Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Non riesco a rimuovere Virus HackTool:Win32/AutoKMS
Message
<blockquote data-quote="Emilio84" data-source="post: 696106" data-attributes="member: 68243"><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2017</p><p>Ran by emi84 (10-12-2017 12:42:32)</p><p>Running from C:\Users\emi84\Downloads</p><p>Windows 10 Pro Version 1703 15063.729 (X64) (2017-10-14 09:48:12)</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-2014606299-2528773749-2630987418-500 - Administrator - Disabled)</p><p>DefaultAccount (S-1-5-21-2014606299-2528773749-2630987418-503 - Limited - Disabled)</p><p>emi84 (S-1-5-21-2014606299-2528773749-2630987418-1002 - Administrator - Enabled) => C:\Users\emi84</p><p>Guest (S-1-5-21-2014606299-2528773749-2630987418-501 - Limited - Disabled)</p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>4K Video Downloader 4.4 (HKLM-x32\...\{F350AF86-CD2C-45DC-9F5E-9C1A6789E537}) (Version: 4.4.0.2235 - Open Media LLC)</p><p>7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)</p><p>Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)</p><p>Assistente aggiornamento Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)</p><p>CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)</p><p>D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>Digicam Photo Recovery versione 1.9.1.0 (HKLM-x32\...\{5D4D5DC0-85E6-45CB-BA0F-76F7A8E657B6}_is1) (Version: 1.9.1.0 - aliensign Software)</p><p>Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version: - )</p><p>Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)</p><p>Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)</p><p>Epson Guida di rete WF-2520 Series (HKLM-x32\...\WF-2520 Series Netg) (Version: - )</p><p>Epson Guida utente WF-2520 Series (HKLM-x32\...\WF-2520 Series Useg) (Version: - )</p><p>EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)</p><p>EPSON WF-2520 Series Printer Uninstall (HKLM\...\EPSON WF-2520 Series) (Version: - SEIKO EPSON Corporation)</p><p>EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)</p><p>Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)</p><p>FoneLab for Android 3.0.8 (HKLM-x32\...\{7A7ACBDD-FED6-4ec5-BD26-5549FEB5B968}_is1) (Version: 3.0.8 - Aiseesoft Studio)</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)</p><p>Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)</p><p>Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden</p><p>HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.5.37.19 - HP Inc.)</p><p>HP Support Solutions Framework (HKLM-x32\...\{1DAF8EEB-5935-437D-ABC1-80897D352FA7}) (Version: 12.8.47.1 - HP Inc.)</p><p>HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)</p><p>Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)</p><p>Intel® PROSet/Wireless Software (HKLM-x32\...\{ed5cef80-a339-45bd-8c06-514eaf785ca8}) (Version: 19.71.0 - Intel Corporation)</p><p>KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation)</p><p>Malwarebytes versione 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)</p><p>Microsoft Office Professional Plus 2016 - it-it (HKLM\...\ProplusRetail - it-it) (Version: 16.0.8625.2139 - Microsoft Corporation)</p><p>Microsoft OneDrive (HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)</p><p>Microsoft PowerPoint 2016 - it-it (HKLM\...\PowerPointRetail - it-it) (Version: 16.0.8625.2139 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)</p><p>MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: 1.09.01.51 - Huawei Technologies Co.,Ltd)</p><p>Movie Maker (HKLM-x32\...\{312F7EE7-37D0-484D-B974-0CE1B8560C79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden</p><p>Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden</p><p>Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden</p><p>Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden</p><p>Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0410-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden</p><p>Raccolta foto (HKLM-x32\...\{86A1CEAD-EF47-47BB-AE79-DA8C09E15382}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)</p><p>Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)</p><p>Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)</p><p>UpdateAssistant (HKLM-x32\...\{DE45508F-369E-4476-8F19-088F4933340E}) (Version: 1.8.0.0 - Microsoft Corporation) Hidden</p><p>VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)</p><p>Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)</p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)</p><p>WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)</p><p>Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)</p><p></p><p>==================== Custom CLSID (Whitelisted): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)</p><p>ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)</p><p>ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)</p><p>ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-10] ()</p><p>ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)</p><p>ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)</p><p>ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)</p><p>ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-29] (Alexander Roshal)</p><p>ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-29] (Alexander Roshal)</p><p>ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)</p><p>ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)</p><p>ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)</p><p>ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)</p><p>ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)</p><p>ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File</p><p>ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-08] (Intel Corporation)</p><p>ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-10] ()</p><p>ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)</p><p>ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)</p><p>ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-29] (Alexander Roshal)</p><p>ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-29] (Alexander Roshal)</p><p></p><p>==================== Scheduled Tasks (Whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>Task: {0B15AFB8-3114-47B8-A296-E696AC627EEC} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate]</p><p>Task: {1A8E75C1-E7FF-43AB-831D-730A97751406} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)</p><p>Task: {23782C06-29DD-47AA-B6BB-03FE9FDD2C1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-18] (Google Inc.)</p><p>Task: {27778BCE-81C1-42DC-B46E-04C44820F5AE} - System32\Tasks\R@1n-KMS\Office16PowerPoint => wmic [Argument = path SoftwareLicensingProduct where (ID="d70b1bba-b893-4544-96e2-b7a318091c33") call Activate]</p><p>Task: {2E302A99-1263-41D0-9C89-87E4349B1B4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)</p><p>Task: {2E8D382E-9E3B-4FCA-A522-B0B16AF96262} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)</p><p>Task: {3959D62B-9CEE-403D-A636-2E0AD06ACCCF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)</p><p>Task: {52D4B029-A54B-4A4D-B880-1A826D9DD64F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)</p><p>Task: {5596AD2D-E4F6-4553-898B-EDC632151F99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-18] (Google Inc.)</p><p>Task: {56A046D5-FC4D-4D3A-89D8-03CD913E8E70} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)</p><p>Task: {7108B0BF-176F-44AD-ACCB-F18A330E0FD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)</p><p>Task: {7F2B6550-BC8C-4C3E-972C-748187EBF709} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()</p><p>Task: {9106D6E4-0B14-4453-BD33-41CB58C3C23F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()</p><p>Task: {9CDD986D-F659-46C2-A3B4-7D75D1A60415} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]</p><p>Task: {B387E4C3-361E-4D2C-8097-41C5213021BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated)</p><p>Task: {C08D8029-56FD-4245-9AAE-8F383A5EA1B2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-15] (Adobe Systems Incorporated)</p><p>Task: {C7A4E3FB-DC7D-4C37-BAAA-82783B0CD12F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)</p><p>Task: {CCD36D5D-69A2-41A8-9A40-0869C071243D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-20] ()</p><p>Task: {D1EF09E2-3FEE-4644-B619-E3219B24FC38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)</p><p>Task: {D8AE21D7-8005-4D58-85CD-722E3C86FE1B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)</p><p>Task: {D95BE2A6-9ABA-497C-8109-764D7F2ECBEF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)</p><p>Task: {DB4F90ED-950D-4DE3-BCCF-0A6F66046B7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-12-05] (Microsoft Corporation)</p><p>Task: {DDE66333-6F29-4AA4-B53A-FFF1E6198C36} - System32\Tasks\HPCeeScheduleForemi84 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)</p><p>Task: {EBC7A551-395B-466C-9D28-0B73BDD4E3B6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)</p><p>Task: {F1611FB2-2F1B-4186-A5F3-2D758906D678} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)</p><p>Task: {F599CF64-0EBB-472B-AF70-F0A790C37A80} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-12-05] (Microsoft Corporation)</p><p>Task: {F7A66C7D-EC21-4BEC-B4E7-44283E48828F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)</p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p>Task: C:\WINDOWS\Tasks\HPCeeScheduleForemi84.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe</p><p></p><p>==================== Shortcuts & WMI ========================</p><p></p><p>(The entries could be listed to be restored or removed.)</p><p></p><p></p><p>==================== Loaded Modules (Whitelisted) ==============</p><p></p><p>2017-12-10 01:59 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll</p><p>2017-12-10 01:59 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll</p><p>2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll</p><p>2017-03-18 21:59 - 2017-03-19 03:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll</p><p>2017-11-30 17:35 - 2017-11-30 17:35 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe</p><p>2017-11-30 17:35 - 2017-11-30 17:35 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll</p><p>2017-11-30 17:35 - 2017-11-30 17:35 - 025600000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkyWrap.dll</p><p>2017-11-30 17:35 - 2017-11-30 17:35 - 002546176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\skypert.dll</p><p>2017-11-30 17:35 - 2017-11-30 17:35 - 000672256 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll</p><p>2017-08-21 21:26 - 2017-08-14 10:34 - 000080896 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe</p><p>2017-11-14 21:03 - 2017-11-10 10:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll</p><p>2017-11-14 21:03 - 2017-11-10 10:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll</p><p>2017-11-01 16:24 - 2017-11-01 16:25 - 001919680 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll</p><p>2017-12-06 13:58 - 2017-12-06 13:59 - 001231528 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll</p><p>2017-10-14 21:43 - 2017-10-14 21:43 - 003553704 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll</p><p>2017-03-18 21:58 - 2017-03-18 21:58 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll</p><p>2017-07-11 06:41 - 2017-07-11 06:41 - 002331136 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll</p><p>2017-07-11 06:41 - 2017-07-11 06:41 - 002836480 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll</p><p></p><p>==================== Alternate Data Streams (Whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the ADS will be removed.)</p><p></p><p></p><p>==================== Safe Mode (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"</p><p></p><p>==================== Association (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed.)</p><p></p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry.)</p><p></p><p>IE trusted site: HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\hola.org -> hxxp://hola.org</p><p></p><p>==================== Hosts content: ===============================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts</p><p></p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg</p><p>DNS Servers: 192.168.0.1</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)</p><p>Windows Firewall is enabled.</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p>HKLM\...\StartupApproved\Run: => "RTHDVCPL"</p><p>HKLM\...\StartupApproved\Run32: => "EEventManager"</p><p>HKLM\...\StartupApproved\Run32: => "FUFAXRCV"</p><p>HKLM\...\StartupApproved\Run32: => "FUFAXSTM"</p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\StartupApproved\Run: => "GoogleDriveSync"</p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\StartupApproved\Run: => "OneDrive"</p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"</p><p></p><p>==================== FirewallRules (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>FirewallRules: [UDP Query User{94C69C48-48D2-4768-B94F-5549E7371681}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe</p><p>FirewallRules: [TCP Query User{5F81AEFF-FC96-47C8-934D-E8E505FD1333}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe</p><p>FirewallRules: [{967AE2EF-13DC-46A7-AF37-7A288643DCDB}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe</p><p>FirewallRules: [{094C0EA1-9D5B-4A9C-93B3-80F8EFD30DA6}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe</p><p>FirewallRules: [UDP Query User{7B6E7A88-5960-4AF7-BD87-485100331ECB}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe</p><p>FirewallRules: [TCP Query User{98D6CFA7-022C-47F5-B4B7-CFC1933127CC}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe</p><p>FirewallRules: [UDP Query User{2A63232A-D2C5-4D70-9CC9-4D15A2C7C70D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe</p><p>FirewallRules: [TCP Query User{657E6D7C-8E1A-42E0-9DAC-6B04D7773EB0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe</p><p>FirewallRules: [{EE60B1D7-B11E-4066-9149-500D7B6E2969}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe</p><p>FirewallRules: [{914FA481-B539-4B13-AE7E-C95B0503D443}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe</p><p>FirewallRules: [{65F6B908-7A52-465C-9B2E-BD8B4F994034}] => (Allow) C:\Windows\KMS-R@1n.exe</p><p>FirewallRules: [{7BA313F9-6237-43E7-B862-2D46514529A1}] => (Allow) C:\Windows\KMS-R@1n.exe</p><p>FirewallRules: [{48713BCC-9227-4DAF-A9B9-A1EF788E036E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe</p><p>FirewallRules: [{6D94D843-29E4-4F7B-955C-62BAC73FC432}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe</p><p>FirewallRules: [{ACE67958-1CB8-4AEC-8194-B325F2FAEACC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe</p><p>FirewallRules: [{CCD5A020-1218-4B78-923A-2CB1939824B0}] => (Allow) LPort=1900</p><p>FirewallRules: [{89C25518-F20E-47B5-AA3F-8AEB720630A5}] => (Allow) LPort=2869</p><p>FirewallRules: [{327A8674-3C65-4689-B0FE-DAA371FCE3E8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe</p><p>FirewallRules: [{39097CE1-3C65-4050-9B87-86E0CD7E3220}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe</p><p>FirewallRules: [{F01FDB27-D061-4418-8807-5E9BE9E7618A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p>==================== Restore Points =========================</p><p></p><p>22-11-2017 21:45:23 Windows Update</p><p>08-12-2017 23:46:30 Scheduled Checkpoint</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (12/10/2017 03:01:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-6JB12HH)</p><p>Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.