Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU high usage // CPU high temperature


  • This topic is locked This topic is locked
2 replies to this topic

#1 armageddon1966

armageddon1966

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 02 July 2016 - 08:08 AM

Hi

 

after a long time I am back here.

 

I have realized CPU usage is pretty high (50-60%) even if no program is in use.

As consequence temperature rises up to 80°C (176 F) or more.

 

Before open up the notebook and clean the fan  I was wonderinf if the cause could be a malware, trojan, virus.

 

Recently I created a new account (test) to verify if something changed but everything was the same.

 

 

This is my system:

 

ACER4830TG

SSD Samsung EVO 250Gb

HDD instead of DVD player

Everything else is original.

 

Software

Win7 64bit SP1

AVIRA  Anitvirus Pro

Malwarebytes (Premium)

Secunia (to keep system updated)

 

 

 

 

ADDITION AND FRST FILE as follows (malwarebytes.log, gmer.log, dds.log and aswmbr.log are available if necessary)

 

 

 

ADDITION

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by GGELSO (2016-07-02 14:15:09)
Running from C:\Users\GGELSO\Desktop\Nuova cartella
Windows 7 Home Premium Service Pack 1 (X64) (2012-02-04 20:15:53)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3351240063-618360074-2312958642-500 - Administrator - Disabled)
GGELSO (S-1-5-21-3351240063-618360074-2312958642-1001 - Administrator - Enabled) => C:\Users\GGELSO
Guest (S-1-5-21-3351240063-618360074-2312958642-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3351240063-618360074-2312958642-1310 - Limited - Enabled)
test (S-1-5-21-3351240063-618360074-2312958642-1311 - Limited - Enabled) => C:\Users\test
___VMware_Conv_SA___ (S-1-5-21-3351240063-618360074-2312958642-1097 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1523 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer PowerSmart Manager (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.01.3002 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Acer USB Charge Manager (HKLM-x32\...\{F53A49E6-9FB1-4A5A-B1D9-82BA116196B7}) (Version: 1.00.3001 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3004 - Acer Incorporated)
Acronis True Image 2014 (HKLM-x32\...\{8DD203F6-B966-4846-8C0C-520A555BE395}Visible) (Version: 17.0.6688 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6688 - Acronis) Hidden
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Aggiornamenti NVIDIA 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
ASUS WL-330N3G Wireless Router Utilities (HKLM-x32\...\{914B74BD-2E42-46DB-BD43-8CE09BF5B245}) (Version: 4.2.5.8 - ASUS)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
AX88179_AX88178A Windows 7 Drivers (HKLM-x32\...\InstallShield_{56A83B49-51ED-4CC0-B214-BFCA165ACDA5}) (Version: 3.0.0.0 - ASIX Electronics Corporation)
AX88179_AX88178A Windows 7 Drivers (x32 Version: 3.0.0.0 - ASIX Electronics Corporation) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{29F6BF0C-3D0E-4480-8B55-85EDECE418FF}) (Version: 7.1.0.89 - Research In Motion Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.8.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3351240063-618360074-2312958642-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version:  - SEIKO EPSON Corporation)
Garmin BaseCamp (HKLM-x32\...\{DF1C5B60-29DE-463C-BF2C-708D95F3F752}) (Version: 3.3.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2012.40 Update (HKLM-x32\...\{B28311A2-EA16-4F85-80CE-1BF2B0912C8F}) (Version: 15.40.0.0 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 18.1.1611.3223) (HKLM\...\{302600C1-6BDF-4FD1-1601-148929CC1385}) (Version: 19.0.1601.0594 - Intel Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Spanish/Español (HKLM\...\Office14.OMUI.es-es) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Monitoraggio della tecnologia Intel® Turbo Boost 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
NVIDIA Driver grafico 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Pannello di controllo NVIDIA 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
PureVPN (HKLM-x32\...\PureVPN_is1) (Version: 4.2.1.0 - PureVPN)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller Pro 3.0.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.1 - VS Revo Group, Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Secunia PSI (3.0.0.11003) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11003 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (HKLM\...\{90140000-0100-0C0A-1000-0000000FF1CE}_Office14.OMUI.es-es_{6DC7FDEB-75D2-4019-9CFC-C8900FEF71F6}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Software Intel® PROSet/Wireless (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.9.0 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
