Thanks
How can I check if my pc is being spied on?
#1
Posted 08 August 2017 - 10:51 AM
Thanks
#2
Posted 12 August 2017 - 02:34 PM
- Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Check the Addition.txt box
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
#3
Posted 12 August 2017 - 05:42 PM
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
Ran by LENOVO (administrator) on DESKTOP-QS784EF (13-08-2017 00:10:42)
Running from C:\Users\LENOVO\Downloads
Loaded Profiles: LENOVO (Available Profiles: LENOVO)
Platform: Windows 10 Pro Version 1703 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe
(Spotify Ltd) C:\Users\LENOVO\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BitTorrent Inc.) C:\Users\LENOVO\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(BitTorrent Inc.) C:\Users\LENOVO\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16412952 2015-09-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1413384 2015-09-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-170152337-1557406280-1703480655-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-170152337-1557406280-1703480655-1001\...\Run: [uTorrent] => C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-170152337-1557406280-1703480655-1001\...\Run: [Spotify] => C:\Users\LENOVO\AppData\Roaming\Spotify\Spotify.exe [15866480 2017-08-06] (Spotify Ltd)
HKU\S-1-5-21-170152337-1557406280-1703480655-1001\...\Run: [Spotify Web Helper] => C:\Users\LENOVO\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-06] (Spotify Ltd)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247200 2017-05-25] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [213408 2017-05-25] (Client Connect LTD)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{adbe2e38-2dc0-4fa5-a036-9977329ac803}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-170152337-1557406280-1703480655-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=E059EA11-8061-4F4B-B551-5A3F421CD640&SearchSource=55&CUI=&UM=8&UP=SP30E6D925-BA50-43C5-A178-0159FAF99D0A&D=120716&SSPV=
SearchScopes: HKU\S-1-5-21-170152337-1557406280-1703480655-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=E059EA11-8061-4F4B-B551-5A3F421CD640&SearchSource=58&CUI=&UM=8&UP=SP30E6D925-BA50-43C5-A178-0159FAF99D0A&D=120716&q={searchTerms}&SSPV=
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-21] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-21] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-21] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-21] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-21] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-09-13] (Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default [2017-08-13]
CHR Extension: (Documenti Google) - C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-07]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Chrome Media Router) - C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-12]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3253664 2017-05-25] (Client Connect LTD)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 MpKsldb317cd9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{39CD2CF3-8F13-46E4-AE21-EBFCEE9E1C68}\MpKsldb317cd9.sys [44928 2017-08-12] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-13 00:10 - 2017-08-13 00:13 - 000012472 _____ C:\Users\LENOVO\Downloads\FRST.txt
2017-08-13 00:10 - 2017-08-13 00:10 - 000000000 ____D C:\FRST
2017-08-13 00:08 - 2017-08-13 00:08 - 002395648 _____ (Farbar) C:\Users\LENOVO\Downloads\FRST64.exe
2017-08-13 00:06 - 2017-08-13 00:07 - 001792000 _____ (Farbar) C:\Users\LENOVO\Downloads\FRST.exe
2017-08-12 23:14 - 2017-08-12 23:14 - 000000000 ____D C:\Users\LENOVO\AppData\LocalLow\uTorrent
2017-08-06 17:28 - 2017-08-06 17:29 - 000000000 ____D C:\Users\LENOVO\Desktop\Giorgia Cinelli
2017-08-05 20:07 - 2017-08-05 20:08 - 007775890 _____ C:\Users\LENOVO\Downloads\734-964-251.mp4
2017-08-05 15:37 - 2017-08-05 15:38 - 000000000 ____D C:\Windows.old
2017-08-05 15:25 - 2017-08-05 15:25 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-08-05 15:24 - 2017-08-05 15:24 - 000000000 ____D C:\Users\LENOVO\AppData\Local\DBG
2017-08-05 15:22 - 2017-08-05 15:22 - 000000020 ___SH C:\Users\LENOVO\ntuser.ini
2017-08-05 15:19 - 2017-08-05 15:20 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-08-05 15:19 - 2017-08-05 15:20 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-08-05 15:17 - 2017-08-05 15:17 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-08-05 15:17 - 2017-08-05 14:45 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-08-05 15:12 - 2017-08-12 10:59 - 000004750 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-05 15:12 - 2017-08-12 10:59 - 000004570 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-08-05 15:12 - 2017-08-05 15:32 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-170152337-1557406280-1703480655-1001
2017-08-05 15:12 - 2017-08-05 15:12 - 000003596 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-05 15:12 - 2017-08-05 15:12 - 000003372 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-05 15:12 - 2017-08-05 15:12 - 000002666 _____ C:\WINDOWS\System32\Tasks\bvyvdvyxc
2017-08-05 15:12 - 2017-08-05 15:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-05 15:10 - 2017-08-05 15:10 - 001765676 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-05 15:02 - 2017-08-05 15:02 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-08-05 14:56 - 2017-08-05 14:56 - 000000000 ____D C:\ProgramData\USOShared
2017-08-05 14:54 - 2017-08-05 15:03 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-08-05 14:50 - 2017-08-07 01:17 - 000000000 ____D C:\Users\LENOVO
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Risorse di stampa
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Risorse di rete
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Recenti
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Modelli
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Menu Avvio
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Impostazioni locali
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Documents\Video
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Documents\Musica
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Documents\Immagini
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Documenti
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Dati applicazioni
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\AppData\Local\Dati applicazioni
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\AppData\Local\Cronologia
2017-08-05 14:49 - 2017-08-05 15:03 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-08-05 14:49 - 2017-08-05 14:49 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-08-05 14:49 - 2017-08-05 14:49 - 000000000 ____D C:\Program Files\AMD
2017-08-05 14:49 - 2017-08-05 14:49 - 000000000 _____ C:\WINDOWS\ativpsrm.bin
2017-08-05 14:48 - 2017-08-05 14:48 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-08-05 14:48 - 2017-08-05 14:48 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-08-05 14:48 - 2017-08-05 14:48 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-08-05 14:48 - 2017-08-05 14:48 - 000000000 ____D C:\Program Files\Realtek
2017-08-05 14:48 - 2017-03-18 22:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-08-05 14:45 - 2017-08-12 23:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-05 14:45 - 2017-08-05 15:04 - 000217704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-28 08:55 - 2017-07-28 08:55 - 000002591 _____ C:\Users\LENOVO\Downloads\piercing cropped [www.imagesplitter.net] (2).jpeg
2017-07-28 08:54 - 2017-07-28 08:54 - 000002803 _____ C:\Users\LENOVO\Downloads\piercing cropped [www.imagesplitter.net] (1).jpeg
2017-07-28 08:51 - 2017-07-28 08:51 - 000002759 _____ C:\Users\LENOVO\Downloads\piercing cropped [www.imagesplitter.net].jpeg
2017-07-28 08:48 - 2017-07-28 08:48 - 000004542 _____ C:\Users\LENOVO\Downloads\image [www.imagesplitter.net] (3).jpeg
2017-07-28 08:48 - 2017-07-28 08:48 - 000004215 _____ C:\Users\LENOVO\Downloads\image [www.imagesplitter.net] (4).jpeg
2017-07-28 08:47 - 2017-07-28 08:47 - 000004840 _____ C:\Users\LENOVO\Downloads\image [www.imagesplitter.net] (1).jpeg
2017-07-28 08:47 - 2017-07-28 08:47 - 000004568 _____ C:\Users\LENOVO\Downloads\image [www.imagesplitter.net] (2).jpeg
2017-07-28 08:46 - 2017-07-28 08:46 - 000004840 _____ C:\Users\LENOVO\Downloads\image [www.imagesplitter.net].jpeg
2017-07-28 08:34 - 2017-07-28 08:34 - 000009552 _____ C:\Users\LENOVO\Downloads\knee) [www.imagesplitter.net].jpeg
2017-07-28 08:34 - 2017-07-28 08:34 - 000009552 _____ C:\Users\LENOVO\Downloads\knee) [www.imagesplitter.net] (1).jpeg
2017-07-27 21:17 - 2017-08-05 15:22 - 000000000 ___DC C:\WINDOWS\Panther
2017-07-26 19:40 - 2017-07-26 19:40 - 000028063 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE (6).pdf
