Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Edge Browser Can Now Sign Into Microsoft Accounts With FIDO2 Security Keys

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

Photo

Please have a look on these log.

Started by StefanoT , Nov 27 2016 04:18 PM

  • This topic is locked This topic is locked
4 replies to this topic

#1 StefanoT

StefanoT

  • Members
  • 22 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Genoa - Italy
  • Local time:11:03 PM

Posted 27 November 2016 - 04:18 PM

HI,

the instructions about posting a log bring me here :)

This is the FRST log thanks for everithing you will do for me!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016
Ran by Camilla (administrator) on CAMILLA-PC (27-11-2016 21:59:49)
Running from C:\Users\Camilla\Desktop
Loaded Profiles: Camilla (Available Profiles: Camilla)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12850792 2013-01-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2013-01-18] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2013-01-18] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2013-01-18] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [983200 2011-11-29] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2011-11-29] (Atheros Commnucations)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2013-01-18] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2013-01-18] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1240077880-2421743634-1451985747-1000\...\Run: [HP Deskjet 3070 B611 series (NET)] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-1240077880-2421743634-1451985747-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1240077880-2421743634-1451985747-1000\...\Run: [Spotify Web Helper] => C:\Users\Camilla\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-11] (Spotify Ltd)
HKU\S-1-5-21-1240077880-2421743634-1451985747-1000\...\Run: [Spotify] => C:\Users\Camilla\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-11-11] (Spotify Ltd)
HKU\S-1-5-21-1240077880-2421743634-1451985747-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1240077880-2421743634-1451985747-1000] => http=127.0.0.1:13989;https=127.0.0.1:13989
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6C7E30E3-7231-4F75-8F32-EA490CD8B723}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CF6396CB-0321-43E2-BAB6-427348F7C8E3}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{E9EDCE7D-8D07-44A2-A504-3D6E3EA948A7}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1240077880-2421743634-1451985747-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1240077880-2421743634-1451985747-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ggbg_15_29&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyByEzyyE0AzytD0A0AtN0D0Tzu0StCtBzytCtN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1PtN1L1G1B1V1N2Y1L1Qzu2SyEtB0A0EzyyD0ByBtGyBtAtDtBtGtDtCtAtBtGtD0DtB0FtGyBzztAyCtAyD0AtC0ByDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0D0B0F0E0CzztDtG0AyDtAzytGyE0F0E0BtGzyyDtDtBtGzzzzzyyCtC0AyBtB0AtDyByB2QtN0A0LzutB&cr=848060161&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ggbg_15_29&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyByEzyyE0AzytD0A0AtN0D0Tzu0StCtBzytCtN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1PtN1L1G1B1V1N2Y1L1Qzu2SyEtB0A0EzyyD0ByBtGyBtAtDtBtGtDtCtAtBtGtD0DtB0FtGyBzztAyCtAyD0AtC0ByDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0D0B0F0E0CzztDtG0AyDtAzytGyE0F0E0BtGzyyDtDtBtGzzzzzyyCtC0AyBtB0AtDyByB2QtN0A0LzutB&cr=848060161&ir=
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1240077880-2421743634-1451985747-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ggbg_15_29&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyByEzyyE0AzytD0A0AtN0D0Tzu0StCtBzytCtN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1PtN1L1G1B1V1N2Y1L1Qzu2SyEtB0A0EzyyD0ByBtGyBtAtDtBtGtDtCtAtBtGtD0DtB0FtGyBzztAyCtAyD0AtC0ByDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0D0B0F0E0CzztDtG0AyDtAzytGyE0F0E0BtGzyyDtDtBtGzzzzzyyCtC0AyBtB0AtDyByB2QtN0A0LzutB&cr=848060161&ir=
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-11-29] (Atheros Commnucations)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Camilla\AppData\Roaming\Mozilla\Firefox\Profiles\var3az83.default [2016-11-27]
FF Homepage: Mozilla\Firefox\Profiles\var3az83.default -> hxxp://www.dregol.com/?f=1&a=drg_ggbg_15_29&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyByEzyyE0AzytD0A0AtN0D0Tzu0StCtBzytCtN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1PtN1L1G1B1V1N2Y1L1Qzu2SyEtB0A0EzyyD0ByBtGyBtAtDtBtGtDtCtAtBtGtD0DtB0FtGyBzztAyCtAyD0AtC0ByDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0D0B0F0E0CzztDtG0AyDtAzytGyE0F0E0BtGzyyDtDtBtGzzzzzyyCtC0AyBtB0AtDyByB2QtN0A0LzutB&cr=848060161&ir=
