[Win7SP1Ult x86] PC checked for malware

Gianfranco · Aug 2, 2017

Good evening.
i was just asking if there are any possibilities to check my pc for malware or virus-
i have already posted another thread about windows update error but before going on a security check is required.
thank you
Gianfranco

Sysnative Windows Update · Aug 2, 2017

Re: PC checked for malware

Follow these instructions and provide the logs for the analysts: Malware Removal Posting Instructions

Gianfranco · Aug 2, 2017

security check for virus and malware

Hello
these are my logs file after the scanning of farbar recovery and security analisys:
previously i have token these action by myself:
i have run a Malwarebytes full scanning and quarantined all the items found.
ADW Cleaner and junkware removals tool full scan and remove.
Norton power eraser full scan and remove.
1
SAL.log:
Result of Security Analysis by Rocket Grannie (x86) Updated: 25th July, 2017
Running from:C:\Users\Gianfranco\Desktop (22:08:47 - 08/02/2017)
***---------------------------------------------------------***
Microsoft Windows 7 Ultimate X86 Service Pack 1
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 26 NPAPI is not installed
Google Chrome (59.0.3071.115)
Malwarebytes (3.1.2.1733)
Mozilla Firefox (54.0.1)
Opera (46.0.2597.57)

***----------------Analysis Complete-------------------------***

Gianfranco · Aug 2, 2017

Farbar recovery logs

Hi,these are the two logs from the farbar recovery scan:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-07-2017
Ran by Gianfranco (02-08-2017 22:03:42)
Running from C:\Users\Gianfranco\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (1980-01-03 23:34:37)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1476158224-1758418250-2409185508-500 - Administrator - Disabled)
Gianfranco (S-1-5-21-1476158224-1758418250-2409185508-1005 - Administrator - Enabled) => C:\Users\Gianfranco
Guest (S-1-5-21-1476158224-1758418250-2409185508-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1476158224-1758418250-2409185508-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{A990D795-F751-39DA-DDD4-07ED04CEC7CE}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
Avira Phantom VPN (HKLM\...\Avira Phantom VPN) (Version: 2.9.1.24376 - Avira Operations GmbH & Co. KG)
Bluetooth by hp 6.0.1.5400 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.5400 - HP)
ccc-core-static (HKLM\...\{8F2895E3-55EA-DF79-FA18-4ADF91B0C85D}) (Version: 2009.0521.2235.38731 - Nome società) Hidden
DriverUpdate (HKLM\...\{53C9EBD2-F3F7-49BB-BDB4-147D3A4D5E6D}) (Version: 2.7.10 - Slimware Utilities Holdings, Inc.) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
GeekBuddy (HKLM\...\{4D089441-49CB-4109-85FC-22BF8026156E}) (Version: 4.30.227 - Comodo Security Solutions Inc) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 21.0 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
LibreOffice 5.2 Help Pack (Italian) (HKLM\...\{D2E4AB0F-6585-4D5F-82C7-5F23E85BB56F}) (Version: 5.2.4.2 - The Document Foundation)
LibreOffice 5.3.3.2 (HKLM\...\{C7C4A0C6-8483-4065-851D-CBE5DC17D046}) (Version: 5.3.3.2 - The Document Foundation)
Malwarebytes versione 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Metadefender Endpoint (HKLM\...\{8AF70079-42E8-4194-A888-38711BD0F50E}) (Version: 7.6.51.0 - OPSWAT, Inc.) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 it) (HKLM\...\Mozilla Firefox 54.0.1 (x86 it)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Opera Stable 46.0.2597.57 (HKLM\...\Opera 46.0.2597.57) (Version: 46.0.2597.57 - Opera Software)
Pacchetto driver Windows - Broadcom Corporation (bcbtums) Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\813EA266E806F300A8DAF30E5D823E268290B5D6) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Pacchetto driver Windows - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\13729598EDD1F263DD26E8584C5F347C88091A2E) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Pacchetto driver Windows - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\2A46B60EC8D844CB8197312FE2B88EF0F6B7E935) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Pacchetto driver Windows - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\ECAD4CB7FB923B839B29420FF9DFC73C3D3D28FE) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation)
Pacchetto driver Windows - Hewlett-Packard Development Company, L.P. (HBtnKey) HIDClass (01/24/2011 7.0.1.1) (HKLM\...\8EF10903EB813896D7DB22DD77CACCAA71057711) (Version: 01/24/2011 7.0.1.1 - Hewlett-Packard Development Company, L.P.)
Pacchetto driver Windows - LSI (AgereSoftModem) Modem (01/26/2010 2.2.100) (HKLM\...\79152FF461CD831C0CFE59C4F4C257E7F535AE47) (Version: 01/26/2010 2.2.100 - LSI)
QLBCASL (HKLM\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Sendspace Wizard (HKLM\...\{1636273D-F29B-4E1F-8E83-2DD0536C3C3A}) (Version: 1.6.3.0 - sendspace.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (HKLM\...\0973B297E079B467E3776E59F763D63FD557795B) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [Pointstone SecureErase] -> {432FD30C-8EA7-4347-87C1-1AE8A1A424C7} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2009-05-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [BDPCAppStoreShellEx] -> {787E1E4D-42BC-4BA7-A7B2-7C00DB80E2CE} => -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {173DF5C6-5EE4-43F4-9961-1AE7EC2F89D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {2DEB3CDA-B179-484C-9ADD-08EDC9036FDA} - System32\Tasks\Opera scheduled Autoupdate 1500277482 => C:\Program Files\Opera\launcher.exe [2017-07-18] (Opera Software)
Task: {32A4FA44-470C-4AB2-857E-D7F763D70109} - \Xvirus startup -> No File <==== ATTENTION
Task: {40F2ECB0-32CF-4767-B92F-85268C464856} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-02-07] (Google Inc.)
Task: {4D62BE63-50C7-4E24-AB09-A5672D4FA82F} - System32\Tasks\Run Metadefender on log on => C:\Users\Gianfranco\AppData\Roaming\Metadefender-Local\MetadefenderApp.exe [2017-05-19] (OPSWAT)
Task: {6F4E0ACD-36BE-4EA0-83C4-41CE0B922E09} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work => C:\Windows\SYSTEM32\WorkFoldersSystemTray.exe [2015-09-04] (Microsoft Corporation)
Task: {7E7FABC9-332E-4347-B4BC-AB636BC34E6F} - System32\Tasks\Microsoft\Windows\PLA\System\{E751960D-DAE8-4A3C-A04B-9A412B7910BE}_System Diagnostics => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {7F795525-21D2-4646-9343-09EE536C02B0} - System32\Tasks\{D5C5D02F-DC08-42BE-87FD-B6654971B8DE} => C:\Users\Gianfranco\Downloads\HP Recovery Manager .exe [2017-07-24] (Hewlett-Packard )
Task: {8450F349-53C9-4E3D-9B31-29597F21090E} - System32\Tasks\{2C5A71CC-8ED9-4ED8-A9DB-9E032053DB45} => C:\Users\Gianfranco\Downloads\HP Recovery Manager .exe [2017-07-24] (Hewlett-Packard )
Task: {8BC1DE84-C5EE-487B-95F8-E5D8205893F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-02-07] (Google Inc.)
Task: {9D64C04F-C0C8-42BE-BFDF-DC5654A3BF2B} - System32\Tasks\{C3962BAB-695E-4C17-AA67-022ED2A52725} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-08-14] (Broadcom Corporation.)
Task: {9E9DF8D3-7A97-45A7-9518-B84614FB4CE6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {A208CF50-D864-49A6-8847-2706C6A9FB73} - System32\Tasks\{C80A2E41-E015-4715-A02D-EA62001B7D3D} => C:\Windows\System32\fsquirt.exe [2016-03-25] (Microsoft Corporation)
Task: {AA286E12-0855-47A5-BADA-75E4900DEA5C} - System32\Tasks\{75ABFE56-3C82-4F01-A5BC-746CFEB81297} => C:\Windows\system32\pcalua.exe -a C:\Users\ElectronicHouse\Downloads\RevoUninstaller_Portable\RevoUninstaller_Portable\x86\RevoUn.exe -d C:\Users\ElectronicHouse\Downloads\RevoUninstaller_Portable\RevoUninstaller_Portable\x86
Task: {C06F6AFA-125C-4E79-BEFC-D3D9F0BEBF70} - System32\Tasks\{A5481947-B903-4A9C-B3B8-05736C067263} => C:\Windows\system32\pcalua.exe -a C:\Users\ElectronicHouse\Downloads\sp45384.exe -d C:\Users\ElectronicHouse\Downloads
Task: {C1933613-3817-4090-BB40-BFDA700E1A3A} - \Security Reviver_startup -> No File <==== ATTENTION
Task: {C8319938-07D3-469E-8415-E209734E582C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {DA21E9E2-5CDB-4837-8F9B-BB6CBEDF8E0C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-07-30] (Dropbox, Inc.)