2017-07-26 17:05 - 2017-07-26 17:07 - 010741149 _____ C:\Users\LENOVO\Downloads\dm235_14.zip
2017-07-26 17:05 - 2017-07-26 17:05 - 000670115 _____ C:\Users\LENOVO\Downloads\dm486_14.zip
2017-07-26 12:58 - 2017-07-26 12:58 - 000028062 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE (5).pdf
2017-07-25 21:17 - 2017-07-25 21:17 - 000028063 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE (4).pdf
2017-07-25 15:36 - 2017-07-25 15:36 - 000058368 _____ C:\Users\LENOVO\Downloads\elenco-scuole-divise-per-provincia-PER-INTERNET.xls
2017-07-25 15:00 - 2017-07-25 15:00 - 000028063 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE (3).pdf
2017-07-25 10:54 - 2017-07-25 10:54 - 000028063 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE (2).pdf
2017-07-25 10:44 - 2017-07-25 10:44 - 000028063 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE (1).pdf
2017-07-25 08:16 - 2017-07-25 08:16 - 000027996 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE_pdf.pdf
2017-07-24 01:49 - 2017-07-24 01:49 - 000027996 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-13 00:14 - 2016-12-07 22:17 - 000000000 ____D C:\Users\LENOVO\AppData\Roaming\uTorrent
2017-08-13 00:13 - 2016-12-07 13:14 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-08-12 23:52 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-12 23:46 - 2016-12-07 19:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-12 23:41 - 2016-12-07 19:12 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-12 23:37 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-12 23:24 - 2016-12-07 13:05 - 000000000 ____D C:\Users\LENOVO\AppData\Roaming\Skype
2017-08-12 23:16 - 2016-12-30 20:45 - 000000000 ____D C:\Users\LENOVO\AppData\Local\Spotify
2017-08-12 23:16 - 2016-12-30 20:44 - 000000000 ____D C:\Users\LENOVO\AppData\Roaming\Spotify
2017-08-12 11:26 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-12 11:26 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-12 10:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-12 10:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-08 13:43 - 2016-12-07 13:20 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-08 13:43 - 2016-12-07 13:20 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-06 10:40 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-08-05 15:59 - 2016-12-07 13:01 - 000000000 ____D C:\Users\LENOVO\AppData\Local\Packages
2017-08-05 15:43 - 2017-03-18 23:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-08-05 15:38 - 2017-03-18 23:06 - 000000000 ____D C:\WINDOWS\Setup
2017-08-05 15:32 - 2016-12-07 13:04 - 000002412 _____ C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-08-05 15:32 - 2016-12-07 13:04 - 000000000 ___RD C:\Users\LENOVO\OneDrive
2017-08-05 15:29 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-05 15:23 - 2017-03-18 23:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-05 15:23 - 2016-04-27 07:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-05 15:21 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Windows NT
2017-08-05 15:20 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-08-05 15:20 - 2017-03-18 13:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-08-05 15:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Registration
2017-08-05 15:17 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-08-05 15:14 - 2017-03-18 22:56 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2017-08-05 15:14 - 2017-03-18 22:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2017-08-05 15:14 - 2017-03-18 22:56 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2017-08-05 15:14 - 2017-03-18 22:56 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2017-08-05 15:12 - 2017-03-20 06:07 - 000000000 ____D C:\WINDOWS\HoloShell
2017-08-05 15:12 - 2016-12-10 12:27 - 000023024 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-08-05 15:10 - 2017-03-20 06:06 - 000784932 _____ C:\WINDOWS\system32\perfh010.dat
2017-08-05 15:10 - 2017-03-20 06:06 - 000146552 _____ C:\WINDOWS\system32\perfc010.dat
2017-08-05 15:10 - 2017-03-18 23:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-08-05 15:05 - 2016-12-07 13:33 - 000000000 ____D C:\ProgramData\Foxit Software
2017-08-05 15:03 - 2017-05-25 23:02 - 000000000 ____D C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2017-08-05 15:03 - 2017-05-11 20:06 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-08-05 15:03 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-08-05 15:03 - 2017-03-18 13:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-05 15:03 - 2016-12-14 14:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-08-05 15:03 - 2016-12-07 13:36 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-08-05 15:03 - 2016-12-07 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-08-05 15:03 - 2016-12-07 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-08-05 15:03 - 2016-12-07 13:27 - 000000000 ____D C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-05 15:03 - 2016-12-07 13:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-05 15:03 - 2016-12-07 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-05 15:03 - 2016-04-27 07:23 - 000000000 ____D C:\WINDOWS\ShellNew
2017-08-05 14:56 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-08-05 14:56 - 2017-03-18 23:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-05 14:56 - 2016-12-07 21:53 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-08-05 14:55 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-05 14:55 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-05 14:55 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-05 14:55 - 2016-12-07 21:53 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-08-05 14:55 - 2016-12-07 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-08-05 14:52 - 2016-12-14 15:59 - 000000000 ____D C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-08-05 14:49 - 2017-03-18 13:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-08-05 13:50 - 2017-07-11 06:17 - 000000000 ___HD C:\$WINDOWS.~BT
2017-07-27 21:13 - 2015-10-30 09:24 - 000000167 _____ C:\WINDOWS\win.ini
==================== Files in the root of some directories =======
2017-08-05 14:48 - 2017-08-05 14:48 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-08-05 14:44
==================== End of FRST.txt ============================
And here is the Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by LENOVO (13-08-2017 00:15:10)
Running from C:\Users\LENOVO\Downloads
Windows 10 Pro Version 1703 (X64) (2017-08-05 13:22:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-170152337-1557406280-1703480655-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-170152337-1557406280-1703480655-503 - Limited - Disabled)
Guest (S-1-5-21-170152337-1557406280-1703480655-501 - Limited - Disabled)
LENOVO (S-1-5-21-170152337-1557406280-1703480655-1001 - Administrator - Enabled) => C:\Users\LENOVO
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-170152337-1557406280-1703480655-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6452 - CDBurnerXP)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.6.909 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-170152337-1557406280-1703480655-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{BFA62867-4219-4427-BD27-BE1557337B50}) (Version: 4.13.9783 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7586 - Realtek Semiconductor Corp.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 3.1.5.104 - Client Connect LTD) <==== ATTENTION
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Skype 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-170152337-1557406280-1703480655-1001\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-012B-0410-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-08-12] (Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-29] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-29] (Alexander Roshal)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-29] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-29] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0BB21C1A-4B48-452E-887B-69766D0209E6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2171AE8F-8015-4CE8-BDE5-0D13A5570B1F} - System32\Tasks\bvyvdvyxc => C:\Users\LENOVO\AppData\Local\bvyvdvyxc\bvyvdvyxc.exe [2017-05-25] () <==== ATTENTION
Task: {29982BF3-6DB4-486B-94D7-DE3A546D437F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {37A4044D-7CB8-4BCB-A010-3C5F55631B90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-07] (Google Inc.)
Task: {48AE844B-AD32-470F-B7F7-6FE0BC6FEAB8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A6DB97A9-E6A7-4D30-84DA-69F7D9F948A4} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {A8A64AF4-0428-4755-89B2-C6B8922C3A00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-07] (Google Inc.)
