 2016-03-03 16:13 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Leo\Downloads\tdsskiller.exe
2016-03-03 16:12 - 2016-03-03 16:13 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Leo\Downloads\rkill.exe
2016-03-03 12:50 - 2016-03-03 12:50 - 00042648 _____ C:\Users\Leo\Downloads\PDF_f4c4060f-758c-4e1b-97bf-ce93ca934a7c.pdf
2016-03-03 12:47 - 2016-03-03 12:47 - 00211352 _____ C:\Users\Leo\Downloads\20160218-DDS_C-C_-_Smobilizzo_e_Aperture_di_Credito_-_Periodici___0046_551.pdf
2016-03-03 12:41 - 2016-03-03 12:41 - 00021129 _____ C:\Users\Leo\Downloads\20160303-Presa_in_carico-_prenotazione_pagamento_MAV_0046_551 (1).pdf
2016-03-03 12:41 - 2016-03-03 12:41 - 00021129 _____ C:\Users\Leo\Desktop\PAGAMENTO_MAV_02008732318648934.pdf
2016-03-03 12:40 - 2016-03-03 12:40 - 00021129 _____ C:\Users\Leo\Downloads\20160303-Presa_in_carico-_prenotazione_pagamento_MAV_0046_551.pdf
2016-03-03 12:24 - 2016-03-03 12:24 - 00180619 _____ C:\Users\Leo\Downloads\MAV_732318648 (1).pdf
2016-03-03 12:18 - 2016-03-03 12:18 - 00180619 _____ C:\Users\Leo\Downloads\MAV_732318648.pdf
2016-03-03 12:12 - 2016-03-03 12:12 - 00042668 _____ C:\Users\Leo\Downloads\PDF_35d1f2f5-0cb0-4fbf-a64f-036375caa08a.pdf
2016-03-03 07:38 - 2016-03-03 07:38 - 00000424 _____ C:\Users\Leo\Downloads\rimozione con eset online scanner 3 marzo 2016.txt
2016-03-02 20:42 - 2016-03-02 20:44 - 16194048 _____ C:\Users\Leo\Downloads\disk-drill-win.msi
2016-03-02 20:20 - 2016-03-02 20:20 - 01111008 _____ (Symantec Corporation) C:\Users\Leo\Downloads\NBRT-Retail-Downloader.exe
2016-03-02 20:14 - 2016-03-02 20:14 - 00002015 _____ C:\Users\Leo\Desktop\Remove Avira PC Cleaner.lnk
2016-03-02 20:14 - 2016-03-02 20:14 - 00001959 _____ C:\Users\Leo\Desktop\Avira PC Cleaner.lnk
2016-03-02 20:12 - 2016-03-02 20:12 - 02319176 _____ C:\Users\Leo\Downloads\avira_pc_cleaner_en.exe
2016-03-02 20:09 - 2016-03-02 20:09 - 00000000 ____D C:\Program Files (x86)\ESET
2016-03-02 20:08 - 2016-03-02 20:09 - 02870984 _____ (ESET) C:\Users\Leo\Downloads\esetsmartinstaller_enu.exe
2016-03-02 07:31 - 2016-03-02 07:31 - 00002242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-02 07:31 - 2016-03-02 07:31 - 00002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-02 07:28 - 2016-03-02 07:28 - 00987728 _____ (Google Inc.) C:\Users\Leo\Downloads\ChromeSetup.exe
2016-03-01 20:45 - 2016-03-01 20:45 - 00725376 _____ (Opera Software) C:\Users\Leo\Downloads\Opera_NI_stable.exe
2016-03-01 18:10 - 2016-03-01 18:10 - 00011288 _____ C:\Users\Leo\Documents\cc_20160301_181049.reg
2016-03-01 17:28 - 2016-03-03 16:23 - 00217328 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-01 17:28 - 2016-03-01 17:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-01 17:28 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-01 17:28 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-01 17:28 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2016-03-01 16:10 - 2016-03-01 18:13 - 00000000 ____D C:\Users\Leo\Desktop\MalwareBytes.Anti-Malware.Premium.v2.1.6.1022.Incl.Keygen-AMPED
2016-03-01 15:25 - 2016-03-01 15:26 - 01609216 _____ (Malwarebytes) C:\Users\Leo\Downloads\JRT (2).exe
2016-03-01 13:12 - 2016-03-01 13:12 - 00090108 _____ C:\Users\Leo\Desktop\JRT.txt
2016-03-01 13:11 - 2016-03-01 13:11 - 01609216 _____ (Malwarebytes) C:\Users\Leo\Downloads\JRT (1).exe
2016-03-01 13:03 - 2016-03-01 13:09 - 00000000 ___SD C:\Users\Leo\Desktop\SOFTWARE-Malwarebytes.Anti-Malware.Premium.2.2.0.1024.Final.Multilingual.EMMA.crew
2016-03-01 12:55 - 2016-03-01 12:55 - 00008844 _____ C:\Users\Leo\Downloads\9FE865BCD5540F3AE1317A8BF719A9D1F05361B2.torrent
2016-03-01 12:50 - 2016-03-01 12:51 - 01609216 _____ (Malwarebytes) C:\Users\Leo\Downloads\JRT.exe
2016-03-01 12:48 - 2016-03-01 12:49 - 00000000 ____D C:\AdwCleaner
2016-03-01 12:43 - 2016-03-01 12:44 - 01518592 _____ C:\Users\Leo\Downloads\adwcleaner_5.037.exe
2016-02-29 12:20 - 2016-02-29 12:20 - 00048466 _____ C:\Users\Leo\Downloads\Waybill_AD_498034.pdf
2016-02-29 11:03 - 2016-02-29 11:03 - 00054083 _____ C:\Users\Leo\Downloads\Statement_Feb 2016.pdf
2016-02-27 12:38 - 2016-02-29 17:53 - 00000270 __RSH C:\ProgramData\ntuser.pol
2016-02-27 12:37 - 2016-02-27 12:37 - 00881920 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Leo\Downloads\rufus-2.7p.exe
2016-02-27 12:37 - 2016-02-27 12:37 - 00881920 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Leo\Downloads\rufus-2.7.exe
2016-02-27 12:02 - 2016-02-27 12:02 - 00000000 ____D C:\Users\Leo\Desktop\usb image tool
2016-02-27 12:01 - 2016-02-27 12:02 - 00373965 _____ C:\Users\Leo\Downloads\usbit.zip
2016-02-25 18:14 - 2016-02-25 18:14 - 00295936 _____ C:\Users\Leo\Downloads\CDM_20160211.xls
2016-02-24 12:52 - 2016-02-24 12:52 - 00253405 _____ C:\Users\Leo\Downloads\20160130-Comunicazioni_Urgenti___1000_5864.pdf
2016-02-23 12:32 - 2016-02-23 12:53 - 00000000 ____D C:\Users\Leo\Desktop\Trenitalia
2016-02-23 11:15 - 2016-02-23 11:16 - 15491587 _____ C:\Users\Leo\Downloads\Nuc Ric Cass_New.PDF
2016-02-23 09:15 - 2016-02-26 11:05 - 00000000 ____D C:\Users\Leo\Downloads\leo.adriano19
2016-02-18 12:48 - 2016-02-18 12:48 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-16 20:01 - 2016-02-16 20:01 - 00177095 _____ C:\Users\Leo\Documents\fattura gennaio 2016 sky prima di scadenza contratto+euro 14,21.pdf
2016-02-16 14:46 - 2016-02-16 14:46 - 00491404 _____ C:\Users\Leo\Downloads\Modulo_Recesso_Entro_i_14_giorni.pdf
2016-02-14 21:35 - 2016-02-15 00:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-10 13:41 - 2016-01-22 07:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-10 13:41 - 2016-01-22 07:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-10 13:41 - 2016-01-22 07:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-10 13:41 - 2016-01-22 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-10 13:41 - 2016-01-22 06:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-10 13:41 - 2016-01-16 20:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-10 13:41 - 2016-01-16 19:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-10 13:41 - 2016-01-11 15:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-10 13:41 - 2016-01-11 15:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-10 13:41 - 2016-01-11 15:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-10 13:41 - 2016-01-11 15:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-10 13:41 - 2016-01-11 15:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-10 13:40 - 2016-01-22 21:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 13:40 - 2016-01-22 21:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 13:40 - 2016-01-22 07:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-10 13:40 - 2016-01-22 07:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-10 13:40 - 2016-01-22 07:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 13:40 - 2016-01-22 07:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-10 13:40 - 2016-01-22 07:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-10 13:40 - 2016-01-22 07:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-10 13:40 - 2016-01-22 07:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-10 13:40 - 2016-01-22 07:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 13:40 - 2016-01-22 07:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 13:40 - 2016-01-22 07:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-10 13:40 - 2016-01-22 07:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-10 13:40 - 2016-01-22 07:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-10 13:40 - 2016-01-22 07:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 13:40 - 2016-01-22 07:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-10 13:40 - 2016-01-22 07:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-10 13:40 - 2016-01-22 07:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-10 13:40 - 2016-01-22 07:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 13:40 - 2016-01-22 07:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-10 13:40 - 2016-01-22 07:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-10 13:40 - 2016-01-22 07:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-10 13:40 - 2016-01-22 07:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-10 13:40 - 2016-01-22 07:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-10 13:40 - 2016-01-22 06:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-10 13:40 - 2016-01-22 06:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 13:40 - 2016-01-22 06:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-10 13:40 - 2016-01-22 06:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 13:40 - 2016-01-22 06:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 13:40 - 2016-01-22 06:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 13:40 - 2016-01-22 06:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 13:40 - 2016-01-22 06:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-10 13:40 - 2016-01-22 06:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-10 13:40 - 2016-01-22 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 13:40 - 2016-01-22 06:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-10 13:40 - 2016-01-22 06:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 13:40 - 2016-01-22 06:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-10 13:40 - 2016-01-22 06:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-10 13:40 - 2016-01-22 06:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-10 13:40 - 