Task: {E29F38EC-C31B-4C06-B754-46D804B6563D} - System32\Tasks\{CA9A5B1E-C7B6-40C7-931E-E72553CA074F} => C:\Windows\system32\pcalua.exe -a C:\Users\ElectronicHouse\Downloads\atool\atool1.0.0.22\atool.exe -d C:\Users\ElectronicHouse\Downloads\atool\atool1.0.0.22
Task: {F1A04C2F-B97A-4130-97DB-4C6FB47F9F9E} - System32\Tasks\{55CE7D3E-9BE5-44A1-9CCD-B94B6F104B91} => C:\Users\Gianfranco\Downloads\HP Recovery Manager .exe [2017-07-24] (Hewlett-Packard )
Task: {F3BF5ED3-2F86-43EE-9681-BB7F451B417D} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => C:\Windows\system32\CScript.exe "C:\ProgramData\Duplicaterecord.js"
Task: {F54B7B6A-A200-4D6A-A1E6-E8388018CDFB} - System32\Tasks\{1F0515E1-D8EB-4831-9BB2-56951DBB803D} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-08-14] (Broadcom Corporation.)
Task: {FD352569-961E-4A5C-9DF6-914F33C89DA4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-07-30] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-07-30 12:40 - 2017-07-12 21:58 - 000746816 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
2017-07-30 12:40 - 2017-07-12 21:58 - 001787200 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll
2017-07-30 12:40 - 2017-07-12 21:58 - 000100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2017-07-30 12:40 - 2017-07-12 22:01 - 000020800 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2017-07-30 12:40 - 2017-07-12 21:59 - 000021848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000125904 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2017-07-30 12:40 - 2017-07-12 21:59 - 001862992 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-07-30 12:40 - 2017-07-12 21:59 - 000022864 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000020432 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2017-07-30 12:40 - 2017-07-12 21:58 - 000105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2017-07-30 12:40 - 2017-07-12 22:01 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-07-30 12:40 - 2017-07-12 21:59 - 000062784 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2017-07-30 12:40 - 2017-07-12 21:59 - 000040248 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2017-07-30 12:40 - 2017-07-12 21:58 - 000020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2017-07-30 12:40 - 2017-07-12 22:01 - 000392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2017-07-30 12:40 - 2017-07-12 22:01 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2017-07-30 12:40 - 2017-07-12 21:59 - 000022336 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-07-30 12:40 - 2017-07-12 22:01 - 000082264 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-07-30 12:40 - 2017-07-12 22:01 - 000025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-30 12:40 - 2017-07-12 21:59 - 000027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-30 12:40 - 2017-07-12 22:00 - 003928896 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2017-07-30 12:40 - 2017-07-12 21:59 - 001826104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2017-07-30 12:40 - 2017-07-12 22:00 - 001972024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2017-07-30 12:40 - 2017-07-12 22:00 - 000171336 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-07-30 12:40 - 2017-07-12 22:00 - 000042816 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-07-30 12:40 - 2017-07-12 22:00 - 000531264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-07-30 12:40 - 2017-07-12 22:00 - 000133432 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-07-30 12:40 - 2017-07-12 22:00 - 000224064 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-07-30 12:40 - 2017-07-12 22:00 - 000207680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2017-07-30 12:40 - 2017-07-12 22:01 - 000054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-07-30 12:40 - 2017-07-12 22:01 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-07-30 12:40 - 2017-07-12 22:01 - 000022872 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-07-30 12:40 - 2017-07-12 22:01 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-07-30 12:40 - 2017-07-12 22:01 - 000022872 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2017-07-30 12:40 - 2017-07-12 22:01 - 000023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-07-30 12:40 - 2017-07-12 21:59 - 000025936 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-07-30 12:40 - 2017-07-12 21:58 - 000036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2017-07-30 12:40 - 2017-07-12 21:59 - 000181056 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-07-30 12:40 - 2017-07-12 22:01 - 000030536 _____ () C:\Program Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-07-30 12:40 - 2017-07-12 21:59 - 000024368 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2017-07-30 12:40 - 2017-07-12 21:59 - 001637688 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2017-07-30 12:40 - 2017-07-12 22:01 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-07-30 12:40 - 2017-07-12 22:01 - 000023368 _____ () C:\Program Files\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-07-30 12:40 - 2017-07-12 22:00 - 000546104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2017-07-30 12:40 - 2017-07-12 22:00 - 000357688 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2007-08-14 16:35 - 2007-08-14 16:35 - 000389120 _____ () C:\Windows\system32\btwhidcs.DLL
2007-08-14 16:46 - 2007-08-14 16:46 - 000126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
1980-01-04 01:14 - 1980-01-04 01:14 - 000014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-12-18 16:03 - 2008-12-18 16:03 - 000020480 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2017-07-17 09:43 - 2017-06-23 04:21 - 002877272 _____ () C:\Program Files\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-07-17 09:43 - 2017-06-23 04:21 - 000086360 _____ () C:\Program Files\Google\Chrome\Application\59.0.3071.115\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2017-07-15 22:28 - 000001254 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1476158224-1758418250-2409185508-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Gianfranco\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: isesrv => 2
MSCONFIG\Services: McComponentHostService => 2
MSCONFIG\Services: SkypeUpdate => 3
MSCONFIG\Services: TrueKey => 2
MSCONFIG\Services: TrueKeyScheduler => 2
MSCONFIG\Services: TrueKeyServiceHelper => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F748D433-3F67-4F7A-AB04-D308267F9605}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B252226A-3403-4F91-B56B-4F65C4B1A5F3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0B5A3F3A-B5BF-49FF-9C0F-5D9ACBEEAD35}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5733172A-1990-49E3-9A44-BC5305D91E11}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{F5CFBC8B-8E16-40EF-A74C-15B42B7842DB}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{4C84A88B-3203-44A0-B9F1-ED1E99472722}] => (Block) LPort=445
FirewallRules: [{61798CAB-1899-4512-A0C0-7376EA2BB55D}] => (Block) LPort=445
FirewallRules: [{BF704315-B36B-45CC-ABB6-663B535BEDB4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{98BF8F2C-8ABD-471A-B9EA-B332F1AB2AA8}] => (Allow) C:\Program Files\Opera\46.0.2597.46\opera.exe
FirewallRules: [{4D27CDD2-AB55-487E-85E1-9E93DD551A64}] => (Allow) C:\Program Files\Opera\46.0.2597.57\opera.exe
FirewallRules: [{BF3D4DE9-1231-4214-9118-3DF727FCFEC8}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2017 09:47:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: Explorer.EXE, versione: 6.1.7601.23537, timestamp: 0x57c44cc4
Nome del modulo che ha generato l'errore: DUI70.dll, versione: 6.1.7601.23403, timestamp: 0x56f5833e
Codice eccezione: 0xc0000005
Offset errore 0x00061fc5
ID processo che ha generato l'errore: 0x63c
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d30bc7a0fd99d9
Percorso dell'applicazione che ha generato l'errore: C:\Windows\Explorer.EXE
Percorso del modulo che ha generato l'errore: C:\Windows\system32\DUI70.dll
ID segnalazione: 69b27164-77bb-11e7-a25e-001e3769746c