Task: {BB700BB1-F64E-4DB6-BBDB-B74A72B42C3C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-12] (Adobe Systems Incorporated)
Task: {C1EEE9C0-91DB-431C-A525-DA7F209C6301} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-12] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-20 06:07 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-18 14:36 - 2017-07-18 14:37 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-18 14:36 - 2017-07-18 14:37 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-18 14:36 - 2017-07-18 14:37 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-18 14:36 - 2017-07-18 14:37 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-06 09:28 - 2017-06-06 09:29 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-25 20:55 - 2017-07-25 20:55 - 010631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-07-25 20:55 - 2017-07-25 20:55 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-08-08 13:43 - 2017-08-02 08:24 - 002881368 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-08 13:43 - 2017-08-02 08:24 - 000086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 09:24 - 2015-10-30 09:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-170152337-1557406280-1703480655-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{39482886-8BE1-45BD-8D2A-679D530EEF7F}C:\users\lenovo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lenovo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2E500758-A0D3-4E27-BE25-7B8DB84DBD49}C:\users\lenovo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lenovo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A00E0929-8ECF-4F94-AA21-528C3C68375E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4013E3F9-F7F7-4FE6-81C5-2CFBF6A68207}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5715FCA2-6BD3-4AFF-B932-96B794F00790}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3833089F-E7CD-49DF-BDDD-6E5C699876F0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F69966B0-CF1C-4C56-8D4B-8694F3E8D76C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D65C534A-29D3-4915-9A1D-85BB97437BDC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D83FE284-71D9-47CC-A26F-630D27DCB98A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F39F6A24-0F8C-4090-BF42-6323C95A2922}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{18B2EB6B-FC94-43E2-846F-97F258355E9D}C:\users\lenovo\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Allow) C:\users\lenovo\appdata\local\temp\kmsnano\qemu-system-i386.exe
FirewallRules: [UDP Query User{1367CFEC-4C9C-4A4D-87BD-AE09BB288323}C:\users\lenovo\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Allow) C:\users\lenovo\appdata\local\temp\kmsnano\qemu-system-i386.exe
FirewallRules: [{0AFE9191-90E4-464E-A926-09E24541E91E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{83E4D172-CB44-4490-B9DE-A9EE71C41093}] => (Allow) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8868B51A-C6CC-4DAC-9F01-6E2FF5BAD293}] => (Allow) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FBC1C615-3EF6-429C-BDCE-E4FF15E26A87}] => (Allow) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A8327AEA-0284-4845-9574-9CB60D18C5C1}] => (Allow) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2848D0F9-956C-4687-A940-4DAD5F887CD0}] => (Allow) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{30E876B5-B267-496A-8D1F-5DF2BFC6CC0D}] => (Allow) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{02A5A9D9-2D30-4879-BA99-C9118BABEF33}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C7948577-A3D4-4876-81D2-1601B1C707B0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{11A0C14C-BE89-4498-B098-70A1C2A831BF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{718E7EF3-948B-44CC-B30E-DE4A254AAB0C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8144DDA3-B9FC-481A-AA7A-04D8D9E346E5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
12-08-2017 23:36:17 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/12/2017 11:37:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Servizi di crittografia: impossibile elaborare la chiamata OnIdentity() nell'oggetto writer del sistema.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Accesso negato.
.
Error: (08/12/2017 10:59:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MicrosoftEdgeCP.exe, versione: 11.0.15063.483, timestamp: 0x595f2577
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000604
Offset errore 0x0000000000000000
ID processo che ha generato l'errore: 0x27e8
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d3134943aa0f99
Percorso dell'applicazione che ha generato l'errore: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Percorso del modulo che ha generato l'errore: unknown
ID segnalazione: 11ac56b8-a0d2-444c-99a7-ca8a01e26b45
Nome completo pacchetto che ha generato l'errore: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
ID applicazione relativo al pacchetto che ha generato l'errore: ContentProcess
Error: (08/12/2017 10:59:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MicrosoftEdgeCP.exe, versione: 11.0.15063.483, timestamp: 0x595f2577
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000604
Offset errore 0x0000000000000000
ID processo che ha generato l'errore: 0x27e8
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d3134943aa0f99
Percorso dell'applicazione che ha generato l'errore: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Percorso del modulo che ha generato l'errore: unknown
ID segnalazione: d959da51-1174-41ff-b89e-6ac9333680e0
Nome completo pacchetto che ha generato l'errore: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
ID applicazione relativo al pacchetto che ha generato l'errore: ContentProcess
Error: (08/05/2017 03:25:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-QS784EF)
Description: Attivazione dell'app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI non riuscita con errore: -2144927148 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo.
Error: (08/05/2017 03:24:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MicrosoftEdgeCP.exe, versione: 11.0.15063.483, timestamp: 0x595f2577
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000604
Offset errore 0x0000000000000000
ID processo che ha generato l'errore: 0x19ec
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d30dee1b2977d3
Percorso dell'applicazione che ha generato l'errore: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Percorso del modulo che ha generato l'errore: unknown
ID segnalazione: 5800fece-7d0f-4c8d-bb03-7a1e15321a63
Nome completo pacchetto che ha generato l'errore: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
ID applicazione relativo al pacchetto che ha generato l'errore: ContentProcess
Error: (08/05/2017 03:24:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: MicrosoftEdgeCP.exe, versione: 11.0.15063.483, timestamp: 0x595f2577
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000604
Offset errore 0x0000000000000000
ID processo che ha generato l'errore: 0x19ec
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d30dee1b2977d3
Percorso dell'applicazione che ha generato l'errore: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Percorso del modulo che ha generato l'errore: unknown
ID segnalazione: 72fbeb5b-c657-4c2e-9878-bdcc51a53847
Nome completo pacchetto che ha generato l'errore: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
ID applicazione relativo al pacchetto che ha generato l'errore: ContentProcess
Error: (08/05/2017 03:12:23 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Impossibile ottenere lo stato del nodo del cluster: . Codice di errore restituito: 0x8007085A
Error: (08/05/2017 03:07:00 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Impossibile ottenere lo stato del nodo del cluster: . Codice di errore restituito: 0x8007085A
Error: (08/05/2017 03:06:59 PM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Impossibile ottenere lo stato del nodo del cluster: . Codice di errore restituito: 0x8007085A
Error: (08/05/2017 03:06:59 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Impossibile ottenere lo stato del nodo del cluster: . Codice di errore restituito: 0x8007085A
System errors:
=============
Error: (08/12/2017 11:42:20 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QS784EF)
Description: Il server {D63B10C5-BB46-4990-A94F-E40B9D520160} non ha effettuato la registrazione con DCOM nel tempo richiesto.
Error: (08/12/2017 11:42:15 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QS784EF)
Description: Il server {0002DF02-0000-0000-C000-000000000046} non ha effettuato la registrazione con DCOM nel tempo richiesto.
Error: (08/12/2017 11:42:15 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QS784EF)
Description: Il server {0002DF02-0000-0000-C000-000000000046} non ha effettuato la registrazione con DCOM nel tempo richiesto.
Error: (08/06/2017 01:35:57 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QS784EF)
Description: Il server {0002DF02-0000-0000-C000-000000000046} non ha effettuato la registrazione con DCOM nel tempo richiesto.
Error: (08/06/2017 01:35:57 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QS784EF)
Description: Il server {0002DF02-0000-0000-C000-000000000046} non ha effettuato la registrazione con DCOM nel tempo richiesto.
Error: (08/05/2017 03:40:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Le impostazioni delle autorizzazioni impostazioni predefinite del computer non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
e APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
all'utente NT AUTHORITY\SID SERVIZIO LOCALE (S-1-5-19) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.
Error: (08/05/2017 03:40:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
all'utente NT AUTHORITY\SID SERVIZIO LOCALE (S-1-5-19) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.
Error: (08/05/2017 03:40:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Le impostazioni delle autorizzazioni impostazioni predefinite del computer non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
e APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
all'utente NT AUTHORITY\SID SERVIZIO LOCALE (S-1-5-19) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.
Error: (08/05/2017 03:40:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Le impostazioni delle autorizzazioni impostazioni specifiche dell'applicazione non concedono l'autorizzazione di Attivazione in Locale per l'applicazione server COM con CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
all'utente NT AUTHORITY\SID SERVIZIO LOCALE (S-1-5-19) dall'indirizzo LocalHost (tramite LRPC) in esecuzione nel SID del contenitore di applicazioni Non disponibile (Non disponibile). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti.
Error: (08/05/2017 03:20:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Servizio BranchCache terminato con l'errore specifico del servizio
Il programma è bloccato dai Criteri di gruppo. Per ulteriori informazioni, contattare l'amministratore del sistema.
CodeIntegrity:
===================================
Date: 2017-08-06 16:48:37.847
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD Sempron 3850 APU with Radeon R3
Percentage of memory in use: 49%
Total physical RAM: 3513.57 MB
Available physical RAM: 1758.48 MB
Total Virtual: 5642.99 MB
Available Virtual: 3056.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:464.43 GB) (Free:258.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 06113692)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=856 MB) - (Type=27)
==================== End of Addition.txt ============================
#4
Posted 12 August 2017 - 06:48 PM
Please uninstall:
Search Protect
This is adware that hijacks your browser search engine.
#5
Posted 13 August 2017 - 09:31 AM
Here is the fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by LENOVO (13-08-2017 15:20:31) Run:1
Running from C:\Users\LENOVO\Downloads
Loaded Profiles: LENOVO (Available Profiles: LENOVO)
Boot Mode: Normal
==============================================
fixlist content:
*****************
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247200 2017-05-25] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [213408 2017-05-25] (Client Connect LTD)
HKU\S-1-5-21-170152337-1557406280-1703480655-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=E059EA11-8061-4F4B-B551-5A3F421CD640&SearchSource=55&CUI=&UM=8&UP=SP30E6D925-BA50-43C5-A178-0159FAF99D0A&D=120716&SSPV=
SearchScopes: HKU\S-1-5-21-170152337-1557406280-1703480655-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=E059EA11-8061-4F4B-B551-5A3F421CD640&SearchSource=58&CUI=&UM=8&UP=SP30E6D925-BA50-43C5-A178-0159FAF99D0A&D=120716&q={searchTerms}&SSPV=
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3253664 2017-05-25] (Client Connect LTD)
2017-08-05 15:12 - 2017-08-05 15:12 - 000002666 _____ C:\WINDOWS\System32\Tasks\bvyvdvyxc
Task: {2171AE8F-8015-4CE8-BDE5-0D13A5570B1F} - System32\Tasks\bvyvdvyxc => C:\Users\LENOVO\AppData\Local\bvyvdvyxc\bvyvdvyxc.exe [2017-05-25] () <==== ATTENTION
C:\Users\LENOVO\AppData\Local\bvyvdvyxc
Task: {A6DB97A9-E6A7-4D30-84DA-69F7D9F948A4} - \CCleanerSkipUAC -> No File <==== ATTENTION
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
*****************
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value data not found.
"C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" => Value data not found.
HKU\S-1-5-21-170152337-1557406280-1703480655-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-170152337-1557406280-1703480655-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key removed successfully
HKLM\Software\Classes\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
CltMngSvc => service not found.
"C:\WINDOWS\System32\Tasks\bvyvdvyxc" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2171AE8F-8015-4CE8-BDE5-0D13A5570B1F} => key not found.
C:\WINDOWS\System32\Tasks\bvyvdvyxc => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvyvdvyxc => key not found.
"C:\Users\LENOVO\AppData\Local\bvyvdvyxc" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6DB97A9-E6A7-4D30-84DA-69F7D9F948A4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6DB97A9-E6A7-4D30-84DA-69F7D9F948A4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found.
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
Impossibile cancellare il registro DebugChannel. Impossibile eseguire l'operazione richiesta su un canale diretto attivato. Prima di eseguire l'operazione richiesta è necessario disattivare il canale.
Impossibile cancellare il registro Microsoft-RMS-MSIPC/Debug. Impossibile eseguire l'operazione richiesta su un canale diretto attivato. Prima di eseguire l'operazione richiesta è necessario disattivare il canale.
Impossibile cancellare il registro Microsoft-Windows-LiveId/Analytic. Accesso negato.
Impossibile cancellare il registro Microsoft-Windows-LiveId/Operational. Accesso negato.
========= End of CMD: =========
==== End of Fixlog 15:21:58 ====
And here is the FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
Ran by LENOVO (administrator) on DESKTOP-QS784EF (13-08-2017 15:27:05)
Running from C:\Users\LENOVO\Downloads
Loaded Profiles: LENOVO (Available Profiles: LENOVO)
Platform: Windows 10 Pro Version 1703 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe
(Spotify Ltd) C:\Users\LENOVO\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\LENOVO\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BitTorrent Inc.) C:\Users\LENOVO\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(BitTorrent Inc.) C:\Users\LENOVO\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(Spotify Ltd) C:\Users\LENOVO\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\LENOVO\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\LENOVO\AppData\Roaming\Spotify\Spotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16412952 2015-09-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1413384 2015-09-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
HKU\S-1-5-21-170152337-1557406280-1703480655-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-170152337-1557406280-1703480655-1001\...\Run: [uTorrent] => C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-170152337-1557406280-1703480655-1001\...\Run: [Spotify] => C:\Users\LENOVO\AppData\Roaming\Spotify\Spotify.exe [15866480 2017-08-06] (Spotify Ltd)
HKU\S-1-5-21-170152337-1557406280-1703480655-1001\...\Run: [Spotify Web Helper] => C:\Users\LENOVO\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-06] (Spotify Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{adbe2e38-2dc0-4fa5-a036-9977329ac803}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-21] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-21] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-21] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-21] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-21] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-09-13] (Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default [2017-08-13]
CHR Extension: (Documenti Google) - C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-07]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Chrome Media Router) - C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-12]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 MpKslbd10bf7d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19E6B087-49B1-4A86-B1EE-B0BACDFCE14F}\MpKslbd10bf7d.sys [44928 2017-08-13] (Microsoft Corporation)
R1 MpKsldb317cd9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{39CD2CF3-8F13-46E4-AE21-EBFCEE9E1C68}\MpKsldb317cd9.sys [44928 2017-08-12] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-13 15:20 - 2017-08-13 15:21 - 000004044 _____ C:\Users\LENOVO\Downloads\Fixlog.txt
2017-08-13 09:01 - 2017-07-31 17:15 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-08-13 09:01 - 2017-07-31 17:15 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-13 00:15 - 2017-08-13 00:17 - 000026949 _____ C:\Users\LENOVO\Downloads\Addition.txt
2017-08-13 00:10 - 2017-08-13 15:27 - 000011499 _____ C:\Users\LENOVO\Downloads\FRST.txt
2017-08-13 00:10 - 2017-08-13 15:27 - 000000000 ____D C:\FRST
2017-08-13 00:08 - 2017-08-13 00:08 - 002395648 _____ (Farbar) C:\Users\LENOVO\Downloads\FRST64.exe
2017-08-13 00:06 - 2017-08-13 00:07 - 001792000 _____ (Farbar) C:\Users\LENOVO\Downloads\FRST.exe
2017-08-12 23:28 - 2017-08-01 04:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-12 23:28 - 2017-08-01 04:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-12 23:28 - 2017-08-01 04:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-12 23:28 - 2017-08-01 04:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-12 23:28 - 2017-08-01 04:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-12 23:28 - 2017-08-01 04:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-12 23:28 - 2017-08-01 04:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-12 23:28 - 2017-08-01 04:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-12 23:28 - 2017-08-01 04:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-12 23:28 - 2017-08-01 04:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-12 23:28 - 2017-08-01 04:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-12 23:28 - 2017-08-01 04:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-12 23:28 - 2017-08-01 04:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-12 23:28 - 2017-08-01 04:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-12 23:28 - 2017-08-01 04:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-12 23:28 - 2017-08-01 04:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-12 23:28 - 2017-08-01 04:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-12 23:28 - 2017-08-01 04:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-12 23:28 - 2017-08-01 04:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-12 23:28 - 2017-08-01 04:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-12 23:28 - 2017-08-01 04:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-12 23:28 - 2017-08-01 04:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-12 23:28 - 2017-08-01 04:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-12 23:28 - 2017-08-01 04:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-12 23:28 - 2017-08-01 04:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-12 23:28 - 2017-08-01 04:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-12 23:28 - 2017-08-01 04:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-12 23:28 - 2017-08-01 04:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-12 23:28 - 2017-08-01 04:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-12 23:28 - 2017-08-01 04:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-12 23:28 - 2017-08-01 04:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-12 23:28 - 2017-08-01 04:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-12 23:28 - 2017-08-01 04:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-12 23:28 - 2017-08-01 00:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-12 23:28 - 2017-08-01 00:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-12 23:28 - 2017-08-01 00:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-12 23:28 - 2017-08-01 00:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-12 23:28 - 2017-08-01 00:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-12 23:28 - 2017-08-01 00:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-12 23:28 - 2017-08-01 00:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-12 23:28 - 2017-08-01 00:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-12 23:28 - 2017-08-01 00:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-12 23:28 - 2017-08-01 00:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-12 23:28 - 2017-08-01 00:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-12 23:28 - 2017-08-01 00:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-12 23:28 - 2017-08-01 00:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-12 23:28 - 2017-08-01 00:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-12 23:28 - 2017-08-01 00:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-12 23:28 - 2017-07-28 07:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-12 23:28 - 2017-07-28 06:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-12 23:28 - 2017-07-28 06:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-12 23:28 - 2017-07-28 06:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-12 23:28 - 2017-07-28 06:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-12 23:28 - 2017-07-28 06:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-12 23:28 - 2017-07-28 06:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-12 23:28 - 2017-07-28 06:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-12 23:28 - 2017-07-28 06:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-12 23:28 - 2017-07-28 06:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-12 23:28 - 2017-07-28 06:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-12 23:28 - 2017-07-28 06:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-12 23:28 - 2017-07-28 06:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-12 23:28 - 2017-07-28 06:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-12 23:28 - 2017-07-28 06:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-12 23:28 - 2017-07-28 06:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-12 23:28 - 2017-07-28 06:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-12 23:28 - 2017-07-28 06:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-12 23:28 - 2017-07-28 06:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-12 23:28 - 2017-07-28 06:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-12 23:28 - 2017-07-28 06:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-12 23:28 - 2017-07-28 06:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-12 23:28 - 2017-07-28 06:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-12 23:28 - 2017-07-28 06:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-12 23:28 - 2017-07-28 06:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-12 23:28 - 2017-07-28 06:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-12 23:28 - 2017-07-28 06:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-12 23:28 - 2017-07-28 06:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-12 23:28 - 2017-07-28 06:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-12 23:28 - 2017-07-28 06:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-12 23:28 - 2017-07-28 06:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-12 23:28 - 2017-07-28 06:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-12 23:28 - 2017-07-28 06:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-12 23:28 - 2017-07-28 06:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-12 23:28 - 2017-07-28 06:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-12 23:28 - 2017-07-28 06:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-12 23:28 - 2017-07-28 06:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-12 23:28 - 2017-07-28 06:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-12 23:28 - 2017-07-28 06:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-12 23:28 - 2017-07-28 06:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-12 23:28 - 2017-07-28 06:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-12 23:28 - 2017-07-28 06:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-12 23:28 - 2017-07-28 06:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-12 23:28 - 2017-07-28 06:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-12 23:28 - 2017-07-28 06:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-12 23:28 - 2017-07-28 06:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-12 23:28 - 2017-07-28 06:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-12 23:28 - 2017-07-28 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-12 23:28 - 2017-07-28 06:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-12 23:28 - 2017-07-28 06:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-12 23:28 - 2017-07-28 06:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-12 23:28 - 2017-07-28 06:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-12 23:28 - 2017-07-28 06:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-12 23:28 - 2017-07-28 06:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-12 23:28 - 2017-07-28 06:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-12 23:28 - 2017-07-28 06:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-12 23:28 - 2017-07-28 06:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-12 23:28 - 2017-07-28 06:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-12 23:28 - 2017-07-28 06:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-12 23:28 - 2017-07-28 06:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-12 23:28 - 2017-07-28 06:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-12 23:28 - 2017-07-28 06:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-12 23:28 - 2017-07-28 06:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-12 23:28 - 2017-07-28 06:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-12 23:25 - 2017-08-01 03:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-12 23:25 - 2017-08-01 03:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-12 23:25 - 2017-07-28 07:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-12 23:25 - 2017-07-28 07:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-12 23:25 - 2017-07-28 07:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-12 23:25 - 2017-07-28 07:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-12 23:25 - 2017-07-28 07:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-12 23:25 - 2017-07-28 06:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-12 23:25 - 2017-07-28 06:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-12 23:25 - 2017-07-28 06:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-12 23:25 - 2017-07-28 06:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-12 23:25 - 2017-07-28 06:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-12 23:25 - 2017-07-28 06:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-12 23:25 - 2017-07-28 06:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-12 23:25 - 2017-07-28 06:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-12 23:25 - 2017-07-28 06:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-12 23:24 - 2017-08-01 04:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-12 23:24 - 2017-08-01 04:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-12 23:24 - 2017-08-01 04:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-12 23:24 - 2017-08-01 04:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-12 23:24 - 2017-08-01 04:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-12 23:24 - 2017-08-01 04:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-12 23:24 - 2017-08-01 03:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-12 23:24 - 2017-08-01 03:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-12 23:24 - 2017-08-01 03:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-12 23:24 - 2017-08-01 03:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-12 23:24 - 2017-08-01 03:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-12 23:24 - 2017-08-01 03:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-12 23:24 - 2017-08-01 03:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-12 23:24 - 2017-08-01 03:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-12 23:24 - 2017-08-01 03:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-12 23:24 - 2017-08-01 03:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-12 23:24 - 2017-08-01 03:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-12 23:24 - 2017-08-01 03:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-12 23:24 - 2017-08-01 03:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-12 23:24 - 2017-08-01 03:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-12 23:24 - 2017-08-01 03:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-12 23:24 - 2017-08-01 03:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-12 23:24 - 2017-08-01 03:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-12 23:24 - 2017-07-28 07:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-12 23:24 - 2017-07-28 07:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-12 23:24 - 2017-07-28 07:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-12 23:24 - 2017-07-28 07:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-12 23:24 - 2017-07-28 07:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-12 23:24 - 2017-07-28 07:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-12 23:24 - 2017-07-28 07:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-12 23:24 - 2017-07-28 07:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-12 23:24 - 2017-07-28 07:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-12 23:24 - 2017-07-28 06:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-12 23:24 - 2017-07-28 06:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-12 23:24 - 2017-07-28 06:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-12 23:24 - 2017-07-28 06:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-12 23:24 - 2017-07-28 06:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-12 23:24 - 2017-07-28 06:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-12 23:24 - 2017-07-28 06:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-12 23:24 - 2017-07-28 06:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-12 23:24 - 2017-07-28 06:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-12 23:24 - 2017-07-28 06:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-12 23:24 - 2017-07-28 06:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-12 23:24 - 2017-07-28 06:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-12 23:24 - 2017-07-28 06:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-12 23:24 - 2017-07-28 06:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-12 23:24 - 2017-07-28 06:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-12 23:24 - 2017-07-28 06:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-12 23:24 - 2017-07-28 06:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-12 23:24 - 2017-07-28 06:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-12 23:24 - 2017-07-28 06:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-12 23:24 - 2017-07-28 06:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-12 23:24 - 2017-07-28 06:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-12 23:24 - 2017-07-28 06:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-12 23:24 - 2017-07-28 06:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-12 23:24 - 2017-07-28 06:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-12 23:24 - 2017-07-28 06:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-12 23:24 - 2017-07-28 06:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-12 23:24 - 2017-07-28 06:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-12 23:24 - 2017-07-28 06:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-12 23:24 - 2017-07-28 06:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-12 23:24 - 2017-07-28 06:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-12 23:24 - 2017-07-28 06:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-12 23:24 - 2017-07-28 06:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-12 23:24 - 2017-07-28 06:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-12 23:24 - 2017-07-28 06:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-12 23:24 - 2017-07-28 06:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-12 23:24 - 2017-07-28 06:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-12 23:24 - 2017-07-28 06:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-12 23:24 - 2017-07-28 06:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-12 23:24 - 2017-07-28 06:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-12 23:24 - 2017-07-28 06:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-12 23:24 - 2017-07-28 06:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-12 23:24 - 2017-07-28 06:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-12 23:23 - 2017-08-01 04:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-12 23:23 - 2017-08-01 04:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-12 23:23 - 2017-08-01 04:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-12 23:23 - 2017-08-01 04:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-12 23:23 - 2017-08-01 04:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-12 23:23 - 2017-08-01 04:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-12 23:23 - 2017-08-01 04:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-12 23:23 - 2017-08-01 04:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-12 23:23 - 2017-08-01 04:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-12 23:23 - 2017-08-01 04:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-12 23:23 - 2017-08-01 04:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-12 23:23 - 2017-08-01 04:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-12 23:23 - 2017-08-01 03:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-12 23:23 - 2017-08-01 03:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-12 23:23 - 2017-08-01 03:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-12 23:23 - 2017-08-01 03:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-12 23:23 - 2017-08-01 03:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-12 23:23 - 2017-08-01 03:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-12 23:23 - 2017-08-01 03:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-12 23:23 - 2017-08-01 03:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-12 23:23 - 2017-08-01 03:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-12 23:23 - 2017-08-01 03:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-12 23:23 - 2017-08-01 03:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-12 23:23 - 2017-08-01 03:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-12 23:23 - 2017-08-01 03:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-12 23:23 - 2017-08-01 03:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-12 23:23 - 2017-08-01 03:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-12 23:23 - 2017-08-01 03:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-12 23:23 - 2017-08-01 03:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-12 23:23 - 2017-08-01 03:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-12 23:23 - 2017-08-01 03:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-12 23:23 - 2017-08-01 03:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-12 23:23 - 2017-08-01 03:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-12 23:23 - 2017-08-01 03:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-12 23:23 - 2017-08-01 03:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-12 23:23 - 2017-08-01 03:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-12 23:23 - 2017-08-01 03:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-12 23:23 - 2017-07-28 07:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-12 23:23 - 2017-07-28 07:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-12 23:23 - 2017-07-28 07:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-12 23:23 - 2017-07-28 07:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-12 23:23 - 2017-07-28 07:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-12 23:23 - 2017-07-28 07:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-12 23:23 - 2017-07-28 07:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-12 23:23 - 2017-07-28 07:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-12 23:23 - 2017-07-28 07:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-12 23:23 - 2017-07-28 07:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-12 23:23 - 2017-07-28 07:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-12 23:23 - 2017-07-28 07:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-12 23:23 - 2017-07-28 07:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-12 23:23 - 2017-07-28 07:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-12 23:23 - 2017-07-28 07:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-12 23:23 - 2017-07-28 07:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-12 23:23 - 2017-07-28 07:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-12 23:23 - 2017-07-28 07:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-12 23:23 - 2017-07-28 07:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-12 23:23 - 2017-07-28 06:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-12 23:23 - 2017-07-28 06:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-12 23:23 - 2017-07-28 06:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-12 23:23 - 2017-07-28 06:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-12 23:23 - 2017-07-28 06:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-12 23:23 - 2017-07-28 06:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-12 23:23 - 2017-07-28 06:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-12 23:23 - 2017-07-28 06:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-12 23:23 - 2017-07-28 06:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-12 23:23 - 2017-07-28 06:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-12 23:23 - 2017-07-28 06:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-12 23:23 - 2017-07-28 06:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-12 23:23 - 2017-07-28 06:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-12 23:23 - 2017-07-28 06:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-12 23:23 - 2017-07-28 06:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-12 23:23 - 2017-07-28 06:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-12 23:23 - 2017-07-28 06:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-12 23:23 - 2017-07-28 06:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-12 23:23 - 2017-07-28 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-12 23:23 - 2017-07-28 06:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-12 23:23 - 2017-07-28 06:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-12 23:23 - 2017-07-28 06:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-12 23:23 - 2017-07-28 06:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-12 23:23 - 2017-07-28 06:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-12 23:23 - 2017-07-28 06:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-12 23:23 - 2017-07-28 06:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-12 23:23 - 2017-07-28 06:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-12 23:23 - 2017-07-28 06:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-12 23:23 - 2017-07-28 06:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-12 23:23 - 2017-07-28 06:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-12 23:23 - 2017-07-28 06:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-12 23:23 - 2017-07-28 06:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-12 23:23 - 2017-07-28 06:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-12 23:23 - 2017-07-28 06:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-12 23:23 - 2017-07-28 06:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-12 23:23 - 2017-07-28 06:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-12 23:23 - 2017-07-28 06:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-12 23:23 - 2017-07-28 06:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-12 23:23 - 2017-07-28 06:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-12 23:23 - 2017-07-28 06:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-12 23:22 - 2017-07-28 07:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-12 23:22 - 2017-07-28 07:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-12 23:22 - 2017-07-28 06:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-12 23:22 - 2017-07-28 06:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-12 23:14 - 2017-08-13 09:03 - 000000000 ____D C:\Users\LENOVO\AppData\LocalLow\uTorrent
2017-08-06 17:28 - 2017-08-06 17:29 - 000000000 ____D C:\Users\LENOVO\Desktop\Giorgia Cinelli
2017-08-05 20:07 - 2017-08-05 20:08 - 007775890 _____ C:\Users\LENOVO\Downloads\734-964-251.mp4
2017-08-05 15:37 - 2017-08-05 15:38 - 000000000 ____D C:\Windows.old
2017-08-05 15:25 - 2017-08-05 15:25 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-08-05 15:24 - 2017-08-05 15:24 - 000000000 ____D C:\Users\LENOVO\AppData\Local\DBG
2017-08-05 15:22 - 2017-08-05 15:22 - 000000020 ___SH C:\Users\LENOVO\ntuser.ini
2017-08-05 15:19 - 2017-08-05 15:20 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-08-05 15:19 - 2017-08-05 15:20 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-08-05 15:17 - 2017-08-05 15:17 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-08-05 15:17 - 2017-08-05 14:45 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-08-05 15:12 - 2017-08-13 08:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-05 15:12 - 2017-08-12 10:59 - 000004750 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-05 15:12 - 2017-08-12 10:59 - 000004570 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-08-05 15:12 - 2017-08-05 15:32 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-170152337-1557406280-1703480655-1001
2017-08-05 15:12 - 2017-08-05 15:12 - 000003596 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-05 15:12 - 2017-08-05 15:12 - 000003372 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-05 15:10 - 2017-08-13 09:06 - 001793404 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-05 15:02 - 2017-08-05 15:02 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-08-05 14:56 - 2017-08-05 14:56 - 000000000 ____D C:\ProgramData\USOShared
2017-08-05 14:54 - 2017-08-05 15:03 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-08-05 14:50 - 2017-08-07 01:17 - 000000000 ____D C:\Users\LENOVO
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Risorse di stampa
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Risorse di rete
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Recenti
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Modelli
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Menu Avvio
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Impostazioni locali
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Documents\Video
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Documents\Musica
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Documents\Immagini
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Documenti
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\Dati applicazioni
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\AppData\Local\Dati applicazioni
2017-08-05 14:50 - 2017-08-05 14:50 - 000000000 _SHDL C:\Users\LENOVO\AppData\Local\Cronologia
2017-08-05 14:49 - 2017-08-13 02:02 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-08-05 14:49 - 2017-08-05 14:49 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-08-05 14:49 - 2017-08-05 14:49 - 000000000 ____D C:\Program Files\AMD
2017-08-05 14:49 - 2017-08-05 14:49 - 000000000 _____ C:\WINDOWS\ativpsrm.bin
2017-08-05 14:48 - 2017-08-05 14:48 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-08-05 14:48 - 2017-08-05 14:48 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-08-05 14:48 - 2017-08-05 14:48 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-08-05 14:48 - 2017-08-05 14:48 - 000000000 ____D C:\Program Files\Realtek
2017-08-05 14:48 - 2017-03-18 22:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-08-05 14:45 - 2017-08-13 15:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-05 14:45 - 2017-08-13 08:59 - 000416720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-28 08:55 - 2017-07-28 08:55 - 000002591 _____ C:\Users\LENOVO\Downloads\piercing cropped [www.imagesplitter.net] (2).jpeg
2017-07-28 08:54 - 2017-07-28 08:54 - 000002803 _____ C:\Users\LENOVO\Downloads\piercing cropped [www.imagesplitter.net] (1).jpeg
2017-07-28 08:51 - 2017-07-28 08:51 - 000002759 _____ C:\Users\LENOVO\Downloads\piercing cropped [www.imagesplitter.net].jpeg
2017-07-28 08:48 - 2017-07-28 08:48 - 000004542 _____ C:\Users\LENOVO\Downloads\image [www.imagesplitter.net] (3).jpeg
2017-07-28 08:48 - 2017-07-28 08:48 - 000004215 _____ C:\Users\LENOVO\Downloads\image [www.imagesplitter.net] (4).jpeg
2017-07-28 08:47 - 2017-07-28 08:47 - 000004840 _____ C:\Users\LENOVO\Downloads\image [www.imagesplitter.net] (1).jpeg
2017-07-28 08:47 - 2017-07-28 08:47 - 000004568 _____ C:\Users\LENOVO\Downloads\image [www.imagesplitter.net] (2).jpeg
2017-07-28 08:46 - 2017-07-28 08:46 - 000004840 _____ C:\Users\LENOVO\Downloads\image [www.imagesplitter.net].jpeg
2017-07-28 08:34 - 2017-07-28 08:34 - 000009552 _____ C:\Users\LENOVO\Downloads\knee) [www.imagesplitter.net].jpeg
2017-07-28 08:34 - 2017-07-28 08:34 - 000009552 _____ C:\Users\LENOVO\Downloads\knee) [www.imagesplitter.net] (1).jpeg
2017-07-27 21:17 - 2017-08-05 15:22 - 000000000 ___DC C:\WINDOWS\Panther
2017-07-26 19:40 - 2017-07-26 19:40 - 000028063 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE (6).pdf
2017-07-26 17:05 - 2017-07-26 17:07 - 010741149 _____ C:\Users\LENOVO\Downloads\dm235_14.zip
2017-07-26 17:05 - 2017-07-26 17:05 - 000670115 _____ C:\Users\LENOVO\Downloads\dm486_14.zip
2017-07-26 12:58 - 2017-07-26 12:58 - 000028062 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE (5).pdf
2017-07-25 21:17 - 2017-07-25 21:17 - 000028063 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE (4).pdf
2017-07-25 15:36 - 2017-07-25 15:36 - 000058368 _____ C:\Users\LENOVO\Downloads\elenco-scuole-divise-per-provincia-PER-INTERNET.xls
2017-07-25 15:00 - 2017-07-25 15:00 - 000028063 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE (3).pdf
2017-07-25 10:54 - 2017-07-25 10:54 - 000028063 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE (2).pdf
2017-07-25 10:44 - 2017-07-25 10:44 - 000028063 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE (1).pdf
2017-07-25 08:16 - 2017-07-25 08:16 - 000027996 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE_pdf.pdf
2017-07-24 01:49 - 2017-07-24 01:49 - 000027996 _____ C:\Users\LENOVO\Downloads\MODELLO-DI-SCELTA-DELLE-ISTITUZIONI-SCOLASTICHE.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-13 15:29 - 2016-12-07 22:17 - 000000000 ____D C:\Users\LENOVO\AppData\Roaming\uTorrent
2017-08-13 14:08 - 2016-12-30 20:44 - 000000000 ____D C:\Users\LENOVO\AppData\Roaming\Spotify
2017-08-13 09:13 - 2016-12-07 13:05 - 000000000 ____D C:\Users\LENOVO\AppData\Roaming\Skype
2017-08-13 09:12 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-13 09:06 - 2017-03-20 06:06 - 000799522 _____ C:\WINDOWS\system32\perfh010.dat
2017-08-13 09:06 - 2017-03-20 06:06 - 000151042 _____ C:\WINDOWS\system32\perfc010.dat
2017-08-13 09:06 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-13 09:04 - 2016-12-30 20:45 - 000000000 ____D C:\Users\LENOVO\AppData\Local\Spotify
2017-08-13 09:02 - 2016-04-27 07:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-13 08:59 - 2016-12-07 13:33 - 000000000 ____D C:\ProgramData\Foxit Software
2017-08-13 02:02 - 2017-03-18 13:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-13 02:01 - 2017-03-18 23:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-13 02:01 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-13 02:01 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-13 02:01 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-13 02:01 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-13 02:01 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-13 02:01 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-13 02:01 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-13 00:13 - 2016-12-07 13:14 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-08-12 23:52 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-12 23:46 - 2016-12-07 19:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-12 23:41 - 2016-12-07 19:12 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-12 11:26 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-12 10:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-12 10:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-08 13:43 - 2016-12-07 13:20 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-08 13:43 - 2016-12-07 13:20 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-06 10:40 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-08-05 15:59 - 2016-12-07 13:01 - 000000000 ____D C:\Users\LENOVO\AppData\Local\Packages
2017-08-05 15:43 - 2017-03-18 23:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-08-05 15:38 - 2017-03-18 23:06 - 000000000 ____D C:\WINDOWS\Setup
2017-08-05 15:32 - 2016-12-07 13:04 - 000002412 _____ C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-08-05 15:32 - 2016-12-07 13:04 - 000000000 ___RD C:\Users\LENOVO\OneDrive
2017-08-05 15:29 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-05 15:21 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Windows NT
2017-08-05 15:20 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-08-05 15:20 - 2017-03-18 13:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-08-05 15:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Registration
2017-08-05 15:17 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-08-05 15:14 - 2017-03-18 22:56 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2017-08-05 15:14 - 2017-03-18 22:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2017-08-05 15:14 - 2017-03-18 22:56 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2017-08-05 15:14 - 2017-03-18 22:56 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2017-08-05 15:14 - 2017-03-18 22:56 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2017-08-05 15:12 - 2017-03-20 06:07 - 000000000 ____D C:\WINDOWS\HoloShell
2017-08-05 15:12 - 2016-12-10 12:27 - 000023024 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-08-05 15:10 - 2017-03-18 23:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-08-05 15:03 - 2017-05-25 23:02 - 000000000 ____D C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2017-08-05 15:03 - 2017-05-11 20:06 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-08-05 15:03 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-08-05 15:03 - 2016-12-14 14:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-08-05 15:03 - 2016-12-07 13:36 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-08-05 15:03 - 2016-12-07 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-08-05 15:03 - 2016-12-07 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-08-05 15:03 - 2016-12-07 13:27 - 000000000 ____D C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-05 15:03 - 2016-12-07 13:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-05 15:03 - 2016-12-07 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-05 15:03 - 2016-04-27 07:23 - 000000000 ____D C:\WINDOWS\ShellNew
2017-08-05 14:56 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-08-05 14:56 - 2017-03-18 23:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-08-05 14:56 - 2017-03-18 23:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-05 14:56 - 2016-12-07 21:53 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-08-05 14:55 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-05 14:55 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-05 14:55 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-05 14:55 - 2016-12-07 21:53 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-08-05 14:55 - 2016-12-07 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-08-05 14:52 - 2016-12-14 15:59 - 000000000 ____D C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-08-05 14:49 - 2017-03-18 13:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-08-05 13:50 - 2017-07-11 06:17 - 000000000 ___HD C:\$WINDOWS.~BT
2017-07-27 21:13 - 2015-10-30 09:24 - 000000167 _____ C:\WINDOWS\win.ini
==================== Files in the root of some directories =======
2017-08-05 14:48 - 2017-08-05 14:48 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-08-05 14:44
==================== End of FRST.txt ============================
Last, the Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by LENOVO (13-08-2017 15:29:45)
Running from C:\Users\LENOVO\Downloads
Windows 10 Pro Version 1703 (X64) (2017-08-05 13:22:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-170152337-1557406280-1703480655-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-170152337-1557406280-1703480655-503 - Limited - Disabled)
Guest (S-1-5-21-170152337-1557406280-1703480655-501 - Limited - Disabled)
LENOVO (S-1-5-21-170152337-1557406280-1703480655-1001 - Administrator - Enabled) => C:\Users\LENOVO
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-170152337-1557406280-1703480655-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6452 - CDBurnerXP)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.6.909 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-170152337-1557406280-1703480655-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{BFA62867-4219-4427-BD27-BE1557337B50}) (Version: 4.13.9783 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7586 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Skype 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-170152337-1557406280-1703480655-1001\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-012B-0410-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-08-12] (Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-29] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-29] (Alexander Roshal)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-29] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-29] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0BB21C1A-4B48-452E-887B-69766D0209E6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {29982BF3-6DB4-486B-94D7-DE3A546D437F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {37A4044D-7CB8-4BCB-A010-3C5F55631B90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-07] (Google Inc.)
Task: {48AE844B-AD32-470F-B7F7-6FE0BC6FEAB8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A8A64AF4-0428-4755-89B2-C6B8922C3A00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-07] (Google Inc.)
Task: {BB700BB1-F64E-4DB6-BBDB-B74A72B42C3C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-12] (Adobe Systems Incorporated)
Task: {C1EEE9C0-91DB-431C-A525-DA7F209C6301} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-12] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-07-18 14:36 - 2017-07-18 14:37 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-18 14:36 - 2017-07-18 14:37 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-18 14:36 - 2017-07-18 14:37 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-18 14:36 - 2017-07-18 14:37 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-18 22:59 - 2017-03-20 06:07 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-06 09:28 - 2017-06-06 09:29 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-25 20:55 - 2017-07-25 20:55 - 010631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-07-25 20:55 - 2017-07-25 20:55 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2016-12-30 20:45 - 2017-08-06 10:39 - 067117168 _____ () C:\Users\LENOVO\AppData\Roaming\Spotify\libcef.dll
2016-12-30 20:45 - 2017-08-06 10:39 - 002253424 _____ () C:\Users\LENOVO\AppData\Roaming\Spotify\libglesv2.dll
2016-12-30 20:45 - 2017-08-06 10:39 - 000086640 _____ () C:\Users\LENOVO\AppData\Roaming\Spotify\libegl.dll
2017-08-08 13:43 - 2017-08-02 08:24 - 002881368 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-08 13:43 - 2017-08-02 08:24 - 000086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 09:24 - 2015-10-30 09:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-170152337-1557406280-1703480655-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{39482886-8BE1-45BD-8D2A-679D530EEF7F}C:\users\lenovo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lenovo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2E500758-A0D3-4E27-BE25-7B8DB84DBD49}C:\users\lenovo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lenovo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A00E0929-8ECF-4F94-AA21-528C3C68375E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4013E3F9-F7F7-4FE6-81C5-2CFBF6A68207}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5715FCA2-6BD3-4AFF-B932-96B794F00790}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3833089F-E7CD-49DF-BDDD-6E5C699876F0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F69966B0-CF1C-4C56-8D4B-8694F3E8D76C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D65C534A-29D3-4915-9A1D-85BB97437BDC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D83FE284-71D9-47CC-A26F-630D27DCB98A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F39F6A24-0F8C-4090-BF42-6323C95A2922}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{18B2EB6B-FC94-43E2-846F-97F258355E9D}C:\users\lenovo\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Allow) C:\users\lenovo\appdata\local\temp\kmsnano\qemu-system-i386.exe
FirewallRules: [UDP Query User{1367CFEC-4C9C-4A4D-87BD-AE09BB288323}C:\users\lenovo\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Allow) C:\users\lenovo\appdata\local\temp\kmsnano\qemu-system-i386.exe
FirewallRules: [{0AFE9191-90E4-464E-A926-09E24541E91E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{83E4D172-CB44-4490-B9DE-A9EE71C41093}] => (Allow) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8868B51A-C6CC-4DAC-9F01-6E2FF5BAD293}] => (Allow) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FBC1C615-3EF6-429C-BDCE-E4FF15E26A87}] => (Allow) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A8327AEA-0284-4845-9574-9CB60D18C5C1}] => (Allow) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2848D0F9-956C-4687-A940-4DAD5F887CD0}] => (Allow) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{30E876B5-B267-496A-8D1F-5DF2BFC6CC0D}] => (Allow) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{02A5A9D9-2D30-4879-BA99-C9118BABEF33}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C7948577-A3D4-4876-81D2-1601B1C707B0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{11A0C14C-BE89-4498-B098-70A1C2A831BF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{718E7EF3-948B-44CC-B30E-DE4A254AAB0C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8144DDA3-B9FC-481A-AA7A-04D8D9E346E5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
12-08-2017 23:36:17 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
==================== Memory info ===========================
Processor: AMD Sempron 3850 APU with Radeon R3
Percentage of memory in use: 70%
Total physical RAM: 3513.57 MB
Available physical RAM: 1023.9 MB
Total Virtual: 4857.57 MB
Available Virtual: 1304.01 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:464.43 GB) (Free:258.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 06113692)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=856 MB) - (Type=27)
==================== End of Addition.txt ============================
I runned Malwarebytes and it said that found no malware.
#6
Posted 13 August 2017 - 10:19 AM
I think you are clean.
Do you still have the .xls file? Submit it to virustotal.com
If not I think we can cleanup:
#7
Posted 14 August 2017 - 03:38 PM
It's a problem or can I proceed to clean-up?
#8
Posted 14 August 2017 - 05:16 PM
Good. Just cleanup now.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users