2016-01-22 06:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 13:40 - 2016-01-22 06:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 13:40 - 2016-01-22 06:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 13:40 - 2016-01-22 06:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 13:40 - 2016-01-22 06:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-10 13:40 - 2016-01-22 06:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 13:40 - 2016-01-22 06:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 13:40 - 2016-01-22 06:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 13:40 - 2016-01-06 20:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-10 13:40 - 2016-01-06 19:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-10 13:35 - 2016-02-06 11:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 13:35 - 2016-02-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-10 13:35 - 2016-02-06 11:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-10 13:35 - 2016-02-06 11:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-10 13:35 - 2016-02-06 11:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-10 13:35 - 2016-02-06 11:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-10 13:35 - 2016-02-06 10:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-10 13:35 - 2016-02-06 10:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-10 13:35 - 2016-02-06 10:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-10 13:35 - 2016-02-06 10:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-10 13:35 - 2016-02-06 10:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 13:35 - 2016-02-06 10:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-10 13:35 - 2016-02-06 10:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 13:35 - 2016-02-06 09:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 13:29 - 2016-01-16 20:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 13:29 - 2016-01-16 19:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-10 13:29 - 2016-01-11 20:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-10 13:29 - 2016-01-11 20:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-10 13:29 - 2016-01-11 20:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-10 13:29 - 2016-01-11 19:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-10 13:29 - 2016-01-11 19:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-10 13:29 - 2016-01-11 19:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-10 13:29 - 2016-01-11 19:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-10 13:29 - 2016-01-11 19:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-10 13:29 - 2016-01-11 19:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-10 13:29 - 2016-01-11 19:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-10 13:29 - 2016-01-11 19:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-10 13:29 - 2016-01-11 19:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-10 13:29 - 2016-01-11 19:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-10 13:29 - 2016-01-11 19:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-10 13:29 - 2016-01-11 19:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-10 13:29 - 2016-01-11 19:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-10 13:29 - 2016-01-07 18:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 13:29 - 2016-01-07 18:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 13:29 - 2015-12-20 19:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-10 13:29 - 2015-12-20 19:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-10 13:29 - 2015-12-20 15:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 13:28 - 2016-01-22 07:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 13:28 - 2016-01-22 07:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-10 13:28 - 2016-01-22 07:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-10 13:28 - 2016-01-22 07:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 13:28 - 2016-01-22 07:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 13:28 - 2016-01-22 07:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 13:28 - 2016-01-22 07:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 13:28 - 2016-01-22 07:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 13:28 - 2016-01-22 07:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 13:28 - 2016-01-22 07:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 13:28 - 2016-01-22 07:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 13:28 - 2016-01-22 07:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-10 13:28 - 2016-01-22 07:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-10 13:28 - 2016-01-22 07:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 13:28 - 2016-01-22 07:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 13:28 - 2016-01-22 07:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 13:28 - 2016-01-22 07:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 13:28 - 2016-01-22 07:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 13:28 - 2016-01-22 07:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 13:28 - 2016-01-22 07:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 13:28 - 2016-01-22 07:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 13:28 - 2016-01-22 06:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-10 13:27 - 2016-01-22 07:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-10 13:27 - 2016-01-22 07:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-10 13:27 - 2016-01-22 07:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-10 13:27 - 2016-01-22 07:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-10 13:27 - 2016-01-22 07:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-10 13:27 - 2016-01-22 07:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-10 13:27 - 2016-01-22 07:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-10 13:27 - 2016-01-22 07:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-10 13:27 - 2016-01-22 07:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-10 13:27 - 2016-01-22 07:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-10 13:27 - 2016-01-22 07:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 13:27 - 2016-01-22 07:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 13:27 - 2016-01-22 07:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-10 13:27 - 2016-01-22 07:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-10 13:27 - 2016-01-22 07:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-10 13:27 - 2016-01-22 07:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 13:27 - 2016-01-22 07:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-10 13:27 - 2016-01-22 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-10 13:27 - 2016-01-22 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-10 13:27 - 2016-01-22 07:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-10 13:27 - 2016-01-22 07:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 13:27 - 2016-01-22 07:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-10 13:27 - 2016-01-22 07:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 07:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-10 13:27 - 2016-01-22 07:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-10 13:27 - 2016-01-22 07:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-10 13:27 - 2016-01-22 07:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-10 13:27 - 2016-01-22 07:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-10 13:27 - 2016-01-22 07:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-10 13:27 - 2016-01-22 07:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-10 13:27 - 2016-01-22 07:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 13:27 - 2016-01-22 07:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-10 13:27 - 2016-01-22 07:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-10 13:27 - 2016-01-22 07:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 13:27 - 2016-01-22 07:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-10 13:27 - 2016-01-22 07:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-10 13:27 - 2016-01-22 07:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-10 13:27 - 2016-01-22 07:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 06:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-10 13:27 - 2016-01-22 06:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-10 13:27 - 2016-01-22 06:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-10 13:27 - 2016-01-22 06:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-10 13:27 - 2016-01-22 06:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-10 13:27 - 2016-01-22 06:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-10 13:27 - 2016-01-22 05:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 13:27 - 2016-01-22 05:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-10 13:27 - 2016-01-22 05:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 13:27 - 2016-01-22 05:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 13:27 - 2016-01-22 05:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-10 13:27 - 2016-01-22 05:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-10 13:27 - 2016-01-22 05:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-10 13:27 - 2016-01-22 05:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-10 13:27 - 2016-01-22 05:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-10 13:27 - 2016-01-22 05:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-10 13:27 - 2016-01-22 05:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 05:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 05:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 13:27 - 2016-01-22 05:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-09 11:15 - 2016-02-09 11:15 - 00074295 _____ C:\Users\Leo\Documents\silvestri filomena.pdf