Error: (08/02/2017 01:30:48 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Impossibile aprire l'oggetto prestazione del servizio Redirector. I primi quattro byte (DWORD) della sezione Data contengono il codice di stato.

Error: (08/02/2017 01:29:32 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Impossibile aprire l'oggetto prestazione del servizio Redirector. I primi quattro byte (DWORD) della sezione Data contengono il codice di stato.

Error: (08/02/2017 01:29:23 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Impossibile aprire l'oggetto prestazione del servizio Redirector. I primi quattro byte (DWORD) della sezione Data contengono il codice di stato.

System errors:
=============
Error: (08/02/2017 09:52:20 PM) (Source: volsnap) (EventID: 14) (User: )
Description: Le copie shadow del volume C: sono state interrotte. Errore IO sul volume C:.

Error: (08/02/2017 09:48:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Il server {995C996E-D918-4A8C-A302-45719A6F4EA7} non si è registrato con DCOM entro il timeout richiesto.

Error: (08/02/2017 09:47:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Servizio Eventi acquisizione Still Image terminato. Errore specifico del servizio La chiamata di procedura remota non è riuscita.
.

Error: (08/02/2017 09:47:25 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Impossibile avviare correttamente il servizio "WMPNetworkSvc". CoCreateInstance(CLSID_UPnPDeviceFinder) ha rilevato l'errore "0x80004005 ". Verificare che il servizio UPnPHost sia avviato e che il componente UPnPHost di Windows sia installato correttamente.

Error: (08/02/2017 09:47:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
raeehd

Error: (08/02/2017 09:47:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Servizio Cartelle di lavoro bloccato in partenza.

Error: (08/02/2017 09:45:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Il servizio Adattatore listener Net.Tcp dipende dal servizio was, che potrebbe non essere installato.

Error: (08/02/2017 09:45:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Il servizio Adattatore listener Net.Msmq dipende dal servizio msmq, che potrebbe non essere installato.

Error: (08/02/2017 09:45:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio hpqwmiex non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.

Error: (08/02/2017 09:45:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (120000 millisecondi) durante l'attesa della connessione del servizio hpqwmiex.

CodeIntegrity:
===================================
Date: 2017-06-21 23:57:28.426
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Users\ELECTR~1\AppData\Local\Temp\34498E819.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2017-06-21 23:57:28.420
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Users\ELECTR~1\AppData\Local\Temp\34498E819.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2017-06-20 14:00:10.034
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\cssguard32.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-06-20 13:55:14.520
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\cssguard32.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-06-20 13:55:14.500
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-06-20 13:55:14.120
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-06-20 13:43:20.126
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\cssguard32.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-06-20 13:43:20.110
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-06-20 13:43:19.736
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2017-06-20 13:38:25.026
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\System32\cssguard32.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5470 @ 1.60GHz
Percentage of memory in use: 67%
Total physical RAM: 2047.3 MB
Available physical RAM: 666.7 MB
Total Virtual: 4094.61 MB
Available Virtual: 2511.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:116.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 7F7CD770)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Corrine · Aug 2, 2017

Re: PC checked for malware

Hi, Gianfranco.

We also need the FRST.txt log. Please go to the FRST folder on your desktop and open FRST.txt. Copy and paste the log as a reply here.

Thanks.

Gianfranco · Aug 2, 2017

Re: PC checked for malware

Good evening Corrine.
That s the FRST.txt log.....but it seems to short.
I hope that there is not any mistake.
Thank you for your kind attention:

LastRegBack: 2017-04-06 13:45

==================== End of FRST.txt ============================

Gianfranco · Aug 2, 2017

Re: PC checked for malware

Hi Corrine.
I have found a second folder named FRST (2):
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-07-2017
Ran by Gianfranco (administrator) on EH-PC (02-08-2017 22:02:59)
Running from C:\Users\Gianfranco\Desktop
Loaded Profiles: Gianfranco (Available Profiles: Gianfranco & Guest)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\VPN\Avira.VpnService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sysinternals) C:\Windows\PSEXESVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-05-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3486520 2017-07-12] (Dropbox, Inc.)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [1980-01-04]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk [2017-04-07]
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{A05F4387-CEAF-48BF-9D4D-0F1E0CCC4944}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{A05F4387-CEAF-48BF-9D4D-0F1E0CCC4944}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1476158224-1758418250-2409185508-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/it-it/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}

