1. #1

    Join Date
    Jul 2017
    Location
    MILANO
    Posts
    32

    [Win7SP1Ult x86] PC checked for malware

    Good evening.
    i was just asking if there are any possibilities to check my pc for malware or virus-
    i have already posted another thread about windows update error but before going on a security check is required.
    thank you
    Gianfranco


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Moderator
    BSOD Kernel Dump Analyst
    Windows Update Senior Analyst
    softwaremaniac's Avatar
    Join Date
    Oct 2014
    Location
    Croatia
    Age
    22
    Posts
    9,383
    • specs System Specs
      • Motherboard:
        ASUS MAXIMUS ROG HERO X
      • CPU:
        Intel Core i7-8700K 3.7GHz
      • Memory:
        Crucial 2x8GB DDR4 2666 MHz
      • Graphics:
        Gigabyte GTX 1080 G1 Gaming 8 GB
      • Sound Card:
        Asus Xonar DSX
      • Hard Drives:
        WD Caviar Black 1TB SATA III 7200rpm, WD Caviar Black 6TB SATA III 7200rpm
      • Disk Drives:
        Samsung 960 Evo 256GB NVME PCIe
      • Power Supply:
        Corsair HX 750W 80+ Platinum
      • Case:
        Fractal Design Define R6
      • Cooling:
        Noctua NH-D14
      • Display:
        Philips Brilliance BDM4065UC 4K 3840x2160
      • Operating System:
        Windows 10 Pro 1803 x64

    Re: PC checked for malware

    Follow these instructions and provide the logs for the analysts: Malware Removal Posting Instructions

  3. #3

    Join Date
    Jul 2017
    Location
    MILANO
    Posts
    32

    security check for virus and malware

    Hello
    these are my logs file after the scanning of farbar recovery and security analisys:
    previously i have token these action by myself:
    i have run a Malwarebytes full scanning and quarantined all the items found.
    ADW Cleaner and junkware removals tool full scan and remove.
    Norton power eraser full scan and remove.
    1
    SAL.log:
    Result of Security Analysis by Rocket Grannie (x86) Updated: 25th July, 2017
    Running from:C:\Users\Gianfranco\Desktop (22:08:47 - 08/02/2017)
    ***---------------------------------------------------------***
    Microsoft Windows 7 Ultimate X86 Service Pack 1
    UAC is Enabled
    Internet Explorer 11
    Default Browser: Google Chrome
    ***------------Antivirus - Antispyware - Firewall-----------***
    Windows Defender (Enabled - up to Date)
    Windows Firewall (Enabled)
    No other Firewall Installed
    ***-------Security Programs - Browsers - Miscellaneous------***
    Adobe Flash Player 26 NPAPI is not installed
    Google Chrome (59.0.3071.115)
    Malwarebytes (3.1.2.1733)
    Mozilla Firefox (54.0.1)
    Opera (46.0.2597.57)


    ***----------------Analysis Complete-------------------------***

  4. #4

    Join Date
    Jul 2017
    Location
    MILANO
    Posts
    32

    Farbar recovery logs

    Hi,these are the two logs from the farbar recovery scan:

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-07-2017
    Ran by Gianfranco (02-08-2017 22:03:42)
    Running from C:\Users\Gianfranco\Desktop
    Microsoft Windows 7 Ultimate Service Pack 1 (X86) (1980-01-03 23:34:37)
    Boot Mode: Normal
    ==========================================================




    ==================== Accounts: =============================


    Administrator (S-1-5-21-1476158224-1758418250-2409185508-500 - Administrator - Disabled)
    Gianfranco (S-1-5-21-1476158224-1758418250-2409185508-1005 - Administrator - Enabled) => C:\Users\Gianfranco
    Guest (S-1-5-21-1476158224-1758418250-2409185508-501 - Limited - Disabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-1476158224-1758418250-2409185508-1002 - Limited - Enabled)


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    Adobe Acrobat Reader DC - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
    Adobe Flash Player 26 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
    ATI Catalyst Install Manager (HKLM\...\{A990D795-F751-39DA-DDD4-07ED04CEC7CE}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
    Avira Phantom VPN (HKLM\...\Avira Phantom VPN) (Version: 2.9.1.24376 - Avira Operations GmbH & Co. KG)
    Bluetooth by hp 6.0.1.5400 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.5400 - HP)
    ccc-core-static (HKLM\...\{8F2895E3-55EA-DF79-FA18-4ADF91B0C85D}) (Version: 2009.0521.2235.38731 - Nome societÓ) Hidden
    DriverUpdate (HKLM\...\{53C9EBD2-F3F7-49BB-BDB4-147D3A4D5E6D}) (Version: 2.7.10 - Slimware Utilities Holdings, Inc.) Hidden
    Dropbox (HKLM\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
    GeekBuddy (HKLM\...\{4D089441-49CB-4109-85FC-22BF8026156E}) (Version: 4.30.227 - Comodo Security Solutions Inc) Hidden
    Google Chrome (HKLM\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
    Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
    HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
    Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 21.0 - Intel)
    Intel« Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    LibreOffice 5.2 Help Pack (Italian) (HKLM\...\{D2E4AB0F-6585-4D5F-82C7-5F23E85BB56F}) (Version: 5.2.4.2 - The Document Foundation)
    LibreOffice 5.3.3.2 (HKLM\...\{C7C4A0C6-8483-4065-851D-CBE5DC17D046}) (Version: 5.3.3.2 - The Document Foundation)
    Malwarebytes versione 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
    Metadefender Endpoint (HKLM\...\{8AF70079-42E8-4194-A888-38711BD0F50E}) (Version: 7.6.51.0 - OPSWAT, Inc.) Hidden
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Mozilla Firefox 54.0.1 (x86 it) (HKLM\...\Mozilla Firefox 54.0.1 (x86 it)) (Version: 54.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
    Opera Stable 46.0.2597.57 (HKLM\...\Opera 46.0.2597.57) (Version: 46.0.2597.57 - Opera Software)
    Pacchetto driver Windows - Broadcom Corporation (bcbtums) Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\813EA266E806F300A8DAF30E5D823E268290B5D6) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
    Pacchetto driver Windows - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\13729598EDD1F263DD26E8584C5F347C88091A2E) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
    Pacchetto driver Windows - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\2A46B60EC8D844CB8197312FE2B88EF0F6B7E935) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
    Pacchetto driver Windows - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\ECAD4CB7FB923B839B29420FF9DFC73C3D3D28FE) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
    Pacchetto driver Windows - Hewlett-Packard Development Company, L.P. (HBtnKey) HIDClass (01/24/2011 7.0.1.1) (HKLM\...\8EF10903EB813896D7DB22DD77CACCAA71057711) (Version: 01/24/2011 7.0.1.1 - Hewlett-Packard Development Company, L.P.)
    Pacchetto driver Windows - LSI (AgereSoftModem) Modem (01/26/2010 2.2.100) (HKLM\...\79152FF461CD831C0CFE59C4F4C257E7F535AE47) (Version: 01/26/2010 2.2.100 - LSI)
    QLBCASL (HKLM\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
    Sendspace Wizard (HKLM\...\{1636273D-F29B-4E1F-8E83-2DD0536C3C3A}) (Version: 1.6.3.0 - sendspace.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
    Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
    Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (HKLM\...\0973B297E079B467E3776E59F763D63FD557795B) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ContextMenuHandlers1: [Pointstone SecureErase] -> {432FD30C-8EA7-4347-87C1-1AE8A1A424C7} => -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2009-05-21] (Advanced Micro Devices, Inc.)
    ContextMenuHandlers5: [BDPCAppStoreShellEx] -> {787E1E4D-42BC-4BA7-A7B2-7C00DB80E2CE} => -> No File
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)