2016-02-09 09:39 - 2016-02-09 09:39 - 00074957 _____ C:\Users\Leo\Documents\regalino.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-04 11:25 - 2015-05-16 07:57 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08fa582d877bc.job
2016-03-04 11:24 - 2012-02-07 18:37 - 00000000 ____D C:\Users\Leo\AppData\Roaming\uTorrent
2016-03-04 11:17 - 2015-06-19 10:06 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Skype
2016-03-04 11:15 - 2015-09-18 04:04 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f1beb2543b3c.job
2016-03-04 11:09 - 2015-07-16 08:20 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf97d4c661eb.job
2016-03-04 11:02 - 2015-02-04 02:43 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0401cb59008e.job
2016-03-04 10:51 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-04 10:51 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-04 10:48 - 2014-05-07 17:20 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6a103267fa2c.job
2016-03-04 10:46 - 2015-07-18 19:27 - 00001110 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d0c18766c144b3.job
2016-03-04 10:45 - 2016-02-02 20:33 - 00001152 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d15df0a547fe91.job
2016-03-04 10:45 - 2016-02-02 08:40 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15d8d77f6b3b.job
2016-03-04 10:45 - 2015-12-05 04:10 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12f0a8fa37101.job
2016-03-04 10:45 - 2015-12-04 00:25 - 00001152 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d12e21f37b3855.job
2016-03-04 10:45 - 2015-08-28 17:27 - 00001152 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d0e1ae6853bcb0.job
2016-03-04 10:45 - 2015-07-16 08:19 - 00001152 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d0bf97bd2bb581.job
2016-03-04 10:45 - 2012-04-07 09:10 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-04 09:01 - 2013-05-29 20:33 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-04 08:45 - 2016-02-02 08:40 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d8d7242a85.job
2016-03-04 08:45 - 2015-12-05 04:10 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12f0a8f3f7d9b.job
2016-03-04 08:34 - 2015-09-18 04:04 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f1beb19220e4.job
2016-03-04 08:34 - 2015-05-16 07:57 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08fa58258977d.job
2016-03-03 23:22 - 2013-05-13 17:55 - 00000000 ____D C:\Users\Leo\Documents\File di Outlook
2016-03-03 22:38 - 2013-01-04 10:59 - 00003486 _____ C:\Windows\System32\Tasks\AutoKMS
2016-03-03 20:50 - 2015-03-19 23:17 - 00003838 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1426803451
2016-03-03 20:50 - 2015-03-19 23:16 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-03 20:38 - 2016-02-02 20:33 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core1d15df0a4e73f86.job
2016-03-03 20:38 - 2015-08-28 17:27 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core1d0e1ae67f08c9c.job
2016-03-03 20:32 - 2015-07-18 19:27 - 00001058 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core1d0c1876642eb1a.job
2016-03-03 20:06 - 2012-12-22 17:04 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Dropbox
2016-03-03 18:32 - 2011-12-07 16:35 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core.job
2016-03-03 16:15 - 2015-11-18 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-03 15:06 - 2015-09-21 11:21 - 00003348 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2016-03-03 11:59 - 2013-11-22 17:30 - 00000000 ____D C:\Users\Leo\Downloads\Iso - Film da masterizzare
2016-03-03 11:59 - 2013-03-13 20:14 - 00000000 ____D C:\Users\Leo\Downloads\Torrent Scaricati
2016-03-02 10:19 - 2015-05-08 10:19 - 00000000 ____D C:\Users\Leo\Downloads\Software
2016-03-02 09:46 - 2015-08-04 17:46 - 00000000 ____D C:\Users\Leo\Downloads\Privalia (rimborsi e fatture)
2016-03-02 07:30 - 2013-05-29 20:33 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-02 07:27 - 2014-11-20 10:14 - 00000000 __SHD C:\Users\Leo\AppData\Local\EmieBrowserModeList
2016-03-02 07:27 - 2014-06-04 13:54 - 00000000 __SHD C:\Users\Leo\AppData\Local\EmieUserList
2016-03-02 07:27 - 2014-06-04 13:54 - 00000000 __SHD C:\Users\Leo\AppData\Local\EmieSiteList
2016-03-01 20:40 - 2012-02-28 16:47 - 00000000 ____D C:\Users\Leo\Documents\Youcam
2016-03-01 20:38 - 2013-01-08 20:29 - 00000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-03-01 20:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-01 20:35 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-01 20:26 - 2015-04-20 18:02 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2016-03-01 19:25 - 2016-01-08 19:45 - 00000000 ____D C:\Users\Leo\Downloads\Billboard Top Alternative Songs (2016)
2016-03-01 18:37 - 2011-12-07 22:21 - 00000000 ____D C:\Users\Leo\AppData\Local\CrashDumps
2016-03-01 18:34 - 2015-11-18 20:33 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-03-01 18:32 - 2015-11-18 20:30 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-01 18:14 - 2012-03-01 14:37 - 00000000 ____D C:\Users\Leo\Desktop\xdccMule
2016-03-01 15:41 - 2013-12-04 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessori
2016-03-01 15:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\security
2016-03-01 12:08 - 2013-03-15 12:52 - 00000000 ____D C:\Users\Leo\AppData\Roaming\vlc
2016-03-01 07:13 - 2011-09-03 23:09 - 00745466 _____ C:\Windows\system32\perfh010.dat
2016-03-01 07:13 - 2011-09-03 23:09 - 00149060 _____ C:\Windows\system32\perfc010.dat
2016-03-01 07:13 - 2009-07-14 06:13 - 01672550 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-01 01:23 - 2014-06-10 14:39 - 00000000 ____D C:\Program Files (x86)\CloneCD
2016-02-29 16:59 - 2015-10-26 20:34 - 00000065 _____ C:\Users\Leo\Downloads\rufus.ini
2016-02-29 13:03 - 2014-06-12 13:41 - 00000000 ____D C:\Program Files (x86)\HiSuite
2016-02-29 12:15 - 2012-11-07 18:01 - 00000000 ____D C:\Users\Leo\Downloads\FATTURE SKY & BANCA & VARI PAGAMENTI
2016-02-25 20:14 - 2015-08-27 18:56 - 00000000 ____D C:\Users\Leo\Downloads\Da stampare
2016-02-25 20:05 - 2013-11-14 13:20 - 00000000 ____D C:\Users\Leo\Downloads\Università
2016-02-25 18:01 - 2015-12-25 08:07 - 00000000 ____D C:\Users\Leo\Desktop\Musica per fare CD
2016-02-25 17:06 - 2012-09-28 17:58 - 00000000 ____D C:\Users\Leo\Downloads\Immagini
2016-02-24 19:07 - 2015-04-04 11:26 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-24 19:07 - 2015-04-04 11:26 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-24 19:06 - 2011-12-23 11:53 - 01647372 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-24 17:07 - 2014-06-24 10:46 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-24 13:49 - 2014-05-28 14:05 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLeo
2016-02-24 13:49 - 2014-05-28 14:05 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForLeo.job
2016-02-23 12:50 - 2014-06-20 05:44 - 00000000 ____D C:\Users\Leo\Desktop\Avv. Siviglia Importante
2016-02-16 20:42 - 2012-12-07 12:58 - 00000000 ____D C:\Users\Leo\AppData\Local\ElevatedDiagnostics
2016-02-16 20:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-16 12:38 - 2015-04-29 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-14 22:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-02-12 23:12 - 2012-05-14 16:19 - 00000000 ____D C:\ProgramData\Skype
2016-02-12 15:36 - 2009-07-14 05:45 - 00416856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-12 11:05 - 2014-12-12 03:22 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-12 11:05 - 2014-05-07 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-12 11:03 - 2015-04-30 23:41 - 06423826 ____H C:\Users\Leo\AppData\Local\IconCache.db.backup
2016-02-11 08:01 - 2013-08-07 02:00 - 00000000 ____D C:\Windows\system32\MRT
2016-02-11 07:41 - 2011-12-07 17:09 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-11 07:39 - 2009-07-14 03:34 - 00000636 _____ C:\Windows\win.ini
2016-02-11 07:14 - 2012-04-07 09:10 - 00003916 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 22:36 - 2012-04-07 09:10 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 22:36 - 2011-12-07 17:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-12-03 01:10 - 2015-12-03 01:45 - 0000096 _____ () C:\Users\Leo\AppData\Roaming\Camdata.ini
2015-12-03 01:10 - 2015-12-03 01:45 - 0000408 _____ () C:\Users\Leo\AppData\Roaming\CamLayout.ini
2015-12-03 01:10 - 2015-12-03 01:45 - 0000408 _____ () C:\Users\Leo\AppData\Roaming\CamShapes.ini
2015-12-03 01:10 - 2015-12-03 01:45 - 0004509 _____ () C:\Users\Leo\AppData\Roaming\CamStudio.cfg
2013-05-13 18:00 - 2013-05-13 18:00 - 0021866 _____ () C:\Users\Leo\AppData\Roaming\Valori separati da virgola (Windows).ADR
2014-04-10 19:13 - 2014-04-10 19:13 - 0000001 _____ () C:\Users\Leo\AppData\Local\llftool.4.40.agreement
2013-12-02 20:42 - 2013-12-02 20:42 - 0000017 _____ () C:\Users\Leo\AppData\Local\resmon.resmoncfg
2012-02-13 14:27 - 2012-10-02 18:08 - 0000041 ___SH () C:\ProgramData\.zreglib
2014-12-22 18:00 - 2014-12-22 18:00 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-09-20 08:37 - 2013-11-13 20:13 - 0003759 _____ () C:\ProgramData\hpzinstall.log