VMware vCenter Converter Standalone (HKLM-x32\...\{2BCC4907-4205-4338-BDA5-94F183144C35}) (Version: 5.5.3.2183569 - VMware, Inc.)
VMware Workstation (HKLM\...\{5AD703D9-0C85-4EA7-956D-1DEF1CC65E82}) (Version: 12.1.1 - VMware, Inc.)
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.405.45220 - Vodafone)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
WOT per Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.12.20151119 - Xilisoft)
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.16 - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3351240063-618360074-2312958642-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3351240063-618360074-2312958642-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3351240063-618360074-2312958642-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3351240063-618360074-2312958642-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3351240063-618360074-2312958642-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3351240063-618360074-2312958642-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3351240063-618360074-2312958642-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3351240063-618360074-2312958642-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3351240063-618360074-2312958642-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3351240063-618360074-2312958642-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05310636-5C84-42E4-9915-1571E5DE5899} - System32\Tasks\{5C1FE129-02A0-41C1-BFF1-4668EE8A9833} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.0.107/it/abandoninstall?page=tsProgressBar
Task: {09CC991D-6118-492C-A5DE-DC741D89B816} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {0C3C5AC8-3791-4FC8-B737-07C0FA570DA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {106516A1-FD1E-4302-A115-B5562F659CBB} - System32\Tasks\{900A8E9B-08A4-47EB-A6D1-B1FAD7B6FA42} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.0.107/it/go/help.faq.installer?LastError=1618
Task: {2160E207-9FB6-421D-8774-114DBDEE1D15} - System32\Tasks\{C6657BC0-5297-4093-9850-B84BF8C3E1B4} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.0.107/it/go/help.faq.installer?LastError=1618
Task: {236616D4-0A0E-4F3B-8148-877387D6615E} - System32\Tasks\{088E21B4-5040-4B14-817A-E871E4467B59} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.0.107/it/go/help.faq.installer?LastError=1618
Task: {2E4F3996-7C5D-4D98-BA15-AE0D8D5E8FEF} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {4B9AAAD2-B3BB-4AAE-8661-587E77141D05} - System32\Tasks\{6B43B0A4-F2A8-423B-BACF-09995120C44D} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.0.107/it/abandoninstall?page=tsProgressBar
Task: {6CDD293A-A4DE-43E1-9250-074CA1734F17} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {73D22763-3A1F-4618-B946-0A5EC0E8BB30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-24] (Google Inc.)
Task: {79C4515F-B092-449A-98DF-C4E32053E647} - System32\Tasks\{0667E4BC-D51E-49E6-BDED-4721565CE6FB} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.9.0.106/it/abandoninstall?page=tsPlugin
Task: {7D405AB6-C30B-4963-9D37-FB511AED3D8B} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {8BDB79E1-BDC7-4232-B448-7A8D7AFFF242} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {C224E968-D3B1-4778-B7DB-8FA89F58CAB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-24] (Google Inc.)
Task: {CDC560E1-D1D9-425C-AC13-70FC5758F887} - System32\Tasks\{650AD41C-3DCF-42E8-B81B-A5F521581D16} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.8.0.154.259&LastError=404
Task: {E668741B-547D-4012-B040-F793019AD7C9} - System32\Tasks\{9437FAB8-8E4F-42F0-A63A-399D0E2E3409} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.0.107/it/abandoninstall?page=tsProgressBar
Task: {F15F4FFA-205C-4CC6-85F2-177A65DA610D} - System32\Tasks\{28E2D777-E900-440E-88FA-94920133BA07} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.0.107/it/abandoninstall?page=tsProgressBar
Task: {F294DEC4-8352-40B0-88CD-04CCD6F3B9C7} - System32\Tasks\{62DC84CE-839F-47E4-81ED-09EA4F9D9E3E} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.0.107/it/abandoninstall?page=tsProgressBar