</p><p></p><p>Error: (12/10/2017 02:39:40 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x59916057</p><p>Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x32774c02</p><p>Exception code: 0xe0434352</p><p>Fault offset: 0x000ecbb2</p><p>Faulting process id: 0xeac</p><p>Faulting application start time: 0x01d371579f7c8482</p><p>Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe</p><p>Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll</p><p>Report Id: c942515c-0de7-421e-bf8d-c4d77eca5944</p><p>Faulting package full name: </p><p>Faulting package-relative application ID:</p><p></p><p>Error: (12/10/2017 02:39:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: )</p><p>Description: Application: FreemakeUtilsService.exe</p><p>Framework Version: v4.0.30319</p><p>Description: The process was terminated due to an unhandled exception.</p><p>Exception Info: System.IO.FileNotFoundException</p><p> at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()</p><p> at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)</p><p> at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)</p><p> at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)</p><p> at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)</p><p> at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)</p><p> at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)</p><p> at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)</p><p> at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()</p><p> at System.Threading.ThreadPoolWorkQueue.Dispatch()</p><p> at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()</p><p></p><p>Error: (12/10/2017 02:36:58 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000045c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000D84EEFECE0.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p>Error: (12/10/2017 02:36:58 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000830,(null),0,REG_BINARY,000000C86C4FDB50.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}</p><p> Writer Name: MSSearch Service Writer</p><p> Writer Instance ID: {9e9c7900-b52f-435b-9bac-365c278bab19}</p><p></p><p>Error: (12/10/2017 02:36:58 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000248,(null),0,REG_BINARY,000000D84EA7E5C0.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}</p><p> Writer Name: Shadow Copy Optimization Writer</p><p> Writer Instance ID: {4c4bceaa-1cf1-4c1c-b089-61395e59d859}</p><p></p><p>Error: (12/10/2017 02:36:58 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c8,(null),0,REG_BINARY,0000007FBCC7DD60.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}</p><p> Writer Name: System Writer</p><p> Writer Instance ID: {ec4b5a7e-661e-413a-a926-f80fab3f9be7}</p><p></p><p>Error: (12/10/2017 02:36:58 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f8,(null),0,REG_BINARY,000000D84E7FE540.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}</p><p> Writer Name: Registry Writer</p><p> Writer Instance ID: {282299f4-13aa-4723-9a2a-6b4bb9795d4f}</p><p></p><p>Error: (12/10/2017 02:36:58 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000220,(null),0,REG_BINARY,000000D565C7DE30.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}</p><p> Writer Name: WMI Writer</p><p> Writer Instance ID: {4fa762ec-07a6-47ed-83cf-f1935b66644b}</p><p></p><p>Error: (12/10/2017 02:36:58 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000228,(null),0,REG_BINARY,000000D84E87F2C0.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}</p><p> Writer Name: COM+ REGDB Writer</p><p> Writer Instance ID: {22c7392e-6a57-4855-9374-de93d7076058}</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (12/10/2017 12:01:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6JB12HH)</p><p>Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.</p><p></p><p>Error: (12/10/2017 03:49:44 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6JB12HH)</p><p>Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.</p><p></p><p>Error: (12/10/2017 03:46:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The HWDeviceService64.exe service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p>Error: (12/10/2017 03:46:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The Freemake Improver service failed to start due to the following error: </p><p>The service did not respond to the start or control request in a timely fashion.</p><p></p><p>Error: (12/10/2017 03:46:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )</p><p>Description: A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.</p><p></p><p>Error: (12/10/2017 03:45:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The WsDrvInst service failed to start due to the following error: </p><p>The system cannot find the file specified.</p><p></p><p>Error: (12/10/2017 03:45:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The CldFlt service failed to start due to the following error: </p><p>The request is not supported.</p><p></p><p>Error: (12/10/2017 02:39:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p>Error: (12/10/2017 02:39:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The HWDeviceService64.exe service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p>Error: (12/10/2017 02:39:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )</p><p>Description: A timeout was reached (30000 milliseconds) while waiting for the WsAppService service to connect.</p><p></p><p></p><p>CodeIntegrity:</p><p>===================================</p><p> Date: 2017-12-10 12:18:48.858</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.</p><p></p><p> Date: 2017-12-10 12:17:54.554</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.</p><p></p><p> Date: 2017-12-10 12:17:19.718</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.</p><p></p><p> Date: 2017-12-10 12:17:19.328</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.</p><p></p><p> Date: 2017-12-10 02:00:57.745</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.</p><p></p><p> Date: 2017-12-10 02:00:56.502</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.</p><p></p><p> Date: 2017-12-10 02:00:56.115</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.</p><p></p><p> Date: 2017-12-10 02:00:13.342</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.</p><p></p><p> Date: 2017-12-08 21:10:02.570</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2017-12-08 21:10:02.568</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz</p><p>Percentage of memory in use: 59%</p><p>Total physical RAM: 4016.67 MB</p><p>Available physical RAM: 1634.04 MB</p><p>Total Virtual: 4336.67 MB</p><p>Available Virtual: 1639.3 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:449.19 GB) (Free:325.64 GB) NTFS</p><p>Drive e: (HPDOCS) (Fixed) (Total:7.79 GB) (Free:7.59 GB) FAT32</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5F8DEA26)</p><p>Partition 1: (Not Active) - (Size=7.8 GB) - (Type=0B)</p><p>Partition 2: (Active) - (Size=7.8 GB) - (Type=0C)</p><p>Partition 3: (Not Active) - (Size=449.2 GB) - (Type=07 NTFS)</p><p>Partition 4: (Not Active) - (Size=979 MB) - (Type=27)</p><p></p><p>==================== End of Addition.txt ============================</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-12-2017</p><p>Ran by emi84 (administrator) on DESKTOP-6JB12HH (10-12-2017 12:39:37)</p><p>Running from C:\Users\emi84\Downloads</p><p>Loaded Profiles: emi84 (Available Profiles: emi84)</p><p>Platform: Windows 10 Pro Version 1703 15063.729 (X64) Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser: Edge)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Intel Corporation) C:\Windows\System32\igfxCUIService.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe</p><p>(Microsoft Corporation) C:\Windows\System32\wlanext.exe</p><p>(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE</p><p>(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe</p><p>(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe</p><p>(Intel Corporation) C:\Windows\System32\ibtsiva.exe</p><p>(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe</p><p>(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe</p><p>(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe</p><p>(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe</p><p>(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe</p><p>(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe</p><p>(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe</p><p>(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe</p><p>(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe</p><p>(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe</p><p>(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxEM.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxHK.exe</p><p>() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe</p><p>(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe</p><p>(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe</p><p>() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe</p><p>(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\HxOutlook.exe</p><p>(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\HxTsr.exe</p><p>(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe</p><p></p><p>==================== Registry (Whitelisted) ===========================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)</p><p>HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-04] (Realtek Semiconductor)</p><p>HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)</p><p>HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [80896 2017-08-14] ()</p><p>HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)</p><p>HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)</p><p>HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)</p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google)</p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIWE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)</p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\Run: [Mobile Partner] => C:\Program Files (x86)\MobileWiFi\MobileWiFi</p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)</p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {1df47db6-cc57-11e7-b037-98e7f4d410e2} - "D:\AutoRun.exe" </p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {3b0fecf0-ac22-11e7-b02a-98e7f4d410e2} - "D:\AutoRun.exe" </p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {63519080-d69c-11e7-b038-98e7f4d410e2} - "D:\AutoRun.exe" </p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {a9a8d633-9e33-11e7-b02a-98e7f4d410e2} - "D:\AutoRun.exe" </p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {c0ed2251-cfd4-11e7-b038-98e7f4d410e2} - "D:\AutoRun.exe" </p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {c0ed2e2a-cfd4-11e7-b038-98e7f4d410e2} - "D:\AutoRun.exe" </p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {c59f046e-b139-11e7-b033-98e7f4d410e2} - "D:\AutoRun.exe" </p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {cf30352a-a129-11e7-b02a-98e7f4d410e2} - "D:\AutoRun.exe" </p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {e76e4b72-c3f2-11e7-b033-98e7f4d410e2} - "D:\AutoRun.exe" </p><p>GroupPolicy: Restriction <==== ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1</p><p>Tcpip\..\Interfaces\{13d24f7a-d7ac-45d3-978a-f6201bd10d62}: [DhcpNameServer] 192.168.0.1 192.168.0.1</p><p>Tcpip\..\Interfaces\{d5cb1d14-cbfb-4fb7-b5ad-e73dc4bf0a0a}: [DhcpNameServer] 192.168.1.1 192.168.1.1</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://<a href="http://www.msn.com/it-it/?ocid=iehp" target="_blank">www.msn.com/it-it/?ocid=iehp</a></p><p>BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-11-17] (Microsoft Corporation)</p><p>BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-10-23] (Microsoft Corporation)</p><p>Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation)</p><p>Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation)</p><p>Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation)</p><p>Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation)</p><p>Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation)</p><p>Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation)</p><p>Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation)</p><p>Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation)</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\emi84\AppData\Roaming\Mozilla\Firefox\Profiles\fjAvAqtI.default [2017-10-14]</p><p>FF Extension: (Avira Browser Safety) - C:\Users\emi84\AppData\Roaming\Mozilla\Firefox\Profiles\fjAvAqtI.default\Extensions\abs@avira.com [2017-10-14]</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-15] ()</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-23] (Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()</p><p>FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-23] (Microsoft Corporation)</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-10-23] (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: Default -> hxxp://<a href="http://www.google.com" target="_blank">www.google.com</a></p><p>CHR StartupUrls: Default -> "hxxp://<a href="http://www.google.it/" target="_blank">www.google.it/</a>"</p><p>CHR Profile: C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default [2017-12-10]</p><p>CHR Extension: (Presentaciones) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]</p><p>CHR Extension: (Documentos) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]</p><p>CHR Extension: (Google Drive) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-19]</p><p>CHR Extension: (YouTube) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-19]</p><p>CHR Extension: (Hojas de cálculo) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]</p><p>CHR Extension: (Avira Navegación segura) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-10-14]</p><p>CHR Extension: (Documentos de Google sin conexión) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-19]</p><p>CHR Extension: (AdBlock) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-06]</p><p>CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-19]</p><p>CHR Extension: (Video DownloadHelper) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2017-11-09]</p><p>CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]</p><p>CHR Extension: (Gmail) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-19]</p><p>CHR Extension: (Chrome Media Router) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15]</p><p>CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx</p><p>CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx</p><p>CHR HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx</p><p>CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx</p><p>CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx</p><p></p><p>==================== Services (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)</p><p>R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)</p><p>R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1419424 2016-05-20] (Intel Corporation)</p><p>S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [104448 2017-08-14] (Freemake) [File not signed]</p><p>S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)</p><p>R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)</p><p>R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-23] (HP Inc.)