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\Mswrkdmk.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-28 11:13

==================== End of FRST.txt ============================



This is Addition.txt


Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by Leo (2016-03-04 11:25:42)
Running from C:\Users\Leo\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-05 14:14:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1458585565-512590629-857725284-500 - Administrator - Disabled)
Guest (S-1-5-21-1458585565-512590629-857725284-501 - Limited - Enabled)
Leo (S-1-5-21-1458585565-512590629-857725284-1000 - Administrator - Enabled) => C:\Users\Leo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 7.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\uTorrent) (Version: 3.4.2.33497 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version: - )
Active@ File Recovery Professional 11 (HKLM-x32\...\{C34F36E0-4D8B-42E8-90AD-50C76E1AE282}_is1) (Version: 11 - LSoft Technologies Inc)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AKVIS Sketch (HKLM-x32\...\{AC0BAA05-28E6-4911-B3F3-0AE2EB0F54A1}) (Version: 13.0.2470.8432 - AKVIS)
Alice Mobile Olicard 100 (HKLM-x32\...\{93D35783-AD34-4CDB-8E7F-71CC730026EC}) (Version: 1.0.3.0 - )
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{9A11B072-9CE7-ABB9-2F65-EC971A7B839D}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden
AVS Document Converter 2.2.5 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.2.5.218 - Online Media Technologies Ltd.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.95 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.61 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Cadence SPB/OrCAD 16.6 (HKLM-x32\...\{4CA5F148-A11D-4D37-A2D3-CCFC671F113C}) (Version: 16.60.000 - Cadence Design Systems, Inc.)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5844 - CDBurnerXP)
Centro gestione dispositivi Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
ChromecastApp (HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft)
CSVed 2.2.3 (HKLM-x32\...\CSVed_is1) (Version: 2.2.3 - Sam Francke)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2705 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0315.0262 - DT Soft Ltd)
Defraggler (HKLM-x32\...\Defraggler) (Version: - )
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DIY DataRecovery CHK-Mate (HKLM-x32\...\CHK-Mate_is1) (Version: 1.0 - DIY DataRecovery.nl)
DriverTools 1.0 (HKLM-x32\...\DriverTools) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Dropbox (HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
DVD2one V2.4.2 (HKLM-x32\...\DVD2one V2) (Version: 2.4.2 - Eximius B.V.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Enterprise Architect 11 (HKLM-x32\...\{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}) (Version: 11.10.1106.5 - Sparx Systems)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 - ESET, spol s r. o.)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}) (Version: 2.5.5 - Garmin Ltd or its subsidiaries)
Google Books Downloader version 2.5 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.5 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hard Disk Low Level Format Tool 4.40 (HKLM-x32\...\Hard Disk Low Level Format Tool_is1) (Version: - HDDGURU)
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
High-Definition Video Playback (x32 Version: 11.1.10400.2.65 - Nero AG) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 32.610.28.00.06 - Huawei Technologies Co.,Ltd)
HP 3D DriveGuard (HKLM\...\{0D743827-157D-4B3F-841C-50BABDB1461A}) (Version: 4.1.5.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet 3050 J610 series ? (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Software di base dispositivo (HKLM\...\{8788854E-B122-41B8-909D-FFA58730A3A6}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Studio per il miglioramento dei prodotti HP (HKLM\...\{D97F91FB-4DCE-4347-A508-133F517D1F13}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Software Framework (HKLM-x32\...\{79786F23-644F-4C6A-87A7-DF4311A3EEE0}) (Version: 4.0.110.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{6E737837-0D56-4217-9BD6-2FA01A711A3E}) (Version: 12.0.26.54 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.6 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
iCarbon 2.2.1 (HKLM-x32\...\iCarbon_is1) (Version: 2.2.1 - iDev.ch)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6329.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt))
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
L&H TTS3000 Italiano (HKLM-x32\...\LHTTSITI) (Version: - )
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Malwarebytes Anti-Malware versione 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Malwarebytes Anti-Ransomware version 0.9.14.361 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.14.361 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office a portata di clic 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Italiano (HKLM-x32\...\{90140011-0066-0410-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 it) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 it)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\MyFreeCodec) (Version: - )
MySQL Connector C++ 1.1.4 (HKLM-x32\...\{DEF0D0C1-511C-4F89-BCF7-75F421DDE591}) (Version: 1.1.4 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{9779CE68-28F8-4E19-A70C-48BEA184C656}) (Version: 5.1.33 - Oracle Corporation)
MySQL Connector Net 6.9.4 (HKLM-x32\...\{7FE04B43-4187-46F5-A9DE-9ECB5177B8C1}) (Version: 6.9.4 - Oracle)
MySQL Connector Python v2.0.1 for Python v3.4 (HKLM-x32\...\{DA0895B8-8820-417D-BDCA-379862106A3A}) (Version: 2.0.1 - Oracle)
MySQL Connector/C 6.1 (HKLM-x32\...\{97FEF94D-9E6D-4778-AFF1-77C53C933634}) (Version: 6.1.5 - Oracle Corporation)
MySQL Connector/ODBC 5.3 (HKLM-x32\...\{4C6A664C-DCA0-4CC6-8752-ED0850E3135A}) (Version: 5.3.4 - Oracle Corporation)
MySQL Documents 5.6 (HKLM-x32\...\{A28A3025-2B78-4E6F-AB69-F8886C920817}) (Version: 5.6.21 - Oracle Corporation)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{9619274B-02D7-491C-A6A2-0FA915129985}) (Version: 5.6.21 - Oracle Corporation)
MySQL Fabric 1.5.2 & MySQL Utilities 1.5.2 (HKLM-x32\...\{268B25AC-15D9-4825-82AF-CADDF3B72E3E}) (Version: 1.5.2 - Oracle Corporation)
MySQL Installer - Community (HKLM-x32\...\{854E11AD-BE2D-4897-BA72-9C3A3DEA5798}) (Version: 1.4.2.0 - Oracle Corporation)
MySQL Notifier 1.1.6 (HKLM-x32\...\{CB76A6E9-B184-461D-A8BE-7D0D73199545}) (Version: 1.1.6 - Oracle)
MySQL Server 5.6 (HKLM\...\{73F1E510-FC76-4E6D-A020-472DBD0A3207}) (Version: 5.6.21 - Oracle Corporation)
MySQL Workbench 6.2 CE (HKLM\...\{916D6512-97A8-470D-AEC8-53A1654E74BF}) (Version: 6.2.3 - Oracle Corporation)
Nero 11 (HKLM-x32\...\{9FC86590-AC98-4845-80D4-3EB37B51947B}) (Version: 11.0.15800 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nitro Pro 9 (HKLM\...\{BAEC0BFE-B056-40A6-A8EC-12BFAE6025CD}) (Version: 9.5.3.8 - Nitro)
nLite 1.4.9.3 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Ontrack EasyRecovery Professional (HKLM-x32\...\{668CC71A-C2AD-4D56-866D-CF300BD1D5BE}_is1) (Version: 11.0.1.0 - Kroll Ontrack Inc.)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.5001 - ooVoo LLC.)
Opera Stable 35.0.2066.92 (HKLM-x32\...\Opera 35.0.2066.92) (Version: 35.0.2066.92 - Opera Software)
Oracle VM VirtualBox 4.3.2 (HKLM\...\{49C9FDFF-6056-4E8C-B9AF-B7B4D78023E2}) (Version: 4.3.2 - Oracle Corporation)
Pacchetto di codec della fotocamera Microsoft (HKLM-x32\...\{FFC81DE8-F2D4-49A6-9286-23F6E75DE022}) (Version: 16.4.1734.1104 - Microsoft Corporation)
Pacchetto driver Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Pacchetto driver Windows - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Pacchetto driver Windows - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Pacchetto driver Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF OCR 4.2 (HKLM-x32\...\{3D122AF9-1E02-4035-8003-334D378C1B62}_is1) (Version: - PDF OCR)
PhoenixSuit (HKLM-x32\...\{EBF1BED9-4321-40D7-8837-177AE54C457C}) (Version: 1.0.5 - AllWinnertech)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sisal Poker (HKLM-x32\...\sisalpoker_real) (Version: - )
Sky Go Player (HKLM-x32\...\{32df31d2-9751-425f-ab51-eec25cf7296a}) (Version: 3.0 - Sky Italia)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Stellar Phoenix Windows Data Recovery - Home (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Home_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd)
Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Supporto applicazioni Apple (64 bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Torque (HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\Torque) (Version: 4.2.5.28819 - BitTorrent Inc.)
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
Video Download Capture versione 5.0.3 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 5.0.3 - APOWERSOFT LIMITED)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebPocket (HKLM-x32\...\WebPocket) (Version: 1.01.01.12 - Huawei Technologies Co.,Ltd)
welcome (x32 Version: 11.0.21500.0.4 - Nero AG) Hidden
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/27/2012 7.0.0000.00001) (HKLM\...\450B7CBC371CAEC6A328083977AA7A09E7AE5D29) (Version: 08/27/2012 7.0.0000.00001 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wondershare Streaming Audio Recorder(Build 2.2.1) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.2.1.2 - Wondershare Software)
XnView 1.99.5 (HKLM-x32\...\XnView_is1) (Version: 1.99.5 - Gougelet Pierre-e)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1458585565-512590629-857725284-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Leo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458585565-512590629-857725284-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Leo\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458585565-512590629-857725284-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Leo\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458585565-512590629-857725284-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458585565-512590629-857725284-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458585565-512590629-857725284-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458585565-512590629-857725284-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458585565-512590629-857725284-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458585565-512590629-857725284-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458585565-512590629-857725284-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458585565-512590629-857725284-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458585565-512590629-857725284-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458585565-512590629-857725284-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06D726B6-F04D-4EE3-B584-2067A15DC69B} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe [2014-09-03] (Oracle Corporation)
Task: {07952D1B-043B-459A-9F56-C247BF6DDFF5} - System32\Tasks\{650C8CFA-83AB-4F1D-8437-E710DEA28D22} => Chrome.exe hxxp://ui.skype.com/ui/0/7.6.0.105.259/it/abandoninstall?page=tsProgressBar