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-02-05 00:40 - 2012-02-05 00:39 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2012-02-05 00:40 - 2012-02-05 00:39 - 00151552 _____ () C:\Windows\KMService.exe
2013-10-01 11:26 - 2013-10-01 11:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-09-27 18:44 - 2014-09-13 23:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-04-01 14:18 - 2011-03-27 00:29 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-30 23:11 - 2014-11-30 23:11 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2009-01-22 01:45 - 2009-01-22 01:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2014-10-03 18:02 - 2014-10-03 18:02 - 00086744 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll
2014-10-03 18:00 - 2014-10-03 18:00 - 01297624 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll
2014-10-03 18:00 - 2014-10-03 18:00 - 00542936 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll
2016-04-14 17:16 - 2016-04-14 17:16 - 01309768 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-09-27 18:34 - 2014-09-14 01:48 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-08-19 21:03 - 2014-08-19 21:03 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-08-19 21:03 - 2014-08-19 21:03 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2016-02-11 22:39 - 2016-02-11 22:39 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5975446c87a7bd86082d11450040cc6d\IsdiInterop.ni.dll
2011-04-01 13:32 - 2011-02-18 08:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-08-19 21:05 - 2014-08-19 21:05 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2011-11-03 11:27 - 2011-11-03 11:27 - 01294368 _____ () C:\Program Files (x86)\WOT\WOT.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 [300]
AlternateDataStreams: C:\ProgramData\Temp:5925E400 [298]
AlternateDataStreams: C:\ProgramData\Temp:8173A019 [276]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3351240063-618360074-2312958642-1001\...\secunia.com -> hxxps://secunia.com
IE trusted site: HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\secunia.com -> hxxps://secunia.com
IE trusted site: HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\secunia.com -> hxxps://secunia.com
IE trusted site: HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\secunia.com -> hxxps://secunia.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2013-11-05 03:14 - 00000063 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1 activation.acronis.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3351240063-618360074-2312958642-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3351240063-618360074-2312958642-1311-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\test\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3351240063-618360074-2312958642-1311-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\test\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3351240063-618360074-2312958642-1311-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\test\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^GGELSO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ritaglio schermata e avvio di OneNote 2010.lnk => C:\Windows\pss\Ritaglio schermata e avvio di OneNote 2010.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: EPSON SX410 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Windows\TEMP\E_S58F4.tmp" /EF "HKCU"
MSCONFIG\startupreg: MobileBroadband => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: VmbNotifier => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{51610139-8C71-4101-8558-36AD45246160}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
FirewallRules: [{B39FE689-B104-4929-B946-4E7C4A8D2383}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\VC.exe
FirewallRules: [{B7D12E93-B78D-42D6-8011-9D5BE584BC0F}] => (Allow) C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1F1880EE-EB86-4854-A0F1-6B6C4F449CD5}] => (Allow) C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BF4DB5B1-49AE-4F2B-9FB5-16BE5AF59D4B}] => (Allow) LPort=4481
FirewallRules: [{C497344F-35C3-4276-8B01-0F52ADF2ABB3}] => (Allow) LPort=4481
FirewallRules: [{796F3AA6-2728-41F3-A65D-5D0471F168BB}] => (Allow) LPort=4482
FirewallRules: [{BEA5279A-811C-4C94-AD11-5D72E6BCD395}] => (Allow) LPort=4482
FirewallRules: [{CA11E208-6467-4C00-8E83-789C52627A4F}] => (Allow) LPort=4481
FirewallRules: [{FC637EC6-D54E-478C-85C4-2C00707BD1C0}] => (Allow) LPort=4481
FirewallRules: [{D2A9E939-1A2D-481E-B818-625E1A58CF94}] => (Allow) LPort=4482
FirewallRules: [{4B3B34AD-A5BF-4932-9F23-C96ACFA30FA1}] => (Allow) LPort=4482