</p><p>S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()</p><p>R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2016-12-08] (Intel Corporation)</p><p>R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)</p><p>S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-07-03] ()</p><p>R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [317960 2016-10-04] (Realtek Semiconductor)</p><p>S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)</p><p>R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)</p><p>R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-08] (Microsoft Corporation)</p><p>R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-08] (Microsoft Corporation)</p><p>R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)</p><p>R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)</p><p>R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3755176 2017-07-03] (Intel® Corporation)</p><p>R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]</p><p>S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit per Android\Library\DriverInstaller\DriverInstall.exe [X]</p><p></p><p>===================== Drivers (Whitelisted) ======================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider) [File not signed]</p><p>S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)</p><p>R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52208 2016-05-20] (Intel Corporation)</p><p>R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260080 2016-05-20] (Intel Corporation)</p><p>R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()</p><p>S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2017-12-10] ()</p><p>R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)</p><p>R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2017-12-10] (Malwarebytes)</p><p>R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-10] (Malwarebytes)</p><p>R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-10] (Malwarebytes)</p><p>R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-10] (Malwarebytes)</p><p>R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-10] (Malwarebytes)</p><p>R1 MpKsl2cc511b5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E26B0509-ABC1-43E4-BA2A-18EE13B1151C}\MpKsl2cc511b5.sys [58120 2017-12-10] (Microsoft Corporation)</p><p>R1 MpKsldad193c5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00FB8D34-FAFD-4F58-A7AB-3964819B1EB4}\MpKsldad193c5.sys [58120 2017-12-10] (Microsoft Corporation)</p><p>R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7643648 2017-07-13] (Intel Corporation)</p><p>R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )</p><p>S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()</p><p>R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)</p><p>S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-08] (Microsoft Corporation)</p><p>R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-08] (Microsoft Corporation)</p><p>R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-08] (Microsoft Corporation)</p><p>R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)</p><p>R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-12-10] (Zemana Ltd.)</p><p>R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-10] (Zemana Ltd.)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2017-12-10 12:39 - 2017-12-10 12:40 - 000020313 _____ C:\Users\emi84\Downloads\FRST.txt</p><p>2017-12-10 12:39 - 2017-12-10 12:39 - 002390528 _____ (Farbar) C:\Users\emi84\Downloads\FRST64.exe</p><p>2017-12-10 12:39 - 2017-12-10 12:39 - 000000000 ____D C:\FRST</p><p>2017-12-10 12:38 - 2017-12-10 12:38 - 001751040 _____ (Farbar) C:\Users\emi84\Downloads\FRST.exe</p><p>2017-12-10 10:08 - 2017-12-10 03:45 - 094633984 _____ C:\WINDOWS\system32\config\SOFTWARE</p><p>2017-12-10 03:46 - 2017-12-10 03:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd</p><p>2017-12-10 03:19 - 2017-12-10 12:40 - 000557273 _____ C:\WINDOWS\ZAM.krnl.trace</p><p>2017-12-10 03:19 - 2017-12-10 12:40 - 000099474 _____ C:\WINDOWS\ZAM_Guard.krnl.trace</p><p>2017-12-10 03:19 - 2017-12-10 03:19 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys</p><p>2017-12-10 03:19 - 2017-12-10 03:19 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys</p><p>2017-12-10 03:19 - 2017-12-10 03:19 - 000001221 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk</p><p>2017-12-10 03:19 - 2017-12-10 03:19 - 000000000 ____D C:\Users\emi84\AppData\Local\Zemana</p><p>2017-12-10 03:19 - 2017-12-10 03:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware</p><p>2017-12-10 03:19 - 2017-12-10 03:19 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware</p><p>2017-12-10 03:18 - 2017-12-10 03:18 - 006625600 _____ (Zemana Ltd. ) C:\Users\emi84\Downloads\Zemana.AntiMalware.Setup.exe</p><p>2017-12-10 03:02 - 2017-12-10 03:02 - 000000000 ____D C:\ProgramData\Emsisoft</p><p>2017-12-10 02:58 - 2017-12-10 03:17 - 000000000 ____D C:\EEK</p><p>2017-12-10 02:56 - 2017-12-10 02:57 - 305345400 _____ C:\Users\emi84\Downloads\EmsisoftEmergencyKit.exe</p><p>2017-12-10 02:36 - 2017-12-10 02:36 - 000001126 _____ C:\WINDOWS\system32\.crusader</p><p>2017-12-10 02:12 - 2017-12-10 02:38 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys</p><p>2017-12-10 02:12 - 2017-12-10 02:37 - 000000000 ____D C:\ProgramData\HitmanPro</p><p>2017-12-10 02:11 - 2017-12-10 02:12 - 011584088 _____ (SurfRight B.V.) C:\Users\emi84\Downloads\hitmanpro_x64.exe</p><p>2017-12-10 02:00 - 2017-12-10 12:06 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys</p><p>2017-12-10 02:00 - 2017-12-10 03:46 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys</p><p>2017-12-10 02:00 - 2017-12-10 03:46 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys</p><p>2017-12-10 02:00 - 2017-12-10 02:00 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys</p><p>2017-12-10 01:59 - 2017-12-10 01:59 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys</p><p>2017-12-10 01:59 - 2017-12-10 01:59 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk</p><p>2017-12-10 01:59 - 2017-12-10 01:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes</p><p>2017-12-10 01:59 - 2017-12-10 01:59 - 000000000 ____D C:\ProgramData\Malwarebytes</p><p>2017-12-10 01:59 - 2017-12-10 01:59 - 000000000 ____D C:\Program Files\Malwarebytes</p><p>2017-12-10 01:59 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys</p><p>2017-12-10 01:58 - 2017-12-10 01:59 - 083316440 _____ (Malwarebytes ) C:\Users\emi84\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe</p><p>2017-12-10 00:07 - 2017-12-10 00:43 - 000000000 ____D C:\Users\emi84\Desktop\Video Corso di Spagnolo Ersmus Plus</p><p>2017-12-08 20:54 - 2017-12-08 20:54 - 000675232 _____ C:\Users\emi84\Downloads\Tema 1.Orientacion y AD (1).pdf</p><p>2017-12-08 19:42 - 2017-12-08 19:42 - 000725348 _____ C:\Users\emi84\Downloads\Tema 1.2. Areas de intervención .pdf</p><p>2017-12-08 19:41 - 2017-12-08 19:41 - 000675232 _____ C:\Users\emi84\Downloads\Tema 1.Orientacion y AD.pdf</p><p>2017-12-06 13:47 - 2017-03-17 22:00 - 009893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000a.dll</p><p>2017-12-06 13:47 - 2017-03-17 21:54 - 009675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000a.dll</p><p>2017-12-06 13:47 - 2017-03-17 21:45 - 009893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons000a.dll</p><p>2017-12-06 13:47 - 2017-03-17 21:39 - 009560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData000a.dll</p><p>2017-12-06 13:46 - 2017-12-06 13:46 - 000001051 _____ C:\Users\emi84\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk</p><p>2017-12-06 13:46 - 2017-03-17 22:00 - 005739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll</p><p>2017-12-06 13:46 - 2017-03-17 22:00 - 004176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0010.dll</p><p>2017-12-06 13:46 - 2017-03-17 21:59 - 002629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll</p><p>2017-12-06 13:46 - 2017-03-17 21:56 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0010.dll</p><p>2017-12-06 13:46 - 2017-03-17 21:52 - 004434944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS6.dll</p><p>2017-12-06 13:46 - 2017-03-17 21:48 - 006348288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll</p><p>2017-12-06 13:46 - 2017-03-17 21:44 - 004176384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0010.dll</p><p>2017-12-06 13:46 - 2017-03-17 21:43 - 002629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll</p><p>2017-12-06 13:46 - 2017-03-17 21:41 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0010.dll</p><p>2017-12-06 13:46 - 2017-03-17 21:38 - 004383232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MLS6.dll</p><p>2017-12-06 13:46 - 2017-03-17 21:35 - 005484544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll</p><p>2017-12-05 23:23 - 2012-03-23 10:56 - 000439808 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys</p><p>2017-12-05 23:23 - 2012-03-07 09:30 - 000229376 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys</p><p>2017-12-05 23:23 - 2012-03-07 09:30 - 000104448 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys</p><p>2017-12-05 23:23 - 2012-03-07 09:30 - 000073216 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys</p><p>2017-12-05 23:23 - 2011-12-31 08:20 - 000225920 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys</p><p>2017-12-05 23:23 - 2011-11-24 18:30 - 000030720 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys</p><p>2017-12-05 23:23 - 2010-10-08 15:59 - 000032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys</p><p>2017-12-05 23:23 - 2010-09-26 17:09 - 000022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys</p><p>2017-12-05 23:23 - 2010-08-06 06:43 - 001001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys</p><p>2017-12-05 23:23 - 2010-07-27 08:52 - 000117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys</p><p>2017-12-05 23:23 - 2010-03-20 11:06 - 000013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys</p><p>2017-12-05 20:52 - 2017-12-05 20:52 - 000000000 ____D C:\Program Files\Common Files\DESIGNER</p><p>2017-12-01 14:37 - 2017-12-01 14:37 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf</p><p>2017-12-01 14:31 - 2017-12-01 14:31 - 000000000 ____D C:\Users\emi84\AppData\Local\Aiseesoft Studio</p><p>2017-12-01 14:31 - 2017-12-01 14:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft</p><p>2017-12-01 14:31 - 2017-12-01 14:31 - 000000000 ____D C:\ProgramData\Aiseesoft Studio</p><p>2017-12-01 14:31 - 2017-12-01 14:31 - 000000000 ____D C:\Program Files (x86)\Aiseesoft Studio</p><p>2017-12-01 14:31 - 2017-03-17 01:52 - 000708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll</p><p>2017-12-01 14:30 - 2017-12-01 14:30 - 041963888 _____ (Aiseesoft Studio ) C:\Users\emi84\Downloads\fonelab-android.exe</p><p>2017-12-01 14:29 - 2017-12-01 14:29 - 000000000 ____D C:\ProgramData\wsr</p><p>2017-12-01 14:24 - 2017-12-01 14:24 - 000000000 ____D C:\Users\emi84\.android</p><p>2017-12-01 14:22 - 2017-12-01 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare</p><p>2017-12-01 14:22 - 2017-12-01 14:23 - 000000000 ____D C:\Users\emi84\AppData\Roaming\Wondershare</p><p>2017-12-01 14:21 - 2017-12-01 14:44 - 000000000 ____D C:\ProgramData\Wondershare</p><p>2017-12-01 14:21 - 2017-12-01 14:44 - 000000000 ____D C:\Program Files (x86)\Wondershare</p><p>2017-12-01 14:21 - 2015-02-27 10:35 - 000000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config</p><p>2017-12-01 14:17 - 2017-12-01 14:17 - 050765336 _____ (Wondershare ) C:\Users\emi84\Downloads\drfone-for-android_full1464.exe</p><p>2017-12-01 14:09 - 2017-12-01 14:11 - 000000000 ____D C:\Program Files (x86)\Digicam Photo Recovery</p><p>2017-12-01 14:09 - 2017-12-01 14:09 - 000001238 _____ C:\Users\emi84\Desktop\Digicam Photo Recovery.lnk</p><p>2017-12-01 14:09 - 2017-12-01 14:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digicam Photo Recovery</p><p>2017-12-01 14:08 - 2017-12-01 14:08 - 001574904 _____ (aliensign Software ) C:\Users\emi84\Downloads\DigicamPhotoRecoverySetup.exe</p><p>2017-11-22 21:43 - 2017-11-17 10:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe</p><p>2017-11-22 21:43 - 2017-11-17 10:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll</p><p>2017-11-22 21:43 - 2017-11-17 10:46 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe</p><p>2017-11-22 21:43 - 2017-11-17 10:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe</p><p>2017-11-22 21:43 - 2017-11-17 10:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll</p><p>2017-11-22 21:43 - 2017-11-17 10:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll</p><p>2017-11-22 21:43 - 2017-11-17 10:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll</p><p>2017-11-22 21:43 - 2017-11-17 10:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll</p><p>2017-11-22 21:43 - 2017-11-17 10:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll</p><p>2017-11-22 21:43 - 2017-11-17 10:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll</p><p>2017-11-22 21:43 - 2017-11-17 10:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll</p><p>2017-11-22 21:43 - 2017-11-17 10:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe</p><p>2017-11-22 21:43 - 2017-11-17 10:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll</p><p>2017-11-22 21:43 - 2017-11-17 10:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe</p><p>2017-11-22 21:43 - 2017-11-17 10:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll</p><p>2017-11-22 21:43 - 2017-11-17 10:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll</p><p>2017-11-22 21:43 - 2017-11-17 10:39 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe</p><p>2017-11-22 21:43 - 2017-11-17 10:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys</p><p>2017-11-22 21:43 - 2017-11-17 10:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll</p><p>2017-11-22 21:43 - 2017-11-17 10:36 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe</p><p>2017-11-22 21:43 - 2017-11-17 10:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll</p><p>2017-11-22 21:43 - 2017-11-17 10:11 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll</p><p>2017-11-22 21:43 - 2017-11-17 10:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys</p><p>2017-11-22 21:43 - 2017-11-17 10:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys</p><p>2017-11-22 21:43 - 2017-11-17 09:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll</p><p>2017-11-22 21:43 - 2017-11-17 09:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys</p><p>2017-11-22 21:43 - 2017-11-17 09:54 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll</p><p>2017-11-22 21:43 - 2017-11-17 09:52 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll</p><p>2017-11-22 21:43 - 2017-11-17 09:51 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll</p><p>2017-11-20 19:03 - 2017-11-20 19:03 - 000000000 ____D C:\Program Files\HP</p><p>2017-11-20 19:02 - 2017-11-20 19:03 - 000000000 ____D