Task: {12AD6051-0F98-4C2A-B4B4-1E6DD5905FBB} - System32\Tasks\GoogleUpdateTaskMachineCore1d15d8d7242a85 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {15672733-F2B7-49AE-AE7D-8971A0DC85CA} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {1A01C9B3-4C5C-4DD7-9719-69ECBC789F35} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f1beb2543b3c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1EA63FA8-9F74-412A-ABEA-8C1DE4B75AEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d15df0a547fe91 => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1F73A4A0-03C6-4F83-B56B-F2D0CC7BE01F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1458585565-512590629-857725284-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {248CBC36-E7C7-4FDE-970D-8EA761883147} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1cf8c9dc698a6aa => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2BE76622-AA23-4FEC-94E2-A637B2E88862} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {325A96A3-3F2D-472B-AC13-0F76A9B14809} - System32\Tasks\{3D37F46B-50B7-4478-8748-ED54D9BCD24F} => pcalua.exe -a C:\Users\Leo\Downloads\unetbootin-windows-585.exe -d C:\Users\Leo\Downloads
Task: {3A94588C-E198-443F-BD09-1A99CF4C0179} - System32\Tasks\GoogleUpdateTaskMachineUA1d15d8d77f6b3b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3AD5578B-C5FC-4BA8-9554-70A5E1A3C783} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET Smart Security 7.0\upgrade.exe [2015-11-23] (ESET)
Task: {3C18EAC0-DF6C-400A-B0EC-4CC80B6931E8} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1458585565-512590629-857725284-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {46CD9BFA-6150-474A-90BB-A4E83F555709} - System32\Tasks\GoogleUpdateTaskMachineUA1d08fa582d877bc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4E7EBC10-C39F-4A73-8E74-FD5699648549} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {53F21D4F-B39F-4091-BA3F-DC6A3E41E38C} - System32\Tasks\{944AEE5C-D9F2-4075-9330-21E5A56FAEF1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.0.102/it/abandoninstall?page=tsMain
Task: {586D85A4-1908-49AD-8BF7-CBF0BA33C858} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {5AA9C4B7-6232-48D2-837A-628545E3D0CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d12e21f37b3855 => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {673EDECA-EFA5-4BFA-9294-8A9891007795} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f1beb19220e4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {73680EDC-90A3-4162-BFAD-C002A96B9E45} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core1d0e1ae67f08c9c => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {78B8CD61-80EA-4038-85BB-98520EDD2703} - System32\Tasks\{76417C82-D95A-49B6-BDAA-7DC95F9EE6C4} => pcalua.exe -a "I:\Realtek\windows 7 驅動\SETUP.EXE" -d "I:\Realtek\windows 7 驅動"
Task: {7B83F244-26C5-41B5-B8E7-21E0EC1BFD1C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d0c18766c144b3 => C:\Users\Leo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {9083E853-B94E-48EE-848A-E253C0FBE6C2} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {920B7B4E-ECDA-4653-A037-2CD8FCA57137} - System32\Tasks\Opera scheduled Autoupdate 1426803451 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-01] (Opera Software)
Task: {9440601D-9ACA-4F11-9760-FD445752AF64} - System32\Tasks\GoogleUpdateTaskMachineUA1d12f0a8fa37101 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9AACCD5B-0E28-455D-B345-553050385FAC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core1d0c1876642eb1a => C:\Users\Leo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {9B50FC9B-821F-4D8F-B64A-A104246EF494} - System32\Tasks\{CAB233CC-925D-4848-B6EF-6A19227F1CC1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.3.0.101/it/abandoninstall?page=tsMain
Task: {A32A1C54-9A55-466A-8D11-1799B98F9C99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d0bf97bd2bb581 => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A38D4B2B-B257-4499-93A1-364C8A1F7593} - System32\Tasks\ScanToPCActivationApp.exe_{1FB16EC5-DC7C-409B-8995-8BBAD7F67718} => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A9F60B4B-5EEB-44DC-A4BD-65254B9BD9CB} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {AD1D2CD9-8BB3-4405-ABA3-A2CD6072AF32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AD6978A5-FF17-4BF3-B126-0501D31B4CB6} - System32\Tasks\GoogleUpdateTaskMachineCore1d12f0a8f3f7d9b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B01E0784-425C-4AF3-B584-6404E06F898D} - System32\Tasks\{3CE9FDFE-A8DB-4C0A-81F8-E0ED61BD9CC4} => Chrome.exe hxxp://ui.skype.com/ui/0/7.2.0.103/it/abandoninstall?page=tsMain
Task: {B201C5AF-85B6-4EBA-9092-E9CD6E361BDC} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf97d4c661eb => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B953CDF5-3E98-43BA-AB6F-3E2C6C419CB4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d0e1ae6853bcb0 => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {BD31A879-C3E1-42C4-BD2F-FBF1B87C755A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-01-04] ()
Task: {C986D59E-6E6E-49C3-B77A-48AC6D4F6FF2} - System32\Tasks\{5F9314FA-8207-4C0C-887C-F1E154808926} => pcalua.exe -a C:\Users\Leo\Downloads\WinSetupFromUSB-1-3.exe -d C:\Users\Leo\Downloads
Task: {D04AD8DE-15F7-42F6-B50F-EA3499DAE400} - System32\Tasks\{A6E3B17C-D49B-4B39-8BFF-C140D971ADBB} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/it/go/help.faq.installer?LastError=1618
Task: {D1F37775-0F85-49BD-AFC8-2B025518793B} - System32\Tasks\HPCeeScheduleForLeo => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {D4B85BE2-8F22-473B-9CB6-F1809943BF6C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {DAA30F4D-9A6F-4F70-A810-B69D20A13D1F} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2014-09-18] (Oracle Corporation)
Task: {DC2190F1-775D-43F0-A066-E04640AAF326} - System32\Tasks\GoogleUpdateTaskMachineUA1d0401cb59008e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {EE68032B-ECF0-4F6A-AFAD-DBEBAAD0055B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {EEE1EA71-ADD1-4D0B-8599-AA36232CF8B2} - System32\Tasks\{47E84739-4B9E-471F-821E-517ED046318B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.115/it/go/help.faq.installer?LastError=1618
Task: {FB88E734-F902-4B36-B996-0EB2E8E6D861} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6a103267fa2c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FBB1405D-81B3-4610-9717-4A31BFFEBBB7} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-09-26] (Hewlett-Packard)
Task: {FD102BA2-DA10-4383-B5F5-95654B8ACB9B} - System32\Tasks\GoogleUpdateTaskMachineCore1d08fa58258977d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FDA16B98-5C88-4694-936F-CB6FBAFC5922} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core1d15df0a4e73f86 => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core1d0c1876642eb1a.job => C:\Users\Leo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d0c18766c144b3.job => C:\Users\Leo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08fa58258977d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f1beb19220e4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12f0a8f3f7d9b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d8d7242a85.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6a103267fa2c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0401cb59008e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08fa582d877bc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf97d4c661eb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f1beb2543b3c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12f0a8fa37101.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15d8d77f6b3b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core1d0e1ae67f08c9c.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core1d15df0a4e73f86.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1cf8c9dc698a6aa.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d0bf97bd2bb581.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d0e1ae6853bcb0.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d12e21f37b3855.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d15df0a547fe91.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLeo.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-27 09:47 - 2014-09-05 08:40 - 00138272 _____ () C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
2014-09-27 09:47 - 2014-09-05 08:40 - 00219680 _____ () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
2014-08-01 14:23 - 2014-08-01 14:23 - 00418312 _____ () C:\Program Files\Pro 9\Nitro_UpdateService.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-02-13 14:59 - 2012-01-29 16:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2015-02-13 14:59 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2011-10-15 06:41 - 2011-04-15 04:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-25 20:50 - 2009-06-18 10:33 - 00401408 _____ () C:\Program Files (x86)\Alice Mobile Olicard 100\ConnMonitor.exe
2011-05-12 13:13 - 2011-05-12 13:13 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-05-08 01:23 - 2011-05-08 01:23 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-03-03 16:14 - 2016-02-11 13:41 - 01144800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll
2013-02-11 15:06 - 2013-02-11 15:06 - 06515528 _____ () C:\Users\Leo\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe
2014-04-19 13:15 - 2012-12-17 19:18 - 02306048 _____ () C:\Cadence\LicenseManager\cdslmd.exe
2013-02-11 15:07 - 2013-02-11 15:07 - 00274240 _____ () C:\Users\Leo\AppData\Local\Sky Italia\Sky Go Player\ndsLogStore.dll
2012-03-25 20:50 - 2009-06-18 10:33 - 00237568 _____ () C:\Program Files (x86)\Alice Mobile Olicard 100\Monitor.dll
2016-02-12 19:42 - 2016-02-12 19:42 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\78f2bb59b6d38a103cc7b82d2f20f160\IsdiInterop.ni.dll
2011-10-15 06:40 - 2011-01-13 02:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2016-03-01 20:48 - 2016-02-22 10:27 - 62327848 _____ () C:\Program Files (x86)\Opera\35.0.2066.82_0\opera.dll
2016-03-01 20:48 - 2016-02-22 10:27 - 02074664 _____ () C:\Program Files (x86)\Opera\35.0.2066.82_0\libglesv2.dll
2016-03-01 20:48 - 2016-02-22 10:27 - 00081960 _____ () C:\Program Files (x86)\Opera\35.0.2066.82_0\libegl.dll
2016-03-02 07:31 - 2016-02-18 05:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-03-02 07:31 - 2016-02-18 05:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2016-02-09 22:36 - 2016-02-09 22:36 - 16804032 _____ () C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_20_0_0_306.dll
2016-03-02 07:31 - 2016-02-18 05:15 - 16808600 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll
2013-02-11 15:05 - 2013-02-11 15:05 - 02370368 _____ () C:\Users\Leo\AppData\Local\Sky Italia\Sky Go Player\DrmSingleton.dll
2013-02-11 15:06 - 2013-02-11 15:06 - 07172416 _____ () C:\Users\Leo\AppData\Local\Sky Italia\Sky Go Player\gsttspplugin.dll
2013-02-11 15:06 - 2013-02-11 15:06 - 00688968 _____ () C:\Users\Leo\AppData\Local\Sky Italia\Sky Go Player\libgstreamer-0.10.dll
2013-02-11 15:07 - 2013-02-11 15:07 - 01403192 _____ () C:\Users\Leo\AppData\Local\Sky Italia\Sky Go Player\libxml2-2.dll
2013-02-11 15:07 - 2013-02-11 15:07 - 00091944 _____ () C:\Users\Leo\AppData\Local\Sky Italia\Sky Go Player\z.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Temp:054B9966 [150]
AlternateDataStreams: C:\ProgramData\Temp:2683706C [144]
AlternateDataStreams: C:\ProgramData\Temp:9FA5EC55 [167]