FF Extension: (Cinema-Plus-1.2c) - C:\Users\Camilla\AppData\Roaming\Mozilla\Firefox\Profiles\var3az83.default\Extensions\caseyvelez@aol.com [2015-07-15] [not signed]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-01-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-01-18] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-25] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1240077880-2421743634-1451985747-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Camilla\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default [2016-11-27]
CHR Extension: (Presentazioni Google) - C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-15]
CHR Extension: (Documenti Google) - C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-15]
CHR Extension: (Google Drive) - C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Fogli Google) - C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-15]
CHR Extension: (Google Documenti offline) - C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (RealDownloader) - C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-07-15]
CHR Extension: (Grammarly for Chrome) - C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-11-27]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-15]
CHR Extension: (Chrome Media Router) - C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-11-29] (Atheros Commnucations) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-09-05] (Electronic Arts)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-11-29] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 wafd_vt_1_10_0_20; system32\drivers\wafd_vt_1_10_0_20.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-27 21:59 - 2016-11-27 22:07 - 00018266 _____ C:\Users\Camilla\Desktop\FRST.txt
2016-11-27 21:59 - 2016-11-27 21:59 - 00000000 ____D C:\FRST
2016-11-27 21:59 - 2016-11-27 21:55 - 02411520 _____ (Farbar) C:\Users\Camilla\Desktop\FRST64.exe
2016-11-27 21:45 - 2016-11-27 21:45 - 00015902 _____ C:\ComboFix.txt
2016-11-24 17:20 - 2016-11-27 20:07 - 00003348 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1240077880-2421743634-1451985747-1000
2016-11-24 17:20 - 2016-11-27 20:07 - 00003218 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1240077880-2421743634-1451985747-1000
2016-11-24 16:34 - 2016-11-24 16:34 - 05659276 _____ (Swearware) C:\Users\Camilla\Downloads\ComboFix (1).exe
2016-11-21 11:29 - 2016-11-21 11:29 - 00002333 _____ C:\Users\Camilla\Downloads\-Aleph71172.htm
2016-11-21 11:28 - 2016-11-21 11:28 - 00003874 _____ C:\Users\Camilla\Downloads\-Aleph76043.htm
2016-11-21 11:27 - 2016-11-21 11:27 - 00003874 _____ C:\Users\Camilla\Downloads\-Aleph681216.htm
2016-11-17 22:07 - 2016-08-12 17:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-11-17 22:07 - 2016-08-12 17:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-11-17 22:07 - 2016-08-12 17:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-11-17 22:06 - 2016-09-02 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-17 22:06 - 2016-09-02 16:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-17 22:06 - 2016-09-02 16:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-17 22:06 - 2016-09-02 16:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-17 22:06 - 2016-09-02 16:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-17 22:06 - 2016-09-02 16:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-17 22:06 - 2016-09-02 16:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-17 22:06 - 2016-09-02 16:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-17 22:06 - 2016-09-02 16:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-17 22:06 - 2016-09-02 16:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-17 22:06 - 2016-09-02 16:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-17 22:06 - 2016-09-02 16:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-17 22:06 - 2016-09-02 16:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-17 22:06 - 2016-09-02 16:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-17 22:06 - 2016-09-02 16:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-17 22:06 - 2016-09-02 16:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-17 22:06 - 2016-09-02 16:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-17 22:06 - 2016-09-02 16:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 16:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-17 22:06 - 2016-09-02 16:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-17 22:06 - 2016-09-02 16:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-17 22:06 - 2016-09-02 16:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-17 22:06 - 2016-09-02 15:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-17 22:06 - 2016-09-02 15:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-17 22:06 - 2016-09-02 15:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-17 22:06 - 2016-09-02 15:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-17 22:06 - 2016-09-02 15:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-17 22:06 - 2016-09-02 15:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-17 22:06 - 2016-09-02 15:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-17 22:06 - 2016-09-02 15:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-17 22:06 - 2016-09-02 15:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-17 22:06 - 2016-09-02 15:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-17 22:06 - 2016-09-02 15:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-17 22:06 - 2016-09-02 15:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-17 22:06 - 2016-09-02 15:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-17 22:06 - 2016-09-02 15:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 15:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 15:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-17 22:06 - 2016-09-02 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-17 22:06 - 2016-09-01 20:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-17 22:06 - 2016-09-01 19:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-17 22:06 - 2016-09-01 04:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-17 22:06 - 2016-09-01 04:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-17 22:06 - 2016-09-01 03:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-17 22:06 - 2016-09-01 03:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-17 22:06 - 2016-09-01 03:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-17 22:06 - 2016-09-01 03:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-17 22:06 - 2016-09-01 03:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-17 22:06 - 2016-09-01 03:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-17 22:06 - 2016-09-01 03:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-17 22:06 - 2016-09-01 03:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-17 22:06 - 2016-09-01 03:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-17 22:06 - 2016-09-01 03:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-17 22:06 - 2016-09-01 03:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-17 22:06 - 2016-09-01 03:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-17 22:06 - 2016-09-01 03:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-17 22:06 - 2016-09-01 02:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-17 22:06 - 2016-09-01 02:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-17 22:06 - 2016-09-01 02:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-17 22:06 - 2016-09-01 02:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-17 22:06 - 2016-09-01 02:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-17 22:06 - 2016-09-01 02:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-17 22:06 - 2016-09-01 02:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-17 22:06 - 2016-09-01 02:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-17 22:06 - 2016-09-01 02:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-17 22:06 - 2016-09-01 02:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-17 22:06 - 2016-09-01 02:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-17 22:06 - 2016-09-01 02:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-17 22:06 - 2016-09-01 01:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-17 22:06 - 2016-09-01 01:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-17 22:06 - 2016-09-01 01:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-17 22:06 - 2016-09-01 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-17 22:06 - 2016-09-01 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-17 22:06 - 2016-09-01 01:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-17 22:06 - 2016-09-01 01:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-17 22:06 - 2016-09-01 01:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-17 22:06 - 2016-09-01 01:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-17 22:06 - 2016-09-01 01:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-17 22:06 - 2016-09-01 01:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-17 22:06 - 2016-09-01 01:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-17 22:06 - 2016-09-01 01:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-17 22:06 - 2016-09-01 01:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-17 22:06 - 2016-09-01 01:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-17 22:06 - 2016-09-01 01:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-17 22:06 - 2016-09-01 01:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-17 22:06 - 2016-09-01 01:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-17 22:06 - 2016-09-01 01:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-17 22:06 - 2016-09-01 01:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-17 22:06 - 2016-09-01 01:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-17 22:06 - 2016-09-01 00:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-17 22:06 - 2016-09-01 00:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-17 22:06 - 2016-09-01 00:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-17 22:06 - 2016-09-01 00:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-17 22:06 - 2016-09-01 00:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-17 22:06 - 2016-09-01 00:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-17 22:06 - 2016-09-01 00:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-17 22:06 - 2016-09-01 00:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-17 22:06 - 2016-09-01 00:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-17 22:06 - 2016-09-01 00:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-17 22:06 - 2016-09-01 00:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-17 22:06 - 2016-09-01 00:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-17 22:06 - 2016-09-01 00:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-17 22:06 - 2016-09-01 00:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-17 22:06 - 2016-08-31 23:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-17 22:06 - 2016-08-31 23:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-17 22:05 - 2016-08-16 18:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-11-17 22:05 - 2016-08-16 03:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-11-17 22:05 - 2016-08-16 03:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-17 22:05 - 2016-08-05 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-17 22:05 - 2016-08-05 16:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-17 22:04 - 2016-08-06 16:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-17 22:04 - 2016-08-06 16:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-17 17:55 - 2016-11-17 17:55 - 02338936 _____ C:\Users\Camilla\Desktop\REGOLE-SCELTE-2006 (1).pdf
2016-11-17 12:14 - 2016-11-17 12:14 - 02383243 _____ C:\Users\Camilla\Downloads\REGOLE-SCELTE-2006 (1).pdf
2016-11-14 21:37 - 2016-11-14 21:37 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-14 21:37 - 2016-11-14 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-14 21:36 - 2016-11-14 21:36 - 00000000 ____D C:\Program Files\iPod
2016-11-14 21:30 - 2016-11-14 21:30 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-11-14 21:30 - 2016-11-14 21:30 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-11-14 20:11 - 2016-11-14 20:11 - 00266581 _____ C:\Users\Camilla\Downloads\IMG_0732-14-11-16-08-05.jpeg
2016-11-14 20:11 - 2016-11-14 20:11 - 00266265 _____ C:\Users\Camilla\Downloads\IMG_0731-14-11-16-08-05.jpeg
2016-11-14 20:11 - 2016-11-14 20:11 - 00254690 _____ C:\Users\Camilla\Downloads\IMG_0733-14-11-16-08-05.jpeg
2016-11-14 20:11 - 2016-11-14 20:11 - 00239838 _____ C:\Users\Camilla\Downloads\IMG_0735-14-11-16-08-05.jpeg
2016-11-14 20:11 - 2016-11-14 20:11 - 00233472 _____ C:\Users\Camilla\Downloads\IMG_0734-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:11 - 00267327 _____ C:\Users\Camilla\Downloads\IMG_0736-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00293742 _____ C:\Users\Camilla\Downloads\IMG_0723-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00287988 _____ C:\Users\Camilla\Downloads\IMG_0741-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00278075 _____ C:\Users\Camilla\Downloads\IMG_0729-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00277190 _____ C:\Users\Camilla\Downloads\IMG_0730-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00271441 _____ C:\Users\Camilla\Downloads\IMG_0724-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00270462 _____ C:\Users\Camilla\Downloads\IMG_0725-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00269548 _____ C:\Users\Camilla\Downloads\IMG_0726-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00268769 _____ C:\Users\Camilla\Downloads\IMG_0728-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00266757 _____ C:\Users\Camilla\Downloads\IMG_0737-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00263704 _____ C:\Users\Camilla\Downloads\IMG_0738-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00263306 _____ C:\Users\Camilla\Downloads\IMG_0743-14-11-16-08-06.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00261581 _____ C:\Users\Camilla\Downloads\IMG_0727-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00259778 _____ C:\Users\Camilla\Downloads\IMG_0742-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00255671 _____ C:\Users\Camilla\Downloads\IMG_0740-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00253430 _____ C:\Users\Camilla\Downloads\IMG_0739-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00211310 _____ C:\Users\Camilla\Downloads\IMG_0722-14-11-16-08-05.jpeg
2016-11-14 20:10 - 2016-11-14 20:10 - 00129530 _____ C:\Users\Camilla\Downloads\IMG_0744-14-11-16-08-06.jpeg
2016-11-14 19:43 - 2016-11-14 19:43 - 00177804 _____ C:\Users\Camilla\Downloads\IMG_0707-14-11-16-07-33.jpeg
2016-11-14 19:42 - 2016-11-14 19:42 - 00301977 _____ C:\Users\Camilla\Downloads\IMG_0710-14-11-16-07-33.jpeg
2016-11-14 19:13 - 2016-11-14 19:25 - 03218368 _____ C:\Users\Camilla\Downloads\IMG_0704-14-11-16-07-07.jpeg
2016-11-04 13:23 - 2016-11-04 13:23 - 00027412 _____ C:\Users\Camilla\Downloads\image-04-11-16-01-22.jpeg
2016-11-04 13:03 - 2016-11-04 13:03 - 00151245 _____ C:\Users\Camilla\Desktop\CV-Europass-20161104-Maffei-IT.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-27 22:00 - 2009-07-14 05:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-27 22:00 - 2009-07-14 05:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-27 21:54 - 2014-07-28 20:48 - 00000000 ____D C:\Windows\erdnt
2016-11-27 21:42 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-11-27 21:26 - 2016-10-25 12:21 - 00001152 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-27 21:24 - 2014-01-04 20:53 - 00000000 ____D C:\Users\Camilla\AppData\Roaming\Skype
2016-11-27 21:23 - 2015-04-22 14:08 - 00000000 ____D C:\Users\Camilla\AppData\Local\Spotify
2016-11-27 21:02 - 2015-04-22 14:05 - 00000000 ____D C:\Users\Camilla\AppData\Roaming\Spotify
2016-11-27 20:17 - 2009-07-14 11:53 - 00741636 _____ C:\Windows\system32\perfh010.dat
2016-11-27 20:17 - 2009-07-14 11:53 - 00147658 _____ C:\Windows\system32\perfc010.dat
2016-11-27 20:17 - 2009-07-14 06:13 - 01661180 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-27 20:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-27 20:06 - 2016-10-25 12:21 - 00001148 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-27 20:03 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-24 17:07 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-11-23 16:29 - 2015-01-02 21:22 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-22 16:56 - 2013-01-18 14:29 - 00000000 ____D C:\Users\Camilla\AppData\Local\CrashDumps
2016-11-22 15:10 - 2016-10-16 16:52 - 00000000 ____D C:\Users\Camilla\Desktop\Tesi
2016-11-20 14:09 - 2015-11-29 14:22 - 00000000 ____D C:\Users\Camilla\Desktop\DCIM
2016-11-19 08:56 - 2014-02-05 05:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-11-19 08:56 - 2009-07-14 05:45 - 00391584 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-19 08:55 - 2014-02-05 05:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-11-18 17:27 - 2014-02-05 05:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-11-18 17:22 - 2013-09-21 13:46 - 00001912 _____ C:\Windows\epplauncher.mif
2016-11-18 17:21 - 2013-09-21 13:36 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-11-18 17:21 - 2013-09-21 13:36 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-11-18 17:19 - 2013-09-21 13:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-11-14 21:37 - 2015-10-02 13:19 - 00000000 ____D C:\Program Files\iTunes
2016-11-14 21:36 - 2013-01-18 18:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-14 21:30 - 2013-01-18 18:07 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-11-11 14:31 - 2016-10-25 12:22 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-11 14:31 - 2016-10-25 12:22 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-10 23:37 - 2015-01-02 21:20 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-07 10:12 - 2013-04-28 13:20 - 00000000 ____D C:\Users\Camilla\AppData\Local\Google
2016-11-02 13:29 - 2016-06-12 21:09 - 00017408 _____ C:\Users\Camilla\Desktop\WIKINI.xls
2016-10-28 02:22 - 2013-01-18 13:42 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-12-19 18:11 - 2014-07-20 10:51 - 0000293 _____ () C:\Users\Camilla\AppData\Roaming\WB.CFG
2014-02-02 15:59 - 2014-02-02 15:59 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-28 12:33

==================== End of FRST.txt ============================

Attached Files


BC AdBot (Login to Remove)

 

#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 PM

Posted 28 November 2016 - 11:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1240077880-2421743634-1451985747-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ggbg_15_29&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyByEzyyE0AzytD0A0AtN0D0Tzu0StCtBzytCtN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1PtN1L1G1B1V1N2Y1L1Qzu2SyEtB0A0EzyyD0ByBtGyBtAtDtBtGtDtCtAtBtGtD0DtB0FtGyBzztAyCtAyD0AtC0ByDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0D0B0F0E0CzztDtG0AyDtAzytGyE0F0E0BtGzyyDtDtBtGzzzzzyyCtC0AyBtB0AtDyByB2QtN0A0LzutB&cr=848060161&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ggbg_15_29&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyByEzyyE0AzytD0A0AtN0D0Tzu0StCtBzytCtN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1PtN1L1G1B1V1N2Y1L1Qzu2SyEtB0A0EzyyD0ByBtGyBtAtDtBtGtDtCtAtBtGtD0DtB0FtGyBzztAyCtAyD0AtC0ByDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0D0B0F0E0CzztDtG0AyDtAzytGyE0F0E0BtGzyyDtDtBtGzzzzzyyCtC0AyBtB0AtDyByB2QtN0A0LzutB&cr=848060161&ir=
SearchScopes: HKU\S-1-5-21-1240077880-2421743634-1451985747-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ggbg_15_29&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyByEzyyE0AzytD0A0AtN0D0Tzu0StCtBzytCtN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1PtN1L1G1B1V1N2Y1L1Qzu2SyEtB0A0EzyyD0ByBtGyBtAtDtBtGtDtCtAtBtGtD0DtB0FtGyBzztAyCtAyD0AtC0ByDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0D0B0F0E0CzztDtG0AyDtAzytGyE0F0E0BtGzyyDtDtBtGzzzzzyyCtC0AyBtB0AtDyByB2... (long line)
FF Homepage: Mozilla\Firefox\Profiles\var3az83.default -> hxxp://www.dregol.com/?f=1&a=drg_ggbg_15_29&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyByEzyyE0AzytD0A0AtN0D0Tzu0StCtBzytCtN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1PtN1L1G1B1V1N2Y1L1Qzu2SyEtB0A0EzyyD0ByBtGyBtAtDtBtGtDtCtAtBtGtD0DtB0FtGyBzztAyCtAyD0AtC0ByDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0D0B0F0E0CzztDtG0AyDtAzytGyE0F0E0BtGzyyDtDtBtGzzzzzyyCtC0AyBtB0AtDyByB2QtN0A0LzutB&cr=848060161&ir=
FF Extension: (Cinema-Plus-1.2c) - C:\Users\Camilla\AppData\Roaming\Mozilla\Firefox\Profiles\var3az83.default\Extensions\caseyvelez@aol.com [2015-07-15] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 wafd_vt_1_10_0_20; system32\drivers\wafd_vt_1_10_0_20.sys [X]
Task: {9405A37E-B4C8-4803-BDF4-C032BD0313BE} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
FirewallRules: [TCP Query User{7EE91E2E-BDDB-4B0B-92A6-54113C05D72C}C:\users\camilla\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\camilla\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{FAEF8695-CCBF-46FC-901E-9EB4CBC28C17}C:\users\camilla\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\camilla\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{146E572A-AF7E-4852-9EFA-8DD7E286DA2E}C:\users\camilla\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\camilla\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{8BB2AB87-9D29-4C58-8E55-0A0357BC7B58}C:\users\camilla\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\camilla\appdata\local\popcorn time\nw.exe
C:\Users\Camilla\AppData\Roaming\Mozilla\Firefox\Profiles\var3az83.default\Extensions\caseyvelez@aol.com
C:\Users\Camilla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

ADOBE FLASH PLAYER

Go to this page with Firefox or Opera to download the current version for your browser:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

===

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)

Please post the logs and let me know what problem persists with this computer.

#3 StefanoT

StefanoT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Genoa - Italy
  • Local time:11:03 PM

Posted 28 November 2016 - 12:28 PM

Hi nasdaq  and thanks for your help.

 

Here's the fixlog and the adwcleaner's log.

 

The pc is still very slow when opening Chrome or IE (home pages are set to Google).

 

Is there anything else I can try?

 

Thanks you for your patience!!

Attached Files


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 PM

Posted 28 November 2016 - 01:42 PM

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

Keep me posted.

#5 StefanoT

StefanoT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Genoa - Italy
  • Local time:11:03 PM

Posted 28 November 2016 - 02:22 PM

Hi nasdaq,

did all the cleanup and seems a little bit better.

 

We'll see how it goes in the next days.

 

Thanks for your help. (and sorry for my broken english  :blush: )


Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·