Solved PC & Firefox slow

F

FaryZone

Posts: 15   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-05-2017
Ran by Alessandro (ATTENTION: The user is not administrator) on ATARU (14-05-2017 00:29:52)
Running from C:\Users\Alessandro\Desktop
Loaded Profiles: John & Alessandro (Available Profiles: John & Alessandro)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AvastSvc.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> SASCore.exe
Failed to access process -> armsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> mscorsvw.exe
Failed to access process -> nvxdsync.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> aswidsagent.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> svchost.exe
Failed to access process -> wmpnetwk.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Alessandro\Desktop\FRST(1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-12] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-1198036982-2959511957-1623649180-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6828448 2017-04-07] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-05-12] (AVAST Software)
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CC4A2340-A261-4307-8944-43BD45212F36}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F7D3F3F7-2033-442F-A094-5FE6DDD0AEAC}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
URLSearchHook: [S-1-5-21-1198036982-2959511957-1623649180-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-1198036982-2959511957-1623649180-1003 -> {10AD1955-57C2-4BF5-B9B1-7179CA7572BA} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1198036982-2959511957-1623649180-1003 -> {B8F9323A-27D5-465A-AF33-AC053AA1FEFB} URL = hxxp://it.wikipedia.org/w/index.php?title=Speciale:Ricerca&search={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-04] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1198036982-2959511957-1623649180-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-19] (Google Inc.)

FireFox:
========
FF DefaultProfile: 0mu29rir.default
FF ProfilePath: C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Profiles\0mu29rir.default [2017-05-14]
FF Extension: (Simple Night Mode) - C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Profiles\0mu29rir.default\Extensions\@Simple-Night-Mode.xpi [2017-04-03]
FF Extension: (Avast SafePrice) - C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Profiles\0mu29rir.default\Extensions\sp@avast.com.xpi [2017-05-12]
FF Extension: (Avast Online Security) - C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Profiles\0mu29rir.default\Extensions\wrc@avast.com.xpi [2017-05-12]
FF Extension: (Adblock Plus) - C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Profiles\0mu29rir.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-04-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-12] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1198036982-2959511957-1623649180-1003: @citrixonline.com/appdetectorplugin -> C:\Users\Alessandro\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-03-16] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default [2017-04-26]
CHR Extension: (Google Docs) - C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-06]
CHR Extension: (Google Drive) - C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-06]
CHR Extension: (YouTube) - C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-06]
CHR Extension: (Avast SafePrice) - C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-19]
CHR Extension: (Google Docs Offline) - C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-06]
CHR Extension: (Avast Online Security) - C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-26]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5732136 2017-05-12] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-12] (AVAST Software)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [258288 2017-05-12] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148696 2017-05-12] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [268016 2017-05-12] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41664 2017-05-12] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [70008 2017-03-20] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-05-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-05-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107928 2017-05-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-05-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-05-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764576 2017-05-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [482608 2017-05-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115152 2017-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-05-12] (AVAST Software)
R3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16384 2003-01-10] (Primax Electronics Ltd.)
R3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [9216 2003-02-11] (Primax Electronics Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-14 00:29 - 2017-05-14 00:30 - 00011997 _____ C:\Users\Alessandro\Desktop\FRST.txt
2017-05-14 00:21 - 2017-05-14 00:21 - 01769984 _____ (Farbar) C:\Users\Alessandro\Desktop\FRST(1).exe
2017-05-13 23:54 - 2017-05-13 23:54 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-12 20:57 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-12 20:56 - 2017-04-28 02:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-05-12 20:56 - 2017-04-28 02:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-12 20:56 - 2017-04-28 02:36 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-12 20:56 - 2017-04-28 02:36 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-12 20:56 - 2017-04-28 02:34 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-12 20:56 - 2017-04-28 02:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-12 20:56 - 2017-04-28 02:11 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-12 20:56 - 2017-04-28 02:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-12 20:56 - 2017-04-28 02:11 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-12 20:56 - 2017-04-28 02:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-12 20:56 - 2017-04-28 02:09 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-12 20:56 - 2017-04-28 02:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-12 20:56 - 2017-04-28 02:07 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-12 20:56 - 2017-04-28 02:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-12 20:56 - 2017-04-28 02:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-12 20:56 - 2017-04-28 02:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-12 20:56 - 2017-04-28 02:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-12 20:56 - 2017-04-28 02:07 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-12 20:56 - 2017-04-26 16:51 - 02400768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-12 20:56 - 2017-04-21 17:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-12 20:56 - 2017-04-20 01:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 16:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-12 20:56 - 2017-04-17 16:51 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-12 20:56 - 2017-04-17 16:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 16:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 16:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 16:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-12 20:56 - 2017-04-16 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-12 20:56 - 2017-04-16 10:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-12 20:56 - 2017-04-16 10:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-12 20:56 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-12 20:56 - 2017-04-16 10:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-12 20:56 - 2017-04-16 10:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-12 20:56 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-12 20:56 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-12 20:56 - 2017-04-16 09:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-12 20:56 - 2017-04-16 09:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-12 20:56 - 2017-04-16 09:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-12 20:56 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-12 20:56 - 2017-04-16 09:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-12 20:56 - 2017-04-16 09:47 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-12 20:56 - 2017-04-16 09:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-12 20:56 - 2017-04-16 09:39 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-12 20:56 - 2017-04-16 09:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-12 20:56 - 2017-04-16 09:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-12 20:56 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-12 20:56 - 2017-04-16 09:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-12 20:56 - 2017-04-16 09:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-12 20:56 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-12 20:56 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-12 20:56 - 2017-04-16 09:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-12 20:56 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-12 20:56 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-12 20:56 - 2017-04-16 09:10 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-12 20:56 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-12 20:56 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-12 20:56 - 2017-04-16 09:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-12 20:56 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-12 20:56 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-12 20:56 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-12 20:56 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-12 20:56 - 2017-04-12 17:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-12 20:56 - 2017-04-12 17:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-12 20:56 - 2017-04-12 17:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-12 20:56 - 2017-04-12 17:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-12 20:56 - 2017-04-07 17:26 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-12 20:56 - 2017-04-07 17:26 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-12 20:56 - 2017-04-07 17:21 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-12 20:56 - 2017-04-07 17:20 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-12 20:56 - 2017-04-05 17:00 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-12 20:56 - 2017-04-05 17:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-12 20:56 - 2017-04-05 17:00 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-12 20:56 - 2017-04-04 17:25 - 01309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-12 20:56 - 2017-04-04 17:25 - 00240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-12 20:56 - 2017-04-04 17:25 - 00187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-12 20:56 - 2017-04-04 16:52 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-12 20:56 - 2017-04-04 16:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-12 20:56 - 2017-03-10 18:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-12 20:56 - 2017-03-10 18:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-12 20:56 - 2017-03-10 17:52 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-12 20:56 - 2017-03-10 17:51 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-12 20:56 - 2017-03-10 17:51 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-12 20:56 - 2017-03-09 18:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00330768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-27 17:35 - 2017-04-27 17:35 - 00000000 ____D C:\Users\Alessandro\AppData\Roaming\polychat-client
2017-04-27 17:20 - 2017-04-27 17:20 - 00000000 ____D C:\Program Files\PVproctor
2017-04-26 16:40 - 2017-04-26 16:40 - 00000009 _____ C:\Users\Alessandro\Documents\test.txt
2017-04-26 16:08 - 2017-04-26 16:08 - 00000080 _____ C:\Users\Alessandro\Documents\exam.txt
2017-04-20 22:17 - 2017-04-20 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-04-20 22:16 - 2017-04-20 22:17 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2017-04-20 22:09 - 2017-05-06 22:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-04-18 19:59 - 2017-05-12 20:50 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-04-18 19:59 - 2017-05-12 20:50 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-04-18 19:59 - 2017-05-12 20:50 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-18 19:59 - 2017-04-18 19:59 - 00000000 ____D C:\Users\Alessandro\AppData\Local\Macromedia
2017-04-18 19:24 - 2017-04-18 19:24 - 04713984 _____ (Geza Kovacs) C:\Users\Alessandro\Downloads\unetbootin-windows-625.exe
2017-04-18 19:19 - 2017-04-18 19:20 - 51380224 _____ C:\Users\Alessandro\Downloads\mini.iso

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-14 00:29 - 2017-04-04 18:45 - 00000000 ____D C:\FRST
2017-05-14 00:22 - 2017-03-16 18:18 - 00000592 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1198036982-2959511957-1623649180-1003.job
2017-05-14 00:12 - 2017-04-03 23:01 - 00000000 ____D C:\Users\Alessandro\AppData\LocalLow\Mozilla
2017-05-13 23:57 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-13 23:57 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-13 23:47 - 2010-11-20 23:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-13 23:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-05-13 23:42 - 2017-03-16 18:18 - 00000688 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1198036982-2959511957-1623649180-1003.job
2017-05-13 23:42 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-13 23:42 - 2009-07-14 06:33 - 00408544 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-13 23:40 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-12 21:18 - 2017-02-04 23:00 - 00000000 ____D C:\Windows\system32\MRT
2017-05-12 21:15 - 2017-02-04 23:00 - 153591048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-12 20:43 - 2016-11-19 18:55 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-12 20:42 - 2017-02-08 17:49 - 00268016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-05-12 20:42 - 2017-02-08 17:49 - 00258288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-05-12 20:42 - 2017-02-08 17:49 - 00148696 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-05-12 20:42 - 2017-02-08 17:49 - 00041664 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-05-12 20:42 - 2016-11-19 18:57 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00764576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00482608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00279800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00107928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-06 22:30 - 2017-04-03 23:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-05-04 23:22 - 2017-02-27 00:23 - 00000000 ____D C:\Users\Alessandro\AppData\Roaming\Skype
2017-05-03 22:09 - 2016-11-19 18:59 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-03 22:09 - 2016-11-19 18:59 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-27 18:29 - 2016-12-25 00:42 - 00000000 ____D C:\Users\Alessandro
2017-04-27 17:20 - 2017-02-24 18:50 - 00000863 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVproctor.lnk
2017-04-27 17:20 - 2017-02-24 18:50 - 00000851 _____ C:\Users\Public\Desktop\PVproctor.lnk
2017-04-18 17:19 - 2009-07-14 06:53 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-14 22:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2017-04-14 21:18 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2017-04-14 00:17 - 2017-04-04 18:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-05-2017
Ran by Alessandro (14-05-2017 00:30:36)
Running from C:\Users\Alessandro\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2001-12-31 23:20:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin123 (S-1-5-21-1198036982-2959511957-1623649180-500 - Administrator - Disabled)
Alessandro (S-1-5-21-1198036982-2959511957-1623649180-1003 - Limited - Enabled) => C:\Users\Alessandro
Guest (S-1-5-21-1198036982-2959511957-1623649180-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1198036982-2959511957-1623649180-1002 - Limited - Enabled)
John (S-1-5-21-1198036982-2959511957-1623649180-1000 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Citrix Online Launcher (HKLM\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Google Chrome (HKLM\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.33.5 - Google Inc.) Hidden
GoToMeeting 8.5.0.6956 (HKU\S-1-5-21-1198036982-2959511957-1623649180-1003\...\GoToMeeting) (Version: 8.5.0.6956 - CitrixOnline)
Kits Configuration Installer (Version: 10.1.14393.33 - Microsoft) Hidden
K-Lite Codec Pack 11.8.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{9CB185CC-EDD4-45C5-A4E1-29B766E7B189}) (Version: 2.3.2211 - Microsoft Corporation)
Microsoft Build Tools 2015 (HKLM\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{C340BAB2-9A21-41B9-A465-7AC7B1DF773E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.5.30227.2 - Microsoft Corporation)
Microsoft Visual Studio Express 2015 for Windows Desktop - ENU (HKLM\...\{ad32eacb-d66f-472d-9af5-11278d461b28}) (Version: 14.0.23107.178 - Microsoft Corporation)
Mouse Suite (HKLM\...\MouseSuite98) (Version: - )
Mozilla Firefox 53.0.2 (x86 it) (HKLM\...\Mozilla Firefox 53.0.2 (x86 it)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
PVproctor (HKLM\...\com.pcam.proctorvue) (Version: 2.15.1 - UNKNOWN)
PVproctor (Version: 2.15.1 - UNKNOWN) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
SafeZone Stable 3.55.2393.596 (Version: 3.55.2393.596 - Avast Software) Hidden
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SDK Debuggers (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.33 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.6050 - Analog Devices)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1198036982-2959511957-1623649180-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Alessandro\AppData\Local\Citrix\GoToMeeting\6519\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1198036982-2959511957-1623649180-1003.job => C:\Users\Alessandro\AppData\Local\Citrix\GoToMeeting\6956\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1198036982-2959511957-1623649180-1003.job => C:\Users\Alessandro\AppData\Local\Citrix\GoToMeeting\6956\g2mupload.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1198036982-2959511957-1623649180-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: Mouse Suite 98 Daemon => ICO.EXE
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{44BCD7BE-DE9C-467A-9DFE-A905B9058986}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{45B6BDE9-94AA-4899-80CF-E2FE6B9EA0AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{33BC153C-AE94-4CAC-856B-5BDB977AE7D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8A4E62E5-E696-48AE-8A92-1440759CBC60}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EB1CF375-9EB0-489E-A61D-DB435A770E3C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{62CB8305-F453-4019-AB86-FE832C77780F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{952DC839-A743-41F4-908D-A7F25CD2AFCB}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{FD8F2DE9-A072-4243-A13E-C885A3D1F419}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{89AF002C-E558-4643-943F-813C0D2D074E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/13/2017 11:42:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/12/2017 08:39:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/07/2017 05:28:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\avast software\avast\x64\gaming_hook.exe".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="amd64",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/07/2017 05:18:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/06/2017 10:30:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/06/2017 08:51:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/06/2017 02:01:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/04/2017 10:03:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/04/2017 06:36:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\avast software\avast\x64\gaming_hook.exe".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="amd64",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/04/2017 06:30:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (05/07/2017 05:18:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (05/07/2017 05:18:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (05/07/2017 05:18:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (05/06/2017 08:51:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (05/04/2017 10:03:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (05/04/2017 06:30:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 23:29:08 on ‎03/‎05/‎2017 was unexpected.

Error: (04/22/2017 02:11:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostics Tracking Service service failed to start due to the following error:
The pipe has been ended.

Error: (04/19/2017 07:42:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Security Center service terminated with the following error:
%%16389

Error: (04/18/2017 07:58:01 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (04/18/2017 07:25:24 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.


==================== Memory info ===========================

Processor: AMD Sempron(tm) Processor 3400+
Percentage of memory in use: 42%
Total physical RAM: 3039.37 MB
Available physical RAM: 1743.61 MB
Total Virtual: 6109.69 MB
Available Virtual: 4801.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50 GB) (Free:19.76 GB) NTFS
Drive e: (DATA) (Fixed) (Total:149.05 GB) (Free:18.32 GB) NTFS
Drive f: (WINdo7e) (Removable) (Total:7.27 GB) (Free:3.25 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================

Ran by Alessandro (ATTENTION: The user is not administrator) on ATARU (14-05-2017 00:29:52)
Click to expand...
You need to re-run FRST from administrative account.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2017
Ran by John (administrator) on ATARU (14-05-2017 17:35:22)
Running from E:\
Loaded Profiles: John (Available Profiles: John & Alessandro)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Farbar) E:\FRST(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-12] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-05-12] (AVAST Software)
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CC4A2340-A261-4307-8944-43BD45212F36}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F7D3F3F7-2033-442F-A094-5FE6DDD0AEAC}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1198036982-2959511957-1623649180-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-04] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1198036982-2959511957-1623649180-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-19] (Google Inc.)

FireFox:
========
FF DefaultProfile: mkw51jtp.default
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\mkw51jtp.default [2017-05-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-12] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2017-04-18]
CHR Extension: (Avast Online Security) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-21]
CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-18]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5732136 2017-05-12] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-12] (AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [258288 2017-05-12] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148696 2017-05-12] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [268016 2017-05-12] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41664 2017-05-12] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [70008 2017-03-20] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-05-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-05-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107928 2017-05-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-05-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-05-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764576 2017-05-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [482608 2017-05-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115152 2017-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-05-12] (AVAST Software)
R3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16384 2003-01-10] (Primax Electronics Ltd.)
R3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [9216 2003-02-11] (Primax Electronics Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-14 17:34 - 2017-05-14 17:35 - 00000000 ____D C:\Users\John\AppData\LocalLow\Mozilla
2017-05-14 17:34 - 2017-05-14 17:34 - 00000000 ____D C:\Users\John\AppData\Roaming\Mozilla
2017-05-14 17:34 - 2017-05-14 17:34 - 00000000 ____D C:\Users\John\AppData\Local\Mozilla
2017-05-14 17:32 - 2017-05-14 17:32 - 00000000 ____D C:\Users\Alessandro\Desktop\Dati precedenti di Firefox
2017-05-14 17:16 - 2017-05-14 17:16 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-14 17:08 - 2017-05-14 17:08 - 01770496 _____ (Farbar) C:\Users\Alessandro\Downloads\FRST(1).exe
2017-05-14 13:29 - 2017-05-14 13:30 - 00022892 _____ C:\Users\Alessandro\Downloads\Addition.txt
2017-05-14 13:28 - 2017-05-14 13:30 - 00032805 _____ C:\Users\Alessandro\Downloads\FRST.txt
2017-05-14 00:53 - 2017-05-14 00:57 - 00000000 ____D C:\Users\Alessandro\AppData\Roaming\Notepad++
2017-05-14 00:53 - 2017-05-14 00:53 - 00000000 ____D C:\Users\John\AppData\Roaming\Notepad++
2017-05-14 00:53 - 2017-05-14 00:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-05-14 00:53 - 2017-05-14 00:53 - 00000000 ____D C:\Program Files\Notepad++
2017-05-14 00:52 - 2017-05-14 00:52 - 02982992 _____ C:\Users\Alessandro\Downloads\npp.7.3.3.Installer.exe
2017-05-12 20:57 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-12 20:56 - 2017-04-28 02:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-05-12 20:56 - 2017-04-28 02:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-12 20:56 - 2017-04-28 02:36 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-12 20:56 - 2017-04-28 02:36 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-12 20:56 - 2017-04-28 02:34 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-12 20:56 - 2017-04-28 02:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-12 20:56 - 2017-04-28 02:11 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-12 20:56 - 2017-04-28 02:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-12 20:56 - 2017-04-28 02:11 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-12 20:56 - 2017-04-28 02:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-12 20:56 - 2017-04-28 02:09 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-12 20:56 - 2017-04-28 02:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-12 20:56 - 2017-04-28 02:07 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-12 20:56 - 2017-04-28 02:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-12 20:56 - 2017-04-28 02:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-12 20:56 - 2017-04-28 02:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-12 20:56 - 2017-04-28 02:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-12 20:56 - 2017-04-28 02:07 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-12 20:56 - 2017-04-26 16:51 - 02400768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-12 20:56 - 2017-04-21 17:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-12 20:56 - 2017-04-20 01:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 16:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-12 20:56 - 2017-04-17 16:51 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-12 20:56 - 2017-04-17 16:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 16:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 16:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 16:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-12 20:56 - 2017-04-16 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-12 20:56 - 2017-04-16 10:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-12 20:56 - 2017-04-16 10:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-12 20:56 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-12 20:56 - 2017-04-16 10:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-12 20:56 - 2017-04-16 10:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-12 20:56 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-12 20:56 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-12 20:56 - 2017-04-16 09:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-12 20:56 - 2017-04-16 09:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-12 20:56 - 2017-04-16 09:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-12 20:56 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-12 20:56 - 2017-04-16 09:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-12 20:56 - 2017-04-16 09:47 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-12 20:56 - 2017-04-16 09:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-12 20:56 - 2017-04-16 09:39 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-12 20:56 - 2017-04-16 09:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-12 20:56 - 2017-04-16 09:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-12 20:56 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-12 20:56 - 2017-04-16 09:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-12 20:56 - 2017-04-16 09:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-12 20:56 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-12 20:56 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-12 20:56 - 2017-04-16 09:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-12 20:56 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-12 20:56 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-12 20:56 - 2017-04-16 09:10 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-12 20:56 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-12 20:56 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-12 20:56 - 2017-04-16 09:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-12 20:56 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-12 20:56 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-12 20:56 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-12 20:56 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-12 20:56 - 2017-04-12 17:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-12 20:56 - 2017-04-12 17:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-12 20:56 - 2017-04-12 17:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-12 20:56 - 2017-04-12 17:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-12 20:56 - 2017-04-07 17:26 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-12 20:56 - 2017-04-07 17:26 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-12 20:56 - 2017-04-07 17:21 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-12 20:56 - 2017-04-07 17:20 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-12 20:56 - 2017-04-05 17:00 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-12 20:56 - 2017-04-05 17:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-12 20:56 - 2017-04-05 17:00 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-12 20:56 - 2017-04-04 17:25 - 01309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-12 20:56 - 2017-04-04 17:25 - 00240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-12 20:56 - 2017-04-04 17:25 - 00187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-12 20:56 - 2017-04-04 16:52 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-12 20:56 - 2017-04-04 16:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-12 20:56 - 2017-03-10 18:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-12 20:56 - 2017-03-10 18:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-12 20:56 - 2017-03-10 17:52 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-12 20:56 - 2017-03-10 17:51 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-12 20:56 - 2017-03-10 17:51 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-12 20:56 - 2017-03-09 18:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00330768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-27 17:35 - 2017-04-27 17:35 - 00000000 ____D C:\Users\Alessandro\AppData\Roaming\polychat-client
2017-04-27 17:20 - 2017-04-27 17:20 - 00000000 ____D C:\Program Files\PVproctor
2017-04-26 16:40 - 2017-04-26 16:40 - 00000009 _____ C:\Users\Alessandro\Documents\test.txt
2017-04-26 16:08 - 2017-04-26 16:08 - 00000080 _____ C:\Users\Alessandro\Documents\exam.txt
2017-04-20 22:17 - 2017-04-20 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-04-20 22:16 - 2017-04-20 22:17 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2017-04-20 22:09 - 2017-05-06 22:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-04-18 19:59 - 2017-05-12 20:50 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-04-18 19:59 - 2017-05-12 20:50 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-04-18 19:59 - 2017-05-12 20:50 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-18 19:59 - 2017-04-18 19:59 - 00000000 ____D C:\Users\Alessandro\AppData\Local\Macromedia
2017-04-18 19:24 - 2017-04-18 19:24 - 04713984 _____ (Geza Kovacs) C:\Users\Alessandro\Downloads\unetbootin-windows-625.exe
2017-04-18 19:19 - 2017-04-18 19:20 - 51380224 _____ C:\Users\Alessandro\Downloads\mini.iso

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-14 17:35 - 2017-04-04 18:45 - 00000000 ____D C:\FRST
2017-05-14 17:33 - 2017-04-03 23:01 - 00000000 ____D C:\Users\Alessandro\AppData\LocalLow\Mozilla
2017-05-14 17:22 - 2017-03-16 18:18 - 00000592 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1198036982-2959511957-1623649180-1003.job
2017-05-14 16:37 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-14 16:37 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-14 16:36 - 2017-03-16 18:18 - 00000688 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1198036982-2959511957-1623649180-1003.job
2017-05-14 16:34 - 2010-11-20 23:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-14 16:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-05-14 16:29 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-14 14:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2017-05-13 23:42 - 2009-07-14 06:33 - 00408544 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-13 23:40 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-12 21:18 - 2017-02-04 23:00 - 00000000 ____D C:\Windows\system32\MRT
2017-05-12 21:15 - 2017-02-04 23:00 - 153591048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-12 20:43 - 2016-11-19 18:55 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-12 20:42 - 2017-02-08 17:49 - 00268016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-05-12 20:42 - 2017-02-08 17:49 - 00258288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-05-12 20:42 - 2017-02-08 17:49 - 00148696 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-05-12 20:42 - 2017-02-08 17:49 - 00041664 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-05-12 20:42 - 2016-11-19 18:57 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00764576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00482608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00279800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00107928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-06 22:30 - 2017-04-03 23:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-05-04 23:22 - 2017-02-27 00:23 - 00000000 ____D C:\Users\Alessandro\AppData\Roaming\Skype
2017-05-03 22:09 - 2016-11-19 18:59 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-03 22:09 - 2016-11-19 18:59 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-27 18:29 - 2016-12-25 00:42 - 00000000 ____D C:\Users\Alessandro
2017-04-27 17:20 - 2017-02-24 18:50 - 00000863 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVproctor.lnk
2017-04-27 17:20 - 2017-02-24 18:50 - 00000851 _____ C:\Users\Public\Desktop\PVproctor.lnk
2017-04-18 19:59 - 2017-02-24 18:49 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2017-04-18 17:19 - 2009-07-14 06:53 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-14 22:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2017-04-14 00:17 - 2017-04-04 18:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2017-03-21 23:36 - 2017-03-21 23:36 - 0000017 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2017-02-24 19:15 - 2017-02-24 19:15 - 0516096 _____ (Internet Testing Systems) C:\Users\John\AppData\Local\Temp\TestSecurity.5.5.0.1.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-14 14:10

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-05-2017
Ran by John (14-05-2017 17:36:12)
Running from E:\
Microsoft Windows 7 Professional Service Pack 1 (X86) (2001-12-31 23:20:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin123 (S-1-5-21-1198036982-2959511957-1623649180-500 - Administrator - Disabled)
Alessandro (S-1-5-21-1198036982-2959511957-1623649180-1003 - Limited - Enabled) => C:\Users\Alessandro
Guest (S-1-5-21-1198036982-2959511957-1623649180-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1198036982-2959511957-1623649180-1002 - Limited - Enabled)
John (S-1-5-21-1198036982-2959511957-1623649180-1000 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Citrix Online Launcher (HKLM\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Google Chrome (HKLM\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.33.5 - Google Inc.) Hidden
Kits Configuration Installer (Version: 10.1.14393.33 - Microsoft) Hidden
K-Lite Codec Pack 11.8.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{9CB185CC-EDD4-45C5-A4E1-29B766E7B189}) (Version: 2.3.2211 - Microsoft Corporation)
Microsoft Build Tools 2015 (HKLM\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{C340BAB2-9A21-41B9-A465-7AC7B1DF773E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.5.30227.2 - Microsoft Corporation)
Microsoft Visual Studio Express 2015 for Windows Desktop - ENU (HKLM\...\{ad32eacb-d66f-472d-9af5-11278d461b28}) (Version: 14.0.23107.178 - Microsoft Corporation)
Mouse Suite (HKLM\...\MouseSuite98) (Version: - )
Mozilla Firefox 53.0.2 (x86 it) (HKLM\...\Mozilla Firefox 53.0.2 (x86 it)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
PVproctor (HKLM\...\com.pcam.proctorvue) (Version: 2.15.1 - UNKNOWN)
PVproctor (Version: 2.15.1 - UNKNOWN) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
SafeZone Stable 3.55.2393.596 (Version: 3.55.2393.596 - Avast Software) Hidden
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SDK Debuggers (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.33 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.6050 - Analog Devices)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {320F6D12-B3F1-4A25-9503-FC66BA45AC89} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {3406EFB5-B2E4-483D-B122-FB061C08BB75} - System32\Tasks\SafeZone scheduled Autoupdate 1479574869 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {41E1711E-61CC-4B02-8B70-97051034F511} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.)
Task: {542B3CD3-223F-41A2-BB3D-DBC79A754277} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {5E24166B-AD72-45E2-8666-EE7E39283C3A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-12] (AVAST Software)
Task: {BC96B648-60B2-49C1-91E5-787CB5894C6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.)
Task: {C18CB51C-E13D-4CD5-ADE1-9E936772A247} - System32\Tasks\G2MUploadTask-S-1-5-21-1198036982-2959511957-1623649180-1003 => C:\Users\Alessandro\AppData\Local\Citrix\GoToMeeting\6956\g2mupload.exe [2017-05-12] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {CD84033A-C7E4-4206-B953-81C9228A3095} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-12] (Adobe Systems Incorporated)
Task: {DB5A35FF-FD9B-4B93-B9AC-4FD143A9715F} - System32\Tasks\G2MUpdateTask-S-1-5-21-1198036982-2959511957-1623649180-1003 => C:\Users\Alessandro\AppData\Local\Citrix\GoToMeeting\6956\g2mupdate.exe [2017-05-12] (Citrix Online, a division of Citrix Systems, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1198036982-2959511957-1623649180-1003.job => C:\Users\Alessandro\AppData\Local\Citrix\GoToMeeting\6956\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1198036982-2959511957-1623649180-1003.job => C:\Users\Alessandro\AppData\Local\Citrix\GoToMeeting\6956\g2mupload.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-05-12 20:42 - 2017-05-12 20:42 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-13 23:43 - 2017-05-13 23:43 - 05978624 _____ () C:\Program Files\AVAST Software\Avast\defs\17051208\algo.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-05-14 16:31 - 2017-05-14 16:31 - 05978624 _____ () C:\Program Files\AVAST Software\Avast\defs\17051402\algo.dll
2012-05-05 05:59 - 2017-03-27 20:59 - 00024064 _____ () C:\Windows\System32\ssi1mlm.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00230632 _____ () c:\Program Files\AVAST Software\Avast\StreamBack.dll
2017-03-21 18:03 - 2016-11-14 13:00 - 00123448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1198036982-2959511957-1623649180-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: Mouse Suite 98 Daemon => ICO.EXE
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{44BCD7BE-DE9C-467A-9DFE-A905B9058986}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{45B6BDE9-94AA-4899-80CF-E2FE6B9EA0AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{33BC153C-AE94-4CAC-856B-5BDB977AE7D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8A4E62E5-E696-48AE-8A92-1440759CBC60}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EB1CF375-9EB0-489E-A61D-DB435A770E3C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{62CB8305-F453-4019-AB86-FE832C77780F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{952DC839-A743-41F4-908D-A7F25CD2AFCB}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{FD8F2DE9-A072-4243-A13E-C885A3D1F419}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{89AF002C-E558-4643-943F-813C0D2D074E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe

==================== Restore Points =========================

06-05-2017 21:07:25 Windows Update
12-05-2017 20:43:06 Windows Update
12-05-2017 21:12:05 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2017 04:30:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/14/2017 01:27:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/13/2017 11:42:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/12/2017 08:39:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/07/2017 05:28:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\avast software\avast\x64\gaming_hook.exe".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="amd64",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/07/2017 05:18:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/06/2017 10:30:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/06/2017 08:51:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/06/2017 02:01:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/04/2017 10:03:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (05/07/2017 05:18:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (05/07/2017 05:18:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (05/07/2017 05:18:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (05/06/2017 08:51:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (05/04/2017 10:03:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (05/04/2017 06:30:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 23:29:08 on ‎03/‎05/‎2017 was unexpected.

Error: (04/22/2017 02:11:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostics Tracking Service service failed to start due to the following error:
The pipe has been ended.

Error: (04/19/2017 07:42:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Security Center service terminated with the following error:
%%16389

Error: (04/18/2017 07:58:01 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (04/18/2017 07:25:24 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.


==================== Memory info ===========================

Processor: AMD Sempron(tm) Processor 3400+
Percentage of memory in use: 27%
Total physical RAM: 3039.37 MB
Available physical RAM: 2204.56 MB
Total Virtual: 6109.69 MB
Available Virtual: 5289.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50 GB) (Free:19.07 GB) NTFS
Drive e: (DATA) (Fixed) (Total:149.05 GB) (Free:18.31 GB) NTFS
Drive f: (WINdo7e) (Removable) (Total:7.27 GB) (Free:3.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 55.9 GB) (Disk ID: D5CD9504)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5.8 GB) - (Type=05)

========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 0002579A)
Partition 1: (Not Active) - (Size=149 GB) - (Type=83)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: E5B7B64F)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 7.3 GB) (Disk ID: 000CFD13)
Partition 1: (Active) - (Size=7.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V12.10.9.0 [May 15 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : John [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 05/16/2017 19:49:21 (Duration : 00:26:49)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Corsair Force LS SSD SCSI Disk Device +++++
--- User ---
[MBR] 2930e5a4efbffe2148179dde0ddac4ed
[BSP] df2607438afb6d7c468e06e3311d68bb : Linux|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 51200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 105066494 | Size: 5939 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Maxtor 6 G160E0 SCSI Disk Device +++++
--- User ---
[MBR] 26dcbd5a2573a7300b886bfa52e5a979
[BSP] d3f1ec8a0fd4c0441e1e808def9599e9 : Linux|Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 152626 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive2: Maxtor 6 G160E0 SCSI Disk Device +++++
--- User ---
[MBR] f96c8dfe77807d58fdacf302d73d20f2
[BSP] f0418f955978fd12f3b91fe8b7bbfc95 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive3: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 78e34b2edc8d46eeb22f038aa844bb55
[BSP] 89198d2c4e28a2d1fefd6c02fa51fa90 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 7440 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/16/17
Scan Time: 8:36 PM
Log File: MWB.txt
Administrator: No

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1954
License: Expired

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: ataru\Alessandro

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 282836
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 14 min, 20 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 
# AdwCleaner v6.047 - Logfile created 20/05/2017 at 23:01:00
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X86)
# Username : John - ATARU
# Running from : C:\Users\Alessandro\Downloads\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[!] Key not deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[!] Key not deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[!] Key not deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[!] Key not deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

\AdwCleaner\AdwCleaner[C0].txt - [1056 Bytes] - [20/05/2017 23:01:00]
\AdwCleaner\AdwCleaner[S0].txt - [1370 Bytes] - [20/05/2017 22:39:16]

########## EOF - \AdwCleaner\AdwCleaner[C0].txt - [1198 Bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x86
Ran by John (Administrator) on 20/05/2017 at 23:44:00,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 16

Failed to delete: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2S87QN68 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2A8GQ4M4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38ZRHHBR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8C1EK4XL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FEB8KGMO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWBPNPPT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9SAGXA1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5H7HR31 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2A8GQ4M4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2S87QN68 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38ZRHHBR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8C1EK4XL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FEB8KGMO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWBPNPPT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9SAGXA1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5H7HR31 (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/05/2017 at 23:46:54,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 17-05-16.01 - John 25/05/2017 22:10:15.2.1 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1033.18.3039.2279 [GMT 2:00]
Eseguito da: c:\users\Alessandro\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2017-04-25 al 2017-05-25 )))))))))))))))))))))))))))))))))))
.
.
2017-05-25 20:20 . 2017-05-25 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-05-25 20:20 . 2017-05-25 20:20 -------- d-----w- c:\users\Alessandro\AppData\Local\temp
2017-05-25 20:06 . 2017-05-25 20:06 -------- d-----w- c:\programdata\SWCUTemp
2017-05-22 16:07 . 2017-05-22 16:07 -------- d--h--w- c:\programdata\CanonBJ
2017-05-22 16:07 . 2012-03-14 03:00 84992 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAQ.DLL
2017-05-22 16:07 . 2012-03-14 03:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAQ.DLL
2017-05-22 16:06 . 2017-05-22 16:06 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2017-05-22 16:06 . 2011-04-27 09:00 323584 ----a-w- c:\windows\system32\CNC_AQL.dll
2017-05-22 16:06 . 2011-03-31 08:07 114688 ----a-w- c:\windows\system32\CNC_AQU.dll
2017-05-22 16:06 . 2011-03-31 08:05 286720 ----a-w- c:\windows\system32\CNC_AQC.dll
2017-05-22 16:06 . 2011-03-31 08:05 114688 ----a-w- c:\windows\system32\CNC_AQI.dll
2017-05-22 16:06 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2017-05-22 16:04 . 2012-03-14 03:00 311296 ----a-w- c:\windows\system32\CNMLMAQ.DLL
2017-05-22 16:04 . 2012-04-18 11:50 90112 ----a-w- c:\windows\system32\CNC_AQO.dll
2017-05-22 16:04 . 2011-02-03 07:20 184320 ----a-w- c:\windows\system32\CNMIUAQ.DLL
2017-05-22 16:04 . 2017-05-22 16:04 -------- d--h--w- c:\program files\CanonBJ
2017-05-20 20:29 . 2017-05-20 21:01 -------- d-----w- C:\AdwCleaner
2017-05-16 18:34 . 2017-05-16 18:34 161720 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-05-16 18:34 . 2017-05-16 18:37 65824 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-05-16 18:34 . 2017-05-16 18:34 97208 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-05-16 18:34 . 2017-05-16 18:34 39360 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-05-16 18:33 . 2017-05-23 20:15 220088 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-05-16 18:33 . 2017-05-09 14:37 59904 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-05-16 18:33 . 2017-05-16 18:33 -------- d-----w- c:\programdata\Malwarebytes
2017-05-16 18:33 . 2017-05-16 18:33 -------- d-----w- c:\program files\Malwarebytes
2017-05-15 19:48 . 2017-05-16 17:49 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-05-15 19:46 . 2017-05-15 20:28 -------- d-----w- c:\programdata\RogueKiller
2017-05-15 19:46 . 2017-05-15 19:46 -------- d-----w- c:\program files\RogueKiller
2017-05-14 15:34 . 2017-05-14 15:34 -------- d-----w- c:\users\John\AppData\Local\Mozilla
2017-05-13 22:53 . 2017-05-13 22:57 -------- d-----w- c:\users\Alessandro\AppData\Roaming\Notepad++
2017-05-13 22:53 . 2017-05-13 22:53 -------- d-----w- c:\users\John\AppData\Roaming\Notepad++
2017-05-13 22:53 . 2017-05-13 22:53 -------- d-----w- c:\program files\Notepad++
2017-05-12 18:42 . 2017-05-12 18:42 330768 ----a-w- c:\windows\system32\aswBoot.exe
2017-04-27 15:35 . 2017-04-27 15:35 -------- d-----w- c:\users\Alessandro\AppData\Roaming\polychat-client
2017-04-27 15:20 . 2017-04-27 15:20 -------- d-----w- c:\program files\PVproctor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-05-12 18:50 . 2017-04-18 17:59 803320 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-05-12 18:50 . 2017-04-18 17:59 144888 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-05-12 18:43 . 2016-11-19 16:55 115152 ----a-w- c:\windows\system32\drivers\aswstm.sys
2017-05-12 18:42 . 2016-11-19 16:55 90336 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-05-12 18:42 . 2016-11-19 16:55 62152 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-05-12 18:42 . 2016-11-19 16:55 482608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-05-12 18:42 . 2016-11-19 16:55 34136 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-05-12 18:42 . 2016-11-19 16:55 279800 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-05-12 18:42 . 2016-11-19 16:55 107928 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-05-12 18:42 . 2016-11-19 16:57 31064 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-05-12 18:42 . 2016-11-19 16:55 764576 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-05-12 18:42 . 2017-02-08 15:49 41664 ----a-w- c:\windows\system32\drivers\aswbunivx.sys
2017-05-12 18:42 . 2017-02-08 15:49 268016 ----a-w- c:\windows\system32\drivers\aswblogx.sys
2017-05-12 18:42 . 2017-02-08 15:49 258288 ----a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2017-05-12 18:42 . 2017-02-08 15:49 148696 ----a-w- c:\windows\system32\drivers\aswbidshx.sys
2017-04-04 14:58 . 2017-04-04 14:58 10167496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A49B060-C42F-4BF5-8BA3-9CE7A9C85AD3}\mpengine.dll
2017-03-27 18:59 . 2017-03-27 18:59 212600 ----a-w- c:\windows\system32\SBuySupplies.exe
2017-03-27 18:59 . 2012-05-05 03:59 24064 ----a-w- c:\windows\system32\ssi1mlm.dll
2017-03-27 18:59 . 2017-03-27 19:02 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ssi1mpc.dll
2017-03-27 18:59 . 2013-10-30 11:48 158040 ----a-w- c:\windows\system32\ssi1mci.exe
2017-03-27 18:59 . 2012-05-05 03:59 65536 ----a-w- c:\windows\system32\ssi1mci.dll
2017-03-26 18:33 . 2017-03-26 18:33 28344 ----a-w- c:\windows\system32\aspnet_counters.dll
2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2017-03-22 15:24 . 2017-04-12 15:06 2953216 ----a-w- c:\windows\system32\wucltux.dll
2017-03-22 15:24 . 2017-04-12 15:06 174080 ----a-w- c:\windows\system32\wuwebv.dll
2017-03-22 15:20 . 2017-04-12 15:06 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2017-03-22 15:06 . 2017-04-12 15:06 2091520 ----a-w- c:\windows\system32\wuaueng.dll
2017-03-22 15:05 . 2017-04-12 15:06 573440 ----a-w- c:\windows\system32\wuapi.dll
2017-03-22 15:05 . 2017-04-12 15:06 136192 ----a-w- c:\windows\system32\wuauclt.exe
2017-03-22 15:05 . 2017-04-12 15:06 35328 ----a-w- c:\windows\system32\wuapp.exe
2017-03-22 15:05 . 2017-04-12 15:06 35840 ----a-w- c:\windows\system32\wups2.dll
2017-03-22 15:05 . 2017-04-12 15:06 30208 ----a-w- c:\windows\system32\wups.dll
2017-03-22 15:05 . 2017-04-12 15:06 93696 ----a-w- c:\windows\system32\wudriver.dll
2017-03-22 15:05 . 2017-04-12 15:06 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2017-03-20 14:56 . 2017-03-20 15:28 70008 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys
2017-03-10 16:27 . 2017-04-12 15:06 308456 ----a-w- c:\windows\system32\atmfd.dll
2017-03-10 16:19 . 2017-04-12 15:06 26112 ----a-w- c:\windows\system32\lpk.dll
2017-03-10 16:19 . 2017-04-12 15:06 70656 ----a-w- c:\windows\system32\fontsub.dll
2017-03-10 16:19 . 2017-04-12 15:06 10240 ----a-w- c:\windows\system32\dciman32.dll
2017-03-10 15:53 . 2017-04-12 15:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2017-03-07 16:17 . 2017-04-12 15:06 67584 ----a-w- c:\windows\system32\asycfilt.dll
2017-03-07 15:06 . 2017-04-12 15:07 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2017-03-07 15:06 . 2017-04-12 15:06 221184 ----a-w- c:\windows\system32\rdpudd.dll
2017-03-07 15:06 . 2017-04-12 15:07 2746880 ----a-w- c:\windows\system32\rdpcorets.dll
2017-03-04 01:14 . 2017-04-12 15:06 1329664 ----a-w- c:\windows\system32\quartz.dll
2017-03-04 01:14 . 2017-04-12 15:06 77312 ----a-w- c:\windows\system32\mfmjpegdec.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* I valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-05-12 18:42 1192144 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-05-12 213824]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2017-04-25 07:12 1162360 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 13:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes TrayApp]
2017-05-09 15:42 3146704 ----a-w- c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2017-03-14 07:24 27545048 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2017-05-12 115152]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-01-16 317400]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe [2017-05-12 5732136]
R3 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys [2017-03-20 70008]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [2017-05-12 34136]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-04-16 104960]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-05-09 3398608]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys [2017-05-16 65824]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidshx.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswblogx.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbunivx.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [2017-05-12 258288]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2017-05-12 31064]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2017-05-12 764576]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2017-05-12 482608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2017-01-30 143776]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2017-05-12 107928]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2002-01-01 22:12 1371480 ----a-w- c:\program files\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2017-05-25 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1198036982-2959511957-1623649180-1003.job
- c:\users\Alessandro\AppData\Local\Citrix\GoToMeeting\6956\g2mupdate.exe [2017-05-12 18:53]
.
2017-05-22 c:\windows\Tasks\G2MUploadTask-S-1-5-21-1198036982-2959511957-1623649180-1003.job
- c:\users\Alessandro\AppData\Local\Citrix\GoToMeeting\6956\g2mupload.exe [2017-05-12 18:53]
.
.
------- Scansione supplementare -------
.
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\mkw51jtp.default\
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2017-05-25 22:23:04
ComboFix-quarantined-files.txt 2017-05-25 20:23
ComboFix2.txt 2017-05-25 19:50
.
Pre-Run: 23.826.477.056 bytes free
Post-Run: 23.422.631.936 bytes free
.
- - End Of File - - E2E2FFA928771753165027CFA63D432D
EA923EB0EC0060F1451E9AD7B5762CFE
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-05-2017
Ran by John (administrator) on ATARU (29-05-2017 17:06:48)
Running from C:\Users\Alessandro\Downloads
Loaded Profiles: John & Alessandro (Available Profiles: John & Alessandro)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-12] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-1198036982-2959511957-1623649180-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6828448 2017-04-07] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-05-12] (AVAST Software)
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CC4A2340-A261-4307-8944-43BD45212F36}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F7D3F3F7-2033-442F-A094-5FE6DDD0AEAC}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1198036982-2959511957-1623649180-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1198036982-2959511957-1623649180-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1198036982-2959511957-1623649180-1003 -> {10AD1955-57C2-4BF5-B9B1-7179CA7572BA} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1198036982-2959511957-1623649180-1003 -> {B8F9323A-27D5-465A-AF33-AC053AA1FEFB} URL = hxxp://it.wikipedia.org/w/index.php?title=Speciale:Ricerca&search={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-04] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1198036982-2959511957-1623649180-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1198036982-2959511957-1623649180-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-19] (Google Inc.)

FireFox:
========
FF DefaultProfile: mkw51jtp.default
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\mkw51jtp.default [2017-05-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-12] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1198036982-2959511957-1623649180-1003: @citrixonline.com/appdetectorplugin -> C:\Users\Alessandro\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-03-16] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2017-04-18]
CHR Extension: (Avast Online Security) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-21]
CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-18]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5732136 2017-05-12] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-12] (AVAST Software)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [258288 2017-05-12] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148696 2017-05-12] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [268016 2017-05-12] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41664 2017-05-12] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [70008 2017-03-20] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-05-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-05-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107928 2017-05-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-05-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-05-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764576 2017-05-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [482608 2017-05-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115152 2017-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-05-12] (AVAST Software)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [65824 2017-05-16] (Malwarebytes)
R3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16384 2003-01-10] (Primax Electronics Ltd.)
R3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [9216 2003-02-11] (Primax Electronics Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 catchme; \??\C:\Users\John\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-29 17:06 - 2017-05-29 17:07 - 00010197 _____ C:\Users\Alessandro\Downloads\FRST.txt
2017-05-29 17:05 - 2017-05-29 17:05 - 01769984 _____ (Farbar) C:\Users\Alessandro\Downloads\FRST.exe
2017-05-26 17:32 - 2017-05-26 17:32 - 00484170 _____ C:\Users\Alessandro\Downloads\document.pdf
2017-05-25 22:23 - 2017-05-25 22:23 - 00014841 _____ C:\ComboFix.txt
2017-05-25 21:34 - 2017-05-25 22:23 - 00000000 ____D C:\Qoobox
2017-05-25 21:34 - 2017-05-25 21:48 - 00000000 ____D C:\Windows\erdnt
2017-05-25 21:34 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2017-05-25 21:34 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2017-05-25 21:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-05-25 21:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-05-25 21:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-05-25 21:34 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2017-05-25 21:34 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2017-05-25 21:34 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2017-05-22 21:33 - 2017-05-22 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2100 series
2017-05-22 20:23 - 2017-05-28 17:20 - 00001070 _____ C:\Users\Alessandro\Desktop\StudioValenta.txt
2017-05-22 18:07 - 2017-05-22 18:07 - 00000000 ___HD C:\ProgramData\CanonBJ
2017-05-22 18:06 - 2017-05-22 18:06 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2017-05-22 18:06 - 2011-04-27 11:00 - 00323584 _____ (CANON INC.) C:\Windows\system32\CNC_AQL.dll
2017-05-22 18:06 - 2011-03-31 10:07 - 00114688 _____ (CANON INC.) C:\Windows\system32\CNC_AQU.dll
2017-05-22 18:06 - 2011-03-31 10:05 - 00286720 _____ (CANON INC.) C:\Windows\system32\CNC_AQC.dll
2017-05-22 18:06 - 2011-03-31 10:05 - 00114688 _____ (CANON INC.) C:\Windows\system32\CNC_AQI.dll
2017-05-22 18:06 - 2010-11-29 09:13 - 00063744 _____ C:\Windows\system32\CNC1751D.TBL
2017-05-22 18:06 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\system32\CNHMCA.dll
2017-05-22 18:04 - 2017-05-22 18:04 - 00000000 ___HD C:\Program Files\CanonBJ
2017-05-22 18:04 - 2012-04-18 13:50 - 00090112 _____ (Canon Inc.) C:\Windows\system32\CNC_AQO.dll
2017-05-22 18:04 - 2012-03-14 05:00 - 00311296 _____ (CANON INC.) C:\Windows\system32\CNMLMAQ.DLL
2017-05-22 18:04 - 2011-02-03 09:20 - 00184320 _____ (CANON INC.) C:\Windows\system32\CNMIUAQ.DLL
2017-05-22 18:03 - 2017-05-22 18:03 - 22134344 _____ C:\Users\Alessandro\Downloads\mp68-win-mg2100-1_02-ea24.exe
2017-05-22 18:01 - 2017-05-22 18:01 - 00000000 ___RD C:\Users\Alessandro\Documents\Scanned Documents
2017-05-22 18:01 - 2017-05-22 18:01 - 00000000 ____D C:\Users\Alessandro\Documents\Fax
2017-05-22 16:40 - 2017-05-25 21:28 - 05659512 ____R (Swearware) C:\Users\Alessandro\Downloads\ComboFix.exe
2017-05-22 16:40 - 2017-05-22 16:40 - 00881904 _____ (Plumbytes Software) C:\Users\Alessandro\Downloads\antimalwaresetup.exe
2017-05-21 00:13 - 2017-05-27 18:53 - 00000000 ____D C:\Users\Alessandro\Documents\Outlook Files
2017-05-20 23:46 - 2017-05-20 23:46 - 00003298 _____ C:\Users\John\Desktop\JRT.txt
2017-05-20 22:29 - 2017-05-20 23:01 - 00000000 ____D C:\AdwCleaner
2017-05-20 22:19 - 2017-05-22 16:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-16 20:34 - 2017-05-16 20:37 - 00065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-16 20:34 - 2017-05-16 20:34 - 00161720 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-16 20:34 - 2017-05-16 20:34 - 00097208 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-16 20:34 - 2017-05-16 20:34 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-16 20:33 - 2017-05-23 22:15 - 00220088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-16 20:33 - 2017-05-16 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-16 20:33 - 2017-05-16 20:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-16 20:33 - 2017-05-16 20:33 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-16 20:33 - 2017-05-09 16:37 - 00059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-05-15 21:48 - 2017-05-16 19:49 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-05-15 21:46 - 2017-05-15 22:28 - 00000000 ____D C:\ProgramData\RogueKiller
2017-05-15 21:46 - 2017-05-15 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-05-15 21:46 - 2017-05-15 21:46 - 00000000 ____D C:\Program Files\RogueKiller
2017-05-14 17:34 - 2017-05-15 22:17 - 00000000 ____D C:\Users\John\AppData\LocalLow\Mozilla
2017-05-14 17:34 - 2017-05-14 17:34 - 00000000 ____D C:\Users\John\AppData\Roaming\Mozilla
2017-05-14 17:34 - 2017-05-14 17:34 - 00000000 ____D C:\Users\John\AppData\Local\Mozilla
2017-05-14 17:32 - 2017-05-21 00:01 - 00000000 ____D C:\Users\Alessandro\Desktop\Dati precedenti di Firefox
2017-05-14 00:53 - 2017-05-14 00:57 - 00000000 ____D C:\Users\Alessandro\AppData\Roaming\Notepad++
2017-05-14 00:53 - 2017-05-14 00:53 - 00000000 ____D C:\Users\John\AppData\Roaming\Notepad++
2017-05-14 00:53 - 2017-05-14 00:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-05-14 00:53 - 2017-05-14 00:53 - 00000000 ____D C:\Program Files\Notepad++
2017-05-14 00:52 - 2017-05-14 00:52 - 02982992 _____ C:\Users\Alessandro\Downloads\npp.7.3.3.Installer.exe
2017-05-12 20:57 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-12 20:56 - 2017-04-28 02:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-05-12 20:56 - 2017-04-28 02:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-12 20:56 - 2017-04-28 02:36 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-12 20:56 - 2017-04-28 02:36 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-12 20:56 - 2017-04-28 02:34 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-12 20:56 - 2017-04-28 02:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-12 20:56 - 2017-04-28 02:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-12 20:56 - 2017-04-28 02:11 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-12 20:56 - 2017-04-28 02:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-12 20:56 - 2017-04-28 02:11 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-12 20:56 - 2017-04-28 02:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-12 20:56 - 2017-04-28 02:09 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-12 20:56 - 2017-04-28 02:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-12 20:56 - 2017-04-28 02:07 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-12 20:56 - 2017-04-28 02:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-12 20:56 - 2017-04-28 02:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-12 20:56 - 2017-04-28 02:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-12 20:56 - 2017-04-28 02:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-12 20:56 - 2017-04-28 02:07 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-12 20:56 - 2017-04-26 16:51 - 02400768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-12 20:56 - 2017-04-21 17:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-12 20:56 - 2017-04-20 01:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 16:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-12 20:56 - 2017-04-17 16:51 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-12 20:56 - 2017-04-17 16:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 16:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 16:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-12 20:56 - 2017-04-17 16:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-12 20:56 - 2017-04-16 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-12 20:56 - 2017-04-16 10:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-12 20:56 - 2017-04-16 10:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-12 20:56 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-12 20:56 - 2017-04-16 10:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-12 20:56 - 2017-04-16 10:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-12 20:56 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-12 20:56 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-12 20:56 - 2017-04-16 09:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-12 20:56 - 2017-04-16 09:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-12 20:56 - 2017-04-16 09:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-12 20:56 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-12 20:56 - 2017-04-16 09:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-12 20:56 - 2017-04-16 09:47 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-12 20:56 - 2017-04-16 09:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-12 20:56 - 2017-04-16 09:39 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-12 20:56 - 2017-04-16 09:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-12 20:56 - 2017-04-16 09:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-12 20:56 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-12 20:56 - 2017-04-16 09:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-12 20:56 - 2017-04-16 09:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-12 20:56 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-12 20:56 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-12 20:56 - 2017-04-16 09:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-12 20:56 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-12 20:56 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-12 20:56 - 2017-04-16 09:10 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-12 20:56 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-12 20:56 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-12 20:56 - 2017-04-16 09:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-12 20:56 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-12 20:56 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-12 20:56 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-12 20:56 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-12 20:56 - 2017-04-12 17:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-12 20:56 - 2017-04-12 17:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-12 20:56 - 2017-04-12 17:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-12 20:56 - 2017-04-12 17:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-12 20:56 - 2017-04-07 17:26 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-12 20:56 - 2017-04-07 17:26 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-12 20:56 - 2017-04-07 17:21 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-12 20:56 - 2017-04-07 17:20 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-12 20:56 - 2017-04-05 17:00 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-12 20:56 - 2017-04-05 17:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-12 20:56 - 2017-04-05 17:00 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-12 20:56 - 2017-04-04 17:25 - 01309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-12 20:56 - 2017-04-04 17:25 - 00240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-12 20:56 - 2017-04-04 17:25 - 00187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-12 20:56 - 2017-04-04 16:52 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-12 20:56 - 2017-04-04 16:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-12 20:56 - 2017-03-10 18:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-12 20:56 - 2017-03-10 18:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-12 20:56 - 2017-03-10 17:52 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-12 20:56 - 2017-03-10 17:51 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-12 20:56 - 2017-03-10 17:51 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-12 20:56 - 2017-03-09 18:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00330768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-29 17:06 - 2017-04-04 18:45 - 00000000 ____D C:\FRST
2017-05-29 16:58 - 2017-04-03 23:01 - 00000000 ____D C:\Users\Alessandro\AppData\LocalLow\Mozilla
2017-05-29 16:36 - 2017-03-16 18:18 - 00000688 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1198036982-2959511957-1623649180-1003.job
2017-05-29 16:22 - 2017-03-16 18:18 - 00000592 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1198036982-2959511957-1623649180-1003.job
2017-05-29 15:42 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-29 15:42 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-29 15:40 - 2010-11-20 23:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-29 15:40 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-05-29 15:34 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-25 22:20 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2017-05-23 22:34 - 2017-02-04 23:00 - 00000000 ____D C:\Windows\system32\MRT
2017-05-23 22:30 - 2017-02-04 23:00 - 129479984 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-22 18:08 - 2009-07-14 04:37 - 00000000 __RSD C:\Windows\Media
2017-05-22 16:11 - 2017-04-03 23:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-05-14 14:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2017-05-13 23:42 - 2009-07-14 06:33 - 00408544 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-13 23:40 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-12 20:50 - 2017-04-18 19:59 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-05-12 20:50 - 2017-04-18 19:59 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-05-12 20:50 - 2017-04-18 19:59 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-12 20:43 - 2016-11-19 18:55 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-12 20:42 - 2017-02-08 17:49 - 00268016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-05-12 20:42 - 2017-02-08 17:49 - 00258288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-05-12 20:42 - 2017-02-08 17:49 - 00148696 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-05-12 20:42 - 2017-02-08 17:49 - 00041664 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-05-12 20:42 - 2016-11-19 18:57 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00764576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00482608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00279800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00107928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-12 20:42 - 2016-11-19 18:55 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-04 23:22 - 2017-02-27 00:23 - 00000000 ____D C:\Users\Alessandro\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2017-03-21 23:36 - 2017-03-21 23:36 - 0000017 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-26 19:22

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-05-2017
Ran by John (29-05-2017 17:07:41)
Running from C:\Users\Alessandro\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) (2001-12-31 23:20:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin123 (S-1-5-21-1198036982-2959511957-1623649180-500 - Administrator - Disabled)
Alessandro (S-1-5-21-1198036982-2959511957-1623649180-1003 - Limited - Enabled) => C:\Users\Alessandro
Guest (S-1-5-21-1198036982-2959511957-1623649180-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1198036982-2959511957-1623649180-1002 - Limited - Enabled)
John (S-1-5-21-1198036982-2959511957-1623649180-1000 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version: - Canon Inc.)
Citrix Online Launcher (HKLM\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Google Chrome (HKLM\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.33.5 - Google Inc.) Hidden
GoToMeeting 8.5.0.6956 (HKU\S-1-5-21-1198036982-2959511957-1623649180-1003\...\GoToMeeting) (Version: 8.5.0.6956 - CitrixOnline)
Kits Configuration Installer (Version: 10.1.14393.33 - Microsoft) Hidden
K-Lite Codec Pack 11.8.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{9CB185CC-EDD4-45C5-A4E1-29B766E7B189}) (Version: 2.3.2211 - Microsoft Corporation)
Microsoft Build Tools 2015 (HKLM\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{C340BAB2-9A21-41B9-A465-7AC7B1DF773E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.5.30227.2 - Microsoft Corporation)
Microsoft Visual Studio Express 2015 for Windows Desktop - ENU (HKLM\...\{ad32eacb-d66f-472d-9af5-11278d461b28}) (Version: 14.0.23107.178 - Microsoft Corporation)
Mouse Suite (HKLM\...\MouseSuite98) (Version: - )
Mozilla Firefox 53.0.3 (x86 it) (HKLM\...\Mozilla Firefox 53.0.3 (x86 it)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
PVproctor (HKLM\...\com.pcam.proctorvue) (Version: 2.15.1 - UNKNOWN)
PVproctor (Version: 2.15.1 - UNKNOWN) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
RogueKiller version 12.10.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.9.0 - Adlice Software)
SafeZone Stable 3.55.2393.596 (Version: 3.55.2393.596 - Avast Software) Hidden
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SDK Debuggers (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.33 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.6050 - Analog Devices)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1198036982-2959511957-1623649180-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Alessandro\AppData\Local\Citrix\GoToMeeting\6519\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {320F6D12-B3F1-4A25-9503-FC66BA45AC89} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {3406EFB5-B2E4-483D-B122-FB061C08BB75} - System32\Tasks\SafeZone scheduled Autoupdate 1479574869 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {41E1711E-61CC-4B02-8B70-97051034F511} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.)
Task: {542B3CD3-223F-41A2-BB3D-DBC79A754277} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {5E24166B-AD72-45E2-8666-EE7E39283C3A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-12] (AVAST Software)
Task: {BC96B648-60B2-49C1-91E5-787CB5894C6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.)
Task: {C18CB51C-E13D-4CD5-ADE1-9E936772A247} - System32\Tasks\G2MUploadTask-S-1-5-21-1198036982-2959511957-1623649180-1003 => C:\Users\Alessandro\AppData\Local\Citrix\GoToMeeting\6956\g2mupload.exe [2017-05-12] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {CD84033A-C7E4-4206-B953-81C9228A3095} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-12] (Adobe Systems Incorporated)
Task: {DB5A35FF-FD9B-4B93-B9AC-4FD143A9715F} - System32\Tasks\G2MUpdateTask-S-1-5-21-1198036982-2959511957-1623649180-1003 => C:\Users\Alessandro\AppData\Local\Citrix\GoToMeeting\6956\g2mupdate.exe [2017-05-12] (Citrix Online, a division of Citrix Systems, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1198036982-2959511957-1623649180-1003.job => C:\Users\Alessandro\AppData\Local\Citrix\GoToMeeting\6956\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1198036982-2959511957-1623649180-1003.job => C:\Users\Alessandro\AppData\Local\Citrix\GoToMeeting\6956\g2mupload.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-21 18:03 - 2016-11-14 13:00 - 00123448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-27 15:47 - 2017-05-27 15:47 - 06085688 _____ () C:\Program Files\AVAST Software\Avast\defs\17052700\algo.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-05-29 15:35 - 2017-05-29 15:35 - 05995008 _____ () C:\Program Files\AVAST Software\Avast\defs\17052900\algo.dll
2012-05-05 05:59 - 2017-03-27 20:59 - 00024064 _____ () C:\Windows\System32\ssi1mlm.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-03-08 04:42 - 2017-03-08 04:42 - 00267952 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-12 20:42 - 2017-05-12 20:42 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1198036982-2959511957-1623649180-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1198036982-2959511957-1623649180-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{44BCD7BE-DE9C-467A-9DFE-A905B9058986}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{45B6BDE9-94AA-4899-80CF-E2FE6B9EA0AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{33BC153C-AE94-4CAC-856B-5BDB977AE7D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8A4E62E5-E696-48AE-8A92-1440759CBC60}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EB1CF375-9EB0-489E-A61D-DB435A770E3C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{62CB8305-F453-4019-AB86-FE832C77780F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{952DC839-A743-41F4-908D-A7F25CD2AFCB}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{89AF002C-E558-4643-943F-813C0D2D074E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{95D21A2F-ECB3-4550-997A-5489D386690E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-05-2017 22:30:24 Windows Update
25-05-2017 21:35:09 ComboFix created restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2017 03:34:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/28/2017 10:19:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/27/2017 03:45:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/26/2017 09:26:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/26/2017 06:26:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/26/2017 04:39:25 PM) (Source: MsiInstaller) (EventID: 11719) (User: )
Description: Prodotto: Skype™ 7.36 -- Errore 1719. Impossibile accedere al servizio Windows Installer. Ciò può verificarsi se Windows è in esecuzione in modalità provvisoria o se Windows Installer non è stato installato correttamente. Contattare il personale di supporto.

Error: (05/26/2017 04:28:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/25/2017 10:05:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/25/2017 09:07:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/23/2017 10:15:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (05/25/2017 10:20:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/25/2017 10:15:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/25/2017 10:09:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/25/2017 09:48:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/25/2017 09:42:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/25/2017 09:37:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/21/2017 12:06:19 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/21/2017 12:06:19 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/20/2017 11:44:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/20/2017 11:00:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: AMD Sempron(tm) Processor 3400+
Percentage of memory in use: 44%
Total physical RAM: 3039.37 MB
Available physical RAM: 1701.97 MB
Total Virtual: 6109.69 MB
Available Virtual: 4747.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50 GB) (Free:21.51 GB) NTFS
Drive d: (aristocats) (CDROM) (Total:3.72 GB) (Free:0 GB) UDF
Drive e: (DATA) (Fixed) (Total:149.05 GB) (Free:18.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 55.9 GB) (Disk ID: D5CD9504)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5.8 GB) - (Type=05)

========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 0002579A)
Partition 1: (Not Active) - (Size=149 GB) - (Type=83)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: E5B7B64F)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    537 bytes · Views: 2
Fix result of Farbar Recovery Scan Tool (x86) Version: 02-06-2017
Ran by Alessandro (04-06-2017 15:26:47) Run:1
Running from C:\Users\Alessandro\Downloads
Loaded Profiles: Alessandro (Available Profiles: John & Alessandro)
Boot Mode: Normal

==============================================

fixlist content:
*****************
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1198036982-2959511957-1623649180-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 catchme; \??\C:\Users\John\AppData\Local\Temp\catchme.sys [X]
2017-03-21 23:36 - 2017-03-21 23:36 - 0000017 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg

*****************


"C:\Windows\system32\GroupPolicy\Machine" folder move:

Could not move "C:\Windows\system32\GroupPolicy\Machine" => Scheduled to move on reboot.

Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.

"C:\Windows\system32\GroupPolicy\Machine" folder move:

Could not move "C:\Windows\system32\GroupPolicy\Machine" => Scheduled to move on reboot.

Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.

"C:\Windows\system32\GroupPolicy\User" folder move:

Could not move "C:\Windows\system32\GroupPolicy\User" => Scheduled to move on reboot.

Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => could not remove key. Access Denied.
HKU\S-1-5-21-1198036982-2959511957-1623649180-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\System\CurrentControlSet\Services\catchme => could not remove key. Access Denied.
"C:\Users\John\AppData\Local\resmon.resmoncfg" => not found.
 
Last scans....

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Adobe Flash Player 25.0.0.171
Mozilla Firefox (53.0.3)
Google Chrome (58.0.3029.110)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast aswidsagent.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by Alessandro (ATTENTION: The logged in user is not administrator) on 06-06-2017 at 15:49:32
Running from "C:\Users\Alessandro\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle

Latest posts

Back