AlternateDataStreams: C:\ProgramData\Temp:DED17083 [274]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1458585565-512590629-857725284-1000\...\skype.com -> hxxps://apps.skype.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-11-19 21:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1458585565-512590629-857725284-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E89B7D85-9B61-486A-ADE4-26EC4749BD4E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FFE6F377-8553-4367-9A5A-7A9B995BF365}] => (Allow) LPort=2869
FirewallRules: [{81BF811B-080D-4906-888E-CB9FE1745427}] => (Allow) LPort=1900
FirewallRules: [{06BEE23E-482A-48ED-99DA-D164A2D42765}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{3F5F44F0-A5C8-4491-8734-D7A96CCBF7EA}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{5C537904-9E14-4170-BEDB-B5AF21694589}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E1C47E10-5EDD-4A02-8E94-9C6875A70D98}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{170B3999-A859-41F6-B64E-F8AD492021B4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D06DCC77-6A30-4479-853E-DDCBB49DA4AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CDB7FA39-EE02-46A9-B6E2-3565F91A6708}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{26735B16-18B3-46A5-8B1D-AD82A073D718}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F0D8AB60-B7A3-4C7C-8A18-8D73CA774AE3}] => (Allow) LPort=443
FirewallRules: [{ACE5F798-8359-4E6A-B7D9-F8BB51C1F5E4}] => (Allow) LPort=443
FirewallRules: [{41743F12-C63E-4192-ADAA-7A23A406B2DD}] => (Allow) LPort=37674
FirewallRules: [{C98E5EDD-6071-42A9-9A3A-2DC8E6F4807B}] => (Allow) LPort=37674
FirewallRules: [{C3900A97-EE4A-434C-B98D-6CFCB65B2EA6}] => (Allow) LPort=37675
FirewallRules: [{34514699-070E-4442-8753-F1DCA4D06F3B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D0C4413D-3392-4B7B-8768-2C1C6DA9A9CD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{5993561B-991C-495E-BDED-5783435A8F9C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{0039A86E-13D4-43AB-B47C-7B1BF1FA9D32}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{58D9357B-E3D4-49E3-9E5C-73F8C3F36893}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A137F266-EDFC-4C12-9DB1-19A113F0C684}] => (Allow) C:\Users\Leo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{FA45345D-CFC3-4013-B759-89550C3F06F7}] => (Allow) C:\Users\Leo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{A6670D0C-89EB-4D75-9F7B-3B96A88555CF}] => (Allow) C:\Users\Leo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{E38D431E-1437-4815-BF58-ACD1B820AE12}] => (Allow) C:\Users\Leo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{BE5F6E57-6483-49B8-B0D8-930B031B0FFF}] => (Allow) C:\Users\Leo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{590E07C6-74A9-4F96-9E6A-CB1B6512D8D4}] => (Allow) C:\Users\Leo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4319D434-22F3-4127-AED0-B5F8D21B26EA}] => (Allow) C:\Users\Leo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C4815C51-3D75-4099-B528-A69B1AC07D66}] => (Allow) C:\Users\Leo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8518C066-4629-446E-A886-DFB47FD964E1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B1202AAC-BE96-41CF-A304-8C3C55FBE73D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{1E3C603C-37C9-4520-84DE-15B1EC963327}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{8A82D271-BEBD-45B8-9F96-F26344449B4F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{073B07BA-D569-41FA-8207-E45A8453679D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{26417A97-9D92-4E30-B261-4DFFE4A54486}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{4276F6D7-141C-48C3-9600-6B41E1638A0D}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{B0894346-0EF3-4CC8-9860-A45496075DD3}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{86B0162A-EA91-4EE2-A3BF-90BA2BAC7BDF}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{618AE69C-2512-4EB7-AF11-DE530F9F9554}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{E44900AF-C7A4-4678-91CE-67D6BEFD5A56}] => (Allow) C:\Users\Leo\AppData\Roaming\Torque\Torque.exe
FirewallRules: [{560EB99C-656C-42C3-B722-89BBB03B33A1}] => (Allow) C:\Users\Leo\AppData\Roaming\Torque\Torque.exe
FirewallRules: [{3CD3B2E5-76B7-44B0-AD57-88092780AE8B}] => (Allow) C:\Users\Leo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{37748426-9D19-4D3E-B2BD-41AB5D6107AF}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{1BF7001B-9643-4FB3-9C3B-2BD181DDA134}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{C34F8090-17C4-4A00-9C56-C105AC5F7F1D}] => (Allow) LPort=26675
FirewallRules: [{5F28C238-4575-460D-8349-AE73ADDDD378}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{64D7E4B7-F939-492C-AF3C-544B129FEA70}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{448025DA-1A0F-40BA-A38A-903F91346318}] => (Allow) LPort=26675
FirewallRules: [{7BAD6C87-818C-460E-A699-2AC8464D5F9A}] => (Allow) C:\Users\Leo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{900054AB-A440-4DF3-88F4-312D45E69F18}] => (Allow) C:\Users\Leo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5783AEB3-7C66-400E-8129-32D009D44C98}] => (Allow) LPort=3306
FirewallRules: [{4AB568B5-48BF-405B-8E76-A0B3877BBCEB}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{90867D15-8C88-4667-AE93-E96948AAE54E}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{27208211-6783-4688-87BE-8BFC3A93460C}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3030B257-CC63-4934-A36E-9F49D17F971A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9ACF1FF5-8615-46B8-B258-76F1045AEB89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{88EB5E47-E0B0-4A1F-85EF-4F8FD4A5CC8F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1FC0FB9E-39DD-453E-97C6-EDF9C7A48FE7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{75DCA259-B896-4CE7-8D0A-F8414161E844}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{CD50332E-BB7C-4AA4-98A4-C573F79B5516}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{35CB2ADF-D156-4FD3-A9DC-D9BD9A675773}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{5EE2C152-97BD-47D8-9FB3-ACBBB81F86F6}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{8E29A55D-5824-4E45-9C0C-20929C332A14}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{1F811D89-E53B-46F8-847C-427042A467C7}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{A00C5761-2C74-4680-AA52-E3891DB5CC95}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{276E0AB3-6C7A-497E-BC5D-4D99FD20246F}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{330AB136-E16D-48F8-A9A3-D477193CEAD9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{D017BDFD-FEC1-489C-89E0-D1CC0DEFABBB}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{A007697E-4660-4805-AEA2-F00680A43E06}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{CDEF4CC8-0663-485B-84FD-D5388E372CB4}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{5D05BCA7-0F52-4985-A0EF-5A85C00179A9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{81D3DE70-B8CF-4002-8F0B-5C30D111B0A9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{4E2011D8-1402-457A-A7BE-4D0E98F42268}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6109FDAE-3FDB-4B28-8B88-BE4B0757C50E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8B136628-E335-4F18-81A6-4E9E52EE9BDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4B342CCF-A778-4B32-A927-15CC05A56E0B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F7FA1A92-A304-4458-9725-23C91FBDAEA4}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\cdnsip.exe
FirewallRules: [{EBBCF948-5BAA-4699-BD2D-991BF3194EAC}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\apd.exe
FirewallRules: [{031E7042-3749-4CB5-837B-A5F2220233B3}] => (Allow) C:\Cadence\SPB_16.6\tools\fet\bin\pxl.exe
FirewallRules: [{1028EC1B-AC9B-4BED-97F1-55BEE2B0B329}] => (Allow) C:\Cadence\SPB_16.6\tools\fet\bin\pxlhdl.exe
FirewallRules: [{2335494B-87AC-4828-A757-E1F7D754C246}] => (Allow) C:\Cadence\SPB_16.6\tools\fet\bin\olecs.exe
FirewallRules: [{33730F96-8BA2-4AF9-AF98-A38701DDFBE0}] => (Allow) C:\Cadence\SPB_16.6\tools\bin\cdsqmgr.exe
FirewallRules: [{1A285B1C-A18C-4D94-BCEC-4E944910C715}] => (Allow) C:\Cadence\SPB_16.6\tools\fet\bin\appmgr.exe
FirewallRules: [{B41C1A82-B7B3-4F0B-AC37-9C684D1D650B}] => (Allow) C:\Cadence\SPB_16.6\tools\fet\bin\concepthdl.exe
FirewallRules: [{57053D71-28E5-41CB-8B6E-443A5E3BA4C6}] => (Allow) C:\Cadence\SPB_16.6\tools\fet\bin\nconcepthdl.exe
FirewallRules: [{5EDA9DD7-CA24-4456-8EF3-61064F80C111}] => (Allow) C:\Cadence\SPB_16.6\tools\bin\scm.exe
FirewallRules: [{F74B07F0-615E-44DA-B4DC-956BE1E6B4CC}] => (Allow) C:\Cadence\SPB_16.6\tools\bin\dsschgendocprog.exe
FirewallRules: [{B0E2463D-4DE9-4878-B688-C4D3821A349E}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\allegro_viewer_plus.exe
FirewallRules: [{44987A19-6E4F-4AAD-86C3-CBB917DE29E4}] => (Allow) C:\Cadence\SPB_16.6\tools\specctra\bin\specctra.exe
FirewallRules: [{3A619F74-EB66-452D-8769-674915620577}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\sigxp.exe
FirewallRules: [{7BDD967D-D5EA-4AC6-9BBD-D699A1773768}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\modelintegrity.exe
FirewallRules: [{E48E19B1-3511-4A9C-92CC-3F3E77BCDCD8}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\smpd.exe
FirewallRules: [{B30F08A3-A071-4D39-9407-D69E4809B596}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\mpiexec.exe
FirewallRules: [{678DCBEC-080E-478B-A4C0-200D1E4CAB03}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\allegro.exe
FirewallRules: [{C0D6B8C1-09D3-45A6-ABFA-D2C30D6FF19C}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\sigwave.exe
FirewallRules: [{6B109C7B-5646-47DF-88EE-A48BC641BA14}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\sigxsect.exe
FirewallRules: [{84F5DF66-10D0-49F4-98F9-D8D85D72C1F7}] => (Allow) C:\Cadence\SPB_16.6\tools\pcb\bin\productserver.exe
FirewallRules: [{1778BB9A-1B96-456A-B961-9FE09F2BC658}] => (Allow) C:\Cadence\SPB_16.6\openaccess\bin\win32\opt\oadmturboserver.exe
FirewallRules: [{9DCDA558-D7A7-4334-B668-5F45FCF48D31}] => (Allow) C:\Cadence\SPB_16.6\OpenAccess\bin\win32\opt\oaFSLockD.exe
FirewallRules: [{41EA4FF1-5796-4439-AD45-728A1CF56D95}] => (Allow) C:\Cadence\SPB_16.6\tools\bin\cdsmsgserver.exe
FirewallRules: [{17C912D4-0C13-47E7-A610-994094899A43}] => (Allow) C:\Cadence\SPB_16.6\tools\bin\cdsnameserver.exe
FirewallRules: [{526A9F49-EE04-42B2-868A-03206473C52E}] => (Allow) C:\Cadence\SPB_16.6\tools\bin\cdsmps.exe
FirewallRules: [{8BA3CD9E-8649-45EA-932F-E06549C303A9}] => (Allow) C:\Cadence\SPB_16.6\tools\jre\bin\javaw.exe
FirewallRules: [{A8A06AAD-D5CC-4358-8987-1855E993AD58}] => (Allow) C:\Cadence\SPB_16.6\tools\bin\clsbd.exe
FirewallRules: [{FCAFF26D-F90F-4E0B-831C-22696CB7CA7C}] => (Allow) C:\Cadence\SPB_16.6\tools\capture\Capture.exe
FirewallRules: [TCP Query User{9D93E5B7-AA17-4A93-AD24-37A0BB923CA5}C:\users\leo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\leo\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{0034AD24-63A3-49E6-8D51-8EE8221D4989}C:\users\leo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\leo\appdata\local\akamai\netsession_win.exe
FirewallRules: [{79C9F141-5854-4641-92DF-51ED51162DE9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BFCE20F5-48E9-469D-82D5-097C8EA435A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F01C550C-8FBD-4C0F-B2EB-A4565A193C2F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-03-2016 05:59:47 Punto di controllo pianificato