FireFox:
========
FF DefaultProfile: h2ihtrgj.default
FF ProfilePath: C:\Users\Gianfranco\AppData\Roaming\Mozilla\Firefox\Profiles\h2ihtrgj.default [2017-07-31]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?fr=vmn&type=auslog_ya_hp
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?fr=vmn&type=auslog_ya_hp","hxxp://www.google.com/"
CHR Profile: C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default [2017-08-02]
CHR Extension: (Documenti Google) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-19]
CHR Extension: (Google Drive) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-19]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-07-21]
CHR Extension: (YouTube) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-19]
CHR Extension: (Adobe Acrobat) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-19]
CHR Extension: (Avast Passwords) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-07-21]
CHR Extension: (Google Documenti offline) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-19]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-19]
CHR Extension: (Gmail) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-19]
CHR Extension: (Chrome Media Router) - C:\Users\Gianfranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-19]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 AviraPhantomVPN; C:\Program Files\Avira\VPN\Avira.VpnService.exe [322616 2017-07-13] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-30] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42824 2017-07-12] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 PSEXESVC; C:\Windows\PSEXESVC.EXE [181064 2017-06-23] (Sysinternals)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2016-03-25] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppProtectEx; C:\Windows\System32\drivers\AppProtectEx.sys [104256 2014-10-23] (Baidu, Inc.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [46440 2015-03-31] (Baidu, Inc.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-02-11] (IVT Corporation.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-12-25] (Windows (R) Win 7 DDK provider)
S3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [56832 2017-02-11] (GenesysLogic)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43176 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [25440 2016-03-04] (ThreatTrack Security)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [47552 2017-06-20] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-02-11] (REALiX(tm))
R2 inpout32; C:\Windows\System32\Drivers\inpout32.sys [11936 2017-06-26] (Highresolution Enterprises [www.highrez.co.uk])
R0 kavbootc; C:\Windows\System32\drivers\kavbootc.sys [31592 1980-01-04] (Kingsoft Corporation)
S3 ksapi; C:\Windows\system32\drivers\ksapi.sys [114264 1980-01-04] (Kingsoft Corporation)
R2 libwamf; C:\Windows\System32\DRIVERS\libwamf.sys [28288 2017-05-01] (OPSWAT, Inc.)
R2 libwasys; C:\Windows\System32\DRIVERS\libwasys.sys [30848 2017-05-01] (OPSWAT, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221600 2017-08-02] (Malwarebytes)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2017-02-11] (Intel Corporation)
R3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [31032 2017-07-13] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-06-21] ()
S3 trufos; C:\Windows\System32\drivers\trufos.sys [428832 2017-07-24] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-02 22:00 - 2017-08-02 22:02 - 000012294 _____ C:\Users\Gianfranco\Desktop\FRST.txt
2017-08-02 21:55 - 2017-08-02 21:55 - 001777664 _____ (Farbar) C:\Users\Gianfranco\Desktop\FRST.exe
2017-08-01 21:24 - 2017-08-01 21:29 - 000003462 _____ C:\Users\Gianfranco\Desktop\SFCFix.txt
2017-08-01 21:12 - 2017-08-01 21:28 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\niemiro
2017-08-01 21:11 - 2017-08-01 21:11 - 002884096 _____ (niemiro) C:\Users\Gianfranco\Desktop\SFCFix.exe
2017-08-01 13:29 - 2017-08-01 13:29 - 001250816 _____ C:\Users\Gianfranco\Documents\MicrosoftEasyFix50202.msi
2017-07-31 22:56 - 2017-07-31 22:27 - 000983302 _____ C:\Windows\ntbtlog.txt
2017-07-31 22:44 - 2017-07-31 22:44 - 000002228 _____ C:\Users\Gianfranco\Desktop\JRT.txt
2017-07-31 22:42 - 2017-07-31 22:43 - 001790024 _____ (Malwarebytes) C:\Users\Gianfranco\Documents\JRT.exe
2017-07-31 13:38 - 2017-07-31 13:42 - 008162248 _____ (Malwarebytes) C:\Users\Gianfranco\Documents\adwcleaner_7.0.0.0.exe
2017-07-30 12:42 - 2017-07-30 17:33 - 000000000 ___RD C:\Users\Gianfranco\Dropbox
2017-07-30 12:42 - 2017-07-30 12:42 - 000001188 _____ C:\Users\Gianfranco\Desktop\Dropbox.lnk
2017-07-30 12:40 - 2017-07-30 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-07-30 12:38 - 2017-07-30 12:38 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Dropbox
2017-07-30 12:34 - 2017-08-02 21:43 - 000001100 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-07-30 12:34 - 2017-08-02 13:39 - 000001104 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-07-30 12:34 - 2017-07-30 12:42 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Dropbox
2017-07-30 12:34 - 2017-07-30 12:41 - 000000000 ____D C:\Program Files\Dropbox
2017-07-30 12:34 - 2017-07-30 12:34 - 000690080 _____ (Dropbox, Inc.) C:\Users\Gianfranco\Documents\DropboxInstaller.exe
2017-07-30 12:34 - 2017-07-30 12:34 - 000000000 ____D C:\ProgramData\Dropbox
2017-07-30 12:31 - 2017-07-30 17:32 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\SendSpace Wizard
2017-07-30 12:29 - 2017-07-30 12:29 - 000002509 _____ C:\Users\Public\Desktop\Sendspace Wizard.lnk
2017-07-30 12:29 - 2017-07-30 12:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sendspace Wizard
2017-07-30 12:25 - 2017-07-30 12:26 - 012263424 _____ C:\Users\Gianfranco\Documents\SendSpace Wizard v1.6.3 Windows Installer.msi
2017-07-29 17:54 - 2017-07-29 17:54 - 000000792 _____ C:\Windows\system32\config\components.zip
2017-07-29 00:51 - 2017-07-30 16:49 - 000741376 _____ C:\Windows\system32\LanguageDB.mdb
2017-07-28 23:22 - 2017-07-28 23:22 - 000000000 ____D C:\Users\Gianfranco\Desktop\Nuova cartella
2017-07-28 23:20 - 2017-07-28 23:20 - 000347440 _____ (Microsoft Corporation) C:\Users\Gianfranco\Documents\MicrosoftFixit-portable.exe
2017-07-28 22:51 - 2017-07-28 22:51 - 012286056 _____ (Intel Corporation) C:\Users\Gianfranco\Documents\SetupRST.exe
2017-07-28 22:51 - 2017-07-28 22:51 - 000000000 ____D C:\Users\Gianfranco\Intel
2017-07-28 22:43 - 2017-07-28 22:43 - 000000000 ____D C:\Users\Gianfranco\Documents\Cartella Scambio Bluetooth
2017-07-28 22:43 - 2017-07-28 22:43 - 000000000 ____D C:\Users\Gianfranco\Bluetooth Software
2017-07-28 22:08 - 2017-07-28 22:08 - 000876048 _____ (Microsoft Corporation) C:\Users\Gianfranco\Documents\mssstool32.exe
2017-07-28 14:46 - 2017-07-28 14:46 - 000226500 _____ C:\Windows\system32\ExpandedRegCLP.txt
2017-07-28 14:08 - 2017-07-30 18:04 - 000002038 _____ C:\Windows\system32\AllLog.txt
2017-07-28 14:08 - 2017-07-30 18:04 - 000001403 _____ C:\Windows\system32\UnknownLog.txt
2017-07-28 14:08 - 2017-07-30 18:04 - 000000605 _____ C:\Windows\system32\WhiteLog.txt
2017-07-28 14:08 - 2017-07-30 18:04 - 000000000 _____ C:\Windows\system32\deletedfiles.txt