    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {173DF5C6-5EE4-43F4-9961-1AE7EC2F89D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-12] (Adobe Systems Incorporated)
    Task: {2DEB3CDA-B179-484C-9ADD-08EDC9036FDA} - System32\Tasks\Opera scheduled Autoupdate 1500277482 => C:\Program Files\Opera\launcher.exe [2017-07-18] (Opera Software)
    Task: {32A4FA44-470C-4AB2-857E-D7F763D70109} - \Xvirus startup -> No File <==== ATTENTION
    Task: {40F2ECB0-32CF-4767-B92F-85268C464856} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-02-07] (Google Inc.)
    Task: {4D62BE63-50C7-4E24-AB09-A5672D4FA82F} - System32\Tasks\Run Metadefender on log on => C:\Users\Gianfranco\AppData\Roaming\Metadefender-Local\MetadefenderApp.exe [2017-05-19] (OPSWAT)
    Task: {6F4E0ACD-36BE-4EA0-83C4-41CE0B922E09} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work => C:\Windows\SYSTEM32\WorkFoldersSystemTray.exe [2015-09-04] (Microsoft Corporation)
    Task: {7E7FABC9-332E-4347-B4BC-AB636BC34E6F} - System32\Tasks\Microsoft\Windows\PLA\System\{E751960D-DAE8-4A3C-A04B-9A412B7910BE}_System Diagnostics => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
    Task: {7F795525-21D2-4646-9343-09EE536C02B0} - System32\Tasks\{D5C5D02F-DC08-42BE-87FD-B6654971B8DE} => C:\Users\Gianfranco\Downloads\HP Recovery Manager .exe [2017-07-24] (Hewlett-Packard )
    Task: {8450F349-53C9-4E3D-9B31-29597F21090E} - System32\Tasks\{2C5A71CC-8ED9-4ED8-A9DB-9E032053DB45} => C:\Users\Gianfranco\Downloads\HP Recovery Manager .exe [2017-07-24] (Hewlett-Packard )
    Task: {8BC1DE84-C5EE-487B-95F8-E5D8205893F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-02-07] (Google Inc.)
    Task: {9D64C04F-C0C8-42BE-BFDF-DC5654A3BF2B} - System32\Tasks\{C3962BAB-695E-4C17-AA67-022ED2A52725} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-08-14] (Broadcom Corporation.)
    Task: {9E9DF8D3-7A97-45A7-9518-B84614FB4CE6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
    Task: {A208CF50-D864-49A6-8847-2706C6A9FB73} - System32\Tasks\{C80A2E41-E015-4715-A02D-EA62001B7D3D} => C:\Windows\System32\fsquirt.exe [2016-03-25] (Microsoft Corporation)
    Task: {AA286E12-0855-47A5-BADA-75E4900DEA5C} - System32\Tasks\{75ABFE56-3C82-4F01-A5BC-746CFEB81297} => C:\Windows\system32\pcalua.exe -a C:\Users\ElectronicHouse\Downloads\RevoUninstaller_Portable\RevoUninstaller_Portable\x86\RevoUn.exe -d C:\Users\ElectronicHouse\Downloads\RevoUninstaller_Portable\RevoUninstaller_Portable\x86
    Task: {C06F6AFA-125C-4E79-BEFC-D3D9F0BEBF70} - System32\Tasks\{A5481947-B903-4A9C-B3B8-05736C067263} => C:\Windows\system32\pcalua.exe -a C:\Users\ElectronicHouse\Downloads\sp45384.exe -d C:\Users\ElectronicHouse\Downloads
    Task: {C1933613-3817-4090-BB40-BFDA700E1A3A} - \Security Reviver_startup -> No File <==== ATTENTION
    Task: {C8319938-07D3-469E-8415-E209734E582C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12] (Adobe Systems Incorporated)
    Task: {DA21E9E2-5CDB-4837-8F9B-BB6CBEDF8E0C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-07-30] (Dropbox, Inc.)
    Task: {E29F38EC-C31B-4C06-B754-46D804B6563D} - System32\Tasks\{CA9A5B1E-C7B6-40C7-931E-E72553CA074F} => C:\Windows\system32\pcalua.exe -a C:\Users\ElectronicHouse\Downloads\atool\atool1.0.0.22\atool.exe -d C:\Users\ElectronicHouse\Downloads\atool\atool1.0.0.22
    Task: {F1A04C2F-B97A-4130-97DB-4C6FB47F9F9E} - System32\Tasks\{55CE7D3E-9BE5-44A1-9CCD-B94B6F104B91} => C:\Users\Gianfranco\Downloads\HP Recovery Manager .exe [2017-07-24] (Hewlett-Packard )
    Task: {F3BF5ED3-2F86-43EE-9681-BB7F451B417D} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => C:\Windows\system32\CScript.exe "C:\ProgramData\Duplicaterecord.js"
    Task: {F54B7B6A-A200-4D6A-A1E6-E8388018CDFB} - System32\Tasks\{1F0515E1-D8EB-4831-9BB2-56951DBB803D} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-08-14] (Broadcom Corporation.)
    Task: {FD352569-961E-4A5C-9DF6-914F33C89DA4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-07-30] (Dropbox, Inc.)


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe


    ==================== Shortcuts & WMI ========================


    (The entries could be listed to be restored or removed.)




    ==================== Loaded Modules (Whitelisted) ==============


    2017-07-30 12:40 - 2017-07-12 21:58 - 000746816 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
    2017-07-30 12:40 - 2017-07-12 21:58 - 001787200 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll
    2017-07-30 12:40 - 2017-07-12 21:58 - 000100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
    2017-07-30 12:40 - 2017-07-12 22:01 - 000020800 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
    2017-07-30 12:40 - 2017-07-12 21:59 - 000021848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000125904 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
    2017-07-30 12:40 - 2017-07-12 21:59 - 001862992 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2017-07-30 12:40 - 2017-07-12 21:59 - 000022864 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000020432 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
    2017-07-30 12:40 - 2017-07-12 21:58 - 000105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
    2017-07-30 12:40 - 2017-07-12 22:01 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
    2017-07-30 12:40 - 2017-07-12 21:59 - 000062784 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
    2017-07-30 12:40 - 2017-07-12 21:59 - 000040248 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
    2017-07-30 12:40 - 2017-07-12 21:58 - 000020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
    2017-07-30 12:40 - 2017-07-12 22:01 - 000392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
    2017-07-30 12:40 - 2017-07-12 22:01 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
    2017-07-30 12:40 - 2017-07-12 21:59 - 000022336 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2017-07-30 12:40 - 2017-07-12 22:01 - 000082264 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
    2017-07-30 12:40 - 2017-07-12 22:01 - 000025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2017-07-30 12:40 - 2017-07-12 21:59 - 000027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
    2017-07-30 12:40 - 2017-07-12 22:00 - 003928896 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
    2017-07-30 12:40 - 2017-07-12 21:59 - 001826104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
    2017-07-30 12:40 - 2017-07-12 22:00 - 001972024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
    2017-07-30 12:40 - 2017-07-12 22:00 - 000171336 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
    2017-07-30 12:40 - 2017-07-12 22:00 - 000042816 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
    2017-07-30 12:40 - 2017-07-12 22:00 - 000531264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
    2017-07-30 12:40 - 2017-07-12 22:00 - 000133432 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
    2017-07-30 12:40 - 2017-07-12 22:00 - 000224064 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2017-07-30 12:40 - 2017-07-12 22:00 - 000207680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
    2017-07-30 12:40 - 2017-07-12 22:01 - 000054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
    2017-07-30 12:40 - 2017-07-12 22:01 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
    2017-07-30 12:40 - 2017-07-12 22:01 - 000022872 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
    2017-07-30 12:40 - 2017-07-12 22:01 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
    2017-07-30 12:40 - 2017-07-12 22:01 - 000022872 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
    2017-07-30 12:40 - 2017-07-12 22:01 - 000023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
    2017-07-30 12:40 - 2017-07-12 21:59 - 000025936 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2017-07-30 12:40 - 2017-07-12 21:58 - 000036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
    2017-07-30 12:40 - 2017-07-12 21:59 - 000181056 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
    2017-07-30 12:40 - 2017-07-12 22:01 - 000030536 _____ () C:\Program Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
    2017-07-30 12:40 - 2017-07-12 21:59 - 000024368 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
    2017-07-30 12:40 - 2017-07-12 21:59 - 001637688 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
    2017-07-30 12:40 - 2017-07-12 22:01 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
    2017-07-30 12:40 - 2017-07-12 22:01 - 000023368 _____ () C:\Program Files\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
    2017-07-30 12:40 - 2017-07-12 22:00 - 000546104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
    2017-07-30 12:40 - 2017-07-12 22:00 - 000357688 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
    2007-08-14 16:35 - 2007-08-14 16:35 - 000389120 _____ () C:\Windows\system32\btwhidcs.DLL
    2007-08-14 16:46 - 2007-08-14 16:46 - 000126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
    1980-01-04 01:14 - 1980-01-04 01:14 - 000014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
    2008-12-18 16:03 - 2008-12-18 16:03 - 000020480 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2017-07-17 09:43 - 2017-06-23 04:21 - 002877272 _____ () C:\Program Files\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
    2017-07-17 09:43 - 2017-06-23 04:21 - 000086360 _____ () C:\Program Files\Google\Chrome\Application\59.0.3071.115\libegl.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)