==================== Faulty Device Manager Devices =============

Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: SugarSync
Service: SSCBFS3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Scheda miniport WiFi virtuale Microsoft
Description: Scheda miniport WiFi virtuale Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2016 09:30:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020

Error: (03/04/2016 09:30:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020

Error: (03/04/2016 09:30:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/04/2016 09:30:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6006

Error: (03/04/2016 09:30:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6006

Error: (03/04/2016 09:30:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/04/2016 09:30:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5008

Error: (03/04/2016 09:30:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5008

Error: (03/04/2016 09:30:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/04/2016 09:30:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009


System errors:
=============
Error: (03/04/2016 08:37:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Diagnostics Tracking Service. Questo evento si è già verificato 4 volta(e).

Error: (03/04/2016 08:37:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Diagnostics Tracking Service. Questo evento si è già verificato 3 volta(e).

Error: (03/04/2016 08:37:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Diagnostics Tracking Service è stato arrestato in modo imprevisto. Questo problema si è verificato 2 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

Error: (03/04/2016 08:37:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Diagnostics Tracking Service è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

Error: (03/03/2016 04:22:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Diagnostics Tracking Service. Questo evento si è già verificato 4 volta(e).

Error: (03/03/2016 04:22:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Diagnostics Tracking Service. Questo evento si è già verificato 3 volta(e).

Error: (03/03/2016 04:22:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Diagnostics Tracking Service è stato arrestato in modo imprevisto. Questo problema si è verificato 2 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

Error: (03/03/2016 04:22:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Diagnostics Tracking Service è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

Error: (03/03/2016 03:35:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio eapihdrv non è stato avviato per il seguente errore:
%%1275

Error: (03/03/2016 03:35:20 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Caricamento del driver \??\C:\Users\Leo\AppData\Local\Temp\ehdrv.sys bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore del software per richiedere una versione compatibile del driver.


CodeIntegrity:
===================================
Date: 2015-11-26 22:06:02.991
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\fveapibase.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2015-11-26 22:06:02.882
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\fveapibase.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2015-11-26 22:06:02.774
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\fveapibase.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2015-11-26 22:06:02.666
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\fveapibase.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2015-11-26 22:01:53.515
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\drivers\appid.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2015-11-26 22:01:53.409
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\drivers\appid.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2015-11-26 22:01:53.302
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\drivers\appid.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2015-11-26 22:01:53.196
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\Software e driver per altri computer e telefoni\hard disk paolo computer\Windows\System32\drivers\appid.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2015-11-26 20:14:00.737
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\DIVX nero wd\Violetta\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2015-11-26 20:14:00.585
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume24\DIVX nero wd\Violetta\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 70%
Total physical RAM: 8139.86 MB
Available physical RAM: 2362.33 MB
Total Virtual: 16277.92 MB
Available Virtual: 8413.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.07 GB) (Free:17.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.39 GB) (Free:1.87 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:237.99 GB) (Free:184.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F38A2093)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 150CB6C4)
Partition 1: (Not Active) - (Size=238 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=489 MB) - (Type=27)

==================== End of Addition.txt ============================




Waiting for your help! Thanks so much!


Edited by hamluis, 15 March 2016 - 01:46 PM.
Moved from AII to MRL - Hamluis.


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 04 March 2016 - 04:56 PM

Hi furetto,

FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
Windows Firewall is enabled.

Multiple Firewall Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause.  Firewall programs take up an enormous amount of your computer's resources when they are actively scanning your computer.  Having two     Firewall programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
====================================================================================================
C:\Windows\System32\Tasks\AutoKMS
You use pirate software from Microsoft and Crack keygen must remove all illegal software. Please !
===================================================================================
Going over your logs I noticed that you have µTorrent and Bittorent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.
=================================================================================================
Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:
MyFreeCodec
==================================================
Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 furetto

furetto
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 06 March 2016 - 05:54 AM

Dear Yilmaz, on the report nothing is strange, then Zemana is not free. I continue to have problems only on Chrome as i write at first. How can i find the malware about Chrome. Ad by Advertise, please look the pictures thanks

#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 06 March 2016 - 10:12 AM

Please Zemana Antimalware Free download
1.JPG is no problem. But 2 and 3. JPG are problem. There is harmful on the chrome

I see them and will delete. please do not worry

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 furetto

furetto
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 06 March 2016 - 02:09 PM

What is the problem of 2 and 3. JPG? Can you explain please?
This is the report you ask.

Zemana AntiMalware 2.19.2.904 (Installato)

-------------------------------------------------------
Risultato scansione : Completato
Data scansione : 2016/3/6
Sistema operativo : Windows 7 64-bit
Processore : 8X Intel® Core™ i7-2670QM CPU @ 2.20GHz
Modalità BIOS : Legacy
CUID : 004D8459215E154506D9A6
Tipo di scansione : Scansione rapida
Durata : 51m 31s
Oggetti scansionati : 78550
Oggetti rilevati : 3
Oggetti esclusi : 16
Livello lettura : SCSI
Caricamento automatico : Sì
Mostra tutte le estensioni : No
Scansione documenti : No
Informazioni dominio : GATE-1,0,2

Oggetti rilevati
-------------------------------------------------------

Internet Explorer Shortcut
Stato : Scansionato
Oggetto : -extoff
MD5 : -
Editore : -
Dimensione : -
Versione : -
Rilevamento : Impostazione del browser sospetta
Azione pulizia : Ripara
Tracce :
Impostazione del browser - Internet Explorer Shortcut

YTDPRO-4.9.0.3[danhuk]-Patch.exe
Stato : Scansionato
Oggetto : %userprofile%\downloads\software\youtube video downloader pro final v4.9.0.3 + patch [danhuk]\patch\ytdpro-4.9.0.3[danhuk]-patch.exe
MD5 : B6B0891734CF3CF806D7C614363F0701
Editore : -
Dimensione : 757742
Versione : -
Rilevamento : PUA:Win32/SoftCrack.Gen
Azione pulizia : Quarantena
Tracce :
File - %userprofile%\downloads\software\youtube video downloader pro final v4.9.0.3 + patch [danhuk]\patch\ytdpro-4.9.0.3[danhuk]-patch.exe

KMSpico v9.2.3 genuine Activator hacktool not virus or troian crack serial Windows 8.1 and Office.exe
Stato : Scansionato
Oggetto : %userprofile%\downloads\software\the.new.best.cd.with.all.software.you.need.20.december.2014\1 software used rarely\kmspico v9.2.3 genuine activator hacktool not virus or troian crack serial windows 8.1 and office.exe
MD5 : CB4713CBC6864BB65E119B7642E10563
Editore : -
Dimensione : 7148670
Versione : 9.20.0.0
Rilevamento : Adware:Win32/Generic!Kret
Azione pulizia : Quarantena
Tracce :
File - %userprofile%\downloads\software\the.new.best.cd.with.all.software.you.need.20.december.2014\1 software used rarely\kmspico v9.2.3 genuine activator hacktool not virus or troian crack serial windows 8.1 and office.exe


Risultati pulizia
-------------------------------------------------------
Puliti : 3
Segnalati come sicuri : 0
Falliti : 0

#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 06 March 2016 - 06:27 PM

Hi furetto,

 