2017-07-28 14:08 - 2017-07-30 18:04 - 000000000 _____ C:\Windows\system32\BlackLog.txt
2017-07-28 01:13 - 2017-07-28 01:13 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\LibreOffice
2017-07-28 01:06 - 2017-07-28 01:06 - 000367863 _____ C:\Users\Gianfranco\Documents\Cv Grillone.pdf
2017-07-28 00:21 - 2017-07-30 18:05 - 004476928 _____ C:\Windows\system32\RefGuide.mdb
2017-07-27 12:25 - 2017-07-27 12:25 - 000001006 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-07-26 21:39 - 2017-07-26 21:39 - 000313366 _____ C:\Users\Gianfranco\Downloads\WindowsUpdate.diagcab
2017-07-26 13:14 - 2017-07-26 13:14 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-07-26 13:00 - 2017-07-30 18:04 - 000003421 _____ C:\Windows\system32\FileInfoCheck.txt
2017-07-26 13:00 - 2017-07-30 18:04 - 000001635 _____ C:\Windows\system32\ReturnFromWS.txt
2017-07-26 13:00 - 2017-07-30 18:04 - 000000474 _____ C:\Windows\system32\TimeLog.txt
2017-07-26 12:59 - 2017-07-30 18:04 - 000006455 _____ C:\Windows\system32\Testing.txt
2017-07-26 12:59 - 2017-07-30 18:04 - 000006134 _____ C:\Windows\system32\XMLSent.txt
2017-07-26 12:50 - 2017-07-30 17:54 - 000024223 _____ C:\Windows\system32\Ext.txt
2017-07-26 12:50 - 2017-07-30 17:54 - 000000000 _____ C:\Windows\system32\SkippedFiles.txt
2017-07-26 12:49 - 2017-07-30 17:53 - 000000230 _____ C:\Windows\system32\Lnk.txt
2017-07-26 12:48 - 2017-07-30 17:52 - 000194670 _____ C:\Windows\system32\RegCLP.txt
2017-07-26 12:48 - 2017-07-30 17:52 - 000016723 _____ C:\Windows\system32\UniqueCLP.txt
2017-07-26 12:48 - 2017-07-30 17:52 - 000015274 _____ C:\Windows\system32\FilesFound.txt
2017-07-26 12:48 - 2017-07-30 17:52 - 000001652 _____ C:\Windows\system32\LP.txt
2017-07-26 12:48 - 2017-07-30 17:52 - 000000439 _____ C:\Windows\system32\FilesNotFound.txt
2017-07-25 21:43 - 2017-07-30 18:10 - 000000704 _____ C:\Windows\system32\RefGuide.ldb
2017-07-25 21:43 - 2017-07-30 16:50 - 000000000 _____ C:\Windows\system32\iphist.dat
2017-07-25 13:52 - 2017-07-25 13:52 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\AviraSpeedup
2017-07-25 13:50 - 2017-07-25 13:50 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Avira
2017-07-25 13:48 - 2017-08-02 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-25 13:48 - 2017-08-02 13:49 - 000000000 ____D C:\ProgramData\Avira
2017-07-25 13:48 - 2017-08-02 13:49 - 000000000 ____D C:\Program Files\Avira
2017-07-25 13:46 - 2017-07-25 13:47 - 004806912 _____ (Avira Operations GmbH & Co. KG) C:\Users\Gianfranco\Downloads\avira_en_asu80___sfc.exe
2017-07-24 21:59 - 2017-07-24 21:59 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\PCHC
2017-07-24 21:58 - 2017-07-30 18:11 - 000000000 ____D C:\Program Files\Swisscom PC-Assistant
2017-07-24 21:58 - 2017-07-24 21:58 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Swisscom PC-Assistant
2017-07-24 21:57 - 2017-07-24 21:57 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\III
2017-07-24 21:52 - 2017-07-24 21:55 - 017239928 _____ (Sutherland Global Services Inc., ) C:\Users\Gianfranco\Downloads\PcAssistant.exe
2017-07-24 21:51 - 2017-07-24 21:51 - 002097568 _____ C:\Users\Gianfranco\Downloads\SwisscomPCCheck_Italian(1).exe
2017-07-24 21:50 - 2017-07-25 13:16 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\SwisscomPCCheck
2017-07-24 21:49 - 2017-07-24 21:49 - 002097568 _____ C:\Users\Gianfranco\Downloads\SwisscomPCCheck_Italian.exe
2017-07-24 21:12 - 2017-07-24 21:13 - 000000000 __SHD C:\ZIL.QUAR
2017-07-24 20:35 - 2017-07-24 20:35 - 002928600 _____ (Hewlett-Packard ) C:\Users\Gianfranco\Downloads\HP Recovery Manager .exe
2017-07-24 12:13 - 2017-07-24 12:15 - 000000000 ____D C:\KVRT_Data
2017-07-24 11:58 - 2017-07-24 12:05 - 192214113 _____ (Igor Pavlov) C:\Users\Gianfranco\Downloads\ZillyaScanner_en.exe
2017-07-24 11:50 - 2017-07-24 11:52 - 122123224 _____ (Kaspersky Lab ZAO) C:\Users\Gianfranco\Downloads\KVRT.exe
2017-07-24 11:41 - 2017-07-24 11:47 - 139922097 _____ C:\Users\Gianfranco\Downloads\Vba32Check.exe
2017-07-24 11:37 - 2017-07-24 11:40 - 000000056 _____ C:\Windows\Lic.xxx
2017-07-24 11:35 - 2017-07-24 11:35 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll
2017-07-24 11:35 - 2017-07-24 11:35 - 000632064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2017-07-24 11:35 - 2017-07-24 11:35 - 000572928 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll
2017-07-24 11:35 - 2017-07-24 11:35 - 000554240 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2017-07-24 11:35 - 2017-07-24 11:35 - 000428832 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2017-07-24 11:35 - 2017-07-24 11:35 - 000156392 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\eEmpty.exe
2017-07-24 11:34 - 2017-07-24 11:34 - 000000000 ____D C:\ProgramData\MicroWorld
2017-07-24 11:34 - 2017-07-24 11:34 - 000000000 ____D C:\Program Files\Common Files\MicroWorld
2017-07-24 11:31 - 2017-07-24 11:33 - 204130528 _____ C:\Users\Gianfranco\Downloads\mwav.exe
2017-07-22 10:06 - 2017-07-22 10:08 - 000202670 _____ C:\TDSSKiller.3.1.0.15_22.07.2017_10.06.56_log.txt
2017-07-22 10:06 - 2017-07-22 10:06 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Gianfranco\Downloads\tdsskiller.exe
2017-07-22 08:22 - 2017-08-02 21:46 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-22 08:21 - 2017-07-22 08:21 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-22 08:21 - 2017-07-22 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-22 08:21 - 2017-07-22 08:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-07-22 08:21 - 2017-07-22 08:21 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-22 08:21 - 2017-06-27 12:06 - 000059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-22 08:20 - 2017-07-22 08:21 - 065033984 _____ (Malwarebytes ) C:\Users\Gianfranco\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-21 21:21 - 2017-07-21 21:28 - 108221696 _____ (Avanquest Software) C:\Users\Gianfranco\Downloads\Fix-It_Pro_ITA.exe
2017-07-21 20:40 - 2017-07-21 20:41 - 043280592 _____ (Microsoft Corporation) C:\Users\Gianfranco\Downloads\Windows-KB890830-V5.50.exe
2017-07-21 16:59 - 2017-07-22 09:40 - 000000000 ____D C:\Program Files\Zemana AntiMalware
2017-07-21 16:59 - 2017-07-21 16:59 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Zemana
2017-07-21 16:58 - 2017-07-21 16:58 - 006589840 _____ (Zemana Ltd. ) C:\Users\Gianfranco\Downloads\Zemana.AntiMalware.Setup.exe
2017-07-21 16:09 - 2017-07-31 23:29 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\NPE
2017-07-21 16:09 - 2017-07-21 16:09 - 003422432 _____ (Symantec Corporation) C:\Users\Gianfranco\Downloads\NPE.exe
2017-07-21 15:20 - 2017-07-23 12:20 - 000000000 _____ C:\Windows\system32\app.json
2017-07-21 14:28 - 2017-07-21 14:28 - 000000000 ____D C:\Users\Gianfranco\Desktop\Metadefender
2017-07-21 14:26 - 2017-08-02 21:47 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\CrashDumps
2017-07-21 14:24 - 2017-07-21 23:30 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Metadefender-Local
2017-07-21 00:12 - 2017-07-21 00:13 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Adobe
2017-07-21 00:12 - 2017-07-21 00:12 - 000000000 ____D C:\Users\Gianfranco\AppData\LocalLow\Adobe