    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"


    ==================== Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)




    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)




    ==================== Hosts content: ==========================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2009-07-14 04:04 - 2017-07-15 22:28 - 000001254 _____ C:\Windows\system32\Drivers\etc\hosts


    127.0.0.1 localhost
    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 api.recommendedsw.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com
    0.0.0.0 cdn.appround.biz
    0.0.0.0 cdn.bigspeedpro.com


    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-1476158224-1758418250-2409185508-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Gianfranco\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 8.8.8.8 - 8.8.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    MSCONFIG\Services: isesrv => 2
    MSCONFIG\Services: McComponentHostService => 2
    MSCONFIG\Services: SkypeUpdate => 3
    MSCONFIG\Services: TrueKey => 2
    MSCONFIG\Services: TrueKeyScheduler => 2
    MSCONFIG\Services: TrueKeyServiceHelper => 3


    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [{F748D433-3F67-4F7A-AB04-D308267F9605}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{B252226A-3403-4F91-B56B-4F65C4B1A5F3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{0B5A3F3A-B5BF-49FF-9C0F-5D9ACBEEAD35}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{5733172A-1990-49E3-9A44-BC5305D91E11}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
    FirewallRules: [UDP Query User{F5CFBC8B-8E16-40EF-A74C-15B42B7842DB}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
    FirewallRules: [{4C84A88B-3203-44A0-B9F1-ED1E99472722}] => (Block) LPort=445
    FirewallRules: [{61798CAB-1899-4512-A0C0-7376EA2BB55D}] => (Block) LPort=445
    FirewallRules: [{BF704315-B36B-45CC-ABB6-663B535BEDB4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [{98BF8F2C-8ABD-471A-B9EA-B332F1AB2AA8}] => (Allow) C:\Program Files\Opera\46.0.2597.46\opera.exe
    FirewallRules: [{4D27CDD2-AB55-487E-85E1-9E93DD551A64}] => (Allow) C:\Program Files\Opera\46.0.2597.57\opera.exe
    FirewallRules: [{BF3D4DE9-1231-4214-9118-3DF727FCFEC8}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe


    ==================== Restore Points =========================




    ==================== Faulty Device Manager Devices =============




    ==================== Event log errors: =========================


    Application errors:
    ==================
    Error: (08/02/2017 09:47:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nome dell'applicazione che ha generato l'errore: Explorer.EXE, versione: 6.1.7601.23537, timestamp: 0x57c44cc4
    Nome del modulo che ha generato l'errore: DUI70.dll, versione: 6.1.7601.23403, timestamp: 0x56f5833e
    Codice eccezione: 0xc0000005
    Offset errore 0x00061fc5
    ID processo che ha generato l'errore: 0x63c
    Ora di avvio dell'applicazione che ha generato l'errore: 0x01d30bc7a0fd99d9
    Percorso dell'applicazione che ha generato l'errore: C:\Windows\Explorer.EXE
    Percorso del modulo che ha generato l'errore: C:\Windows\system32\DUI70.dll
    ID segnalazione: 69b27164-77bb-11e7-a25e-001e3769746c


    Error: (08/02/2017 01:30:48 PM) (Source: PerfNet) (EventID: 2002) (User: )
    Description: Impossibile aprire l'oggetto prestazione del servizio Redirector. I primi quattro byte (DWORD) della sezione Data contengono il codice di stato.


    Error: (08/02/2017 01:29:32 PM) (Source: PerfNet) (EventID: 2002) (User: )
    Description: Impossibile aprire l'oggetto prestazione del servizio Redirector. I primi quattro byte (DWORD) della sezione Data contengono il codice di stato.


    Error: (08/02/2017 01:29:23 PM) (Source: PerfNet) (EventID: 2002) (User: )
    Description: Impossibile aprire l'oggetto prestazione del servizio Redirector. I primi quattro byte (DWORD) della sezione Data contengono il codice di stato.




    System errors:
    =============
    Error: (08/02/2017 09:52:20 PM) (Source: volsnap) (EventID: 14) (User: )
    Description: Le copie shadow del volume C: sono state interrotte. Errore IO sul volume C:.


    Error: (08/02/2017 09:48:16 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: Il server {995C996E-D918-4A8C-A302-45719A6F4EA7} non si Ŕ registrato con DCOM entro il timeout richiesto.


    Error: (08/02/2017 09:47:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: Servizio Eventi acquisizione Still Image terminato. Errore specifico del servizio La chiamata di procedura remota non Ŕ riuscita.
    .


    Error: (08/02/2017 09:47:25 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Impossibile avviare correttamente il servizio "WMPNetworkSvc". CoCreateInstance(CLSID_UPnPDeviceFinder) ha rilevato l'errore "0x80004005 ". Verificare che il servizio UPnPHost sia avviato e che il componente UPnPHost di Windows sia installato correttamente.


    Error: (08/02/2017 09:47:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: All'avvio non Ŕ stato possibile caricare i seguenti driver:
    raeehd


    Error: (08/02/2017 09:47:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: Servizio Cartelle di lavoro bloccato in partenza.


    Error: (08/02/2017 09:45:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: Il servizio Adattatore listener Net.Tcp dipende dal servizio was, che potrebbe non essere installato.


    Error: (08/02/2017 09:45:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: Il servizio Adattatore listener Net.Msmq dipende dal servizio msmq, che potrebbe non essere installato.


    Error: (08/02/2017 09:45:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Il servizio hpqwmiex non Ŕ stato avviato per il seguente errore:
    Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.


    Error: (08/02/2017 09:45:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (120000 millisecondi) durante l'attesa della connessione del servizio hpqwmiex.




    CodeIntegrity:
    ===================================
    Date: 2017-06-21 23:57:28.426
    Description: Impossibile verificare l'integritÓ dell'immagine del file \Device\HarddiskVolume2\Users\ELECTR~1\AppData\Local\Temp\34498E819.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.


    Date: 2017-06-21 23:57:28.420
    Description: Impossibile verificare l'integritÓ dell'immagine del file \Device\HarddiskVolume2\Users\ELECTR~1\AppData\Local\Temp\34498E819.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.


    Date: 2017-06-20 14:00:10.034
    Description: Controllo dell'integritÓ del codice: impossibile verificare l'integritÓ dell'immagine del file \Device\HarddiskVolume2\Windows\System32\cssguard32.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.


    Date: 2017-06-20 13:55:14.520
    Description: Controllo dell'integritÓ del codice: impossibile verificare l'integritÓ dell'immagine del file \Device\HarddiskVolume2\Windows\System32\cssguard32.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.


    Date: 2017-06-20 13:55:14.500
    Description: Controllo dell'integritÓ del codice: impossibile verificare l'integritÓ dell'immagine del file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.


    Date: 2017-06-20 13:55:14.120
    Description: Controllo dell'integritÓ del codice: impossibile verificare l'integritÓ dell'immagine del file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.


    Date: 2017-06-20 13:43:20.126
    Description: Controllo dell'integritÓ del codice: impossibile verificare l'integritÓ dell'immagine del file \Device\HarddiskVolume2\Windows\System32\cssguard32.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.


    Date: 2017-06-20 13:43:20.110
    Description: Controllo dell'integritÓ del codice: impossibile verificare l'integritÓ dell'immagine del file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.


    Date: 2017-06-20 13:43:19.736
    Description: Controllo dell'integritÓ del codice: impossibile verificare l'integritÓ dell'immagine del file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.