C:\ProgramData\HP</p><p>2017-11-18 20:29 - 2017-12-10 10:07 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware</p><p>2017-11-18 12:37 - 2017-11-18 12:37 - 000105682 _____ C:\Users\emi84\Documents\cc_20171118_123713.reg</p><p>2017-11-18 12:32 - 2017-11-18 15:23 - 000004212 _____ C:\WINDOWS\System32\Tasks\CCleaner Update</p><p>2017-11-18 12:32 - 2017-11-18 12:32 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC</p><p>2017-11-18 12:32 - 2017-11-18 12:32 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk</p><p>2017-11-18 12:32 - 2017-11-18 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner</p><p>2017-11-18 12:32 - 2017-11-18 12:32 - 000000000 ____D C:\Program Files\CCleaner</p><p>2017-11-18 12:31 - 2017-11-18 12:31 - 010849904 _____ (Piriform Ltd) C:\Users\emi84\Downloads\ccsetup537.exe</p><p>2017-11-18 12:20 - 2017-11-18 12:53 - 000000000 ____D C:\Program Files (x86)\Avira</p><p>2017-11-18 12:17 - 2017-11-18 12:18 - 272392312 _____ C:\Users\emi84\Downloads\avira_antivirus_it-it.exe</p><p>2017-11-18 12:01 - 2017-11-18 12:01 - 000000000 _____ C:\autoexec.bat</p><p>2017-11-15 22:08 - 2017-11-05 02:40 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe</p><p>2017-11-15 22:08 - 2017-11-05 02:40 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2017-11-15 17:46 - 2017-11-02 05:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll</p><p>2017-11-15 17:45 - 2017-11-02 06:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys</p><p>2017-11-15 17:45 - 2017-11-02 05:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll</p><p>2017-11-15 17:45 - 2017-11-02 05:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll</p><p>2017-11-15 17:45 - 2017-11-02 05:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll</p><p>2017-11-15 17:45 - 2017-11-02 05:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll</p><p>2017-11-15 17:45 - 2017-11-02 05:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll</p><p>2017-11-15 17:45 - 2017-11-02 05:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll</p><p>2017-11-15 17:45 - 2017-11-02 05:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll</p><p>2017-11-15 17:45 - 2017-11-02 05:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll</p><p>2017-11-15 17:45 - 2017-10-15 16:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll</p><p>2017-11-15 17:45 - 2017-10-15 15:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll</p><p>2017-11-15 17:45 - 2017-10-15 15:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll</p><p>2017-11-15 17:45 - 2017-10-15 15:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll</p><p>2017-11-15 17:45 - 2017-10-15 15:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll</p><p>2017-11-15 17:45 - 2017-10-15 15:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll</p><p>2017-11-15 17:45 - 2017-10-15 15:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll</p><p>2017-11-15 17:44 - 2017-11-02 06:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll</p><p>2017-11-15 17:44 - 2017-11-02 05:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll</p><p>2017-11-15 17:44 - 2017-11-02 05:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll</p><p>2017-11-15 17:44 - 2017-11-02 05:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll</p><p>2017-11-15 17:44 - 2017-11-02 05:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll</p><p>2017-11-15 17:44 - 2017-11-02 05:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll</p><p>2017-11-15 17:44 - 2017-11-02 05:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe</p><p>2017-11-15 17:44 - 2017-11-02 05:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe</p><p>2017-11-15 17:44 - 2017-11-02 05:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe</p><p>2017-11-15 17:44 - 2017-11-02 05:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll</p><p>2017-11-15 17:44 - 2017-11-02 05:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll</p><p>2017-11-15 17:44 - 2017-11-02 05:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll</p><p>2017-11-15 17:44 - 2017-11-02 05:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE</p><p>2017-11-15 17:44 - 2017-11-02 05:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll</p><p>2017-11-15 17:44 - 2017-11-02 05:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll</p><p>2017-11-15 17:44 - 2017-11-02 05:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll</p><p>2017-11-15 17:44 - 2017-11-02 05:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll</p><p>2017-11-15 17:44 - 2017-11-02 05:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll</p><p>2017-11-15 17:44 - 2017-11-02 05:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll</p><p>2017-11-15 17:44 - 2017-11-02 05:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll</p><p>2017-11-15 17:44 - 2017-10-25 08:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll</p><p>2017-11-15 17:44 - 2017-10-15 16:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll</p><p>2017-11-15 17:44 - 2017-10-15 16:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll</p><p>2017-11-15 17:44 - 2017-10-15 15:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll</p><p>2017-11-15 17:44 - 2017-10-15 15:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll</p><p>2017-11-15 17:43 - 2017-11-02 05:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll</p><p>2017-11-15 17:43 - 2017-11-02 05:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll</p><p>2017-11-15 17:43 - 2017-11-02 05:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll</p><p>2017-11-15 17:43 - 2017-11-02 05:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll</p><p>2017-11-15 17:43 - 2017-11-02 05:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll</p><p>2017-11-15 17:43 - 2017-11-02 05:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll</p><p>2017-11-15 17:43 - 2017-11-02 05:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll</p><p>2017-11-15 17:43 - 2017-11-02 05:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll</p><p>2017-11-15 17:43 - 2017-10-15 15:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll</p><p>2017-11-15 17:43 - 2017-10-15 15:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll</p><p>2017-11-15 17:41 - 2017-11-02 06:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys</p><p>2017-11-15 17:41 - 2017-11-02 05:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll</p><p>2017-11-15 17:41 - 2017-11-02 05:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe</p><p>2017-11-15 17:41 - 2017-11-02 05:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe</p><p>2017-11-15 17:41 - 2017-11-02 05:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll</p><p>2017-11-15 17:41 - 2017-11-02 05:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll</p><p>2017-11-15 17:41 - 2017-11-02 05:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll</p><p>2017-11-15 17:41 - 2017-11-02 05:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll</p><p>2017-11-15 17:41 - 2017-11-02 05:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll</p><p>2017-11-15 17:40 - 2017-11-02 05:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll</p><p>2017-11-15 17:40 - 2017-11-02 05:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll</p><p>2017-11-15 17:39 - 2017-11-02 05:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll</p><p>2017-11-15 17:39 - 2017-10-15 15:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll</p><p>2017-11-15 17:39 - 2017-10-15 15:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll</p><p>2017-11-15 17:39 - 2017-10-15 15:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll</p><p>2017-11-15 17:38 - 2017-11-02 06:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll</p><p>2017-11-15 17:38 - 2017-11-02 06:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys</p><p>2017-11-15 17:38 - 2017-11-02 06:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll</p><p>2017-11-15 17:38 - 2017-11-02 05:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll</p><p>2017-11-15 17:38 - 2017-11-02 05:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll</p><p>2017-11-15 17:38 - 2017-11-02 05:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll</p><p>2017-11-15 17:38 - 2017-11-02 05:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll</p><p>2017-11-15 17:38 - 2017-11-02 05:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll</p><p>2017-11-15 17:38 - 2017-11-02 05:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll</p><p>2017-11-15 17:38 - 2017-11-02 05:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll</p><p>2017-11-15 17:38 - 2017-11-02 05:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll</p><p>2017-11-15 17:38 - 2017-11-02 05:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll</p><p>2017-11-15 17:38 - 2017-11-02 05:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll</p><p>2017-11-15 17:38 - 2017-11-02 05:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll</p><p>2017-11-15 17:38 - 2017-10-15 15:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll</p><p>2017-11-14 22:47 - 2017-11-02 06:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll</p><p>2017-11-14 22:47 - 2017-11-02 06:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll</p><p>2017-11-14 22:47 - 2017-10-15 15:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll</p><p>2017-11-14 22:46 - 2017-11-02 06:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys</p><p>2017-11-14 22:46 - 2017-11-02 06:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll</p><p>2017-11-14 22:46 - 2017-11-02 06:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll</p><p>2017-11-14 22:46 - 2017-11-02 06:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll</p><p>2017-11-14 22:46 - 2017-11-02 06:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe</p><p>2017-11-14 22:46 - 2017-11-02 06:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe</p><p>2017-11-14 22:46 - 2017-11-02 06:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe</p><p>2017-11-14 22:46 - 2017-11-02 05:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll</p><p>2017-11-14 22:46 - 2017-11-02 05:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll</p><p>2017-11-14 22:46 - 2017-11-02 05:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe</p><p>2017-11-14 22:46 - 2017-11-02 05:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll</p><p>2017-11-14 22:46 - 2017-11-02 05:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll</p><p>2017-11-14 22:46 - 2017-11-02 05:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl</p><p>2017-11-14 22:46 - 2017-11-02 05:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll</p><p>2017-11-14 22:46 - 2017-11-02 05:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll</p><p>2017-11-14 22:46 - 2017-11-02 05:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll</p><p>2017-11-14 22:46 - 2017-11-02 05:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl</p><p>2017-11-14 22:46 - 2017-10-15 15:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll</p><p>2017-11-14 22:46 - 2017-10-15 15:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll</p><p>2017-11-14 22:46 - 2017-10-15 15:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll</p><p>2017-11-14 22:46 - 2017-10-15 15:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll</p><p>2017-11-14 22:45 - 2017-11-02 06:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys</p><p>2017-11-14 22:45 - 2017-11-02 05:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys</p><p>2017-11-14 22:45 - 2017-11-02 05:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll</p><p>2017-11-14 22:45 - 2017-11-02 05:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll</p><p>2017-11-14 22:45 - 2017-11-02 05:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll</p><p>2017-11-14 22:45 - 2017-11-02 05:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll</p><p>2017-11-14 22:45 - 2017-11-02 05:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll</p><p>2017-11-14 22:45 - 2017-11-02 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys</p><p>2017-11-14 22:45 - 2017-10-15 15:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll</p><p>2017-11-14 22:45 - 2017-10-15 15:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll</p><p>2017-11-14 22:45 - 2017-10-15 15:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll</p><p>2017-11-14 22:45 - 2017-10-15 15:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll</p><p>2017-11-14 22:44 - 2017-11-02 06:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi</p><p>2017-11-14 22:44 - 2017-11-02 06:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe</p><p>2017-11-14 22:44 - 2017-11-02 06:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll</p><p>2017-11-14 22:44 - 2017-11-02 06:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys</p><p>2017-11-14 22:44 - 2017-11-02 06:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe</p><p>2017-11-14 22:44 - 2017-11-02 05:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE</p><p>2017-11-14 22:44 - 2017-11-02 05:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe</p><p>2017-11-14 22:44 - 2017-11-02 05:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe</p><p>2017-11-14 22:44 - 2017-11-02 05:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe</p><p>2017-11-14 22:44 - 2017-11-02 05:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll</p><p>2017-11-14 22:44 - 2017-11-02 05:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll</p><p>2017-11-14 22:44 - 2017-10-15 15:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll</p><p>2017-11-14 22:44 - 2017-10-15 15:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe</p><p>2017-11-14 22:44 - 2017-10-15 15:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll</p><p>2017-11-14 22:44 - 2017-10-15 15:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll</p><p>2017-11-14 22:44 - 2017-10-15 15:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll</p><p>2017-11-14 22:43 - 2017-11-02 06:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll</p><p>2017-11-14 22:43 - 2017-11-02 06:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys</p><p>2017-11-14 22:43 - 2017-11-02 06:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll</p><p>2017-11-14 22:43 - 2017-11-02 06:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll</p><p>2017-11-14 22:43 - 2017-11-02 05:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll</p><p>2017-11-14 22:43 - 2017-11-02 05:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll</p><p>2017-11-14 22:43 - 2017-11-02 05:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll</p><p>2017-11-14 22:43 - 2017-11-02 05:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll</p><p>2017-11-14 22:43 - 2017-11-02 05:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll</p><p>2017-11-14 22:43 - 2017-11-02 05:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll</p><p>2017-11-14 22:43 - 2017-11-02 05:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll</p><p>2017-11-14 22:43 - 2017-11-02 05:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll</p><p>2017-11-14 22:43 - 2017-11-02 05:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll</p><p>2017-11-14 22:43 - 2017-11-02 05:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll</p><p>2017-11-14 22:43 - 2017-11-02 05:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll</p><p>2017-11-14 22:43 - 2017-11-02 05:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys</p><p>2017-11-14 22:43 - 2017-11-02 05:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll</p><p>2017-11-14 22:43 - 2017-11-02 05:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll</p><p>2017-11-14 22:43 - 2017-11-02 05:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll</p><p>2017-11-14 22:43 - 2017-10-15 15:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys</p><p>2017-11-14 22:43 - 2017-10-15 15:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys</p><p>2017-11-14 22:43 - 2017-10-15 15:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll</p><p>2017-11-14 22:43 - 2017-10-15 15:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll</p><p>2017-11-14 22:43 - 2017-10-15 15:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll</p><p>2017-11-13 23:25 - 2017-11-13 23:25 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe</p><p>2017-11-13 23:24 - 2017-11-18 13:00 - 000000000 ____D C:\Program Files\KMSpico</p><p>2017-11-13 23:24 - 2017-11-18 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico</p><p>2017-11-13 23:24 - 2010-12-06 03:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll</p><p>2017-11-13 23:15 - 2017-11-13 23:15 - 000130452 _____ C:\Users\emi84\Downloads\officeact.diagcab</p><p>2017-11-10 01:09 - 2017-11-10 01:09 - 000000000 ____D C:\Users\emi84\Documents\Modelli di Office personalizzati</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2017-12-10 12:34 - 2017-10-11 00:44 - 000004188 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6E516240-06AD-45C2-9931-D2BCB2D65BD0}</p><p>2017-12-10 12:01 - 2017-10-11 00:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat</p><p>2017-12-10 12:01 - 2017-03-19 10:57 - 000000000 __SHD C:\Users\emi84\IntelGraphicsProfiles</p><p>2017-12-10 03:45 - 2017-10-11 00:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT</p><p>2017-12-10 03:45 - 2017-03-18 12:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI</p><p>2017-12-10 03:27 - 2017-10-11 00:22 - 000000000 ____D C:\Users\emi84</p><p>2017-12-09 23:55 - 2017-10-11 00:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy</p><p>2017-12-09 16:26 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps</p><p>2017-12-09 16:26 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness</p><p>2017-12-09 16:18 - 2017-10-11 00:13 - 000277584 _____ C:\WINDOWS\system32\FNTCACHE.DAT</p><p>2017-12-09 16:17 - 2017-04-17 21:55 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForemi84.job</p><p>2017-12-09 01:07 - 2017-03-25 22:57 - 000000000 ____D C:\Users\emi84\AppData\Roaming\vlc</p><p>2017-12-06 13:47 - 2017-03-19 03:30 - 000000000 ____D C:\WINDOWS\OCR</p><p>2017-12-06 13:47 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp</p><p>2017-12-06 13:09 - 2017-10-11 00:44 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForemi84</p><p>2017-12-05 23:23 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF</p><p>2017-12-05 20:53 - 2017-10-27 18:24 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk</p><p>2017-12-05 20:52 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft</p><p>2017-12-05 20:52 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared</p><p>2017-12-05 20:50 - 2017-08-25 19:45 - 000000000 ____D C:\Program Files\Microsoft Office</p><p>2017-11-28 22:46 - 2017-03-19 10:57 - 000000000 ____D C:\Users\emi84\AppData\Local\Packages</p><p>2017-11-26 19:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache</p><p>2017-11-22 23:36 - 2017-03-18 12:03 - 000000000 __RHD C:\Users\Public\AccountPictures</p><p>2017-11-21 19:28 - 2017-03-18 14:19 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe</p><p>2017-11-18 16:59 - 2017-03-19 12:40 - 000002115 _____ C:\Users\Public\Desktop\Google Slides.lnk</p><p>2017-11-18 16:59 - 2017-03-19 12:40 - 000002103 _____ C:\Users\Public\Desktop\Google Docs.lnk</p><p>2017-11-18 16:59 - 2017-03-19 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive</p><p>2017-11-18 12:46 - 2017-04-04 14:56 - 000000000 ____D C:\ProgramData\Package Cache</p><p>2017-11-18 12:33 - 2017-10-10 23:09 - 000000000 ___DC C:\WINDOWS\Panther</p><p>2017-11-18 11:58 - 2017-03-18 11:57 - 000980546 _____ C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2017-11-17 20:12 - 2017-10-27 18:25 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task</p><p>2017-11-15 22:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\appraiser</p><p>2017-11-15 22:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences</p><p>2017-11-15 22:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning</p><p>2017-11-15 22:04 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer</p><p>2017-11-15 22:04 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer</p><p>2017-11-15 21:01 - 2017-10-11 00:44 - 000004748 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier</p><p>2017-11-15 21:01 - 2017-10-11 00:44 - 000004570 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater</p><p>2017-11-15 21:01 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed</p><p>2017-11-15 21:01 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed</p><p>2017-11-15 17:53 - 2017-10-11 00:44 - 000003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2017-11-15 17:53 - 2017-10-11 00:44 - 000003544 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore</p><p>2017-11-14 22:42 - 2017-03-19 12:16 - 000000000 ____D C:\WINDOWS\system32\MRT</p><p>2017-11-14 22:33 - 2017-10-10 21:33 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe</p><p>2017-11-14 22:33 - 2017-03-19 12:16 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe</p><p>2017-11-14 21:03 - 2017-03-18 12:53 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk</p><p>2017-11-13 23:18 - 2017-09-09 10:11 - 000000000 ____D C:\Users\emi84\AppData\Local\ElevatedDiagnostics</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2017-03-24 19:41 - 2017-03-24 19:41 - 000000001 _____ () C:\Users\emi84\AppData\Local\llftool.4.40.agreement</p><p></p><p>Some files in TEMP:</p><p>====================</p><p>2017-11-20 19:02 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\emi84\AppData\Local\Temp\TAInstaller.exe</p><p></p><p>==================== Bamital & volsnap ======================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\WINDOWS\system32\winlogon.exe => File is digitally signed</p><p>C:\WINDOWS\system32\wininit.exe => File is digitally signed</p><p>C:\WINDOWS\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\system32\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\system32\services.exe => File is digitally signed</p><p>C:\WINDOWS\system32\User32.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed</p><p>C:\WINDOWS\system32\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\system32\rpcss.dll => File is digitally signed</p><p>C:\WINDOWS\system32\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p>LastRegBack: 2017-12-07 01:02</p><p></p><p>==================== End of FRST.txt ============================</p></blockquote><p></p>
[QUOTE="Emilio84, post: 696106, member: 68243"] Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2017 Ran by emi84 (10-12-2017 12:42:32) Running from C:\Users\emi84\Downloads Windows 10 Pro Version 1703 15063.729 (X64) (2017-10-14 09:48:12) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2014606299-2528773749-2630987418-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2014606299-2528773749-2630987418-503 - Limited - Disabled) emi84 (S-1-5-21-2014606299-2528773749-2630987418-1002 - Administrator - Enabled) => C:\Users\emi84 Guest (S-1-5-21-2014606299-2528773749-2630987418-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K Video Downloader 4.4 (HKLM-x32\...\{F350AF86-CD2C-45DC-9F5E-9C1A6789E537}) (Version: 4.4.0.2235 - Open Media LLC) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated) Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated) Assistente aggiornamento Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Digicam Photo Recovery versione 1.9.1.0 (HKLM-x32\...\{5D4D5DC0-85E6-45CB-BA0F-76F7A8E657B6}_is1) (Version: 1.9.1.0 - aliensign Software) Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version: - ) Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION) Epson Guida di rete WF-2520 Series (HKLM-x32\...\WF-2520 Series Netg) (Version: - ) Epson Guida utente WF-2520 Series (HKLM-x32\...\WF-2520 Series Useg) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-2520 Series Printer Uninstall (HKLM\...\EPSON WF-2520 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated) FoneLab for Android 3.0.8 (HKLM-x32\...\{7A7ACBDD-FED6-4ec5-BD26-5549FEB5B968}_is1) (Version: 3.0.8 - Aiseesoft Studio) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.) Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.5.37.19 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{1DAF8EEB-5935-437D-ABC1-80897D352FA7}) (Version: 12.8.47.1 - HP Inc.) HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{ed5cef80-a339-45bd-8c06-514eaf785ca8}) (Version: 19.71.0 - Intel Corporation) KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation) Malwarebytes versione 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft Office Professional Plus 2016 - it-it (HKLM\...\ProplusRetail - it-it) (Version: 16.0.8625.2139 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation) Microsoft PowerPoint 2016 - it-it (HKLM\...\PowerPointRetail - it-it) (Version: 16.0.8625.2139 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: 1.09.01.51 - Huawei Technologies Co.,Ltd) Movie Maker (HKLM-x32\...\{312F7EE7-37D0-484D-B974-0CE1B8560C79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0410-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Raccolta foto (HKLM-x32\...\{86A1CEAD-EF47-47BB-AE79-DA8C09E15382}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.) Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated) UpdateAssistant (HKLM-x32\...\{DE45508F-369E-4476-8F19-088F4933340E}) (Version: 1.8.0.0 - Microsoft Corporation) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google) ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-10] () ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-29] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-29] (Alexander Roshal) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-08] (Intel Corporation) ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-10] () ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-29] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-29] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B15AFB8-3114-47B8-A296-E696AC627EEC} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate] Task: {1A8E75C1-E7FF-43AB-831D-730A97751406} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.) Task: {23782C06-29DD-47AA-B6BB-03FE9FDD2C1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-18] (Google Inc.) Task: {27778BCE-81C1-42DC-B46E-04C44820F5AE} - System32\Tasks\R@1n-KMS\Office16PowerPoint => wmic [Argument = path SoftwareLicensingProduct where (ID="d70b1bba-b893-4544-96e2-b7a318091c33") call Activate] Task: {2E302A99-1263-41D0-9C89-87E4349B1B4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation) Task: {2E8D382E-9E3B-4FCA-A522-B0B16AF96262} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.) Task: {3959D62B-9CEE-403D-A636-2E0AD06ACCCF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation) Task: {52D4B029-A54B-4A4D-B880-1A826D9DD64F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd) Task: {5596AD2D-E4F6-4553-898B-EDC632151F99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-18] (Google Inc.) Task: {56A046D5-FC4D-4D3A-89D8-03CD913E8E70} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation) Task: {7108B0BF-176F-44AD-ACCB-F18A330E0FD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.) Task: {7F2B6550-BC8C-4C3E-972C-748187EBF709} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] () Task: {9106D6E4-0B14-4453-BD33-41CB58C3C23F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] () Task: {9CDD986D-F659-46C2-A3B4-7D75D1A60415} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate] Task: {B387E4C3-361E-4D2C-8097-41C5213021BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated) Task: {C08D8029-56FD-4245-9AAE-8F383A5EA1B2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-15] (Adobe Systems Incorporated) Task: {C7A4E3FB-DC7D-4C37-BAAA-82783B0CD12F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.) Task: {CCD36D5D-69A2-41A8-9A40-0869C071243D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-20] () Task: {D1EF09E2-3FEE-4644-B619-E3219B24FC38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.) Task: {D8AE21D7-8005-4D58-85CD-722E3C86FE1B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {D95BE2A6-9ABA-497C-8109-764D7F2ECBEF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd) Task: {DB4F90ED-950D-4DE3-BCCF-0A6F66046B7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-12-05] (Microsoft Corporation) Task: {DDE66333-6F29-4AA4-B53A-FFF1E6198C36} - System32\Tasks\HPCeeScheduleForemi84 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.) Task: {EBC7A551-395B-466C-9D28-0B73BDD4E3B6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation) Task: {F1611FB2-2F1B-4186-A5F3-2D758906D678} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation) Task: {F599CF64-0EBB-472B-AF70-F0A790C37A80} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-12-05] (Microsoft Corporation) Task: {F7A66C7D-EC21-4BEC-B4E7-44283E48828F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\HPCeeScheduleForemi84.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-12-10 01:59 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-12-10 01:59 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-03-18 21:59 - 2017-03-19 03:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-11-30 17:35 - 2017-11-30 17:35 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-11-30 17:35 - 2017-11-30 17:35 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-11-30 17:35 - 2017-11-30 17:35 - 025600000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-11-30 17:35 - 2017-11-30 17:35 - 002546176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\skypert.dll 2017-11-30 17:35 - 2017-11-30 17:35 - 000672256 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2017-08-21 21:26 - 2017-08-14 10:34 - 000080896 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe 2017-11-14 21:03 - 2017-11-10 10:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll 2017-11-14 21:03 - 2017-11-10 10:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll 2017-11-01 16:24 - 2017-11-01 16:25 - 001919680 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll 2017-12-06 13:58 - 2017-12-06 13:59 - 001231528 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll 2017-10-14 21:43 - 2017-10-14 21:43 - 003553704 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-03-18 21:58 - 2017-03-18 21:58 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll 2017-07-11 06:41 - 2017-07-11 06:41 - 002331136 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll 2017-07-11 06:41 - 2017-07-11 06:41 - 002836480 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\hola.org -> hxxp://hola.org ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "EEventManager" HKLM\...