2017-07-20 23:16 - 2017-07-20 23:16 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Google
2017-07-20 22:01 - 2017-07-20 22:01 - 000000000 ____D C:\Users\Gianfranco\Downloads\WRCFree
2017-07-20 22:00 - 2017-07-20 22:00 - 003128889 _____ C:\Users\Gianfranco\Downloads\WRCFree.zip
2017-07-20 21:53 - 2017-07-20 21:55 - 000000000 ____D C:\Users\Gianfranco\Downloads\shexview
2017-07-20 21:52 - 2017-07-20 21:52 - 000066867 _____ C:\Users\Gianfranco\Downloads\shexview.zip
2017-07-20 21:51 - 2017-07-20 21:51 - 000002707 _____ C:\Users\Gianfranco\Downloads\shexview_italian1.zip
2017-07-20 21:14 - 2017-08-02 16:22 - 000000000 ____D C:\Users\Gianfranco\Downloads\ResetWUEng
2017-07-20 01:40 - 2017-07-20 01:40 - 001447799 _____ C:\Users\Gianfranco\Desktop\cbs
2017-07-19 23:45 - 2017-07-31 22:38 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\ElevatedDiagnostics
2017-07-19 22:30 - 2017-07-25 14:15 - 000343280 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-19 22:16 - 2017-07-25 13:50 - 000078168 _____ C:\Users\Gianfranco\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-19 21:49 - 2017-07-19 21:49 - 000000000 ____D C:\Users\Guest\AppData\Local\CEF
2017-07-19 13:42 - 2017-07-19 13:42 - 000000000 ____D C:\Users\Gianfranco\Desktop\ElectronicHouse
2017-07-19 13:28 - 2017-07-31 21:33 - 000000000 ____D C:\Users\Gianfranco\AppData\LocalLow\Mozilla
2017-07-19 13:28 - 2017-07-19 13:33 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Mozilla
2017-07-19 13:28 - 2017-07-19 13:28 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Mozilla
2017-07-19 13:15 - 2017-07-19 13:15 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Opera Software
2017-07-19 13:15 - 2017-07-19 13:15 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Opera Software
2017-07-19 12:59 - 2017-07-19 12:59 - 000077768 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-19 12:58 - 2017-07-19 21:49 - 000000000 ____D C:\Users\Guest\AppData\LocalLow\360WD
2017-07-19 12:58 - 2017-07-19 12:58 - 000000000 ____D C:\Users\Guest\AppData\Roaming\ATI
2017-07-19 12:58 - 2017-07-19 12:58 - 000000000 ____D C:\Users\Guest\AppData\Local\ATI
2017-07-19 12:58 - 2017-07-19 12:58 - 000000000 _____ C:\Users\Guest\AppData\Local\QSwitch.txt
2017-07-19 12:58 - 2017-07-19 12:58 - 000000000 _____ C:\Users\Guest\AppData\Local\DSwitch.txt
2017-07-19 12:58 - 2017-07-19 12:58 - 000000000 _____ C:\Users\Guest\AppData\Local\AtStart.txt
2017-07-18 16:55 - 2017-07-18 16:55 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\CEF
2017-07-18 16:51 - 2017-07-18 16:51 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\ATI
2017-07-18 16:51 - 2017-07-18 16:51 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\ATI
2017-07-18 16:50 - 2017-07-30 12:42 - 000000000 ____D C:\Users\Gianfranco
2017-07-18 16:50 - 2017-07-25 21:20 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\hpqLog
2017-07-18 16:50 - 2017-07-21 00:12 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Adobe
2017-07-18 16:50 - 2017-07-19 14:13 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\Google
2017-07-18 16:50 - 2017-07-18 16:50 - 000001397 _____ C:\Users\Gianfranco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-18 16:50 - 2017-07-18 16:50 - 000000020 ___SH C:\Users\Gianfranco\ntuser.ini
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Risorse di stampa
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Risorse di rete
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Recenti
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Modelli
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Menu Avvio
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Impostazioni locali
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Documents\Video
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Documents\Musica
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Documents\Immagini
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Documenti
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\Dati applicazioni
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\AppData\Local\Dati applicazioni
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _SHDL C:\Users\Gianfranco\AppData\Local\Cronologia
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 ____D C:\Users\Gianfranco\AppData\Local\VirtualStore
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ C:\Users\Gianfranco\AppData\Local\QSwitch.txt
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ C:\Users\Gianfranco\AppData\Local\DSwitch.txt
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ C:\Users\Gianfranco\AppData\Local\AtStart.txt
2017-07-18 16:50 - 2011-04-12 06:27 - 000000000 ____D C:\Users\Gianfranco\AppData\Roaming\Media Center Programs
2017-07-17 09:44 - 2017-08-02 16:11 - 000000000 ____D C:\Program Files\Opera
2017-07-17 09:44 - 2017-07-18 15:50 - 000001933 _____ C:\Users\Public\Desktop\Browser Opera.lnk
2017-07-17 09:44 - 2017-07-17 09:44 - 000001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Opera.lnk
2017-07-17 09:36 - 2017-07-17 09:36 - 000000000 ____D C:\Windows\Tasks\360Disabled
2017-07-17 09:35 - 2017-07-20 20:52 - 000000000 ____D C:\Program Files\Common Files\AV
2017-07-16 23:30 - 2016-03-04 12:26 - 000025440 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2017-07-16 23:30 - 2015-08-27 07:31 - 000043176 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2017-07-16 23:28 - 2017-07-17 01:30 - 000000000 ____D C:\VIPRERESCUE
2017-07-16 20:34 - 2017-07-16 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
2017-07-16 14:51 - 2017-07-16 14:51 - 000000000 ____D C:\Windows\system32\catroot2.old
2017-07-15 23:24 - 2017-07-15 23:24 - 000000000 ____D C:\MFT 43551
2017-07-15 00:31 - 2017-07-15 00:31 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2017-07-15 00:28 - 2017-07-15 00:28 - 000000000 ____D C:\Program Files\Common Files\adaware
2017-07-15 00:13 - 2017-07-16 13:42 - 000000000 ____D C:\ProgramData\TuneUp Software
2017-07-15 00:12 - 2017-07-15 00:12 - 000000000 __SHD C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2017-07-14 22:28 - 2017-07-14 22:28 - 000000000 ____D C:\ProgramData\dbg
2017-07-13 13:32 - 2017-07-13 13:32 - 000031032 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\phantomtap.sys
2017-07-12 23:40 - 2017-07-12 23:40 - 000030194 _____ C:\ProgramData\agent.uninstall.1499895622.bdinstall.bin
2017-07-12 23:33 - 2017-07-15 11:47 - 000000000 ____D C:\ProgramData\Bitdefender
2017-07-12 21:58 - 2017-07-12 21:58 - 000042824 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-07-12 21:58 - 2017-07-12 21:58 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-07-12 21:58 - 2017-07-12 21:58 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-07-12 21:58 - 2017-07-12 21:58 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-07-12 11:58 - 2017-07-12 11:58 - 000000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2017-07-10 22:32 - 2017-07-25 21:20 - 000000000 ____D C:\Windows\SoftwareDistribution.old
2017-07-10 13:04 - 2017-07-10 13:04 - 000003814 _____ C:\Windows\system32\bddel.dat
2017-07-08 16:58 - 2017-08-02 22:02 - 000000000 ____D C:\FRST