    Date: 2017-06-20 13:38:25.026
    Description: Controllo dell'integritÓ del codice: impossibile verificare l'integritÓ dell'immagine del file \Device\HarddiskVolume2\Windows\System32\cssguard32.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.




    ==================== Memory info ===========================


    Processor: Intel(R) Core(TM)2 Duo CPU T5470 @ 1.60GHz
    Percentage of memory in use: 67%
    Total physical RAM: 2047.3 MB
    Available physical RAM: 666.7 MB
    Total Virtual: 4094.61 MB
    Available Virtual: 2511.1 MB


    ==================== Drives ================================


    Drive c: () (Fixed) (Total:148.95 GB) (Free:116.46 GB) NTFS


    ==================== MBR & Partition Table ==================


    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 7F7CD770)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)


    ==================== End of Addition.txt ============================

  5. #5
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,716

    Re: PC checked for malware

    Hi, Gianfranco.

    We also need the FRST.txt log. Please go to the FRST folder on your desktop and open FRST.txt. Copy and paste the log as a reply here.

    Thanks.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  6. #6

    Join Date
    Jul 2017
    Location
    MILANO
    Posts
    32

    Re: PC checked for malware

    Good evening Corrine.
    That s the FRST.txt log.....but it seems to short.
    I hope that there is not any mistake.
    Thank you for your kind attention:


    LastRegBack: 2017-04-06 13:45


    ==================== End of FRST.txt ============================

  7. #7

    Join Date
    Jul 2017
    Location
    MILANO
    Posts
    32

    Re: PC checked for malware

    Hi Corrine.
    I have found a second folder named FRST (2):
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-07-2017
    Ran by Gianfranco (administrator) on EH-PC (02-08-2017 22:02:59)
    Running from C:\Users\Gianfranco\Desktop
    Loaded Profiles: Gianfranco (Available Profiles: Gianfranco & Guest)
    Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Italiano (Italia)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
    (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
    (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\VPN\Avira.VpnService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
    ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Sysinternals) C:\Windows\PSEXESVC.EXE
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe


    ==================== Registry (Whitelisted) ====================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
    HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
    HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-05-21] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
    HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3486520 2017-07-12] (Dropbox, Inc.)
    HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKLM\...\Policies\Explorer: [NoResolveSearch] 0
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [1980-01-04]
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk [2017-04-07]
    ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    GroupPolicy: Restriction ? <==== ATTENTION
    GroupPolicyScripts: Restriction <==== ATTENTION


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
    Tcpip\..\Interfaces\{A05F4387-CEAF-48BF-9D4D-0F1E0CCC4944}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{A05F4387-CEAF-48BF-9D4D-0F1E0CCC4944}: [DhcpNameServer] 192.168.1.1 192.168.1.1


    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-1476158224-1758418250-2409185508-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/it-it/?ocid=iehp
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}


    FireFox:
    ========
    FF DefaultProfile: h2ihtrgj.default
    FF ProfilePath: C:\Users\Gianfranco\AppData\Roaming\Mozilla\Firefox\Profiles\h2ihtrgj.default [2017-07-31]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)


    Chrome:
    =======
    CHR HomePage: Default -> hxxps://search.yahoo.com/?fr=vmn&type=auslog_ya_hp
    CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?fr=vmn&type=auslog_ya_hp","hxxp://www.google.com/"
    CHR Profile: C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default [2017-08-02]
    CHR Extension: (Documenti Google) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-19]
    CHR Extension: (Google Drive) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-19]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-07-21]
    CHR Extension: (YouTube) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-19]
    CHR Extension: (Adobe Acrobat) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-19]
    CHR Extension: (Avast Passwords) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-07-21]
    CHR Extension: (Google Documenti offline) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-19]
    CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-19]
    CHR Extension: (Gmail) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-19]
    CHR Extension: (Chrome Media Router) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-19]
    CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx


    ==================== Services (Whitelisted) ====================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
    R2 AviraPhantomVPN; C:\Program Files\Avira\VPN\Avira.VpnService.exe [322616 2017-07-13] (Avira Operations GmbH & Co. KG)
    S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-30] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-30] (Dropbox, Inc.)
    R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42824 2017-07-12] (Dropbox, Inc.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
    R2 PSEXESVC; C:\Windows\PSEXESVC.EXE [181064 2017-06-23] (Sysinternals)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2016-03-25] (Microsoft Corporation)


    ===================== Drivers (Whitelisted) ======================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R1 AppProtectEx; C:\Windows\System32\drivers\AppProtectEx.sys [104256 2014-10-23] (Baidu, Inc.)
    R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [46440 2015-03-31] (Baidu, Inc.)
    S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-02-11] (IVT Corporation.)
    R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-12-25] (Windows (R) Win 7 DDK provider)
    S3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [56832 2017-02-11] (GenesysLogic)
    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43176 2015-08-27] (ThreatTrack Security)
    S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [25440 2016-03-04] (ThreatTrack Security)
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [47552 2017-06-20] ()
    R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-02-11] (REALiX(tm))
    R2 inpout32; C:\Windows\System32\Drivers\inpout32.sys [11936 2017-06-26] (Highresolution Enterprises [www.highrez.co.uk])
    R0 kavbootc; C:\Windows\System32\drivers\kavbootc.sys [31592 1980-01-04] (Kingsoft Corporation)
    S3 ksapi; C:\Windows\system32\drivers\ksapi.sys [114264 1980-01-04] (Kingsoft Corporation)
    R2 libwamf; C:\Windows\System32\DRIVERS\libwamf.sys [28288 2017-05-01] (OPSWAT, Inc.)
    R2 libwasys; C:\Windows\System32\DRIVERS\libwasys.sys [30848 2017-05-01] (OPSWAT, Inc.)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221600 2017-08-02] (Malwarebytes)
    R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2017-02-11] (Intel Corporation)
    R3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [31032 2017-07-13] (The OpenVPN Project)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-06-21] ()
    S3 trufos; C:\Windows\System32\drivers\trufos.sys [428832 2017-07-24] (BitDefender S.R.L.)


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2017-08-02 22:00 - 2017-08-02 22:02 - 000012294 _____ C:\Users\Gianfranco\Desktop\FRST.txt
    2017-08-02 21:55 - 2017-08-02 21:55 - 001777664 _____ (Farbar) C:\Users\Gianfranco\Desktop\FRST.exe
    2017-08-01 21:24 - 2017-08-01 21:29 - 000003462 _____ C:\Users\Gianfranco\Desktop\SFCFix.txt
    2017-08-01 21:12 - 2017-08-01 21:28 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\niemiro
    2017-08-01 21:11 - 2017-08-01 21:11 - 002884096 _____ (niemiro) C:\Users\Gianfranco\Desktop\SFCFix.exe
    2017-08-01 13:29 - 2017-08-01 13:29 - 001250816 _____ C:\Users\Gianfranco\Documents\MicrosoftEasyFix50202.msi
    2017-07-31 22:56 - 2017-07-31 22:27 - 000983302 _____ C:\Windows\ntbtlog.txt
    2017-07-31 22:44 - 2017-07-31 22:44 - 000002228 _____ C:\Users\Gianfranco\Desktop\JRT.txt
    2017-07-31 22:42 - 2017-07-31 22:43 - 001790024 _____ (Malwarebytes) C:\Users\Gianfranco\Documents\JRT.exe
    2017-07-31 13:38 - 2017-07-31 13:42 - 008162248 _____ (Malwarebytes) C:\Users\Gianfranco\Documents\adwcleaner_7.0.0.0.exe
    2017-07-30 12:42 - 2017-07-30 17:33 - 000000000 ___RD C:\Users\Gianfranco\Dropbox
    2017-07-30 12:42 - 2017-07-30 12:42 - 000001188 _____ C:\Users\Gianfranco\Desktop\Dropbox.lnk
    2017-07-30 12:40 - 2017-07-30 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2017-07-30 12:38 - 2017-07-30 12:38 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Dropbox
    2017-07-30 12:34 - 2017-08-02 21:43 - 000001100 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
    2017-07-30 12:34 - 2017-08-02 13:39 - 000001104 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
    2017-07-30 12:34 - 2017-07-30 12:42 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Dropbox
    2017-07-30 12:34 - 2017-07-30 12:41 - 000000000 ____D C:\Program Files\Dropbox
    2017-07-30 12:34 - 2017-07-30 12:34 - 000690080 _____ (Dropbox, Inc.) C:\Users\Gianfranco\Documents\DropboxInstaller.exe
    2017-07-30 12:34 - 2017-07-30 12:34 - 000000000 ____D C:\ProgramData\Dropbox
    2017-07-30 12:31 - 2017-07-30 17:32 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\SendSpace Wizard
    2017-07-30 12:29 - 2017-07-30 12:29 - 000002509 _____ C:\Users\Public\Desktop\Sendspace Wizard.lnk
    2017-07-30 12:29 - 2017-07-30 12:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sendspace Wizard
    2017-07-30 12:25 - 2017-07-30 12:26 - 012263424 _____ C:\Users\Gianfranco\Documents\SendSpace Wizard v1.6.3 Windows Installer.msi
    2017-07-29 17:54 - 2017-07-29 17:54 - 000000792 _____ C:\Windows\system32\config\components.zip
    2017-07-29 00:51 - 2017-07-30 16:49 - 000741376 _____ C:\Windows\system32\LanguageDB.mdb
    2017-07-28 23:22 - 2017-07-28 23:22 - 000000000 ____D C:\Users\Gianfranco\Desktop\Nuova cartella
    2017-07-28 23:20 - 2017-07-28 23:20 - 000347440 _____ (Microsoft Corporation) C:\Users\Gianfranco\Documents\MicrosoftFixit-portable.exe
    2017-07-28 22:51 - 2017-07-28 22:51 - 012286056 _____ (Intel Corporation) C:\Users\Gianfranco\Documents\SetupRST.exe
    2017-07-28 22:51 - 2017-07-28 22:51 - 000000000 ____D C:\Users\Gianfranco\Intel
    2017-07-28 22:43 - 2017-07-28 22:43 - 000000000 ____D C:\Users\Gianfranco\Documents\Cartella Scambio Bluetooth
    2017-07-28 22:43 - 2017-07-28 22:43 - 000000000 ____D C:\Users\Gianfranco\Bluetooth Software
    2017-07-28 22:08 - 2017-07-28 22:08 - 000876048 _____ (Microsoft Corporation) C:\Users\Gianfranco\Documents\mssstool32.exe
    2017-07-28 14:46 - 2017-07-28 14:46 - 000226500 _____ C:\Windows\system32\ExpandedRegCLP.txt
    2017-07-28 14:08 - 2017-07-30 18:04 - 000002038 _____ C:\Windows\system32\AllLog.txt
    2017-07-28 14:08 - 2017-07-30 18:04 - 000001403 _____ C:\Windows\system32\UnknownLog.txt
    2017-07-28 14:08 - 2017-07-30 18:04 - 000000605 _____ C:\Windows\system32\WhiteLog.txt
    2017-07-28 14:08 - 2017-07-30 18:04 - 000000000 _____ C:\Windows\system32\deletedfiles.txt
    2017-07-28 14:08 - 2017-07-30 18:04 - 000000000 _____ C:\Windows\system32\BlackLog.txt
    2017-07-28 01:13 - 2017-07-28 01:13 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\LibreOffice
    2017-07-28 01:06 - 2017-07-28 01:06 - 000367863 _____ C:\Users\Gianfranco\Documents\Cv Grillone.pdf
    2017-07-28 00:21 - 2017-07-30 18:05 - 004476928 _____ C:\Windows\system32\RefGuide.mdb
    2017-07-27 12:25 - 2017-07-27 12:25 - 000001006 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
    2017-07-26 21:39 - 2017-07-26 21:39 - 000313366 _____ C:\Users\Gianfranco\Downloads\WindowsUpdate.diagcab
    2017-07-26 13:14 - 2017-07-26 13:14 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
    2017-07-26 13:00 - 2017-07-30 18:04 - 000003421 _____ C:\Windows\system32\FileInfoCheck.txt
    2017-07-26 13:00 - 2017-07-30 18:04 - 000001635 _____ C:\Windows\system32\ReturnFromWS.txt
    2017-07-26 13:00 - 2017-07-30 18:04 - 000000474 _____ C:\Windows\system32\TimeLog.txt
    2017-07-26 12:59 - 2017-07-30 18:04 - 000006455 _____ C:\Windows\system32\Testing.txt
    2017-07-26 12:59 - 2017-07-30 18:04 - 000006134 _____ C:\Windows\system32\XMLSent.txt
    2017-07-26 12:50 - 2017-07-30 17:54 - 000024223 _____ C:\Windows\system32\Ext.txt
    2017-07-26 12:50 - 2017-07-30 17:54 - 000000000 _____ C:\Windows\system32\SkippedFiles.txt
    2017-07-26 12:49 - 2017-07-30 17:53 - 000000230 _____ C:\Windows\system32\Lnk.txt
    2017-07-26 12:48 - 2017-07-30 17:52 - 000194670 _____ C:\Windows\system32\RegCLP.txt
    2017-07-26 12:48 - 2017-07-30 17:52 - 000016723 _____ C:\Windows\system32\UniqueCLP.txt
    2017-07-26 12:48 - 2017-07-30 17:52 - 000015274 _____ C:\Windows\system32\FilesFound.txt
    2017-07-26 12:48 - 2017-07-30 17:52 - 000001652 _____ C:\Windows\system32\LP.txt
    2017-07-26 12:48 - 2017-07-30 17:52 - 000000439 _____ C:\Windows\system32\FilesNotFound.txt
    2017-07-25 21:43 - 2017-07-30 18:10 - 000000704 _____ C:\Windows\system32\RefGuide.ldb
    2017-07-25 21:43 - 2017-07-30 16:50 - 000000000 _____ C:\Windows\system32\iphist.dat
    2017-07-25 13:52 - 2017-07-25 13:52 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\AviraSpeedup
    2017-07-25 13:50 - 2017-07-25 13:50 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Avira
    2017-07-25 13:48 - 2017-08-02 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2017-07-25 13:48 - 2017-08-02 13:49 - 000000000 ____D C:\ProgramData\Avira
    2017-07-25 13:48 - 2017-08-02 13:49 - 000000000 ____D C:\Program Files\Avira
    2017-07-25 13:46 - 2017-07-25 13:47 - 004806912 _____ (Avira Operations GmbH & Co. KG) C:\Users\Gianfranco\Downloads\avira_en_asu80___sfc.exe
    2017-07-24 21:59 - 2017-07-24 21:59 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\PCHC
    2017-07-24 21:58 - 2017-07-30 18:11 - 000000000 ____D C:\Program Files\Swisscom PC-Assistant
    2017-07-24 21:58 - 2017-07-24 21:58 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Swisscom PC-Assistant
    2017-07-24 21:57 - 2017-07-24 21:57 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\III
    2017-07-24 21:52 - 2017-07-24 21:55 - 017239928 _____ (Sutherland Global Services Inc., ) C:\Users\Gianfranco\Downloads\PcAssistant.exe
    2017-07-24 21:51 - 2017-07-24 21:51 - 002097568 _____ C:\Users\Gianfranco\Downloads\SwisscomPCCheck_Italian(1).exe
    2017-07-24 21:50 - 2017-07-25 13:16 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\SwisscomPCCheck
    2017-07-24 21:49 - 2017-07-24 21:49 - 002097568 _____ C:\Users\Gianfranco\Downloads\SwisscomPCCheck_Italian.exe
    2017-07-24 21:12 - 2017-07-24 21:13 - 000000000 __SHD C:\ZIL.QUAR
    2017-07-24 20:35 - 2017-07-24 20:35 - 002928600 _____ (Hewlett-Packard ) C:\Users\Gianfranco\Downloads\HP Recovery Manager .exe
    2017-07-24 12:13 - 2017-07-24 12:15 - 000000000 ____D C:\KVRT_Data
    2017-07-24 11:58 - 2017-07-24 12:05 - 192214113 _____ (Igor Pavlov) C:\Users\Gianfranco\Downloads\ZillyaScanner_en.exe
    2017-07-24 11:50 - 2017-07-24 11:52 - 122123224 _____ (Kaspersky Lab ZAO) C:\Users\Gianfranco\Downloads\KVRT.exe
    2017-07-24 11:41 - 2017-07-24 11:47 - 139922097 _____ C:\Users\Gianfranco\Downloads\Vba32Check.exe
    2017-07-24 11:37 - 2017-07-24 11:40 - 000000056 _____ C:\Windows\Lic.xxx
    2017-07-24 11:35 - 2017-07-24 11:35 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll
    2017-07-24 11:35 - 2017-07-24 11:35 - 000632064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
    2017-07-24 11:35 - 2017-07-24 11:35 - 000572928 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll
    2017-07-24 11:35 - 2017-07-24 11:35 - 000554240 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
    2017-07-24 11:35 - 2017-07-24 11:35 - 000428832 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
    2017-07-24 11:35 - 2017-07-24 11:35 - 000156392 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\eEmpty.exe
    2017-07-24 11:34 - 2017-07-24 11:34 - 000000000 ____D C:\ProgramData\MicroWorld
    2017-07-24 11:34 - 2017-07-24 11:34 - 000000000 ____D C:\Program Files\Common Files\MicroWorld
    2017-07-24 11:31 - 2017-07-24 11:33 - 204130528 _____ C:\Users\Gianfranco\Downloads\mwav.exe
    2017-07-22 10:06 - 2017-07-22 10:08 - 000202670 _____ C:\TDSSKiller.3.1.0.15_22.07.2017_10.06.56_log.txt
    2017-07-22 10:06 - 2017-07-22 10:06 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Gianfranco\Downloads\tdsskiller.exe
    2017-07-22 08:22 - 2017-08-02 21:46 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-07-22 08:21 - 2017-07-22 08:21 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-07-22 08:21 - 2017-07-22 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-07-22 08:21 - 2017-07-22 08:21 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-07-22 08:21 - 2017-07-22 08:21 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-07-22 08:21 - 2017-06-27 12:06 - 000059936 _____ C:\Windows\system32\Drivers\mbae.sys
    2017-07-22 08:20 - 2017-07-22 08:21 - 065033984 _____ (Malwarebytes ) C:\Users\Gianfranco\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
    2017-07-21 21:21 - 2017-07-21 21:28 - 108221696 _____ (Avanquest Software) C:\Users\Gianfranco\Downloads\Fix-It_Pro_ITA.exe
    2017-07-21 20:40 - 2017-07-21 20:41 - 043280592 _____ (Microsoft Corporation) C:\Users\Gianfranco\Downloads\Windows-KB890830-V5.50.exe
    2017-07-21 16:59 - 2017-07-22 09:40 - 000000000 ____D C:\Program Files\Zemana AntiMalware
    2017-07-21 16:59 - 2017-07-21 16:59 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Zemana
    2017-07-21 16:58 - 2017-07-21 16:58 - 006589840 _____ (Zemana Ltd. ) C:\Users\Gianfranco\Downloads\Zemana.AntiMalware.Setup.exe
    2017-07-21 16:09 - 2017-07-31 23:29 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\NPE
    2017-07-21 16:09 - 2017-07-21 16:09 - 003422432 _____ (Symantec Corporation) C:\Users\Gianfranco\Downloads\NPE.exe
    2017-07-21 15:20 - 2017-07-23 12:20 - 000000000 _____ C:\Windows\system32\app.json
    2017-07-21 14:28 - 2017-07-21 14:28 - 000000000 ____D C:\Users\Gianfranco\Desktop\Metadefender
    2017-07-21 14:26 - 2017-08-02 21:47 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\CrashDumps
    2017-07-21 14:24 - 2017-07-21 23:30 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Metadefender-Local
    2017-07-21 00:12 - 2017-07-21 00:13 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Adobe
    2017-07-21 00:12 - 2017-07-21 00:12 - 000000000 ____D C:\Users\Gianfranco\AppData\LocalLow\Adobe
    2017-07-20 23:16 - 2017-07-20 23:16 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Google
    2017-07-20 22:01 - 2017-07-20 22:01 - 000000000 ____D C:\Users\Gianfranco\Downloads\WRCFree
    2017-07-20 22:00 - 2017-07-20 22:00 - 003128889 _____ C:\Users\Gianfranco\Downloads\WRCFree.zip
    2017-07-20 21:53 - 2017-07-20 21:55 - 000000000 ____D C:\Users\Gianfranco\Downloads\shexview
    2017-07-20 21:52 - 2017-07-20 21:52 - 000066867 _____ C:\Users\Gianfranco\Downloads\shexview.zip
    2017-07-20 21:51 - 2017-07-20 21:51 - 000002707 _____ C:\Users\Gianfranco\Downloads\shexview_italian1.zip
    2017-07-20 21:14 - 2017-08-02 16:22 - 000000000 ____D C:\Users\Gianfranco\Downloads\ResetWUEng
    2017-07-20 01:40 - 2017-07-20 01:40 - 001447799 _____ C:\Users\Gianfranco\Desktop\cbs
    2017-07-19 23:45 - 2017-07-31 22:38 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\ElevatedDiagnostics
    2017-07-19 22:30 - 2017-07-25 14:15 - 000343280 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-07-19 22:16 - 2017-07-25 13:50 - 000078168 _____ C:\Users\Gianfranco\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-07-19 21:49 - 2017-07-19 21:49 - 000000000 ____D C:\Users\Guest\AppData\Local\CEF
    2017-07-19 13:42 - 2017-07-19 13:42 - 000000000 ____D C:\Users\Gianfranco\Desktop\ElectronicHouse
    2017-07-19 13:28 - 2017-07-31 21:33 - 000000000 ____D C:\Users\Gianfranco\AppData\LocalLow\Mozilla
    2017-07-19 13:28 - 2017-07-19 13:33 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Mozilla
    2017-07-19 13:28 - 2017-07-19 13:28 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Mozilla
    2017-07-19 13:15 - 2017-07-19 13:15 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Opera Software
    2017-07-19 13:15 - 2017-07-19 13:15 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Opera Software
    2017-07-19 12:59 - 2017-07-19 12:59 - 000077768 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-07-19 12:58 - 2017-07-19 21:49 - 000000000 ____D C:\Users\Guest\AppData\LocalLow\360WD
    2017-07-19 12:58 - 2017-07-19 12:58 - 000000000 ____D C:\Users\Guest\AppData\Roaming\ATI
    2017-07-19 12:58 - 2017-07-19 12:58 - 000000000 ____D C:\Users\Guest\AppData\Local\ATI
    2017-07-19 12:58 - 2017-07-19 12:58 - 000000000 _____ C:\Users\Guest\AppData\Local\QSwitch.txt
    2017-07-19 12:58 - 2017-07-19 12:58 - 000000000 _____ C:\Users\Guest\AppData\Local\DSwitch.txt
    2017-07-19 12:58 - 2017-07-19 12:58 - 000000000 _____ C:\Users\Guest\AppData\Local\AtStart.txt
    2017-07-18 16:55 - 2017-07-18 16:55 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\CEF
    2017-07-18 16:51 - 2017-07-18 16:51 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\ATI
    2017-07-18 16:51 - 2017-07-18 16:51 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\ATI
    2017-07-18 16:50 - 2017-07-30 12:42 - 000000000 ____D C:\Users\Gianfranco
    2017-07-18 16:50 - 2017-07-25 21:20 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\hpqLog
    2017-07-18 16:50 - 2017-07-21 00:12 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Adobe
    2017-07-18 16:50 - 2017-07-19 14:13 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Google
    2017-07-18 16:50 - 2017-07-18 16:50 - 000001397 _____ C:\Users\Gianfranco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000020 ___SH C:\Users\Gianfranco\ntuser.ini
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Risorse di stampa
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Risorse di rete
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Recenti
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Modelli
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Menu Avvio
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Impostazioni locali
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Documents\Video
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Documents\Musica
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Documents\Immagini
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Documenti
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Dati applicazioni
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\AppData\Local\Dati applicazioni
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\AppData\Local\Cronologia
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\VirtualStore
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ C:\Users\Gianfranco\AppData\Local\QSwitch.txt
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ C:\Users\Gianfranco\AppData\Local\DSwitch.txt
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ C:\Users\Gianfranco\AppData\Local\AtStart.txt
    2017-07-18 16:50 - 2011-04-12 06:27 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Media Center Programs
    2017-07-17 09:44 - 2017-08-02 16:11 - 000000000 ____D C:\Program Files\Opera
    2017-07-17 09:44 - 2017-07-18 15:50 - 000001933 _____ C:\Users\Public\Desktop\Browser Opera.lnk
    2017-07-17 09:44 - 2017-07-17 09:44 - 000001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Opera.lnk
    2017-07-17 09:36 - 2017-07-17 09:36 - 000000000 ____D C:\Windows\Tasks\360Disabled
    2017-07-17 09:35 - 2017-07-20 20:52 - 000000000 ____D C:\Program Files\Common Files\AV
    2017-07-16 23:30 - 2016-03-04 12:26 - 000025440 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
    2017-07-16 23:30 - 2015-08-27 07:31 - 000043176 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
    2017-07-16 23:28 - 2017-07-17 01:30 - 000000000 ____D C:\VIPRERESCUE
    2017-07-16 20:34 - 2017-07-16 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
    2017-07-16 14:51 - 2017-07-16 14:51 - 000000000 ____D C:\Windows\system32\catroot2.old
    2017-07-15 23:24 - 2017-07-15 23:24 - 000000000 ____D C:\MFT 43551
    2017-07-15 00:31 - 2017-07-15 00:31 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
    2017-07-15 00:28 - 2017-07-15 00:28 - 000000000 ____D C:\Program Files\Common Files\adaware
    2017-07-15 00:13 - 2017-07-16 13:42 - 000000000 ____D C:\ProgramData\TuneUp Software
    2017-07-15 00:12 - 2017-07-15 00:12 - 000000000 __SHD C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    2017-07-14 22:28 - 2017-07-14 22:28 - 000000000 ____D C:\ProgramData\dbg
    2017-07-13 13:32 - 2017-07-13 13:32 - 000031032 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\phantomtap.sys
    2017-07-12 23:40 - 2017-07-12 23:40 - 000030194 _____ C:\ProgramData\agent.uninstall.1499895622.bdinstall.bin
    2017-07-12 23:33 - 2017-07-15 11:47 - 000000000 ____D C:\ProgramData\Bitdefender
    2017-07-12 21:58 - 2017-07-12 21:58 - 000042824 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
    2017-07-12 21:58 - 2017-07-12 21:58 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
    2017-07-12 21:58 - 2017-07-12 21:58 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
    2017-07-12 21:58 - 2017-07-12 21:58 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
    2017-07-12 11:58 - 2017-07-12 11:58 - 000000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
    2017-07-10 22:32 - 2017-07-25 21:20 - 000000000 ____D C:\Windows\SoftwareDistribution.old
    2017-07-10 13:04 - 2017-07-10 13:04 - 000003814 _____ C:\Windows\system32\bddel.dat
    2017-07-08 16:58 - 2017-08-02 22:02 - 000000000 ____D C:\FRST


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2017-08-02 21:55 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-08-02 21:55 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-08-02 21:43 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-08-02 13:49 - 2017-01-30 11:43 - 000000000 ____D C:\ProgramData\Package Cache
    2017-08-01 21:28 - 2017-06-14 13:01 - 000000000 ____D C:\SFCFix
    2017-08-01 15:26 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\NDF
    2017-08-01 13:40 - 2017-05-12 11:25 - 000032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-07-31 23:01 - 2017-06-07 01:10 - 000000000 ____D C:\NPE
    2017-07-31 22:31 - 2017-05-19 23:11 - 000000000 ____D C:\AdwCleaner
    2017-07-28 22:43 - 2017-02-03 12:16 - 000660644 _____ C:\Windows\system32\perfh005.dat
    2017-07-28 22:43 - 2017-02-03 12:16 - 000141294 _____ C:\Windows\system32\perfc005.dat
    2017-07-28 22:43 - 2017-02-03 11:53 - 000737260 _____ C:\Windows\system32\perfh00A.dat
    2017-07-28 22:43 - 2017-02-03 11:53 - 000158342 _____ C:\Windows\system32\perfc00A.dat
    2017-07-28 22:43 - 2017-02-01 10:59 - 000732162 _____ C:\Windows\system32\perfh015.dat
    2017-07-28 22:43 - 2017-02-01 10:59 - 000155740 _____ C:\Windows\system32\perfc015.dat
    2017-07-28 22:43 - 2017-01-30 16:20 - 000737520 _____ C:\Windows\system32\perfh00C.dat
    2017-07-28 22:43 - 2017-01-30 16:20 - 000470818 _____ C:\Windows\system32\perfh001.dat
    2017-07-28 22:43 - 2017-01-30 16:20 - 000149448 _____ C:\Windows\system32\perfc00C.dat
    2017-07-28 22:43 - 2017-01-30 16:20 - 000094640 _____ C:\Windows\system32\perfc001.dat
    2017-07-28 22:43 - 2017-01-26 12:32 - 000705684 _____ C:\Windows\system32\prfh0416.dat
    2017-07-28 22:43 - 2017-01-26 12:32 - 000147524 _____ C:\Windows\system32\prfc0416.dat
    2017-07-28 22:43 - 2017-01-26 12:31 - 000501218 _____ C:\Windows\system32\perfh006.dat
    2017-07-28 22:43 - 2017-01-26 12:31 - 000098526 _____ C:\Windows\system32\perfc006.dat
    2017-07-28 22:43 - 2017-01-26 12:18 - 000689012 _____ C:\Windows\system32\perfh007.dat
    2017-07-28 22:43 - 2017-01-26 12:18 - 000148984 _____ C:\Windows\system32\perfc007.dat
    2017-07-28 22:43 - 2017-01-26 12:09 - 000390146 _____ C:\Windows\system32\prfh0404.dat
    2017-07-28 22:43 - 2017-01-26 12:09 - 000114958 _____ C:\Windows\system32\prfc0404.dat
    2017-07-28 22:43 - 2017-01-23 13:38 - 000648486 _____ C:\Windows\system32\perfh01F.dat
    2017-07-28 22:43 - 2017-01-23 13:38 - 000139868 _____ C:\Windows\system32\perfc01F.dat
    2017-07-28 22:43 - 2011-04-12 06:18 - 000741312 _____ C:\Windows\system32\perfh010.dat
    2017-07-28 22:43 - 2011-04-12 06:18 - 000147334 _____ C:\Windows\system32\perfc010.dat
    2017-07-28 22:43 - 2010-11-20 23:01 - 011011858 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-07-28 22:43 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
    2017-07-28 22:43 - 1980-01-04 01:03 - 000720822 _____ C:\Windows\system32\prfh0816.dat
    2017-07-28 22:43 - 1980-01-04 01:03 - 000716404 _____ C:\Windows\system32\perfh019.dat
    2017-07-28 22:43 - 1980-01-04 01:03 - 000152774 _____ C:\Windows\system32\prfc0816.dat
    2017-07-28 22:43 - 1980-01-04 01:03 - 000150710 _____ C:\Windows\system32\perfc019.dat
    2017-07-28 22:27 - 2017-03-23 20:12 - 000000000 ____D C:\Windows\pss
    2017-07-25 21:20 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\oldcatroot2
    2017-07-25 21:20 - 1980-01-04 01:07 - 000000000 ____D C:\Users\Default\AppData\Roaming\hpqLog
    2017-07-25 21:20 - 1980-01-04 01:07 - 000000000 ____D C:\Users\Default User\AppData\Roaming\hpqLog
    2017-07-24 20:35 - 2017-01-18 10:08 - 000000000 ____D C:\SWSetup
    2017-07-24 11:39 - 2009-07-14 04:04 - 000000856 _____ C:\Windows\win.ini
    2017-07-22 09:37 - 2017-04-07 22:32 - 000309593 _____ C:\Windows\ZAM_Guard.krnl.trace
    2017-07-22 09:05 - 2017-04-07 22:32 - 002558543 _____ C:\Windows\ZAM.krnl.trace
    2017-07-21 20:41 - 2017-06-28 17:15 - 132532600 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-07-19 22:09 - 2017-06-10 23:34 - 000000422 __RSH C:\ProgramData\ntuser.pol
    2017-07-19 21:38 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\registration
    2017-07-19 13:42 - 2017-02-01 10:24 - 000000000 ____D C:\Windows\system32\appmgmt
    2017-07-19 13:42 - 1980-01-04 01:34 - 000000000 ____D C:\Users\ElectronicHouse
    2017-07-17 09:43 - 2017-02-07 14:35 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-07-17 09:43 - 2017-02-07 14:35 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-07-17 09:41 - 1980-01-04 01:23 - 000000000 ____D C:\Windows\Panther
    2017-07-12 22:46 - 2017-02-10 21:29 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-07-12 22:28 - 2009-07-14 06:34 - 000003072 _____ C:\Windows\system32\umstartup.etl
    2017-07-12 11:45 - 2017-06-18 18:23 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2017-07-12 11:45 - 2017-06-18 18:23 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2017-07-12 11:44 - 2017-01-30 11:29 - 000000000 ____D C:\Windows\system32\Macromed
    2017-07-07 13:34 - 1980-01-04 01:02 - 000000000 ____D C:\ProgramData\Kingsoft