\StartupApproved\Run32: => "FUFAXRCV" HKLM\...\StartupApproved\Run32: => "FUFAXSTM" HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\StartupApproved\Run: => "GoogleDriveSync" HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{94C69C48-48D2-4768-B94F-5549E7371681}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{5F81AEFF-FC96-47C8-934D-E8E505FD1333}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{967AE2EF-13DC-46A7-AF37-7A288643DCDB}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{094C0EA1-9D5B-4A9C-93B3-80F8EFD30DA6}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [UDP Query User{7B6E7A88-5960-4AF7-BD87-485100331ECB}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [TCP Query User{98D6CFA7-022C-47F5-B4B7-CFC1933127CC}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [UDP Query User{2A63232A-D2C5-4D70-9CC9-4D15A2C7C70D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{657E6D7C-8E1A-42E0-9DAC-6B04D7773EB0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{EE60B1D7-B11E-4066-9149-500D7B6E2969}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{914FA481-B539-4B13-AE7E-C95B0503D443}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{65F6B908-7A52-465C-9B2E-BD8B4F994034}] => (Allow) C:\Windows\KMS-R@1n.exe FirewallRules: [{7BA313F9-6237-43E7-B862-2D46514529A1}] => (Allow) C:\Windows\KMS-R@1n.exe FirewallRules: [{48713BCC-9227-4DAF-A9B9-A1EF788E036E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{6D94D843-29E4-4F7B-955C-62BAC73FC432}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{ACE67958-1CB8-4AEC-8194-B325F2FAEACC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{CCD5A020-1218-4B78-923A-2CB1939824B0}] => (Allow) LPort=1900 FirewallRules: [{89C25518-F20E-47B5-AA3F-8AEB720630A5}] => (Allow) LPort=2869 FirewallRules: [{327A8674-3C65-4689-B0FE-DAA371FCE3E8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{39097CE1-3C65-4050-9B87-86E0CD7E3220}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{F01FDB27-D061-4418-8807-5E9BE9E7618A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 22-11-2017 21:45:23 Windows Update 08-12-2017 23:46:30 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/10/2017 03:01:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-6JB12HH) Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/10/2017 02:39:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x59916057 Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x32774c02 Exception code: 0xe0434352 Fault offset: 0x000ecbb2 Faulting process id: 0xeac Faulting application start time: 0x01d371579f7c8482 Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: c942515c-0de7-421e-bf8d-c4d77eca5944 Faulting package full name: Faulting package-relative application ID: Error: (12/10/2017 02:39:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: FreemakeUtilsService.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs() at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs) at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (12/10/2017 02:36:58 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000045c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000D84EEFECE0.72). hr = 0x80070005, Access is denied. . Error: (12/10/2017 02:36:58 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000830,(null),0,REG_BINARY,000000C86C4FDB50.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {9e9c7900-b52f-435b-9bac-365c278bab19} Error: (12/10/2017 02:36:58 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000248,(null),0,REG_BINARY,000000D84EA7E5C0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {4c4bceaa-1cf1-4c1c-b089-61395e59d859} Error: (12/10/2017 02:36:58 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c8,(null),0,REG_BINARY,0000007FBCC7DD60.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {ec4b5a7e-661e-413a-a926-f80fab3f9be7} Error: (12/10/2017 02:36:58 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f8,(null),0,REG_BINARY,000000D84E7FE540.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {282299f4-13aa-4723-9a2a-6b4bb9795d4f} Error: (12/10/2017 02:36:58 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000220,(null),0,REG_BINARY,000000D565C7DE30.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {4fa762ec-07a6-47ed-83cf-f1935b66644b} Error: (12/10/2017 02:36:58 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000228,(null),0,REG_BINARY,000000D84E87F2C0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {22c7392e-6a57-4855-9374-de93d7076058} System errors: ============= Error: (12/10/2017 12:01:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6JB12HH) Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout. Error: (12/10/2017 03:49:44 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6JB12HH) Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout. Error: (12/10/2017 03:46:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HWDeviceService64.exe service terminated unexpectedly. It has done this 1 time(s). Error: (12/10/2017 03:46:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Freemake Improver service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (12/10/2017 03:46:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect. Error: (12/10/2017 03:45:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WsDrvInst service failed to start due to the following error: The system cannot find the file specified. Error: (12/10/2017 03:45:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CldFlt service failed to start due to the following error: The request is not supported. Error: (12/10/2017 02:39:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s). Error: (12/10/2017 02:39:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HWDeviceService64.exe service terminated unexpectedly. It has done this 1 time(s). Error: (12/10/2017 02:39:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the WsAppService service to connect. CodeIntegrity: =================================== Date: 2017-12-10 12:18:48.858 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-12-10 12:17:54.554 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-12-10 12:17:19.718 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-12-10 12:17:19.328 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-12-10 02:00:57.745 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-12-10 02:00:56.502 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-12-10 02:00:56.115 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-12-10 02:00:13.342 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-08 21:10:02.570 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-12-08 21:10:02.568 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz Percentage of memory in use: 59% Total physical RAM: 4016.67 MB Available physical RAM: 1634.04 MB Total Virtual: 4336.67 MB Available Virtual: 1639.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:449.19 GB) (Free:325.64 GB) NTFS Drive e: (HPDOCS) (Fixed) (Total:7.79 GB) (Free:7.59 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5F8DEA26) Partition 1: (Not Active) - (Size=7.8 GB) - (Type=0B) Partition 2: (Active) - (Size=7.8 GB) - (Type=0C) Partition 3: (Not Active) - (Size=449.2 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=979 MB) - (Type=27) ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-12-2017 Ran by emi84 (administrator) on DESKTOP-6JB12HH (10-12-2017 12:39:37) Running from C:\Users\emi84\Downloads Loaded Profiles: emi84 (Available Profiles: emi84) Platform: Windows 10 Pro Version 1703 15063.729 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\HxOutlook.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-04] (Realtek Semiconductor) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [80896 2017-08-14] () HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google) HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIWE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\Run: [Mobile Partner] => C:\Program Files (x86)\MobileWiFi\MobileWiFi HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd) HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {1df47db6-cc57-11e7-b037-98e7f4d410e2} - "D:\AutoRun.exe" HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {3b0fecf0-ac22-11e7-b02a-98e7f4d410e2} - "D:\AutoRun.exe" HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {63519080-d69c-11e7-b038-98e7f4d410e2} - "D:\AutoRun.exe" HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {a9a8d633-9e33-11e7-b02a-98e7f4d410e2} - "D:\AutoRun.exe" HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {c0ed2251-cfd4-11e7-b038-98e7f4d410e2} - "D:\AutoRun.exe" HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {c0ed2e2a-cfd4-11e7-b038-98e7f4d410e2} - "D:\AutoRun.exe" HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {c59f046e-b139-11e7-b033-98e7f4d410e2} - "D:\AutoRun.exe" HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {cf30352a-a129-11e7-b02a-98e7f4d410e2} - "D:\AutoRun.exe" HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\...\MountPoints2: {e76e4b72-c3f2-11e7-b033-98e7f4d410e2} - "D:\AutoRun.exe" GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{13d24f7a-d7ac-45d3-978a-f6201bd10d62}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{d5cb1d14-cbfb-4fb7-b5ad-e73dc4bf0a0a}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://[URL="http://www.msn.com/it-it/?ocid=iehp"]www.msn.com/it-it/?ocid=iehp[/URL] BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-11-17] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-10-23] (Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-05] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\emi84\AppData\Roaming\Mozilla\Firefox\Profiles\fjAvAqtI.default [2017-10-14] FF Extension: (Avira Browser Safety) - C:\Users\emi84\AppData\Roaming\Mozilla\Firefox\Profiles\fjAvAqtI.default\Extensions\abs@avira.com [2017-10-14] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-15] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-23] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-10-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://[URL="http://www.google.com"]www.google.com[/URL] CHR StartupUrls: Default -> "hxxp://[URL="http://www.google.it/"]www.google.it/[/URL]" CHR Profile: C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default [2017-12-10] CHR Extension: (Presentaciones) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14] CHR Extension: (Documentos) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Google Drive) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-19] CHR Extension: (YouTube) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-19] CHR Extension: (Hojas de cálculo) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (Avira Navegación segura) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-10-14] CHR Extension: (Documentos de Google sin conexión) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-19] CHR Extension: (AdBlock) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-06] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-19] CHR Extension: (Video DownloadHelper) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2017-11-09] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-19] CHR Extension: (Chrome Media Router) - C:\Users\emi84\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15] CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2014606299-2528773749-2630987418-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1419424 2016-05-20] (Intel Corporation) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [104448 2017-08-14] (Freemake) [File not signed] S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.) R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-23] (HP Inc.) S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2016-12-08] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-07-03] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [317960 2016-10-04] (Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-08] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-08] (Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3755176 2017-07-03] (Intel® Corporation) R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit per Android\Library\DriverInstaller\DriverInstall.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider) [File not signed] S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52208 2016-05-20] (Intel Corporation) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260080 2016-05-20] (Intel Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] () S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2017-12-10] () R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2017-12-10] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-10] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-10] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-10] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-10] (Malwarebytes) R1 MpKsl2cc511b5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E26B0509-ABC1-43E4-BA2A-18EE13B1151C}\MpKsl2cc511b5.sys [58120 2017-12-10] (Microsoft Corporation) R1 MpKsldad193c5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00FB8D34-FAFD-4F58-A7AB-3964819B1EB4}\MpKsldad193c5.sys [58120 2017-12-10] (Microsoft Corporation) R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7643648 2017-07-13] (Intel Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek ) S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-08] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-08] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-08] (Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [30368 2017-06-21] (HP) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-12-10] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-10] (Zemana Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-10 12:39 - 2017-12-10 12:40 - 000020313 _____ C:\Users\emi84\Downloads\FRST.txt 2017-12-10 12:39 - 2017-12-10 12:39 - 002390528 _____ (Farbar) C:\Users\emi84\Downloads\FRST64.exe 2017-12-10 12:39 - 2017-12-10 12:39 - 000000000 ____D C:\FRST 2017-12-10 12:38 - 2017-12-10 12:38 - 001751040 _____ (Farbar) C:\Users\emi84\Downloads\FRST.exe 2017-12-10 10:08 - 2017-12-10 03:45 - 094633984 _____ C:\WINDOWS\system32\config\SOFTWARE 2017-12-10 03:46 - 2017-12-10 03:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2017-12-10 03:19 - 2017-12-10 12:40 - 000557273 _____ C:\WINDOWS\ZAM.krnl.trace 2017-12-10 03:19 - 2017-12-10 12:40 - 000099474 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-12-10 03:19 - 2017-12-10 03:19 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2017-12-10 03:19 - 2017-12-10 03:19 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2017-12-10 03:19 - 2017-12-10 03:19 - 000001221 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-12-10 03:19 - 2017-12-10 03:19 - 000000000 ____D C:\Users\emi84\AppData\Local\Zemana 2017-12-10 03:19 - 2017-12-10 03:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-12-10 03:19 - 2017-12-10 03:19 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-12-10 03:18 - 2017-12-10 03:18 - 006625600 _____ (Zemana Ltd. ) C:\Users\emi84\Downloads\Zemana.AntiMalware.Setup.exe 