FirewallRules: [{F4DB5529-6C52-44C4-A7D0-A457AB1043C8}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{6D987F58-B04B-48B4-9FCF-7BA0E67CF9A8}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{7F853A5C-C2F5-4E8A-AD77-A015F550A608}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{1DE131DA-CDF5-482D-AD53-C3096FC93812}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{561C43BE-31A8-44A1-B40C-D79114F84151}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{129ACBC1-083C-488E-BE5D-4FA6DAB36B52}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{15BF826F-59FC-48DE-B84E-32414F7FEBCA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{670FDF83-699C-45D0-8E0A-C247FA6B33EE}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{AAF7536B-3379-43AC-88B1-31D6CB0850C6}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{F271F8D0-24E2-46BC-8041-A26898640309}] => (Allow) LPort=7000
FirewallRules: [{9BF658A5-EB7F-4786-9519-88D923CE4347}] => (Allow) LPort=7000
FirewallRules: [{44F12FEC-D5B3-4CF5-832A-BB6113798781}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{92D511AB-77D1-4021-93AF-5AFB1E47C29F}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{F2CBEE7A-F4ED-43EB-B9A3-73112E756648}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{C7379198-3039-4B4B-8310-62696E4D8018}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{9E43107A-601A-4B4B-88DD-62BA2563AA59}] => (Allow) LPort=56789
FirewallRules: [{E560BB09-B65D-48F8-85A5-E263468144C9}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{80E1F2F2-B7F7-4D23-A49B-60F920FF394C}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{8DD887D6-29D2-46FA-8010-1E3165BBA4AE}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{51592429-0059-4B47-A212-64E33273DC6A}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{3C958740-ADD8-48DF-93AF-AF73E53CF994}] => (Allow) LPort=56789
FirewallRules: [{F6B02E43-E97C-4907-8465-25FCAAA56063}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{98102434-1A4E-43EF-B9E2-E6EAF4660748}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{89342A77-C694-48CD-A230-87DB3814F64A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C6317321-6998-4780-8292-690DE0AF3D58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B4265CC3-AE39-42A6-8AEC-183291BA4972}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F1E9D9FC-3AB9-4B49-A4EB-9336077F34E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3CEB156D-6B22-4260-983B-D8F2AF26D67A}] => (Allow) LPort=56789
FirewallRules: [{0402ACF2-F2C6-45F5-9B8E-7C80AC8E31E7}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N3G Wireless Router Utilities\Discovery.exe
FirewallRules: [{1D2AA891-B220-4D90-818C-7AE823F19F39}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N3G Wireless Router Utilities\Discovery.exe
FirewallRules: [{1F8040B1-D214-4982-B8CA-5E280907E4FD}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N3G Wireless Router Utilities\Rescue.exe
FirewallRules: [{FEC6F832-681D-4CB7-AAEE-5A1FF83A37F7}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N3G Wireless Router Utilities\Rescue.exe
FirewallRules: [{31391360-E777-4003-9BA1-58D01465C881}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N3G Wireless Router Utilities\QISWizard.exe
FirewallRules: [{CB89449F-573E-44B7-AC95-660C4544FF8D}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N3G Wireless Router Utilities\QISWizard.exe
FirewallRules: [{99EFC460-DF24-4DD3-B3A4-E24711974970}] => (Allow) LPort=444
FirewallRules: [{8F080C13-DDB5-4B52-8E17-41735BE4C3DD}] => (Allow) LPort=9089
FirewallRules: [{AF28B0C4-4932-407F-A713-5075814A10B5}] => (Allow) LPort=443
FirewallRules: [TCP Query User{817A4EED-018D-4419-AE1E-5EC5859321B5}C:\program files (x86)\asus\wl-330n3g wireless router utilities\discovery.exe] => (Allow) C:\program files (x86)\asus\wl-330n3g wireless router utilities\discovery.exe
FirewallRules: [UDP Query User{8BD26C3A-B81B-4377-9E62-570A733DEABB}C:\program files (x86)\asus\wl-330n3g wireless router utilities\discovery.exe] => (Allow) C:\program files (x86)\asus\wl-330n3g wireless router utilities\discovery.exe
FirewallRules: [{359138CB-2B85-49A2-B873-F118D3AEFF1F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D49365AA-6823-4CEB-B588-E3A80E8D4D92}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{4A39F61C-F9C1-40E1-8A5D-4CEA8785EF26}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{AFDF0396-7710-45DE-BF12-010773FB4B53}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{2AB85886-08F3-4CB6-A4AA-7DAAFBBCAC52}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{C0DF73C8-E016-4C44-B5AD-8D75D10D4462}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BB0F7AE8-8128-4A30-A1A8-83C93F2BC0CE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{27FD67C7-691F-4CDF-9EC6-E36FC4BEC69F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B3E96FD6-DA44-4EF7-944E-CBE298957A9E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D2FFD029-7149-4694-A0F7-E4CC3D3ADA80}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