    ==================== Files in the root of some directories =======


    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ () C:\Users\Gianfranco\AppData\Local\AtStart.txt
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ () C:\Users\Gianfranco\AppData\Local\DSwitch.txt
    2017-07-21 14:25 - 2017-07-23 12:22 - 000001789 _____ () C:\Users\Gianfranco\AppData\Local\infection.log
    2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ () C:\Users\Gianfranco\AppData\Local\QSwitch.txt
    2017-06-28 23:42 - 2017-06-28 23:42 - 000045723 _____ () C:\ProgramData\agent.1498686124.bdinstall.bin
    2017-07-12 23:40 - 2017-07-12 23:40 - 000030194 _____ () C:\ProgramData\agent.uninstall.1499895622.bdinstall.bin
    2017-06-29 11:36 - 2017-06-29 11:36 - 000030398 _____ () C:\ProgramData\agent.update.1498728924.bdinstall.bin


    ==================== Bamital & volsnap ======================


    (There is no automatic fix for files that do not pass verification.)


    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

  8. #8
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,716

    Re: PC checked for malware

    It appears that you have already run a few tools on your system, including Junkware Removal Tool, AdwCleaner and others.

    Before we proceed, why have you blocked C:\windows\system32\mmc.exe. This is the Microsoft Management Console and is a Windows core system file. (Yes, IF located elsewhere, not in sys32, it is a malicious file but that is not the case here.)


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  9. #9

    Join Date
    Jul 2017
    Location
    MILANO
    Posts
    32

    Re: PC checked for malware

    Good afternoon Corrine,
    I am sorry for the delay of my answer back to you but here in italy is half past one o clock in the afternoon.
    C:\Windows\System32 is where i found located the mmc.
    i have not blocked it by myself but maybe any other software like the avira speed up could have optimized this services when the pc boot for faster performance.
    i have no idea about what has happened but i often use the event log service on the control panel which is part of mmc.
    thank you for help me
    Gianfranco

  10. #10
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,716

    Re: PC checked for malware

    Thank you for your response. I do not recommend optimization programs as they can cause more damage than help.

    Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lies. Right-click and select "Copy ".
    Code:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    ContextMenuHandlers1: [Pointstone SecureErase] -> {432FD30C-8EA7-4347-87C1-1AE8A1A424C7} => -> No File
    ContextMenuHandlers5: [BDPCAppStoreShellEx] -> {787E1E4D-42BC-4BA7-A7B2-7C00DB80E2CE} => -> No File
    Task: {32A4FA44-470C-4AB2-857E-D7F763D70109} - \Xvirus startup -> No File <==== ATTENTION
    Task: {C1933613-3817-4090-BB40-BFDA700E1A3A} - \Security Reviver_startup -> No File <==== ATTENTION
    FirewallRules: [TCP Query User{5733172A-1990-49E3-9A44-BC5305D91E11}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
    FirewallRules: [UDP Query User{F5CFBC8B-8E16-40EF-A74C-15B42B7842DB}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
    EmptyTemp:
    End::
    • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
    • Please post the log in your next reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  11. #11

    Join Date
    Jul 2017
    Location
    MILANO
    Posts
    32

    Re: PC checked for malware

    Hi Corrine :
    this is the fixlog.txt :
    Fix result of Farbar Recovery Scan Tool (x86) Version: 31-07-2017
    Ran by Gianfranco (03-08-2017 14:39:35) Run:1
    Running from C:\Users\Gianfranco\Desktop
    Loaded Profiles: Gianfranco (Available Profiles: Gianfranco & Guest)
    Boot Mode: Normal


    ==============================================


    fixlist content:
    *****************


    CreateRestorePoint:
    CloseProcesses:
    ContextMenuHandlers1: [Pointstone SecureErase] -> {432FD30C-8EA7-4347-87C1-1AE8A1A424C7} => -> No File
    ContextMenuHandlers5: [BDPCAppStoreShellEx] -> {787E1E4D-42BC-4BA7-A7B2-7C00DB80E2CE} => -> No File
    Task: {32A4FA44-470C-4AB2-857E-D7F763D70109} - \Xvirus startup -> No File <==== ATTENTION
    Task: {C1933613-3817-4090-BB40-BFDA700E1A3A} - \Security Reviver_startup -> No File <==== ATTENTION
    FirewallRules: [TCP Query User{5733172A-1990-49E3-9A44-BC5305D91E11}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
    FirewallRules: [UDP Query User{F5CFBC8B-8E16-40EF-A74C-15B42B7842DB}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
    EmptyTemp:


    *****************


    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Pointstone SecureErase => key removed successfully.
    HKLM\Software\Classes\CLSID\{432FD30C-8EA7-4347-87C1-1AE8A1A424C7} => key not found.
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\BDPCAppStoreShellEx => key removed successfully.
    HKLM\Software\Classes\CLSID\{787E1E4D-42BC-4BA7-A7B2-7C00DB80E2CE} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32A4FA44-470C-4AB2-857E-D7F763D70109} => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32A4FA44-470C-4AB2-857E-D7F763D70109} => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Xvirus startup => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C1933613-3817-4090-BB40-BFDA700E1A3A} => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1933613-3817-4090-BB40-BFDA700E1A3A} => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Reviver_startup => key not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5733172A-1990-49E3-9A44-BC5305D91E11}C:\windows\system32\mmc.exe => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F5CFBC8B-8E16-40EF-A74C-15B42B7842DB}C:\windows\system32\mmc.exe => value removed successfully.


    =========== EmptyTemp: ==========


    BITS transfer queue => 8388608 B
    DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5812343 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 4019107 B
    Edge => 0 B
    Chrome => 453070011 B
    Firefox => 349476430 B
    Opera => 164994798 B


    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 66228 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 19474718 B
    LocalService => 66228 B
    NetworkService => 87984 B
    Gianfranco => 138004587 B
    Guest => 11909041 B


    RecycleBin => 2419125 B
    EmptyTemp: => 1.1 GB temporary data Removed.


    ================================




    The system needed a reboot.


    ==== End of Fixlog 14:47:23 ====

  12. #12
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,716

    Re: PC checked for malware

    Thank you. From what your logs showed after you had run other tools on your own, that was just a bit of cleanup, although, as softwaremaniac will see, the BITS Transfer Queue and temp files were cleared so that may be helpful.

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log, which you can close.

    Following that, please return to your original topic and await further instructions from softwaremaniac. He has been following your topic here and understands the steps taken here.

    SFC scannow, SFCFIX and windows update errors


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. [Win7SP1Ult x64] Error 80073701 for KB2952664
    By illegalmonkey in forum Windows Update
    Replies: 2
    Last Post: 07-15-2017, 04:18 PM
  2. [Win7SP1Ult x64] Corrupted file (fwpuclnt.dll)
    By Jabsy11 in forum Windows Update
    Replies: 2
    Last Post: 06-12-2017, 07:20 PM
  3. [SOLVED] [Win7SP1Ult x64] error 80073701 for KB4015549
    By illegalmonkey in forum Windows Update
    Replies: 31
    Last Post: 05-15-2017, 10:52 PM
  4. [Win7SP1Ult x64] Corrupted files
    By forans3 in forum Windows Update
    Replies: 7
    Last Post: 05-12-2017, 02:45 PM

Log in

Log in