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-02 21:55 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-02 21:55 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-02 21:43 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-02 13:49 - 2017-01-30 11:43 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-01 21:28 - 2017-06-14 13:01 - 000000000 ____D C:\SFCFix
2017-08-01 15:26 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\NDF
2017-08-01 13:40 - 2017-05-12 11:25 - 000032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-31 23:01 - 2017-06-07 01:10 - 000000000 ____D C:\NPE
2017-07-31 22:31 - 2017-05-19 23:11 - 000000000 ____D C:\AdwCleaner
2017-07-28 22:43 - 2017-02-03 12:16 - 000660644 _____ C:\Windows\system32\perfh005.dat
2017-07-28 22:43 - 2017-02-03 12:16 - 000141294 _____ C:\Windows\system32\perfc005.dat
2017-07-28 22:43 - 2017-02-03 11:53 - 000737260 _____ C:\Windows\system32\perfh00A.dat
2017-07-28 22:43 - 2017-02-03 11:53 - 000158342 _____ C:\Windows\system32\perfc00A.dat
2017-07-28 22:43 - 2017-02-01 10:59 - 000732162 _____ C:\Windows\system32\perfh015.dat
2017-07-28 22:43 - 2017-02-01 10:59 - 000155740 _____ C:\Windows\system32\perfc015.dat
2017-07-28 22:43 - 2017-01-30 16:20 - 000737520 _____ C:\Windows\system32\perfh00C.dat
2017-07-28 22:43 - 2017-01-30 16:20 - 000470818 _____ C:\Windows\system32\perfh001.dat
2017-07-28 22:43 - 2017-01-30 16:20 - 000149448 _____ C:\Windows\system32\perfc00C.dat
2017-07-28 22:43 - 2017-01-30 16:20 - 000094640 _____ C:\Windows\system32\perfc001.dat
2017-07-28 22:43 - 2017-01-26 12:32 - 000705684 _____ C:\Windows\system32\prfh0416.dat
2017-07-28 22:43 - 2017-01-26 12:32 - 000147524 _____ C:\Windows\system32\prfc0416.dat
2017-07-28 22:43 - 2017-01-26 12:31 - 000501218 _____ C:\Windows\system32\perfh006.dat
2017-07-28 22:43 - 2017-01-26 12:31 - 000098526 _____ C:\Windows\system32\perfc006.dat
2017-07-28 22:43 - 2017-01-26 12:18 - 000689012 _____ C:\Windows\system32\perfh007.dat
2017-07-28 22:43 - 2017-01-26 12:18 - 000148984 _____ C:\Windows\system32\perfc007.dat
2017-07-28 22:43 - 2017-01-26 12:09 - 000390146 _____ C:\Windows\system32\prfh0404.dat
2017-07-28 22:43 - 2017-01-26 12:09 - 000114958 _____ C:\Windows\system32\prfc0404.dat
2017-07-28 22:43 - 2017-01-23 13:38 - 000648486 _____ C:\Windows\system32\perfh01F.dat
2017-07-28 22:43 - 2017-01-23 13:38 - 000139868 _____ C:\Windows\system32\perfc01F.dat
2017-07-28 22:43 - 2011-04-12 06:18 - 000741312 _____ C:\Windows\system32\perfh010.dat
2017-07-28 22:43 - 2011-04-12 06:18 - 000147334 _____ C:\Windows\system32\perfc010.dat
2017-07-28 22:43 - 2010-11-20 23:01 - 011011858 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-28 22:43 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2017-07-28 22:43 - 1980-01-04 01:03 - 000720822 _____ C:\Windows\system32\prfh0816.dat
2017-07-28 22:43 - 1980-01-04 01:03 - 000716404 _____ C:\Windows\system32\perfh019.dat
2017-07-28 22:43 - 1980-01-04 01:03 - 000152774 _____ C:\Windows\system32\prfc0816.dat
2017-07-28 22:43 - 1980-01-04 01:03 - 000150710 _____ C:\Windows\system32\perfc019.dat
2017-07-28 22:27 - 2017-03-23 20:12 - 000000000 ____D C:\Windows\pss
2017-07-25 21:20 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\oldcatroot2
2017-07-25 21:20 - 1980-01-04 01:07 - 000000000 ____D C:\Users\Default\AppData\Roaming\hpqLog
2017-07-25 21:20 - 1980-01-04 01:07 - 000000000 ____D C:\Users\Default User\AppData\Roaming\hpqLog
2017-07-24 20:35 - 2017-01-18 10:08 - 000000000 ____D C:\SWSetup
2017-07-24 11:39 - 2009-07-14 04:04 - 000000856 _____ C:\Windows\win.ini
2017-07-22 09:37 - 2017-04-07 22:32 - 000309593 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-22 09:05 - 2017-04-07 22:32 - 002558543 _____ C:\Windows\ZAM.krnl.trace
2017-07-21 20:41 - 2017-06-28 17:15 - 132532600 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-19 22:09 - 2017-06-10 23:34 - 000000422 __RSH C:\ProgramData\ntuser.pol
2017-07-19 21:38 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\registration
2017-07-19 13:42 - 2017-02-01 10:24 - 000000000 ____D C:\Windows\system32\appmgmt
2017-07-19 13:42 - 1980-01-04 01:34 - 000000000 ____D C:\Users\ElectronicHouse
2017-07-17 09:43 - 2017-02-07 14:35 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-17 09:43 - 2017-02-07 14:35 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-17 09:41 - 1980-01-04 01:23 - 000000000 ____D C:\Windows\Panther
2017-07-12 22:46 - 2017-02-10 21:29 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-12 22:28 - 2009-07-14 06:34 - 000003072 _____ C:\Windows\system32\umstartup.etl
2017-07-12 11:45 - 2017-06-18 18:23 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-07-12 11:45 - 2017-06-18 18:23 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-07-12 11:44 - 2017-01-30 11:29 - 000000000 ____D C:\Windows\system32\Macromed
2017-07-07 13:34 - 1980-01-04 01:02 - 000000000 ____D C:\ProgramData\Kingsoft