2017-12-10 03:02 - 2017-12-10 03:02 - 000000000 ____D C:\ProgramData\Emsisoft 2017-12-10 02:58 - 2017-12-10 03:17 - 000000000 ____D C:\EEK 2017-12-10 02:56 - 2017-12-10 02:57 - 305345400 _____ C:\Users\emi84\Downloads\EmsisoftEmergencyKit.exe 2017-12-10 02:36 - 2017-12-10 02:36 - 000001126 _____ C:\WINDOWS\system32\.crusader 2017-12-10 02:12 - 2017-12-10 02:38 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2017-12-10 02:12 - 2017-12-10 02:37 - 000000000 ____D C:\ProgramData\HitmanPro 2017-12-10 02:11 - 2017-12-10 02:12 - 011584088 _____ (SurfRight B.V.) C:\Users\emi84\Downloads\hitmanpro_x64.exe 2017-12-10 02:00 - 2017-12-10 12:06 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-12-10 02:00 - 2017-12-10 03:46 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-12-10 02:00 - 2017-12-10 03:46 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-12-10 02:00 - 2017-12-10 02:00 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2017-12-10 01:59 - 2017-12-10 01:59 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2017-12-10 01:59 - 2017-12-10 01:59 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-12-10 01:59 - 2017-12-10 01:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-12-10 01:59 - 2017-12-10 01:59 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-12-10 01:59 - 2017-12-10 01:59 - 000000000 ____D C:\Program Files\Malwarebytes 2017-12-10 01:59 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-12-10 01:58 - 2017-12-10 01:59 - 083316440 _____ (Malwarebytes ) C:\Users\emi84\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe 2017-12-10 00:07 - 2017-12-10 00:43 - 000000000 ____D C:\Users\emi84\Desktop\Video Corso di Spagnolo Ersmus Plus 2017-12-08 20:54 - 2017-12-08 20:54 - 000675232 _____ C:\Users\emi84\Downloads\Tema 1.Orientacion y AD (1).pdf 2017-12-08 19:42 - 2017-12-08 19:42 - 000725348 _____ C:\Users\emi84\Downloads\Tema 1.2. Areas de intervención .pdf 2017-12-08 19:41 - 2017-12-08 19:41 - 000675232 _____ C:\Users\emi84\Downloads\Tema 1.Orientacion y AD.pdf 2017-12-06 13:47 - 2017-03-17 22:00 - 009893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000a.dll 2017-12-06 13:47 - 2017-03-17 21:54 - 009675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000a.dll 2017-12-06 13:47 - 2017-03-17 21:45 - 009893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons000a.dll 2017-12-06 13:47 - 2017-03-17 21:39 - 009560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData000a.dll 2017-12-06 13:46 - 2017-12-06 13:46 - 000001051 _____ C:\Users\emi84\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk 2017-12-06 13:46 - 2017-03-17 22:00 - 005739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll 2017-12-06 13:46 - 2017-03-17 22:00 - 004176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0010.dll 2017-12-06 13:46 - 2017-03-17 21:59 - 002629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll 2017-12-06 13:46 - 2017-03-17 21:56 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0010.dll 2017-12-06 13:46 - 2017-03-17 21:52 - 004434944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS6.dll 2017-12-06 13:46 - 2017-03-17 21:48 - 006348288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll 2017-12-06 13:46 - 2017-03-17 21:44 - 004176384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0010.dll 2017-12-06 13:46 - 2017-03-17 21:43 - 002629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll 2017-12-06 13:46 - 2017-03-17 21:41 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0010.dll 2017-12-06 13:46 - 2017-03-17 21:38 - 004383232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MLS6.dll 2017-12-06 13:46 - 2017-03-17 21:35 - 005484544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll 2017-12-05 23:23 - 2012-03-23 10:56 - 000439808 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys 2017-12-05 23:23 - 2012-03-07 09:30 - 000229376 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys 2017-12-05 23:23 - 2012-03-07 09:30 - 000104448 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys 2017-12-05 23:23 - 2012-03-07 09:30 - 000073216 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys 2017-12-05 23:23 - 2011-12-31 08:20 - 000225920 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys 2017-12-05 23:23 - 2011-11-24 18:30 - 000030720 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys 2017-12-05 23:23 - 2010-10-08 15:59 - 000032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys 2017-12-05 23:23 - 2010-09-26 17:09 - 000022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys 2017-12-05 23:23 - 2010-08-06 06:43 - 001001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys 2017-12-05 23:23 - 2010-07-27 08:52 - 000117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys 2017-12-05 23:23 - 2010-03-20 11:06 - 000013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys 2017-12-05 20:52 - 2017-12-05 20:52 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2017-12-01 14:37 - 2017-12-01 14:37 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf 2017-12-01 14:31 - 2017-12-01 14:31 - 000000000 ____D C:\Users\emi84\AppData\Local\Aiseesoft Studio 2017-12-01 14:31 - 2017-12-01 14:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft 2017-12-01 14:31 - 2017-12-01 14:31 - 000000000 ____D C:\ProgramData\Aiseesoft Studio 2017-12-01 14:31 - 2017-12-01 14:31 - 000000000 ____D C:\Program Files (x86)\Aiseesoft Studio 2017-12-01 14:31 - 2017-03-17 01:52 - 000708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll 2017-12-01 14:30 - 2017-12-01 14:30 - 041963888 _____ (Aiseesoft Studio ) C:\Users\emi84\Downloads\fonelab-android.exe 2017-12-01 14:29 - 2017-12-01 14:29 - 000000000 ____D C:\ProgramData\wsr 2017-12-01 14:24 - 2017-12-01 14:24 - 000000000 ____D C:\Users\emi84\.android 2017-12-01 14:22 - 2017-12-01 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2017-12-01 14:22 - 2017-12-01 14:23 - 000000000 ____D C:\Users\emi84\AppData\Roaming\Wondershare 2017-12-01 14:21 - 2017-12-01 14:44 - 000000000 ____D C:\ProgramData\Wondershare 2017-12-01 14:21 - 2017-12-01 14:44 - 000000000 ____D C:\Program Files (x86)\Wondershare 2017-12-01 14:21 - 2015-02-27 10:35 - 000000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config 2017-12-01 14:17 - 2017-12-01 14:17 - 050765336 _____ (Wondershare ) C:\Users\emi84\Downloads\drfone-for-android_full1464.exe 2017-12-01 14:09 - 2017-12-01 14:11 - 000000000 ____D C:\Program Files (x86)\Digicam Photo Recovery 2017-12-01 14:09 - 2017-12-01 14:09 - 000001238 _____ C:\Users\emi84\Desktop\Digicam Photo Recovery.lnk 2017-12-01 14:09 - 2017-12-01 14:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digicam Photo Recovery 2017-12-01 14:08 - 2017-12-01 14:08 - 001574904 _____ (aliensign Software ) C:\Users\emi84\Downloads\DigicamPhotoRecoverySetup.exe 2017-11-22 21:43 - 2017-11-17 10:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2017-11-22 21:43 - 2017-11-17 10:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-11-22 21:43 - 2017-11-17 10:46 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-11-22 21:43 - 2017-11-17 10:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-11-22 21:43 - 2017-11-17 10:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-11-22 21:43 - 2017-11-17 10:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-11-22 21:43 - 2017-11-17 10:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-11-22 21:43 - 2017-11-17 10:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2017-11-22 21:43 - 2017-11-17 10:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-11-22 21:43 - 2017-11-17 10:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-11-22 21:43 - 2017-11-17 10:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-11-22 21:43 - 2017-11-17 10:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-11-22 21:43 - 2017-11-17 10:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2017-11-22 21:43 - 2017-11-17 10:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2017-11-22 21:43 - 2017-11-17 10:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2017-11-22 21:43 - 2017-11-17 10:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2017-11-22 21:43 - 2017-11-17 10:39 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-11-22 21:43 - 2017-11-17 10:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-11-22 21:43 - 2017-11-17 10:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-11-22 21:43 - 2017-11-17 10:36 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-11-22 21:43 - 2017-11-17 10:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2017-11-22 21:43 - 2017-11-17 10:11 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-11-22 21:43 - 2017-11-17 10:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-11-22 21:43 - 2017-11-17 10:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-11-22 21:43 - 2017-11-17 09:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-11-22 21:43 - 2017-11-17 09:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2017-11-22 21:43 - 2017-11-17 09:54 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-11-22 21:43 - 2017-11-17 09:52 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-11-22 21:43 - 2017-11-17 09:51 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-11-20 19:03 - 2017-11-20 19:03 - 000000000 ____D C:\Program Files\HP 2017-11-20 19:02 - 2017-11-20 19:03 - 000000000 ____D C:\ProgramData\HP 2017-11-18 20:29 - 2017-12-10 10:07 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware 2017-11-18 12:37 - 2017-11-18 12:37 - 000105682 _____ C:\Users\emi84\Documents\cc_20171118_123713.reg 2017-11-18 12:32 - 2017-11-18 15:23 - 000004212 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2017-11-18 12:32 - 2017-11-18 12:32 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2017-11-18 12:32 - 2017-11-18 12:32 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-11-18 12:32 - 2017-11-18 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-11-18 12:32 - 2017-11-18 12:32 - 000000000 ____D C:\Program Files\CCleaner 2017-11-18 12:31 - 2017-11-18 12:31 - 010849904 _____ (Piriform Ltd) C:\Users\emi84\Downloads\ccsetup537.exe 2017-11-18 12:20 - 2017-11-18 12:53 - 000000000 ____D C:\Program Files (x86)\Avira 2017-11-18 12:17 - 2017-11-18 12:18 - 272392312 _____ C:\Users\emi84\Downloads\avira_antivirus_it-it.exe 2017-11-18 12:01 - 2017-11-18 12:01 - 000000000 _____ C:\autoexec.bat 2017-11-15 22:08 - 2017-11-05 02:40 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-11-15 22:08 - 2017-11-05 02:40 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-11-15 17:46 - 2017-11-02 05:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2017-11-15 17:45 - 2017-11-02 06:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2017-11-15 17:45 - 2017-11-02 05:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-11-15 17:45 - 2017-11-02 05:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll 2017-11-15 17:45 - 2017-11-02 05:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2017-11-15 17:45 - 2017-11-02 05:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2017-11-15 17:45 - 2017-11-02 05:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2017-11-15 17:45 - 2017-11-02 05:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-11-15 17:45 - 2017-11-02 05:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll 2017-11-15 17:45 - 2017-11-02 05:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-11-15 17:45 - 2017-10-15 16:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-11-15 17:45 - 2017-10-15 15:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll 2017-11-15 17:45 - 2017-10-15 15:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2017-11-15 17:45 - 2017-10-15 15:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-11-15 17:45 - 2017-10-15 15:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll 2017-11-15 17:45 - 2017-10-15 15:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-11-15 17:45 - 2017-10-15 15:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2017-11-15 17:44 - 2017-11-02 06:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2017-11-15 17:44 - 2017-11-02 05:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-11-15 17:44 - 2017-11-02 05:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2017-11-15 17:44 - 2017-11-02 05:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-11-15 17:44 - 2017-11-02 05:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-11-15 17:44 - 2017-11-02 05:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2017-11-15 17:44 - 2017-11-02 05:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-11-15 17:44 - 2017-11-02 05:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-11-15 17:44 - 2017-11-02 05:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2017-11-15 17:44 - 2017-11-02 05:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2017-11-15 17:44 - 2017-11-02 05:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll 2017-11-15 17:44 - 2017-11-02 05:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-11-15 17:44 - 2017-11-02 05:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-11-15 17:44 - 2017-11-02 05:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2017-11-15 17:44 - 2017-11-02 05:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll 2017-11-15 17:44 - 2017-11-02 05:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll 2017-11-15 17:44 - 2017-11-02 05:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll 2017-11-15 17:44 - 2017-11-02 05:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2017-11-15 17:44 - 2017-11-02 05:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-11-15 17:44 - 2017-11-02 05:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2017-11-15 17:44 - 2017-10-25 08:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-11-15 17:44 - 2017-10-15 16:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-11-15 17:44 - 2017-10-15 16:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-11-15 17:44 - 2017-10-15 15:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2017-11-15 17:44 - 2017-10-15 15:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-11-15 17:43 - 2017-11-02 05:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-11-15 17:43 - 2017-11-02 05:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-11-15 17:43 - 2017-11-02 05:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-11-15 17:43 - 2017-11-02 05:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-11-15 17:43 - 2017-11-02 05:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-11-15 17:43 - 2017-11-02 05:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-11-15 17:43 - 2017-11-02 05:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll 2017-11-15 17:43 - 2017-11-02 05:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2017-11-15 17:43 - 2017-10-15 15:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-11-15 17:43 - 2017-10-15 15:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-11-15 17:41 - 2017-11-02 06:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-11-15 17:41 - 2017-11-02 05:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll 2017-11-15 17:41 - 2017-11-02 05:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-11-15 17:41 - 2017-11-02 05:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-11-15 