06-05-2016 18:54:25 Punto di controllo pianificato
13-05-2016 20:27:04 Punto di controllo pianificato
22-05-2016 12:21:09 Punto di controllo pianificato
30-05-2016 20:47:04 Punto di controllo pianificato
09-06-2016 16:24:21 Punto di controllo pianificato
20-06-2016 10:59:31 Punto di controllo pianificato
27-06-2016 20:25:58 Punto di controllo pianificato

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2016 12:43:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2016 12:27:48 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (6684) WindowsMail0: Il backup è stato interrotto. L'operazione è stata interrotta dal client o la connessione al client non è riuscita.

Error: (07/02/2016 12:27:25 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (4896) WindowsMail0: Il backup è stato interrotto. L'operazione è stata interrotta dal client o la connessione al client non è riuscita.

Error: (07/02/2016 12:27:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2016 12:25:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2016 12:22:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/02/2016 12:44:25 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (07/02/2016 12:44:25 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/

Error: (07/02/2016 12:44:25 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (07/02/2016 12:44:25 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/

Error: (07/02/2016 12:43:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
cdrom

Error: (07/02/2016 12:28:22 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (07/02/2016 12:28:22 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/

Error: (07/02/2016 12:27:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
cdrom

Error: (07/02/2016 12:25:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
cdrom

Error: (07/02/2016 12:22:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
cdrom

CodeIntegrity:
===================================
  Date: 2015-08-07 16:30:41.857
  Description: Impossibile verificare l'integrità del file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe perché il certificato di firma è stato revocato. Contattare l'autore per verificare se è disponibile una nuova versione firmata del modulo del kernel.

  Date: 2015-08-07 16:30:41.795
  Description: Impossibile verificare l'integrità del file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe perché il certificato di firma è stato revocato. Contattare l'autore per verificare se è disponibile una nuova versione firmata del modulo del kernel.

  Date: 2015-08-07 16:30:41.717
  Description: Impossibile verificare l'integrità del file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe perché il certificato di firma è stato revocato. Contattare l'autore per verificare se è disponibile una nuova versione firmata del modulo del kernel.

  Date: 2015-08-07 16:30:41.655
  Description: Impossibile verificare l'integrità del file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe perché il certificato di firma è stato revocato. Contattare l'autore per verificare se è disponibile una nuova versione firmata del modulo del kernel.

  Date: 2013-11-03 23:15:15.776
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

  Date: 2013-11-03 23:15:15.714
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

  Date: 2013-11-03 23:14:23.906
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Users\GGELSO\AppData\Local\Temp\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

  Date: 2013-11-03 23:14:23.844
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Users\GGELSO\AppData\Local\Temp\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

  Date: 2013-11-03 23:14:23.781
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Users\GGELSO\AppData\Local\Temp\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

  Date: 2013-11-03 23:14:23.734
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\Users\GGELSO\AppData\Local\Temp\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 54%
Total physical RAM: 5995.86 MB
Available physical RAM: 2707.59 MB
Total Virtual: 11989.93 MB
Available Virtual: 8240.68 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:194.5 GB) (Free:88.63 GB) NTFS
Drive d: (Riservato per il sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (DATI) (Fixed) (Total:150 GB) (Free:39.27 GB) NTFS
Drive f: (LIBERO) (Fixed) (Total:270.7 GB) (Free:88.67 GB) NTFS
Drive g: (WINDOWS 7) (Fixed) (Total:175.38 GB) (Free:92.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 2DC26BF8)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=194.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: F9D7E653)
Partition 1: (Not Active) - (Size=175.4 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=420.7 GB) - (Type=05)

==================== End of Addition.txt ============================

 

 

 

 

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by GGELSO (administrator) on PCRORI (02-07-2016 14:14:41)
Running from C:\Users\GGELSO\Desktop\Nuova cartella
Loaded Profiles: GGELSO &  (Available Profiles: GGELSO & test)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2011-01-13] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [499304 2011-03-28] (Acer Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805888 2014-08-19] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2016-04-14] (VMware, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-05-10] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3351240063-618360074-2312958642-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GGELSO\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-04-14]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\GGELSO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk [2016-07-02]
ShortcutTarget: PureVPN.lnk -> C:\Program Files (x86)\PureVPN\purevpn.exe (PureVPN)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0DEE4AEF-C6D6-4DF6-BCA6-839A633C6635}: [NameServer] 0.0.0.0 0.0.0.0
Tcpip\..\Interfaces\{18DC3EE0-9761-4420-A545-73672762EDF6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2482C7AD-3DB4-4FB9-83D9-57FD72F855FE}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3A14E4F2-7941-43C0-8AD0-3723C0912ECA}: [DhcpNameServer] 10.133.13.210 83.224.65.106
Tcpip\..\Interfaces\{932C5DCE-52BE-4FD5-964E-639355517C89}: [NameServer] 0.0.0.0 0.0.0.0
Tcpip\..\Interfaces\{932C5DCE-52BE-4FD5-964E-639355517C89}: [DhcpNameServer] 10.133.12.210 83.224.65.106
Tcpip\..\Interfaces\{AAC98616-C6A4-4CA3-BBFF-CFA31F20B3C9}: [DhcpNameServer] 192.168.220.1
Tcpip\..\Interfaces\{C4254BC3-9DB7-47AE-B880-711BF5B50EDF}: [NameServer] 0.0.0.0 0.0.0.0
Tcpip\..\Interfaces\{C4254BC3-9DB7-47AE-B880-711BF5B50EDF}: [DhcpNameServer] 10.133.11.210 83.224.65.106