Step 1:
 FRST Script:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

start
Task: {D04AD8DE-15F7-42F6-B50F-EA3499DAE400} - System32\Tasks\{A6E3B17C-D49B-4B39-8BFF-C140D971ADBB} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/it/go/help.faq.installer?LastError=1618
Task: {EEE1EA71-ADD1-4D0B-8599-AA36232CF8B2} - System32\Tasks\{47E84739-4B9E-471F-821E-517ED046318B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.115/it/go/help.faq.installer?LastError=1618
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08fa58258977d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f1beb19220e4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12f0a8f3f7d9b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d8d7242a85.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6a103267fa2c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0401cb59008e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08fa582d877bc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf97d4c661eb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f1beb2543b3c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12f0a8fa37101.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15d8d77f6b3b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core1d0e1ae67f08c9c.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core1d15df0a4e73f86.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1cf8c9dc698a6aa.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d0bf97bd2bb581.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d0e1ae6853bcb0.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d12e21f37b3855.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d15df0a547fe91.job => C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLeo.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Temp:054B9966 [150]
AlternateDataStreams: C:\ProgramData\Temp:2683706C [144]
AlternateDataStreams: C:\ProgramData\Temp:9FA5EC55 [167]
AlternateDataStreams: C:\ProgramData\Temp:DED17083 [274]
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {39D54CC2-69CF-43b4-B167-577D25E7F496} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
ShellIconOverlayIdentifiers: [SugarSyncSharedPending] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1458585565-512590629-857725284-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {64BFBF4C-1C26-4840-85EC-D38792AE12F4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://it.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://it.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1458585565-512590629-857725284-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1458585565-512590629-857725284-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1458585565-512590629-857725284-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://it.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1458585565-512590629-857725284-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
FF ProfilePath: C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\lgvf7yw2.default-1436724614773
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-06-15] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
CHR Extension: (BitTorrent Surf (Beta)) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpbofogepkkeoockhkfcgngjkimndlp [2013-07-24]
CHR HKU\S-1-5-21-1458585565-512590629-857725284-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Leo\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-29]
CHR HKU\S-1-5-21-1458585565-512590629-857725284-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (YouTube Downloader) - C:\Users\Leo\AppData\Roaming\Opera Software\Opera Stable\Extensions\kclijeogghhkmenkommbnjobhnndpfba [2015-04-20]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2016-03-01] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2016-03-02 20:14 - 2016-03-02 20:14 - 00001959 _____ C:\Users\Leo\Desktop\Avira PC Cleaner.lnk
2016-03-02 20:12 - 2016-03-02 20:12 - 02319176 _____ C:\Users\Leo\Downloads\avira_pc_cleaner_en.exe
2016-03-01 15:25 - 2016-03-01 15:26 - 01609216 _____ (Malwarebytes) C:\Users\Leo\Downloads\JRT (2).exe
2016-03-01 13:12 - 2016-03-01 13:12 - 00090108 _____ C:\Users\Leo\Desktop\JRT.txt
2016-03-01 13:11 - 2016-03-01 13:11 - 01609216 _____ (Malwarebytes) C:\Users\Leo\Downloads\JRT (1).exe
2016-03-04 11:25 - 2015-05-16 07:57 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08fa582d877bc.job
2016-03-04 11:24 - 2012-02-07 18:37 - 00000000 ____D C:\Users\Leo\AppData\Roaming\uTorrent
2016-03-04 11:17 - 2015-06-19 10:06 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Skype
2016-03-04 11:15 - 2015-09-18 04:04 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f1beb2543b3c.job
2016-03-04 11:09 - 2015-07-16 08:20 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf97d4c661eb.job
2016-03-04 11:02 - 2015-02-04 02:43 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0401cb59008e.job
2016-03-04 10:46 - 2015-07-18 19:27 - 00001110 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d0c18766c144b3.job
2016-03-04 10:45 - 2016-02-02 20:33 - 00001152 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d15df0a547fe91.job
2016-03-04 10:45 - 2016-02-02 08:40 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15d8d77f6b3b.job
2016-03-04 10:45 - 2015-12-05 04:10 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12f0a8fa37101.job
2016-03-04 10:45 - 2015-12-04 00:25 - 00001152 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d12e21f37b3855.job
2016-03-04 10:45 - 2015-08-28 17:27 - 00001152 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d0e1ae6853bcb0.job
2016-03-04 10:45 - 2015-07-16 08:19 - 00001152 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000UA1d0bf97bd2bb581.job
2016-03-04 10:45 - 2012-04-07 09:10 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-04 09:01 - 2013-05-29 20:33 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-04 08:45 - 2016-02-02 08:40 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d8d7242a85.job
2016-03-04 08:45 - 2015-12-05 04:10 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12f0a8f3f7d9b.job
2016-03-04 08:34 - 2015-09-18 04:04 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f1beb19220e4.job
2016-03-04 08:34 - 2015-05-16 07:57 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08fa58258977d.job
2016-03-03 20:38 - 2016-02-02 20:33 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core1d15df0a4e73f86.job
2016-03-03 20:38 - 2015-08-28 17:27 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core1d0e1ae67f08c9c.job
2016-03-03 20:32 - 2015-07-18 19:27 - 00001058 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core1d0c1876642eb1a.job
2016-03-03 18:32 - 2011-12-07 16:35 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458585565-512590629-857725284-1000Core.job
2016-03-02 07:27 - 2014-11-20 10:14 - 00000000 __SHD C:\Users\Leo\AppData\Local\EmieBrowserModeList
2016-03-02 07:27 - 2014-06-04 13:54 - 00000000 __SHD C:\Users\Leo\AppData\Local\EmieUserList
2016-03-02 07:27 - 2014-06-04 13:54 - 00000000 __SHD C:\Users\Leo\AppData\Local\EmieSiteList
2016-03-01 20:38 - 2013-01-08 20:29 - 00000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-03-01 18:37 - 2011-12-07 22:21 - 00000000 ____D C:\Users\Leo\AppData\Local\CrashDumps
2016-03-01 18:34 - 2015-11-18 20:33 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-03-01 18:32 - 2015-11-18 20:30 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-01 12:08 - 2013-03-15 12:52 - 00000000 ____D C:\Users\Leo\AppData\Roaming\vlc
2016-02-16 20:42 - 2012-12-07 12:58 - 00000000 ____D C:\Users\Leo\AppData\Local\ElevatedDiagnostics
2015-12-03 01:10 - 2015-12-03 01:45 - 0000096 _____ () C:\Users\Leo\AppData\Roaming\Camdata.ini
2015-12-03 01:10 - 2015-12-03 01:45 - 0000408 _____ () C:\Users\Leo\AppData\Roaming\CamLayout.ini
2015-12-03 01:10 - 2015-12-03 01:45 - 0000408 _____ () C:\Users\Leo\AppData\Roaming\CamShapes.ini
2015-12-03 01:10 - 2015-12-03 01:45 - 0004509 _____ () C:\Users\Leo\AppData\Roaming\CamStudio.cfg
2013-05-13 18:00 - 2013-05-13 18:00 - 0021866 _____ () C:\Users\Leo\AppData\Roaming\Valori separati da virgola (Windows).ADR
2014-04-10 19:13 - 2014-04-10 19:13 - 0000001 _____ () C:\Users\Leo\AppData\Local\llftool.4.40.agreement
2013-12-02 20:42 - 2013-12-02 20:42 - 0000017 _____ () C:\Users\Leo\AppData\Local\resmon.resmoncfg
2012-02-13 14:27 - 2012-10-02 18:08 - 0000041 ___SH () C:\ProgramData\.zreglib
2014-12-22 18:00 - 2014-12-22 18:00 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-09-20 08:37 - 2013-11-13 20:13 - 0003759 _____ () C:\ProgramData\hpzinstall.log
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Emptytemp:
end

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

 

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Edited by olgun52, 06 March 2016 - 06:28 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 furetto

furetto
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 07 March 2016 - 04:49 AM

# AdwCleaner v5.100 - Creato file registro eventi 07/03/2016 in 10:33:30
# Aggiornato 06/03/2016 da Xplode
# Database : 2016-03-06.3 [Server]
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (x64)
# Nome utente : Leo - GATE
# In esecuzione da : C:\Users\Leo\Downloads\adwcleaner_5.100.exe
# Opzione : Pulizia
# Supporto : http://toolslib.net/forum

***** [ Servizi ] *****


***** [ Cartelle ] *****


***** [ File ] *****

[-] File Eliminato : C:\Users\Leo\daemonprocess.txt

***** [ DLLs ] *****


***** [ Collegamenti ] *****


***** [ Attività pianificate ] *****


***** [ Registry ] *****


***** [ Browser web ] *****

[-] [C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminato : eu.ask.com
[-] [C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminato : search.aol.com
[-] [C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminato : acdsee-free.softonic.it
[-] [C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminato : solotablet.it
[-] [C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminato : engadget.com

*************************

:: Chiavi "Tracing" eliminatas
:: Impostazioni Winsock azzerate

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3456 byte] - [07/03/2016 09:43:59]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C2].txt - [1493 byte] - [07/03/2016 10:33:30]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [3126 byte] - [07/03/2016 09:38:20]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [1641 byte] - [07/03/2016 10:31:21]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C2].txt - [1769 byte] ##########

#10 furetto

furetto
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 07 March 2016 - 04:58 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64
Ran by Leo (Administrator) on 07/03/2016 at 10:52:22,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 19

Successfully deleted: C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod (Folder)
Successfully deleted: C:\Users\Leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03791WYU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70B7HP2J (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBA5FSE9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DW18BFTM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K2BDFU79 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RFOPUER6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SRBCDKSY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUNH3NIH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V8XP1NVO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03791WYU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70B7HP2J (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBA5FSE9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DW18BFTM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K2BDFU79 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RFOPUER6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SRBCDKSY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUNH3NIH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V8XP1NVO (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/03/2016 at 10:55:43,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#11 furetto

furetto
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 07 March 2016 - 05:19 AM

~ ZHPCleaner v2016.3.5.37 by Nicolas Coolman (2016/03/05)
~ Run by Leo (Administrator) (07/03/2016 11:13:50)
~ Site : http://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Riparare
~ Report : C:\Users\Leo\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Leo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\ Servizi (0)
~ Nessun elemento malevolo o inutili trovato.


---\\ Browser Internet (0)
~ Nessun elemento malevolo o inutili trovato.


---\\ File hosts (1)
~ Il file hosts è legittimo (1)


---\\ Operazioni pianificate automatiche. (0)
~ Nessun elemento malevolo o inutili trovato.


---\\ Esploratore ( File, Cartelle) (4)
SPOSTATO file: C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage =>PUP.Optional.ReMarkIt
SPOSTATO file: C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal =>PUP.Optional.ReMarkIt
SPOSTATO file: C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage =>PUP.Optional.ReMarkIt
SPOSTATO file: C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal =>PUP.Optional.ReMarkIt


---\\ Registro ( Chiavi, Valori, Dati ) (0)
~ Nessun elemento malevolo o inutili trovato.


---\\ Riepilogo dei elementi trovato sulla workstation (1)
http://www.nicolascoolman.fr/?p=398 =>PUP.Optional.ReMarkIt


---\\ Borrar otro. (26)
~ Chiave di registro Tracing éliminati (26)
~ Rimuovi vecchi report ZHPCleaner. (0)


---\\ Risultato di riparazione
~ Riparazione effettuata con successo


---\\ Statistiche
~ Elementi analizzati : 1039
~ Elementi trovati : 0
~ Elementi cancellati : 0
~ Elementi riparati : 4


~ End of clean in 00h00mn16s
===================

ZHPCleaner-[s]-07032016-11_12_14.txt

#12 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 07 March 2016 - 03:27 PM

Thank you for Logs.

Step 1:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.
:hello:

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 furetto

furetto
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 08 March 2016 - 06:30 AM

2014-02-20 15:50 261832 ----a-w- c:\users\Leo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-20 15:50 261832 ----a-w- c:\users\Leo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-31 790176]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-31 657056]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 169768]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2016-02-18 12831984]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{CCC635CE-901F-4E33-8500-17CF90808EFA}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{CCC635CE-901F-4E33-8500-17CF90808EFA}\36163716D2E65736562716: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{CCC635CE-901F-4E33-8500-17CF90808EFA}\4505D2C494E4B4F5641383536343: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{CCC635CE-901F-4E33-8500-17CF90808EFA}\D44573D2C40393F553334313: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\lgvf7yw2.default-1436724614773\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)
ShellIconOverlayIdentifiers-{39D54CC2-69CF-43b4-B167-577D25E7F496} - (no file)
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)
ShellIconOverlayIdentifiers-{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:c3,dd,7b,fc,c2,e5,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2016-03-08 12:10:39
ComboFix-quarantined-files.txt 2016-03-08 11:10
ComboFix2.txt 2015-11-19 20:19
.
Pre-Run: 56.596.017.152 byte disponibili
Post-Run: 56.276.750.336 byte disponibili
.

#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 08 March 2016 - 03:54 PM

ComboFix Log missing. ??? Why ? Malwarebytes Log can not see ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 13 March 2016 - 03:16 PM

Hello,

 

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users