==================== Files in the root of some directories =======

2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ () C:\Users\Gianfranco\AppData\Local\AtStart.txt
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ () C:\Users\Gianfranco\AppData\Local\DSwitch.txt
2017-07-21 14:25 - 2017-07-23 12:22 - 000001789 _____ () C:\Users\Gianfranco\AppData\Local\infection.log
2017-07-18 16:50 - 2017-07-18 16:50 - 000000000 _____ () C:\Users\Gianfranco\AppData\Local\QSwitch.txt
2017-06-28 23:42 - 2017-06-28 23:42 - 000045723 _____ () C:\ProgramData\agent.1498686124.bdinstall.bin
2017-07-12 23:40 - 2017-07-12 23:40 - 000030194 _____ () C:\ProgramData\agent.uninstall.1499895622.bdinstall.bin
2017-06-29 11:36 - 2017-06-29 11:36 - 000030398 _____ () C:\ProgramData\agent.update.1498728924.bdinstall.bin

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

Corrine · Aug 2, 2017

Re: PC checked for malware

It appears that you have already run a few tools on your system, including Junkware Removal Tool, AdwCleaner and others.

Before we proceed, why have you blocked C:\windows\system32\mmc.exe. This is the Microsoft Management Console and is a Windows core system file. (Yes, IF located elsewhere, not in sys32, it is a malicious file but that is not the case here.)

Gianfranco · Aug 3, 2017

Re: PC checked for malware

Good afternoon Corrine,
I am sorry for the delay of my answer back to you but here in italy is half past one o clock in the afternoon.
C:\Windows\System32 is where i found located the mmc.
i have not blocked it by myself but maybe any other software like the avira speed up could have optimized this services when the pc boot for faster performance.
i have no idea about what has happened but i often use the event log service on the control panel which is part of mmc.
thank you for help me
Gianfranco

Corrine · Aug 3, 2017

Re: PC checked for malware

Thank you for your response. I do not recommend optimization programs as they can cause more damage than help.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Please select the entire contents of the code box below, from the "Start::" line to "End", including both lies. Right-click and select "Copy ".

Code:

Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers1: [Pointstone SecureErase] -> {432FD30C-8EA7-4347-87C1-1AE8A1A424C7} => -> No File
ContextMenuHandlers5: [BDPCAppStoreShellEx] -> {787E1E4D-42BC-4BA7-A7B2-7C00DB80E2CE} => -> No File
Task: {32A4FA44-470C-4AB2-857E-D7F763D70109} - \Xvirus startup -> No File <==== ATTENTION
Task: {C1933613-3817-4090-BB40-BFDA700E1A3A} - \Security Reviver_startup -> No File <==== ATTENTION
FirewallRules: [TCP Query User{5733172A-1990-49E3-9A44-BC5305D91E11}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{F5CFBC8B-8E16-40EF-A74C-15B42B7842DB}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
EmptyTemp:
End::

Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
Please post the log in your next reply.

Gianfranco · Aug 3, 2017

Re: PC checked for malware

Hi Corrine :
this is the fixlog.txt :
Fix result of Farbar Recovery Scan Tool (x86) Version: 31-07-2017
Ran by Gianfranco (03-08-2017 14:39:35) Run:1
Running from C:\Users\Gianfranco\Desktop
Loaded Profiles: Gianfranco (Available Profiles: Gianfranco & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************

CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers1: [Pointstone SecureErase] -> {432FD30C-8EA7-4347-87C1-1AE8A1A424C7} => -> No File
ContextMenuHandlers5: [BDPCAppStoreShellEx] -> {787E1E4D-42BC-4BA7-A7B2-7C00DB80E2CE} => -> No File
Task: {32A4FA44-470C-4AB2-857E-D7F763D70109} - \Xvirus startup -> No File <==== ATTENTION
Task: {C1933613-3817-4090-BB40-BFDA700E1A3A} - \Security Reviver_startup -> No File <==== ATTENTION
FirewallRules: [TCP Query User{5733172A-1990-49E3-9A44-BC5305D91E11}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{F5CFBC8B-8E16-40EF-A74C-15B42B7842DB}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Pointstone SecureErase => key removed successfully.
HKLM\Software\Classes\CLSID\{432FD30C-8EA7-4347-87C1-1AE8A1A424C7} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\BDPCAppStoreShellEx => key removed successfully.
HKLM\Software\Classes\CLSID\{787E1E4D-42BC-4BA7-A7B2-7C00DB80E2CE} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32A4FA44-470C-4AB2-857E-D7F763D70109} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32A4FA44-470C-4AB2-857E-D7F763D70109} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Xvirus startup => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C1933613-3817-4090-BB40-BFDA700E1A3A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1933613-3817-4090-BB40-BFDA700E1A3A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Reviver_startup => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5733172A-1990-49E3-9A44-BC5305D91E11}C:\windows\system32\mmc.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F5CFBC8B-8E16-40EF-A74C-15B42B7842DB}C:\windows\system32\mmc.exe => value removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5812343 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 4019107 B
Edge => 0 B
Chrome => 453070011 B
Firefox => 349476430 B
Opera => 164994798 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 19474718 B
LocalService => 66228 B
NetworkService => 87984 B
Gianfranco => 138004587 B
Guest => 11909041 B

RecycleBin => 2419125 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 14:47:23 ====

Corrine · Aug 3, 2017

Re: PC checked for malware

Thank you. From what your logs showed after you had run other tools on your own, that was just a bit of cleanup, although, as softwaremaniac will see, the BITS Transfer Queue and temp files were cleared so that may be helpful.

Please download Delfix from here.

Ensure the following boxes are checked:

Remove disinfection tools
Create registry backup
Purge system restore
Click Run

The program will run for a few moments and then notepad will open with a log, which you can close.

Following that, please return to your original topic and await further instructions from softwaremaniac. He has been following your topic here and understands the steps taken here.

SFC scannow, SFCFIX and windows update errors

[Win7SP1Ult x86] PC checked for malware

Gianfranco

Member

Sysnative Windows Update

Inactive

Gianfranco

Member

Gianfranco

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Gianfranco

Member

Gianfranco

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Gianfranco

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Gianfranco

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

[Win7SP1Ult x86] PC checked for malware

Member

Inactive

Member

Member

Administrator, Microsoft MVP, Security Analyst

Member

Member

Administrator, Microsoft MVP, Security Analyst

Member

Administrator, Microsoft MVP, Security Analyst

Member

Administrator, Microsoft MVP, Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst