help! dllhost.exe Com Surrogate virus damaged system

Adry · Jun 8, 2016

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2016
Ran by adry_ra (administrator) on ADRY_RA-PC (08-06-2016 23:51:18)
Running from C:\Users\adry_ra\Downloads
Loaded Profiles: adry_ra (Available Profiles: UpdatusUser & adry_ra)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Enigma Software Group USA, LLC.) C:\Users\adry_ra\Downloads\SpyHunter-Installer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-03-29] (Realtek Semiconductor)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3459282354-3617026214-509342545-1001\...\MountPoints2: {781e8abc-bdc8-11e2-9691-f46d041679b0} - F:\PMCsetup.exe
HKU\S-1-5-21-3459282354-3617026214-509342545-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-05] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll No File
ShellIconOverlayIdentifiers-x32: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} =>  No File
ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8641A3AA-5E3B-470E-B7EA-EC2EF67E95C1}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DC4F16EA-7D41-48F9-B401-486BE53E57FC}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3459282354-3617026214-509342545-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://[URL="http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox"]www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox[/URL]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://[URL="http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox"]www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox[/URL]
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://[URL="http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox"]www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox[/URL]
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://[URL="http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox"]www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox[/URL]
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://[URL="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT"]www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT[/URL]
SearchScopes: HKU\S-1-5-21-3459282354-3617026214-509342545-1001 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-21-3459282354-3617026214-509342545-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3459282354-3617026214-509342545-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-3459282354-3617026214-509342545-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-05] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: No Name -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

FireFox:
========
FF ProfilePath: C:\Users\adry_ra\AppData\Roaming\Mozilla\Firefox\Profiles\x257dgpw.default-1427238564896
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2012-01-01] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-07]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://[URL="http://www.google.com/"]www.google.com/[/URL]"
CHR Profile: C:\Users\adry_ra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Documenti Google) - C:\Users\adry_ra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-24]
CHR Extension: (Avast Online Security) - C:\Users\adry_ra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-27]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\adry_ra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-05] (AVAST Software)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-06-08] (SurfRight B.V.)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7806848 2016-05-27] (Reimage®)
S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-05] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-08 23:51 - 2016-06-08 23:53 - 00013446 _____ C:\Users\adry_ra\Downloads\FRST.txt
2016-06-08 23:51 - 2016-06-08 23:51 - 02385408 _____ (Farbar) C:\Users\adry_ra\Downloads\FRST64.exe
2016-06-08 23:51 - 2016-06-08 23:51 - 00000000 ____D C:\FRST
2016-06-08 23:48 - 2016-06-08 23:48 - 01735680 _____ (Farbar) C:\Users\adry_ra\Downloads\FRST.exe
2016-06-08 23:44 - 2016-06-08 23:44 - 03489456 _____ (Enigma Software Group USA, LLC.) C:\Users\adry_ra\Downloads\SpyHunter-Installer-k.com
2016-06-08 23:41 - 2016-06-08 23:41 - 00000000 ____D C:\sh4ldr
2016-06-08 23:39 - 2016-06-08 23:46 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-06-08 23:38 - 2016-06-08 23:38 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\adry_ra\Downloads\SpyHunter-Installer.exe
2016-06-08 21:21 - 2016-06-08 21:21 - 00001855 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-06-08 21:21 - 2016-06-08 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-06-08 21:21 - 2016-06-08 21:21 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-08 21:08 - 2016-06-08 21:32 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-08 21:08 - 2016-06-08 21:08 - 11438608 _____ (SurfRight B.V.) C:\Users\adry_ra\Downloads\hitmanpro_x64 (1).exe
2016-06-08 21:07 - 2016-06-08 21:08 - 11438608 _____ (SurfRight B.V.) C:\Users\adry_ra\Downloads\hitmanpro_x64.exe
2016-06-08 21:05 - 2016-06-08 21:05 - 00000022 _____ C:\Users\adry_ra\Downloads\ESETPoweliksCleaner.exe_20160608.210531.4384.zip
2016-06-08 02:22 - 2016-06-08 02:22 - 00122312 _____ C:\Users\adry_ra\Downloads\CONTRAT DE LOCATION SAISONNIERE.pdf
2016-06-08 02:22 - 2016-06-08 02:22 - 00122312 _____ C:\Users\adry_ra\Downloads\CONTRAT DE LOCATION SAISONNIERE (1).pdf
2016-06-07 21:14 - 2016-06-07 21:14 - 00000000 __SHD C:\found.004
2016-06-07 01:04 - 2016-06-07 01:04 - 00004282 _____ C:\Windows\System32\Tasks\ReimageUpdater
2016-06-07 01:04 - 2016-06-07 01:04 - 00000000 ____D C:\ProgramData\Reimage Protector
2016-06-07 01:04 - 2016-06-07 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2016-06-07 01:03 - 2016-06-08 02:20 - 00000121 _____ C:\Windows\Reimage.ini
2016-06-07 01:03 - 2016-06-07 01:04 - 00000000 ____D C:\rei
2016-06-07 01:03 - 2016-06-07 01:04 - 00000000 ____D C:\Program Files\Reimage
2016-06-07 01:02 - 2016-06-07 01:03 - 00775320 _____ (Reimage®) C:\Users\adry_ra\Downloads\ReimageRepair.exe
2016-06-07 00:31 - 2016-06-07 00:31 - 00000022 _____ C:\Users\adry_ra\Downloads\ESETPoweliksCleaner.exe_20160607.003143.4828.zip
2016-06-06 23:02 - 2016-06-06 23:02 - 00000000 ____D C:\Users\adry_ra\AppData\Local\GWX
2016-06-06 20:33 - 2016-06-06 20:33 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-06-06 08:26 - 2016-06-06 08:26 - 00000022 _____ C:\Users\adry_ra\Downloads\ESETPoweliksCleaner.exe_20160606.082642.3508.zip
2016-06-06 08:11 - 2016-06-06 08:11 - 00000022 _____ C:\Users\adry_ra\Downloads\ESETPoweliksCleaner.exe_20160606.081115.4780.zip
2016-06-06 08:10 - 2016-06-06 08:10 - 00224968 _____ (ESET) C:\Users\adry_ra\Downloads\ESETPoweliksCleaner.exe
2016-06-06 01:40 - 2016-06-08 21:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-06 01:39 - 2016-06-06 22:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-06 01:39 - 2016-06-06 01:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-06 01:39 - 2016-06-06 01:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-06 01:39 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-06 01:39 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-06 01:39 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-06 01:38 - 2016-06-06 01:38 - 22851472 _____ (Malwarebytes ) C:\Users\adry_ra\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe
2016-06-06 00:06 - 2016-06-06 00:06 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-06 00:06 - 2016-06-06 00:06 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-06 00:05 - 2016-06-06 00:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-06 00:03 - 2016-06-06 00:03 - 00242312 _____ C:\Users\adry_ra\Downloads\Firefox Setup Stub 46.0.1.exe
2016-05-29 09:11 - 2016-05-29 09:11 - 00000000 __SHD C:\found.003
2016-05-24 22:10 - 2016-05-24 22:10 - 00004548 _____ C:\Users\adry_ra\.recently-used.xbel
2016-05-21 06:16 - 2016-05-21 06:16 - 00000000 __SHD C:\found.002
2016-05-13 00:46 - 2016-05-13 00:46 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-11 06:01 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 06:01 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 06:01 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 06:01 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 06:01 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 06:01 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 06:01 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 06:01 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 06:01 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 06:01 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 06:01 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 06:01 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 06:01 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 06:01 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 06:01 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 06:01 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 06:01 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 06:01 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 06:01 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 06:01 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 06:01 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 06:01 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 06:01 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 06:01 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 06:01 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 06:01 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 06:01 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 06:01 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 06:01 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 06:01 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 06:01 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 06:01 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 06:01 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 06:01 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 06:01 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 06:01 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 06:01 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 06:01 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 06:01 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 06:01 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 06:01 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 06:01 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 06:01 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 06:01 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 06:01 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 06:01 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 06:01 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 06:01 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 06:01 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 06:01 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 06:01 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 06:01 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 06:01 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 06:01 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 06:01 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 06:01 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 06:01 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 06:01 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 06:01 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 06:01 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 06:01 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 06:01 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 06:01 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 06:01 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 06:01 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 06:01 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 06:01 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 06:01 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 06:01 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 06:01 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 06:01 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 06:01 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 06:01 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 06:01 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 06:01 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 06:01 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 06:01 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 06:01 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 06:01 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 06:00 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 06:00 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 06:00 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 06:00 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 06:00 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 06:00 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 06:00 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 06:00 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 06:00 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 06:00 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 06:00 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 06:00 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 06:00 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 06:00 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 06:00 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 06:00 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 06:00 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 06:00 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 06:00 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 06:00 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 06:00 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 06:00 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 06:00 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 06:00 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 06:00 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 06:00 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 06:00 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 06:00 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 06:00 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 06:00 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 06:00 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 06:00 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 06:00 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 06:00 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 06:00 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 06:00 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 06:00 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 06:00 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 06:00 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 06:00 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 06:00 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 06:00 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-08 23:48 - 2014-08-06 12:02 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-08 23:46 - 2015-03-25 01:31 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-08 23:44 - 2014-08-06 12:02 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-08 23:15 - 2009-07-14 06:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-08 23:15 - 2009-07-14 06:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-08 23:07 - 2012-12-07 11:15 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CF56C47C-7D7C-435B-8C59-3F48EACA3FFF}
2016-06-08 23:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-08 22:59 - 2012-01-19 21:35 - 01379500 _____ C:\Windows\ntbtlog.txt
2016-06-08 22:14 - 2009-07-14 07:08 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-08 21:28 - 2011-12-25 18:27 - 00000000 ____D C:\Users\adry_ra\AppData\Roaming\vlc
2016-06-08 20:58 - 2012-01-22 18:48 - 00000000 ____D C:\Users\adry_ra\.gimp-2.6
2016-06-08 20:51 - 2009-08-04 12:09 - 00753094 _____ C:\Windows\system32\perfh010.dat
2016-06-08 20:51 - 2009-08-04 12:09 - 00151456 _____ C:\Windows\system32\perfc010.dat
2016-06-08 20:51 - 2009-07-14 07:13 - 01692140 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-08 20:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-06 08:50 - 2011-12-28 00:12 - 00007607 _____ C:\Users\adry_ra\AppData\Local\resmon.resmoncfg
2016-06-06 07:23 - 2011-03-29 13:58 - 00000000 ____D C:\Windows\es
2016-06-06 07:21 - 2013-03-26 10:04 - 00000000 ____D C:\Users\adry_ra\AppData\LocalLow\Delta
2016-06-06 00:06 - 2015-09-02 20:52 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-06-06 00:06 - 2012-05-22 09:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-05 23:10 - 2015-09-10 20:23 - 00000000 ____D C:\Windows\pss
2016-06-05 21:28 - 2011-03-29 14:33 - 00000000 ____D C:\Users\UpdatusUser
2016-05-29 00:54 - 2012-09-20 02:03 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-24 22:10 - 2012-01-22 21:51 - 00000000 ____D C:\Users\adry_ra\AppData\Roaming\gtk-2.0
2016-05-24 22:10 - 2011-12-16 19:33 - 00000000 ____D C:\Users\adry_ra
2016-05-19 03:05 - 2013-03-26 00:09 - 01666962 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-05-18 23:02 - 2009-07-29 08:03 - 00000000 ____D C:\Windows\Panther
2016-05-15 01:59 - 2016-02-13 16:32 - 00000000 ___HD C:\$WINDOWS.~BT
2016-05-13 00:46 - 2015-03-25 01:31 - 00003916 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-13 00:46 - 2013-04-10 21:37 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 00:46 - 2013-04-10 21:37 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 23:52 - 2014-08-06 12:04 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 04:19 - 2015-07-15 19:59 - 00000000 ____D C:\Windows\rescache
2016-05-12 03:28 - 2009-07-14 06:45 - 00313840 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 03:23 - 2014-12-11 22:06 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 03:23 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 02:43 - 2014-08-06 12:02 - 00004146 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 02:43 - 2014-08-06 12:02 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 20:41 - 2012-04-08 09:22 - 00000000 ____D C:\Users\adry_ra\Documents\Scansioni personali

==================== Files in the root of some directories =======

2013-10-19 14:56 - 2014-03-08 11:53 - 0000308 _____ () C:\Users\adry_ra\AppData\Roaming\Rim.Desktop.Exception.log
2013-10-19 14:54 - 2014-03-20 08:44 - 0002021 _____ () C:\Users\adry_ra\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-10-19 14:56 - 2014-03-08 11:53 - 0000308 _____ () C:\Users\adry_ra\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-04-16 10:11 - 2014-03-01 10:30 - 0006656 _____ () C:\Users\adry_ra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-28 00:12 - 2016-06-06 08:50 - 0007607 _____ () C:\Users\adry_ra\AppData\Local\resmon.resmoncfg
2014-05-17 23:35 - 2014-05-17 23:35 - 0024576 _____ () C:\Users\adry_ra\AppData\Local\uninst.tmp
2013-02-12 08:39 - 2013-02-12 08:39 - 0000062 _____ () C:\ProgramData\8094031.bat
2013-02-12 08:38 - 2013-02-12 08:39 - 95023320 ____T () C:\ProgramData\8094031.pad
2013-02-12 08:39 - 2013-02-12 08:39 - 0000153 _____ () C:\ProgramData\8094031.reg
2011-03-29 14:04 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-12-23 09:11 - 2011-12-23 19:25 - 0004062 _____ () C:\ProgramData\hpzinstall.log
2011-03-29 13:40 - 2011-03-29 13:41 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-03-29 13:39 - 2011-03-29 13:40 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\ProgramData\8094031.bat
C:\ProgramData\8094031.pad
C:\ProgramData\8094031.reg


Some files in TEMP:
====================
C:\Users\adry_ra\AppData\Local\Temp\ReimagePackage.exe
C:\Users\adry_ra\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-07 21:47

==================== End of FRST.txt ============================

TwinHeadedEagle · Jun 9, 2016

Hello,

You're missing Addition.txt report. Please send them both via this link: Free large file hosting. Send big files the easy way!

Then copy/paste download link for me.

Adry · Jun 9, 2016

TwinHeadedEagle said:
Hello,

You're missing Addition.txt report. Please send them both via this link: Free large file hosting. Send big files the easy way!

Then copy/paste download link for me.

Hello!
Even in this case, and this worries me , I cannot use the hosting service, tried also with wetransfer. It seems that for some applications, left button of the mouse is disabled...
I attached the additional.txt file in the follow

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2016
Ran by adry_ra (2016-06-08 23:53:59)
Running from C:\Users\adry_ra\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-16 17:33:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3459282354-3617026214-509342545-500 - Administrator - Disabled)
adry_ra (S-1-5-21-3459282354-3617026214-509342545-1001 - Administrator - Enabled) => C:\Users\adry_ra
Guest (S-1-5-21-3459282354-3617026214-509342545-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3459282354-3617026214-509342545-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-3459282354-3617026214-509342545-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.3.585 - ASUSTEK)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2253 - AVAST Software)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon SELPHY CP800 (HKLM\...\Canon SELPHY CP800) (Version: - )
Canon Utilities SELPHY Photo Print (HKLM-x32\...\SELPHY Photo Print) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities SELPHY Print Contents 1.1.0 (HKLM-x32\...\SELPHY Print Contents 110) (Version: 1.1.0.16 - Canon Inc.)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F2400_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
ETDWare PS/2-X64 8.0.5.0_WHQL (HKLM\...\Elantech) (Version: 8.0.5.0 - ELAN Microelectronic Corp.)
F2400 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.8 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Standard (HKLM-x32\...\{00020410-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 it) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 it)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
NVIDIA Graphics Driver 266.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.86 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{2A845A64-3F80-41D7-9F33-6146E56997E6}) (Version: 3.3.9567 - OpenOffice.org)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6294 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.3.5 - Reimage) <==== ATTENTION
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3459282354-3617026214-509342545-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\adry_ra\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-3459282354-3617026214-509342545-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll => No File
CustomCLSID: HKU\S-1-5-21-3459282354-3617026214-509342545-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll => No File
CustomCLSID: HKU\S-1-5-21-3459282354-3617026214-509342545-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll => No File
CustomCLSID: HKU\S-1-5-21-3459282354-3617026214-509342545-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {068F2BCC-A191-4AEA-AB91-8EF9589FEE02} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-05] (AVAST Software)
Task: {5E4DD29D-59F0-43F1-818D-C9127DE38B00} - System32\Tasks\{6725D6C6-D455-4ACC-97F1-8917D3F1C8B1} => pcalua.exe -a "C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe"
Task: {78222CEF-EF3C-4AD0-9714-17794F83B446} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {79F1A738-5A14-44E1-BBC5-1ACF099DC3DD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-05] (AVAST Software)
Task: {897AD4E6-8A7A-45C6-8FC7-2639393F5664} - System32\Tasks\SafeZone scheduled Autoupdate 1458688832 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {8F551A3C-C28A-4F98-846A-130164A6C30E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9B24BADF-A598-4D05-8492-B6B022DD4935} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2016-05-27] (Reimage®) <==== ATTENTION
Task: {DD391F43-170D-4782-9CC9-4D06527470AF} - System32\Tasks\{4A1A20BC-75E6-4E86-98B3-273527FFA627} => pcalua.exe -a C:\Users\adry_ra\Downloads\Microcal.Origin.Pro.7\Origin7FullCd_Crack_PartTwo.exe -d C:\Users\adry_ra\Downloads\Microcal.Origin.Pro.7
Task: {E5F09460-E34B-4EDF-A6C8-86354E9D18B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-05 14:07 - 2016-03-05 14:07 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-05 14:07 - 2016-03-05 14:07 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-08 18:03 - 2016-06-08 18:03 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\16060801\algo.dll
2016-04-14 14:09 - 2016-04-14 14:09 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-29 19:26 - 2016-01-29 19:26 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-05-12 23:51 - 2016-05-11 13:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-12 23:51 - 2016-05-11 13:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720 [119]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\regfile\DefaultIcon: <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-06-06 08:42 - 00000832 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3459282354-3617026214-509342545-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\adry_ra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SELPHY Photo Print Launcher.lnk => C:\Windows\pss\SELPHY Photo Print Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^adry_ra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F033B80A-958B-4225-84AA-D9BECC087F6C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8688AF1E-8C0B-401C-8DD0-6E5101633C50}] => (Allow) LPort=2869
FirewallRules: [{5F0600B4-D382-491C-91D2-EEEA8DABE790}] => (Allow) LPort=1900
FirewallRules: [{1CAC655A-F669-4F91-923E-FEF760343BC2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7F5C42C7-872C-4336-9673-FAF976FC9A59}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{8A500071-B0DB-4148-AB1E-3A917E509A24}] => (Allow) LPort=5353
FirewallRules: [{9BA1BF40-5137-4F8B-9C47-EFFF3A3A3B82}] => (Allow) LPort=8182
FirewallRules: [{68051DDE-16B3-49CE-A20D-A7BC400C4C11}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6F9B4FB7-3834-4D1C-996B-FA29767A9359}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{32227141-839D-4F38-BDE4-8D814E6E6D0A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D744DB36-1B46-4876-A09B-77094C5E8807}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9B9867D0-77A2-48CC-AE30-9ED7E581D9D2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [TCP Query User{8552302B-1480-4FA6-AC42-0B10675B4AF4}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{76617172-1F11-4FE7-A8DD-16FC7C9D9A7F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{39019ACF-703F-4CBD-9525-F27BACBCDC65}C:\users\adry_ra\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\adry_ra\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8C50BFDB-8BE1-4DC8-98DB-39BAAE1EF6B4}C:\users\adry_ra\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\adry_ra\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{4D73E896-8335-466E-B217-2C8AA9E6F14F}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{12EACB36-F663-45C7-A952-6789D24D2144}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{26967D93-5CBF-4B1F-9C94-8818CEDC202E}] => (Allow) LPort=4481
FirewallRules: [{C4E0D0FB-DA60-4237-8D9B-FCF569490FC8}] => (Allow) LPort=4481
FirewallRules: [{F4FC3D99-7A54-4E2D-9A2F-3A1C581DB3AC}] => (Allow) LPort=4482
FirewallRules: [{92CB4496-FFA3-4D54-A170-570D171FE7CA}] => (Allow) LPort=4482
FirewallRules: [TCP Query User{262798EA-E6F6-4C61-A0FF-38CF96900A00}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [UDP Query User{104D8D2C-BEE2-47F8-AD51-FB92CB3B8A2C}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [TCP Query User{DF534EED-2EC4-4EBB-96AA-4A502DF449BC}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [UDP Query User{BD39AE88-76FC-49B4-B1D5-6AE43C16F862}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [TCP Query User{5AC9EE33-34C3-45AD-9DFE-AFCA3E1A9021}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{11CF9AEB-0ACB-48E2-B86F-9B8531133513}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FA7EB5B9-E29C-409F-A639-9302E3DF91F6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D9E6A3BC-63BB-44EE-BEE7-29EBFC83E1AD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3FDCD5E2-9CC6-4C4B-B4C3-774C71AEB225}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{E645A273-19C9-42F7-97A3-C7399A9558CA}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F6D4CD52-4AD9-4463-9CD6-0D4353A3A3D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CD486550-5F89-4F8C-BFED-A51F46845D47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{43D4543D-2003-4F83-B054-5037221A62EE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2016 11:33:48 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Impossibile inizializzare l'indice.

Dettagli:
Errore imprevisto. (HRESULT : 0x80041501) (0x8000ffff)

Error: (06/08/2016 11:33:48 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Impossibile inizializzare l'applicazione.

Contesto: applicazione Windows

Dettagli:
Errore imprevisto. (HRESULT : 0x80041501) (0x8000ffff)

Error: (06/08/2016 11:33:48 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Impossibile inizializzare l'oggetto Gatherer.

Contesto: applicazione Windows, catalogo SystemIndex

Dettagli:
Errore imprevisto. (HRESULT : 0x80041501) (0x8000ffff)

Error: (06/08/2016 11:33:48 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Impossibile inizializzare l'indice.

Dettagli:
Errore imprevisto. (HRESULT : 0x80041501) (0x8000ffff)

Error: (06/08/2016 11:33:48 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Impossibile inizializzare l'applicazione.

Contesto: applicazione Windows

Dettagli:
Errore imprevisto. (HRESULT : 0x80041501) (0x8000ffff)

Error: (06/08/2016 11:33:48 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Impossibile inizializzare l'oggetto Gatherer.

Contesto: applicazione Windows, catalogo SystemIndex

Dettagli:
Errore imprevisto. (HRESULT : 0x80041501) (0x8000ffff)

Error: (06/08/2016 11:33:47 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Impossibile inizializzare l'indice.

Dettagli:
Errore imprevisto. (HRESULT : 0x80041501) (0x8000ffff)

Error: (06/08/2016 11:33:47 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Impossibile inizializzare l'applicazione.

Contesto: applicazione Windows

Dettagli:
Errore imprevisto. (HRESULT : 0x80041501) (0x8000ffff)

Error: (06/08/2016 11:33:47 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Impossibile inizializzare l'oggetto Gatherer.

Contesto: applicazione Windows, catalogo SystemIndex

Dettagli:
Errore imprevisto. (HRESULT : 0x80041501) (0x8000ffff)

Error: (06/08/2016 11:33:47 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Impossibile inizializzare l'indice.

Dettagli:
Errore imprevisto. (HRESULT : 0x80041501) (0x8000ffff)

System errors:
=============
Error: (06/08/2016 11:54:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Windows Search. Questo evento si è già verificato 263 volta(e).

Error: (06/08/2016 11:54:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Servizio Windows Search terminato. Errore specifico del servizio %%-2147418113.

Error: (06/08/2016 11:54:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Windows Search. Questo evento si è già verificato 262 volta(e).

Error: (06/08/2016 11:54:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Servizio Windows Search terminato. Errore specifico del servizio %%-2147418113.

Error: (06/08/2016 11:54:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Windows Search. Questo evento si è già verificato 261 volta(e).

Error: (06/08/2016 11:54:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Servizio Windows Search terminato. Errore specifico del servizio %%-2147418113.

Error: (06/08/2016 11:54:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Windows Search. Questo evento si è già verificato 260 volta(e).

Error: (06/08/2016 11:54:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Servizio Windows Search terminato. Errore specifico del servizio %%-2147418113.

Error: (06/08/2016 11:54:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Windows Search. Questo evento si è già verificato 259 volta(e).

Error: (06/08/2016 11:54:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Servizio Windows Search terminato. Errore specifico del servizio %%-2147418113.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 50%
Total physical RAM: 4007.86 MB
Available physical RAM: 1970.46 MB
Total Virtual: 8013.89 MB
Available Virtual: 5831.38 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:7.16 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:202.08 GB) (Free:43.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=202.1 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

TwinHeadedEagle · Jun 10, 2016

Please download Zemana AntiMalware and save it to your Desktop.

Install the program and once the installation is complete it will start automatically.
Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

Open Zemana AntiMalware again.
Click on

icon and double click the latest report.
Now click File > Save As and choose your Desktop before pressing Save.
The only left thing is to attach saved report in your next message.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on

icon and select

Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

Code:

createsrpoint;
autoclean;
emptyclsid;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

Adry · Jun 11, 2016

Hello!
Zemana AntiMalware downloaded, but every time that I run it, it crashes and closes
I run Zoek as administrator but it crashes during the installation!
....

thank you for your help, hope to find a solution...I wouldn't give up...
Adry

TwinHeadedEagle · Jun 11, 2016

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

Right-click on

icon and select

Run as Administrator to start the tool.
Accept the Terms of use.
Wait until the database is updated.
Click Scan.
When finished, please click Cleaning.
Your PC should reboot now.
After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

Adry · Jun 14, 2016

Hi!
I am sorry for the delay!
AdwCleaner worked!
Scan and Cleaning completed.
The log file did not open automatically...here is it.

anyway all the problem are still present ( no audio..!)
Please let me know as you can
thanks

# AdwCleaner v5.119 - File di log creato 11/06/2016 a 20:56:53
# Aggiornato 30/05/2016 by Xplode
# Database : 2016-06-10.1 [Server]
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (X64)
# Nome utente : adry_ra - ADRY_RA-PC
# In esecuzione da : C:\Users\adry_ra\Documents\Desktop\AdwCleaner.exe
# Opzione : Pulizia
# Supporto : ToolsLib

***** [ Servizi ] *****

[-] Servzio Eliminato : ReimageRealTimeProtector

***** [ Cartelle ] *****

[#] Cartella Eliminato : C:\rei
[#] Cartella Eliminato : C:\ProgramData\Babylon
[#] Cartella Eliminato : C:\ProgramData\Partner
[#] Cartella Eliminato : C:\ProgramData\Reimage Protector
[#] Cartella Eliminato : C:\ProgramData\Application Data\Babylon
[#] Cartella Eliminato : C:\ProgramData\Application Data\Partner
[#] Cartella Eliminato : C:\ProgramData\Application Data\Reimage Protector
[#] Cartella Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair
[#] Cartella Eliminato : C:\Program Files (x86)\Driver Pro
[#] Cartella Eliminato : C:\Program Files (x86)\Optimizer Pro
[#] Cartella Eliminato : C:\Users\adry_ra\AppData\Local\lollipop
[#] Cartella Eliminato : C:\Users\adry_ra\AppData\Roaming\Babylon
[#] Cartella Eliminato : C:\Program Files\Reimage

***** [ File ] *****

[-] File Eliminato : C:\Windows\Reimage.ini
[-] File Eliminato : C:\Users\adry_ra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_articoli.it.softonic.com_0.localstorage
[-] File Eliminato : C:\Users\adry_ra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_articoli.it.softonic.com_0.localstorage-journal

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Collegamenti ] *****

***** [ Attività pianificate ] *****

[-] Attività pianificata Eliminato : ReimageUpdater
[-] Attività pianificata Eliminato : ReimageUpdater

***** [ Registro ] *****

[-] Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
[-] Chiave Eliminato : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Chiave Eliminato : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Chiave Eliminato : HKCU\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Chiave Eliminato : HKCU\Software\BI
[-] Chiave Eliminato : HKCU\Software\Softonic
[-] Chiave Eliminato : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Chiave Eliminato : HKLM\SOFTWARE\Babylon
[-] Chiave Eliminato : [x64] HKLM\SOFTWARE\Reimage
[-] Chiave Eliminato : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Chiave Eliminato : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
[-] Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3459282354-3617026214-509342545-1001\Software\SweetIM
[-] Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\delta-search.com
[-] Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.delta-search.com

***** [ Browser Web ] *****

[-] [C:\Users\adry_ra\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminato : bopakagnckmlgajfccecajhnimjiiedh

*************************

:: Chiavi "Tracing" eliminate
:: Impostazioni Winsock resettate

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3793 bytes] - [11/06/2016 20:56:53]
C:\AdwCleaner\AdwCleaner[S1].txt - [4031 bytes] - [11/06/2016 20:54:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3939 bytes] ##########

TwinHeadedEagle · Jun 14, 2016

How is your PC behaving now?

Adry · Jun 14, 2016

same behavior as one week ago.
abnormous CPU consumption
multiple dllhost.exe running
no audio, altough the audio form windows sound works
unable to open Office files, and some other, directly.
Opening the program in advance it works but with some alert message ( missing libraries, restoring...)

TwinHeadedEagle · Jun 15, 2016

Check Disk

Press the

+ R on your keyboard at the same time. Type cmd and click OK.
Copy/Enter the command below and press Enter:
Code:
```
chkdsk C: /r
```
You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:

Press the

+ R on your keyboard at the same time. Type eventvwr and click OK.
In the left panel, expand Windows Logs and then click on Application.
Now, on the right side, click on Filter Current Log.
Under Event Sources, check only Wininit and click OK.
Now you'll be presented with one or multiple Wininit logs.
Click on an entry corresponding to the date and time of the disk check.
On the top main menu, click Action > Copy > Copy Details as Text.
Paste the contents into your next reply.

Adry · Jun 15, 2016

cdm not found
I run chkdsk C: from DOS but it said that I have no privilege to access!
but I am logged as administrator!

TwinHeadedEagle · Jun 15, 2016

Press Start, type CMD, and then right click >> run as administrator.

Adry · Jun 18, 2016

Hello!
I had some time to perform additional scans after chkdsk.
Again adwcleaner then with combofix and Rkill
Now some program it opens correctly but I still not have audio from files and from browser; multiple processes dllhost.exe start when I open control panel and or other window function...
finally I still do not know why I can't attach the log file so I put in the follow....
best!
adriano

Controllo in corso del file system su C: Il file system è di tipo NTFS. L'etichetta del volume è OS. Il disco sarà ora controllato come pianificato. Il disco sarà ora controllato. Verifica dei file in corso (fase 1 di 5)... 420096 record di file elaborati. Verifica file completata. 2487 record di file di grandi dimensioni elaborati. 0 record file non validi elaborati. 0 record EA elaborati. 8645 record reparse elaborati. Verifica degli indici in corso (fase 2 di 5)... 581416 voci di indice elaborate. Verifica indici completata. 0 file non indicizzati analizzati. 0 file non indicizzati ripristinati. Verifica dei descrittori di sicurezza in corso (fase 3 di 5)... 420096 descrittori di protezione/SID di file elaborati. Pulizia di 207 voci inutilizzate dall'indice $SII del file 0x9. Pulizia di 207 voci inutilizzate dall'indice $SDH del file 0x9. Pulizia dei descrittori di sicurezza inutilizzati 207. Verifica descrittori di sicurezza completata. 80661 file di dati elaborati. CHKDSK sta verificando il journal USN... 37440536 byte USN elaborati. Verifica del journal USN completata. Verifica dei dati dei file in corso (fase 4 di 5))... Lettura non riuscita con stato 0xc00000b5 a offset 0x517950000 per 0x10000 byte. Lettura non riuscita con stato 0xc00000b5 a offset 0x51795a000 per 0x1000 byte. Impossibile sostituire i cluster danneggiati nel file 213526 di nome \hiberfil.sys. 420080 file elaborati. Verifica dei dati del file completata. CHKDSK sta verificando la spazio disponibile (fase 5 di 5)... Cluster liberi elaborati: 2961576. Verifica dello spazio disponibile completata. Aggiunta di 1 cluster danneggiati al file dei cluster danneggiati Correzione errori nella mappa di bit del volume. Correzioni apportate al file system. 78142463 KB di spazio totale su disco. 65520392 KB in 319627 file. 246312 KB in 80662 indici. 4 KB in settori danneggiati. 529451 KB in uso dal sistema. 65536 KB occupati dal file registro. 11846304 KB disponibili su disco. 4096 byte in ogni unità di allocazione. 19535615 unità totali di allocazione su disco. 2961576 unità di allocazione disponibili su disco. Informazioni interne: 00 69 06 00 ab 1b 06 00 dc bf 0b 00 00 00 00 00 .i.............. 70 02 00 00 c5 21 00 00 00 00 00 00 00 00 00 00 p....!.......... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Controllo del disco completato. Attendere il riavvio del computer.

# AdwCleaner v5.200 - File registro eventi creato 15/06/2016 a 23:13:48
# Aggiornato 14/06/2016 by ToolsLib
# Database : 2016-06-15.2 [Server]
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (X64)
# Nome utente : adry_ra - ADRY_RA-PC
# In esecuzione da : C:\Users\adry_ra\Downloads\adwcleaner_5.200.exe
# Opzione : Scansione
# Supporto : ToolsLib

***** [ Servizi ] *****

***** [ Cartelle ] *****

***** [ File ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Collegamenti ] *****

***** [ Attività pianificate ] *****

***** [ Registro ] *****

Chiave Trovato : HKU\S-1-5-21-3459282354-3617026214-509342545-1000\Software\Driver Pro

***** [ Browser web ] *****

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4030 byte] - [11/06/2016 20:56:53]
C:\AdwCleaner\AdwCleaner[C2].txt - [1186 byte] - [11/06/2016 21:52:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [4031 byte] - [11/06/2016 20:54:41]
C:\AdwCleaner\AdwCleaner[S2].txt - [1033 byte] - [11/06/2016 21:19:30]
C:\AdwCleaner\AdwCleaner[S3].txt - [1107 byte] - [11/06/2016 21:49:41]
C:\AdwCleaner\AdwCleaner[S4].txt - [1253 byte] - [12/06/2016 00:31:48]
C:\AdwCleaner\AdwCleaner[S5].txt - [1212 byte] - [15/06/2016 23:13:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1284 byte] ##########

Rkill 2.8.2 by Lawrence Abrams (Grinler)
BleepingComputer
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesn't - A brief introduction to the program - Anti-Virus, Anti-Malware, and Privacy Software

Program started at: 06/15/2016 11:07:22 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* TBS [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 06/15/2016 11:11:41 PM
Execution time: 0 hours(s), 4 minute(s), and 19 seconds(s)

ComboFix 16-06-01.01 - adry_ra 16/06/2016 0:06.1.4 - x64
Eseguito da: c:\users\adry_ra\Downloads\abc.exe
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\8094031.bat
c:\programdata\8094031.pad
c:\programdata\8094031.reg
c:\users\adry_ra\AppData\Local\uninst.tmp
.
.
((((((((((((((((((((((((( Files Creati Da 2016-05-15 al 2016-06-15 )))))))))))))))))))))))))))))))))))
.
.
2016-06-15 22:32 . 2016-06-15 22:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-06-15 22:32 . 2016-06-15 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-06-15 22:11 . 2016-06-15 22:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7202CE2C-BCEE-47BB-9557-B75A61E1077E}\offreg.1408.dll
2016-06-15 19:57 . 2016-06-15 19:57 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2016-06-13 21:13 . 2016-06-13 21:13 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-06-13 21:13 . 2016-06-13 21:13 52184 ----a-w- c:\windows\avastSS.scr
2016-06-13 00:59 . 2016-05-26 20:28 11895896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7202CE2C-BCEE-47BB-9557-B75A61E1077E}\mpengine.dll
2016-06-11 18:54 . 2016-06-15 21:16 -------- d-----w- C:\AdwCleaner
2016-06-10 17:48 . 2016-06-15 21:19 -------- d-----w- c:\windows\system32\wbem\repository
2016-06-10 17:43 . 2016-06-15 18:50 -------- d-----w- c:\program files\Zemana AntiMalware
2016-06-08 23:15 . 2016-06-15 19:56 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2016-06-08 23:15 . 2016-06-08 23:15 -------- d-----w- c:\users\adry_ra\AppData\Local\Zemana
2016-06-08 21:51 . 2016-06-08 21:54 -------- d-----w- C:\FRST
2016-06-08 21:41 . 2016-06-08 21:41 -------- d-----w- C:\sh4ldr
2016-06-08 21:39 . 2016-06-11 06:45 -------- d-----w- c:\program files\Enigma Software Group
2016-06-08 19:08 . 2016-06-08 19:32 -------- d-----w- c:\programdata\HitmanPro
2016-06-07 19:14 . 2016-06-07 19:14 -------- d-----w- C:\found.004
2016-06-06 21:02 . 2016-06-06 21:02 -------- d-----w- c:\users\adry_ra\AppData\Local\GWX
2016-06-06 18:33 . 2016-06-06 18:33 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-06-05 23:40 . 2016-06-15 21:24 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-06-05 23:39 . 2016-06-06 20:11 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-06-05 23:39 . 2016-06-05 23:39 -------- d-----w- c:\programdata\Malwarebytes
2016-06-05 23:39 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-06-05 23:39 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-06-05 23:39 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-29 07:11 . 2016-05-29 07:11 -------- d-----w- C:\found.003
2016-05-21 04:16 . 2016-05-21 04:16 -------- d-----w- C:\found.002
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-06-15 21:19 . 2010-06-24 18:33 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-06-13 21:13 . 2014-08-05 19:52 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-06-13 21:13 . 2014-01-18 08:55 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-06-13 21:13 . 2013-07-04 21:13 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-06-13 21:13 . 2013-07-04 21:13 287528 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-06-13 21:13 . 2012-09-20 00:03 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-06-13 21:13 . 2011-12-19 19:03 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-06-13 21:13 . 2011-12-19 19:03 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-06-13 21:13 . 2011-12-19 19:03 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-06-13 21:13 . 2016-03-22 23:20 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-05-12 22:46 . 2013-04-10 19:37 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-12 22:46 . 2013-04-10 19:37 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-05-12 22:46 . 2016-05-12 22:46 5995712 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2016-04-23 17:08 . 2016-05-11 04:01 394960 ----a-w- c:\windows\system32\iedkcs32.dll
2016-04-23 05:25 . 2016-05-11 04:01 25816064 ----a-w- c:\windows\system32\mshtml.dll
2016-04-23 05:16 . 2016-05-11 04:01 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-04-23 05:16 . 2016-05-11 04:01 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-04-23 05:01 . 2016-05-11 04:01 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-04-23 05:00 . 2016-05-11 04:01 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-04-23 05:00 . 2016-05-11 04:01 417792 ----a-w- c:\windows\system32\html.iec
2016-04-23 05:00 . 2016-05-11 04:01 2893312 ----a-w- c:\windows\system32\iertutil.dll
2016-04-23 05:00 . 2016-05-11 04:01 571904 ----a-w- c:\windows\system32\vbscript.dll
2016-04-23 05:00 . 2016-05-11 04:01 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-04-23 04:52 . 2016-05-11 04:01 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-04-23 04:51 . 2016-05-11 04:01 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-04-23 04:48 . 2016-05-11 04:01 615936 ----a-w- c:\windows\system32\ieui.dll
2016-04-23 04:47 . 2016-05-11 04:01 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-04-23 04:47 . 2016-05-11 04:01 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-04-23 04:47 . 2016-05-11 04:01 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-04-23 04:47 . 2016-05-11 04:01 817664 ----a-w- c:\windows\system32\jscript.dll
2016-04-23 04:46 . 2016-05-11 04:01 6052352 ----a-w- c:\windows\system32\jscript9.dll
2016-04-23 04:40 . 2016-05-11 04:01 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-04-23 04:36 . 2016-05-11 04:01 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-04-23 04:29 . 2016-05-11 04:01 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-04-23 04:27 . 2016-05-11 04:01 107520 ----a-w- c:\windows\system32\inseng.dll
2016-04-23 04:25 . 2016-05-11 04:01 199680 ----a-w- c:\windows\system32\msrating.dll
2016-04-23 04:24 . 2016-05-11 04:01 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-04-23 04:21 . 2016-05-11 04:01 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-04-23 04:20 . 2016-05-11 04:01 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-04-23 04:20 . 2016-05-11 04:01 152064 ----a-w- c:\windows\system32\occache.dll
2016-04-23 04:09 . 2016-05-11 04:01 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-04-23 04:08 . 2016-05-11 04:01 497152 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-04-23 04:08 . 2016-05-11 04:01 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-04-23 04:08 . 2016-05-11 04:01 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-04-23 04:07 . 2016-05-11 04:01 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-04-23 04:07 . 2016-05-11 04:01 725504 ----a-w- c:\windows\system32\ie4uinit.exe
2016-04-23 04:07 . 2016-05-11 04:01 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-04-23 04:06 . 2016-05-11 04:01 806400 ----a-w- c:\windows\system32\msfeeds.dll
2016-04-23 04:06 . 2016-05-11 04:01 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-04-23 04:05 . 2016-05-11 04:01 2131968 ----a-w- c:\windows\system32\inetcpl.cpl
2016-04-23 04:00 . 2016-05-11 04:01 15415808 ----a-w- c:\windows\system32\ieframe.dll
2016-04-23 03:58 . 2016-05-11 04:01 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-04-23 03:58 . 2016-05-11 04:01 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-04-23 03:51 . 2016-05-11 04:01 2596864 ----a-w- c:\windows\system32\wininet.dll
2016-04-23 03:45 . 2016-05-11 04:01 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-04-23 03:39 . 2016-05-11 04:01 1547776 ----a-w- c:\windows\system32\urlmon.dll
2016-04-23 03:36 . 2016-05-11 04:01 4611072 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-04-23 03:30 . 2016-05-11 04:01 2056192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-04-23 03:30 . 2016-05-11 04:01 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-04-23 03:28 . 2016-05-11 04:01 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-04-23 03:12 . 2016-05-11 04:01 2121216 ----a-w- c:\windows\SysWow64\wininet.dll
2016-04-21 13:05 . 2014-05-17 21:59 453288 ------w- c:\windows\system32\MpSigStub.exe
2016-04-14 13:49 . 2016-05-11 04:01 603648 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2016-04-14 13:21 . 2016-05-11 04:01 647680 ----a-w- c:\windows\system32\d3d10level9.dll
2016-04-09 07:02 . 2016-05-11 04:00 631176 ----a-w- c:\windows\system32\winresume.efi
2016-04-09 07:01 . 2016-05-11 04:00 706280 ----a-w- c:\windows\system32\winload.efi
2016-04-09 07:01 . 2016-05-11 04:00 5546216 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-04-09 07:01 . 2016-05-11 04:00 154344 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-04-09 07:01 . 2016-05-11 04:00 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-04-09 07:01 . 2016-05-11 04:01 986344 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2016-04-09 07:01 . 2016-05-11 04:01 264936 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2016-04-09 06:59 . 2016-05-11 04:00 3998952 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-04-09 06:59 . 2016-05-11 04:00 3943144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-04-09 06:59 . 2016-05-11 04:00 1732864 ----a-w- c:\windows\system32\ntdll.dll
2016-04-09 06:58 . 2016-05-11 04:00 362496 ----a-w- c:\windows\system32\wow64win.dll
2016-04-09 06:58 . 2016-05-11 04:00 243712 ----a-w- c:\windows\system32\wow64.dll
2016-04-09 06:58 . 2016-05-11 04:00 215552 ----a-w- c:\windows\system32\winsrv.dll
2016-04-09 06:58 . 2016-05-11 04:00 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-04-09 06:58 . 2016-05-11 04:00 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2016-04-09 06:58 . 2016-05-11 04:01 2048 ----a-w- c:\windows\system32\tzres.dll
2016-04-09 06:58 . 2016-05-11 04:00 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-04-09 06:58 . 2016-05-11 04:00 503808 ----a-w- c:\windows\system32\srcore.dll
2016-04-09 06:58 . 2016-05-11 04:00 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-04-09 06:58 . 2016-05-11 04:00 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-04-09 06:58 . 2016-05-11 04:00 50176 ----a-w- c:\windows\system32\srclient.dll
2016-04-09 06:58 . 2016-05-11 04:00 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2016-04-09 06:58 . 2016-05-11 04:00 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2016-04-09 06:58 . 2016-05-11 04:00 344064 ----a-w- c:\windows\system32\schannel.dll
2016-04-09 06:58 . 2016-05-11 04:00 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-04-09 06:58 . 2016-05-11 04:00 28160 ----a-w- c:\windows\system32\secur32.dll
2016-04-09 06:57 . 2016-05-11 04:00 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2016-04-09 06:57 . 2016-05-11 04:00 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-04-09 06:57 . 2016-05-11 04:00 316416 ----a-w- c:\windows\system32\msv1_0.dll
2016-04-09 06:57 . 2016-05-11 04:00 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-04-09 06:57 . 2016-05-11 04:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-04-09 06:57 . 2016-05-11 04:00 1464320 ----a-w- c:\windows\system32\lsasrv.dll
2016-04-09 06:57 . 2016-05-11 04:00 730624 ----a-w- c:\windows\system32\kerberos.dll
2016-04-09 06:57 . 2016-05-11 04:00 419840 ----a-w- c:\windows\system32\KernelBase.dll
2016-04-09 06:57 . 2016-05-11 04:00 1163264 ----a-w- c:\windows\system32\kernel32.dll
2016-04-09 06:57 . 2016-05-11 04:01 405504 ----a-w- c:\windows\system32\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-06-13 7405752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.309\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.309\McCHSvc.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files\Zemana AntiMalware\ZAM.exe;c:\program files\Zemana AntiMalware\ZAM.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 53922776
*Deregistered* - 53922776
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-12 21:49 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2016-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-10 22:46]
.
2016-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-06 04:19]
.
2016-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-06 04:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-06-13 21:13 920784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418328]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-29 2188904]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\adry_ra\AppData\Roaming\Mozilla\Firefox\Profiles\x257dgpw.default-1427238564896\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
HKLM-Run-ASUS WebStorage - c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2016-06-16 00:36:03
ComboFix-quarantined-files.txt 2016-06-15 22:36
.
Pre-Run: 11.946.233.856 byte disponibili
Post-Run: 11.999.227.904 byte disponibili
.
- - End Of File - - 43FF199D7A2CD1AFF6A29FE7AF5A04FC

TwinHeadedEagle · Jun 18, 2016

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition.txt option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

TwinHeadedEagle · Jun 18, 2016

Please stop pasting reports, upload them instead.

Adry · Jun 18, 2016

I am sorry!
but the "upload file" button doesn't work..
I have no idea why!
I know that is not a good way of reporting...

Thanks for you time!
best
Adriano

TwinHeadedEagle · Jun 18, 2016

Did you try several times to use Upload a File option. I've never had problems with this one.

Search

help! dllhost.exe Com Surrogate virus damaged system

Adry

New Member

TwinHeadedEagle

Level 41

Adry

New Member

TwinHeadedEagle

Level 41

Adry

New Member

TwinHeadedEagle

Level 41

Adry

New Member

TwinHeadedEagle

Level 41

Adry

New Member

TwinHeadedEagle

Level 41

Adry

New Member

TwinHeadedEagle

Level 41

Adry

New Member

TwinHeadedEagle

Level 41

TwinHeadedEagle

Level 41

Adry

New Member

TwinHeadedEagle

Level 41

Similar threads