17:41 - 2017-11-02 05:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll 2017-11-15 17:41 - 2017-11-02 05:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2017-11-15 17:41 - 2017-11-02 05:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll 2017-11-15 17:41 - 2017-11-02 05:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-11-15 17:41 - 2017-11-02 05:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll 2017-11-15 17:40 - 2017-11-02 05:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-11-15 17:40 - 2017-11-02 05:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-11-15 17:39 - 2017-11-02 05:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-11-15 17:39 - 2017-10-15 15:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-11-15 17:39 - 2017-10-15 15:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll 2017-11-15 17:39 - 2017-10-15 15:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2017-11-15 17:38 - 2017-11-02 06:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-11-15 17:38 - 2017-11-02 06:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-11-15 17:38 - 2017-11-02 06:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2017-11-15 17:38 - 2017-11-02 05:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-11-15 17:38 - 2017-11-02 05:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2017-11-15 17:38 - 2017-11-02 05:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-11-15 17:38 - 2017-11-02 05:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-11-15 17:38 - 2017-11-02 05:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-11-15 17:38 - 2017-11-02 05:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-11-15 17:38 - 2017-11-02 05:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2017-11-15 17:38 - 2017-11-02 05:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-11-15 17:38 - 2017-11-02 05:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-11-15 17:38 - 2017-11-02 05:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-11-15 17:38 - 2017-11-02 05:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-11-15 17:38 - 2017-10-15 15:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-11-14 22:47 - 2017-11-02 06:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-11-14 22:47 - 2017-11-02 06:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2017-11-14 22:47 - 2017-10-15 15:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll 2017-11-14 22:46 - 2017-11-02 06:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-11-14 22:46 - 2017-11-02 06:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-11-14 22:46 - 2017-11-02 06:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2017-11-14 22:46 - 2017-11-02 06:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-11-14 22:46 - 2017-11-02 06:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-11-14 22:46 - 2017-11-02 06:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2017-11-14 22:46 - 2017-11-02 06:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-11-14 22:46 - 2017-11-02 05:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2017-11-14 22:46 - 2017-11-02 05:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-11-14 22:46 - 2017-11-02 05:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-11-14 22:46 - 2017-11-02 05:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-11-14 22:46 - 2017-11-02 05:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll 2017-11-14 22:46 - 2017-11-02 05:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-11-14 22:46 - 2017-11-02 05:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-11-14 22:46 - 2017-11-02 05:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-11-14 22:46 - 2017-11-02 05:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-11-14 22:46 - 2017-11-02 05:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-11-14 22:46 - 2017-10-15 15:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2017-11-14 22:46 - 2017-10-15 15:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll 2017-11-14 22:46 - 2017-10-15 15:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-11-14 22:46 - 2017-10-15 15:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-11-14 22:45 - 2017-11-02 06:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys 2017-11-14 22:45 - 2017-11-02 05:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys 2017-11-14 22:45 - 2017-11-02 05:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-11-14 22:45 - 2017-11-02 05:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2017-11-14 22:45 - 2017-11-02 05:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll 2017-11-14 22:45 - 2017-11-02 05:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll 2017-11-14 22:45 - 2017-11-02 05:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-11-14 22:45 - 2017-11-02 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2017-11-14 22:45 - 2017-10-15 15:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2017-11-14 22:45 - 2017-10-15 15:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2017-11-14 22:45 - 2017-10-15 15:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-11-14 22:45 - 2017-10-15 15:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll 2017-11-14 22:44 - 2017-11-02 06:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2017-11-14 22:44 - 2017-11-02 06:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2017-11-14 22:44 - 2017-11-02 06:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2017-11-14 22:44 - 2017-11-02 06:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2017-11-14 22:44 - 2017-11-02 06:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2017-11-14 22:44 - 2017-11-02 05:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-11-14 22:44 - 2017-11-02 05:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-11-14 22:44 - 2017-11-02 05:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-11-14 22:44 - 2017-11-02 05:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-11-14 22:44 - 2017-11-02 05:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2017-11-14 22:44 - 2017-11-02 05:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-11-14 22:44 - 2017-11-02 05:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll 2017-11-14 22:44 - 2017-11-02 05:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe 2017-11-14 22:44 - 2017-11-02 05:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2017-11-14 22:44 - 2017-11-02 05:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2017-11-14 22:44 - 2017-11-02 05:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll 2017-11-14 22:44 - 2017-11-02 05:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll 2017-11-14 22:44 - 2017-11-02 05:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2017-11-14 22:44 - 2017-11-02 05:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2017-11-14 22:44 - 2017-11-02 05:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2017-11-14 22:44 - 2017-11-02 05:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2017-11-14 22:44 - 2017-11-02 05:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-11-14 22:44 - 2017-11-02 05:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2017-11-14 22:44 - 2017-11-02 05:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2017-11-14 22:44 - 2017-11-02 05:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2017-11-14 22:44 - 2017-11-02 05:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-11-14 22:44 - 2017-11-02 05:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2017-11-14 22:44 - 2017-11-02 05:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2017-11-14 22:44 - 2017-11-02 05:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2017-11-14 22:44 - 2017-11-02 05:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-11-14 22:44 - 2017-11-02 05:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-11-14 22:44 - 2017-10-15 15:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-11-14 22:44 - 2017-10-15 15:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-11-14 22:44 - 2017-10-15 15:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-11-14 22:44 - 2017-10-15 15:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-11-14 22:44 - 2017-10-15 15:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll 2017-11-14 22:43 - 2017-11-02 06:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2017-11-14 22:43 - 2017-11-02 06:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-11-14 22:43 - 2017-11-02 06:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2017-11-14 22:43 - 2017-11-02 06:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2017-11-14 22:43 - 2017-11-02 05:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-11-14 22:43 - 2017-11-02 05:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll 2017-11-14 22:43 - 2017-11-02 05:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-11-14 22:43 - 2017-11-02 05:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2017-11-14 22:43 - 2017-11-02 05:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll 2017-11-14 22:43 - 2017-11-02 05:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2017-11-14 22:43 - 2017-11-02 05:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll 2017-11-14 22:43 - 2017-11-02 05:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-11-14 22:43 - 2017-11-02 05:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2017-11-14 22:43 - 2017-11-02 05:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-11-14 22:43 - 2017-11-02 05:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-11-14 22:43 - 2017-11-02 05:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-11-14 22:43 - 2017-11-02 05:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-11-14 22:43 - 2017-11-02 05:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-11-14 22:43 - 2017-11-02 05:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-11-14 22:43 - 2017-10-15 15:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-11-14 22:43 - 2017-10-15 15:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-11-14 22:43 - 2017-10-15 15:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2017-11-14 22:43 - 2017-10-15 15:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-11-14 22:43 - 2017-10-15 15:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-11-13 23:25 - 2017-11-13 23:25 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe 2017-11-13 23:24 - 2017-11-18 13:00 - 000000000 ____D C:\Program Files\KMSpico 2017-11-13 23:24 - 2017-11-18 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico 2017-11-13 23:24 - 2010-12-06 03:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll 2017-11-13 23:15 - 2017-11-13 23:15 - 000130452 _____ C:\Users\emi84\Downloads\officeact.diagcab 2017-11-10 01:09 - 2017-11-10 01:09 - 000000000 ____D C:\Users\emi84\Documents\Modelli di Office personalizzati ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-10 12:34 - 2017-10-11 00:44 - 000004188 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6E516240-06AD-45C2-9931-D2BCB2D65BD0} 2017-12-10 12:01 - 2017-10-11 00:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-12-10 12:01 - 2017-03-19 10:57 - 000000000 __SHD C:\Users\emi84\IntelGraphicsProfiles 2017-12-10 03:45 - 2017-10-11 00:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-12-10 03:45 - 2017-03-18 12:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2017-12-10 03:27 - 2017-10-11 00:22 - 000000000 ____D C:\Users\emi84 2017-12-09 23:55 - 2017-10-11 00:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-12-09 16:26 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-12-09 16:26 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-12-09 16:18 - 2017-10-11 00:13 - 000277584 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-12-09 16:17 - 2017-04-17 21:55 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForemi84.job 2017-12-09 01:07 - 2017-03-25 22:57 - 000000000 ____D C:\Users\emi84\AppData\Roaming\vlc 2017-12-06 13:47 - 2017-03-19 03:30 - 000000000 ____D C:\WINDOWS\OCR 2017-12-06 13:47 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-12-06 13:09 - 2017-10-11 00:44 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForemi84 2017-12-05 23:23 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF 2017-12-05 20:53 - 2017-10-27 18:24 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-12-05 20:52 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-12-05 20:52 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2017-12-05 20:50 - 2017-08-25 19:45 - 000000000 ____D C:\Program Files\Microsoft Office 2017-11-28 22:46 - 2017-03-19 10:57 - 000000000 ____D C:\Users\emi84\AppData\Local\Packages 2017-11-26 19:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache 2017-11-22 23:36 - 2017-03-18 12:03 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-11-21 19:28 - 2017-03-18 14:19 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-11-18 16:59 - 2017-03-19 12:40 - 000002115 _____ C:\Users\Public\Desktop\Google Slides.lnk 2017-11-18 16:59 - 2017-03-19 12:40 - 000002103 _____ C:\Users\Public\Desktop\Google Docs.lnk 2017-11-18 16:59 - 2017-03-19 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2017-11-18 12:46 - 2017-04-04 14:56 - 000000000 ____D C:\ProgramData\Package Cache 2017-11-18 12:33 - 2017-10-10 23:09 - 000000000 ___DC C:\WINDOWS\Panther 2017-11-18 11:58 - 2017-03-18 11:57 - 000980546 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-11-17 20:12 - 2017-10-27 18:25 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2017-11-15 22:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\appraiser 2017-11-15 22:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-11-15 22:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning 2017-11-15 22:04 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2017-11-15 22:04 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-11-15 21:01 - 2017-10-11 00:44 - 000004748 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-11-15 21:01 - 2017-10-11 00:44 - 000004570 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-11-15 21:01 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-11-15 21:01 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-11-15 17:53 - 2017-10-11 00:44 - 000003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-15 17:53 - 2017-10-11 00:44 - 000003544 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-14 22:42 - 2017-03-19 12:16 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-11-14 22:33 - 2017-10-10 21:33 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-11-14 22:33 - 2017-03-19 12:16 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-11-14 21:03 - 2017-03-18 12:53 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-13 23:18 - 2017-09-09 10:11 - 000000000 ____D C:\Users\emi84\AppData\Local\ElevatedDiagnostics ==================== Files in the root of some directories ======= 2017-03-24 19:41 - 2017-03-24 19:41 - 000000001 _____ () C:\Users\emi84\AppData\Local\llftool.4.40.agreement Some files in TEMP: ==================== 2017-11-20 19:02 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\emi84\AppData\Local\Temp\TAInstaller.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-12-07 01:02 ==================== End of FRST.txt ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top