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3351240063-618360074-2312958642-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3351240063-618360074-2312958642-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2011-11-03] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2011-11-03] ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2011-11-03] ()
Toolbar: HKU\S-1-5-21-3351240063-618360074-2312958642-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
Toolbar: HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
Toolbar: HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
Toolbar: HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2011-11-03] ()

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-11-07] (Nero AG)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-04-25] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.it/"
CHR Profile: C:\Users\GGELSO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Super Netflix) - C:\Users\GGELSO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aioencjhbaolepcoappllicjebblphoc [2016-03-25]
CHR Extension: (Documenti Google) - C:\Users\GGELSO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\GGELSO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\GGELSO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-06-27]
CHR Extension: (YouTube) - C:\Users\GGELSO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\GGELSO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Editor Office) - C:\Users\GGELSO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2016-05-12]
CHR Extension: (Google Documenti offline) - C:\Users\GGELSO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\GGELSO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14]
CHR Extension: (BrowsePass) - C:\Users\GGELSO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pihdapfeofbodahcblfmeckjnfcigakb [2015-07-07]
CHR Extension: (Gmail) - C:\Users\GGELSO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-05-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-05-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-05-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-05-10] (Avira Operations GmbH & Co. KG)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-02-06] (Research In Motion Limited) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [799848 2011-03-28] (Acer Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [172272 2016-03-15] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-02-05] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [32568 2015-05-19] (The OpenVPN Project)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-05-14] (Vodafone) [File not signed]
R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479960 2014-10-03] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479960 2014-10-03] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479960 2014-10-03] (VMware, Inc.)
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12471368 2016-04-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141920 2016-05-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-10] (Avira Operations GmbH & Co. KG)
S3 AX88179; C:\Windows\System32\DRIVERS\ax88179_178a.sys [66560 2013-12-03] (ASIX Electronics Corp.)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-08-28] (VMware, Inc.)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87528 2015-10-13] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-10-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1545704 2015-10-16] (Motorola Solutions, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [452096 2013-04-09] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [349968 2016-03-18] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3422992 2016-01-29] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-10-13] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-11-05] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-10-13] (Acronis International GmbH)
S3 vodafone_K3805-z_cdc_acm; C:\Windows\System32\DRIVERS\vodafone_K3805-z_cdc_acm.sys [78336 2010-09-01] (Vodafone)
S3 vodafone_K3805-z_cdc_ecm; C:\Windows\System32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [88064 2010-09-01] (Vodafone)
S3 vodafone_K3805-z_cpo; C:\Windows\System32\DRIVERS\vodafone_K3805-z_cpo.sys [13824 2010-09-01] (Vodafone)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-02 14:14 - 2016-07-02 14:14 - 00000000 ____D C:\FRST
2016-07-02 12:33 - 2016-07-02 12:33 - 00000000 ____D C:\Users\test\AppData\Roaming\Avira
2016-07-02 12:27 - 2016-07-02 12:28 - 00000000 ____D C:\Users\test\AppData\Local\NVIDIA Corporation
2016-07-02 12:27 - 2016-07-02 12:27 - 00110536 _____ C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-02 12:27 - 2016-07-02 12:27 - 00002257 _____ C:\Users\test\Desktop\Google Chrome.lnk
2016-07-02 12:27 - 2016-07-02 12:27 - 00001397 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 _SHDL C:\Users\test\Risorse di stampa
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 _SHDL C:\Users\test\Risorse di rete
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 _SHDL C:\Users\test\Recenti
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 _SHDL C:\Users\test\Modelli
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 _SHDL C:\Users\test\Menu Avvio
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 _SHDL C:\Users\test\Impostazioni locali
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 _SHDL C:\Users\test\Documents\Video
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 _SHDL C:\Users\test\Documents\Musica
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 _SHDL C:\Users\test\Documents\Immagini
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 _SHDL C:\Users\test\Documenti
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 _SHDL C:\Users\test\Dati applicazioni
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 _SHDL C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 _SHDL C:\Users\test\AppData\Local\Dati applicazioni
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 _SHDL C:\Users\test\AppData\Local\Cronologia
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 ____D C:\Users\test\Documents\Miei file ricevuti
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 ____D C:\Users\test\AppData\Roaming\Intel
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 ____D C:\Users\test\AppData\Local\VirtualStore
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 ____D C:\Users\test\AppData\Local\NVIDIA
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 ____D C:\Users\test\AppData\Local\Google
2016-07-02 12:27 - 2016-07-02 12:27 - 00000000 ____D C:\Users\test
2016-07-02 12:27 - 2012-05-11 13:54 - 00000000 ____D C:\Users\test\AppData\Local\Microsoft Help
2016-07-02 12:27 - 2011-04-01 14:22 - 00000000 ____D C:\Users\test\AppData\Roaming\Macromedia
2016-07-02 12:27 - 2011-04-01 14:22 - 00000000 ____D C:\Users\test\AppData\Roaming\Adobe
2016-07-02 12:27 - 2011-04-01 14:22 - 00000000 ____D C:\Users\test\AppData\Local\Adobe
2016-07-02 12:27 - 2011-04-01 14:20 - 00000000 ____D C:\Users\test\AppData\Local\Downloaded Installations
2016-07-02 12:27 - 2011-04-01 14:08 - 00000000 ____D C:\Users\test\AppData\Local\Windows Live
2016-07-02 12:27 - 2011-04-01 13:51 - 00000000 ____D C:\Users\test\AppData\Roaming\Intel Corporation
2016-07-02 12:27 - 2010-11-21 04:50 - 00000020 ___SH C:\Users\test\ntuser.ini
2016-07-02 12:22 - 2016-07-02 12:22 - 00412872 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-02 11:43 - 2016-07-02 12:15 - 00000000 ____D C:\Users\GGELSO\Desktop\cpu-z
2016-07-02 11:05 - 2016-07-02 11:05 - 00011277 _____ C:\Users\GGELSO\Desktop\attach.txt
2016-07-02 10:39 - 2016-07-02 10:39 - 00110536 _____ C:\Users\GGELSO\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-02 10:20 - 2016-07-02 14:14 - 00000000 ____D C:\Users\GGELSO\Desktop\Nuova cartella
2016-07-02 10:09 - 2016-07-02 10:10 - 00000000 ____D C:\Users\GGELSO\Desktop\case
2016-06-13 14:10 - 2016-06-13 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-06-06 18:31 - 2016-06-06 18:53 - 00290022 _____ C:\Users\GGELSO\Desktop\prices_ quantity ITA FRA  jul-sep 2016.xlsx
2016-06-06 17:44 - 2016-06-10 12:55 - 00048466 _____ C:\Users\GGELSO\Desktop\Consolidated Leads from Export data - Apr'15 to Feb'16 - All.xlsx
2016-06-06 17:17 - 2016-06-07 14:12 - 00000000 ____D C:\Program Files\Recuva
2016-06-06 17:17 - 2016-06-06 17:17 - 00001662 _____ C:\Users\Public\Desktop\Recuva.lnk
2016-06-06 17:17 - 2016-06-06 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-02 14:14 - 2014-04-09 21:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-02 13:46 - 2015-08-24 15:20 - 00004158 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-02 13:46 - 2015-08-24 15:20 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-02 13:46 - 2015-08-24 15:20 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-02 13:46 - 2015-08-24 15:20 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-02 13:45 - 2012-10-20 08:31 - 00003918 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-02 13:45 - 2012-10-20 08:31 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-02 12:49 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-02 12:49 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-02 12:43 - 2013-09-07 01:56 - 00000000 ____D C:\ProgramData\VMware
2016-07-02 12:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-02 12:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool
2016-07-02 12:41 - 2012-10-14 21:58 - 00000000 ____D C:\Windows\pss
2016-07-02 12:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-07-02 09:06 - 2016-03-30 18:54 - 00000000 ____D C:\ProgramData\purevpn
2016-07-01 17:45 - 2011-07-05 10:20 - 00747230 _____ C:\Windows\system32\perfh010.dat
2016-07-01 17:45 - 2011-07-05 10:20 - 00149898 _____ C:\Windows\system32\perfc010.dat
2016-07-01 17:45 - 2009-07-14 07:13 - 01677506 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-01 14:56 - 2012-10-10 00:52 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2016-06-30 14:03 - 2013-11-26 23:03 - 00007626 _____ C:\Users\GGELSO\AppData\Local\resmon.resmoncfg
2016-06-30 12:06 - 2012-02-08 10:48 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-06-30 09:44 - 2009-07-14 07:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-29 13:35 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-27 18:31 - 2013-06-03 11:53 - 00000000 ____D C:\Windows\Offline Address Books
2016-06-27 15:17 - 2015-08-24 15:21 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-27 10:01 - 2015-11-25 23:50 - 00000512 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-06-21 16:46 - 2012-02-05 00:15 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-17 10:41 - 2012-10-20 08:31 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 10:41 - 2012-10-20 08:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 18:31 - 2012-02-05 00:44 - 00000000 ____D C:\Users\GGELSO\AppData\Roaming\Skype
2016-06-13 14:10 - 2015-03-04 14:13 - 00000816 _____ C:\Users\Public\Desktop\PowerISO.lnk
2016-06-13 14:10 - 2015-03-04 14:12 - 00000000 ____D C:\Program Files\PowerISO
2016-06-07 15:46 - 2016-03-05 13:31 - 00000000 ____D C:\Users\GGELSO\Desktop\boarding pass
2016-06-06 17:44 - 2012-02-06 00:38 - 00000000 ____D C:\Users\GGELSO\Documents\File di Outlook
2016-06-04 17:57 - 2012-03-13 20:54 - 00000000 ____D C:\Windows\Minidump
2016-06-02 22:15 - 2015-11-12 13:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2012-12-17 11:13 - 2012-12-17 11:13 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2012-03-02 10:47 - 2015-01-02 17:01 - 0011774 _____ () C:\Users\GGELSO\AppData\Roaming\Rim.Desktop.Exception.log
2012-03-02 10:47 - 2013-04-13 11:36 - 0006673 _____ () C:\Users\GGELSO\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-03-02 10:47 - 2015-01-02 17:01 - 0008316 _____ () C:\Users\GGELSO\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-06-10 13:10 - 2015-01-02 17:01 - 0005236 _____ () C:\Users\GGELSO\AppData\Roaming\Rim.Transcoder.Exception.log
2012-05-14 11:37 - 2014-04-10 17:32 - 0045568 _____ () C:\Users\GGELSO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-14 17:07 - 2012-03-14 17:07 - 0010423 _____ () C:\Users\GGELSO\AppData\Local\HWVendorDetection.log
2013-11-26 23:03 - 2016-06-30 14:03 - 0007626 _____ () C:\Users\GGELSO\AppData\Local\resmon.resmoncfg
2011-07-05 01:42 - 2011-07-05 01:45 - 0015174 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-04-01 13:52 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2013-10-13 00:30 - 2013-10-13 00:31 - 0000032 _____ () C:\ProgramData\PS.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-27 20:18

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:22 PM

Posted 05 July 2016 - 12:38 PM

If Acronis True Image 2014 is a pirated copy, please remove it.
  • Step #1 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      CloseProcesses:
      EmptyTemp:
      2012-02-05 00:40 - 2012-02-05 00:39 - 00151552 _____ () C:\Windows\KMService.exe
      AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 [300]
      AlternateDataStreams: C:\ProgramData\Temp:5925E400 [298]
      AlternateDataStreams: C:\ProgramData\Temp:8173A019 [276]
      Hosts:
      HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
      HKU\S-1-5-21-3351240063-618360074-2312958642-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
      HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
      HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
      HKU\S-1-5-21-3351240063-618360074-2312958642-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
      SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
      HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
      HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
      HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • FRST Fix Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#3 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:22 PM

Posted 08 July 2016 - 05:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users