Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what's going on with this Italian laptop


  • Please log in to reply
8 replies to this topic

#1 TheSentinel

TheSentinel

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 23 July 2017 - 03:06 PM

Original report sounded as if there was ransomware on this laptop. However, after during my initial checks and attempt to change the system language to English i'm fairly certain ransomware has not infected this Laptop.

 

I did find something intriguing, as I said i had attempted to change the system language to English, but I was unable to change the system language away from Italian. Even after the only language in the preferences is English.

 

I could use some help, and even though I'm learning key words in Italian i could still use some assistance on where to go in the tool boxes of an Italian windows system.

 

Thank you in advance.


Edited by hamluis, 23 July 2017 - 03:38 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:11 AM

Posted 25 July 2017 - 09:15 AM

Hello lets scan and see if there is any malware.

MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 26 July 2017 - 01:39 AM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Debby (administrator) on 25-07-2017 at 19:18:37
Running from "C:\Users\Debby\Downloads"
Microsoft Windows 10 Home  (X64)
Model: HP Notebook Manufacturer: HP
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Configurazione IP di Windows
 
Cache del resolver DNS svuotata.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek PCIe FE Family Controller = Ethernet 2 (Connected)
Realtek RTL8723BE 802.11 bgn Wi-Fi Adapter = Wi-Fi (Media disconnected)
Bluetooth Device (Personal Area Network) = Connessione di rete Bluetooth (Media disconnected)
 
 
# ----------------------------------
# Configurazione IPv4
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Connessione alla rete locale (LAN)* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connessione di rete Bluetooth" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connessione alla rete locale (LAN)* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# Fine configurazione IPv4
 
 
 
Configurazione IP di Windows
 
   Nome host . . . . . . . . . . . . . . : LAPTOP-3A0DF22V
   Suffisso DNS primario . . . . . . . . : 
   Tipo nodo . . . . . . . . . . . . . . : Ibrido
   Routing IP abilitato. . . . . . . . . : No
   Proxy WINS abilitato . . . . . . . .  : No
 
Scheda LAN wireless Wi-Fi:
 
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Realtek RTL8723BE 802.11 bgn Wi-Fi Adapter
   Indirizzo fisico. . . . . . . . . . . : 3C-95-09-73-3C-F9
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S
 
Scheda LAN wireless Connessione alla rete locale (LAN)* 1:
 
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Indirizzo fisico. . . . . . . . . . . : 3E-95-09-73-3C-F9
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S
 
Scheda Ethernet Ethernet 2:
 
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Realtek PCIe FE Family Controller #2
   Indirizzo fisico. . . . . . . . . . . : 40-B0-34-C3-1C-65
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S
   Indirizzo IPv6 . . . . . . . . . . . . . . . . . : 2605:e000:8ac3:4b00::3(Preferenziale) 
   Lease ottenuto. . . . . . . . . . . . : Tuesday, July 25, 2017 5:56:33 PM
   Scadenza lease . . . . . . . . . . .  : Tuesday, July 25, 2017 8:11:33 PM
   Indirizzo IPv6 . . . . . . . . . . . . . . . . . : 2605:e000:8ac3:4b00:bdb5:f1bb:f9c:47a2(Preferenziale) 
   Indirizzo IPv6 temporaneo. . . . . . . . . . . . : 2605:e000:8ac3:4b00:4813:bce5:2742:2389(Obsoleto) 
   Indirizzo IPv6 temporaneo. . . . . . . . . . . . : 2605:e000:8ac3:4b00:c4f8:2379:6a46:5e6e(Preferenziale) 
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::bdb5:f1bb:f9c:47a2%16(Preferenziale) 
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.0.11(Preferenziale) 
   Subnet mask . . . . . . . . . . . . . : 255.255.255.0
   Lease ottenuto. . . . . . . . . . . . : Tuesday, July 25, 2017 5:56:33 PM
   Scadenza lease . . . . . . . . . . .  : Tuesday, July 25, 2017 7:56:35 PM
   Gateway predefinito . . . . . . . . . : fe80::fe52:8dff:fe4f:bff3%16
                                           192.168.0.1
   Server DHCP . . . . . . . . . . . . . : 192.168.0.1
   IAID DHCPv6 . . . . . . . . . . . : 121679924
   DUID Client DHCPv6. . . . . . . . : 00-01-00-01-20-47-27-06-40-B0-34-C3-1C-65
   Server DNS . . . . . . . . . . . . .  : 209.18.47.61
                                           209.18.47.62
   NetBIOS su TCP/IP . . . . . . . . . . : Attivato
 
Scheda Ethernet Connessione di rete Bluetooth:
 
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Indirizzo fisico. . . . . . . . . . . : 3C-95-09-73-3C-FA
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S
 
Scheda Tunnel isatap.{F13737FD-C65A-4A5B-B62D-1C77A5864642}:
 
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Microsoft ISATAP Adapter
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S
 
Scheda Tunnel Teredo Tunneling Pseudo-Interface:
 
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S
   Indirizzo IPv6 . . . . . . . . . . . . . . . . . : 2001:0:9d38:90d7:3415:f4f:9446:652d(Preferenziale) 
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::3415:f4f:9446:652d%2(Preferenziale) 
   Gateway predefinito . . . . . . . . . : 
   IAID DHCPv6 . . . . . . . . . . . : 352321536
   DUID Client DHCPv6. . . . . . . . : 00-01-00-01-20-47-27-06-40-B0-34-C3-1C-65
   NetBIOS su TCP/IP . . . . . . . . . . : Disattivato
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61
 
Nome:    google.com
Addresses:  2607:f8b0:4007:80b::200e
 172.217.5.78
 
 
Esecuzione di Ping google.com [2607:f8b0:4007:80d::200e] con 32 byte di dati:
Richiesta scaduta.
Risposta da 2607:f8b0:4007:80d::200e: durata=15ms 
 
Statistiche Ping per 2607:f8b0:4007:80d::200e:
    Pacchetti: Trasmessi = 2, Ricevuti = 1, 
    Persi = 1 (50% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 15ms, Massimo =  15ms, Medio =  15ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61
 
Nome:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 98.139.180.149
 98.138.253.109
 206.190.36.45
 
 
Esecuzione di Ping yahoo.com [2001:4998:44:204::a7] con 32 byte di dati:
Richiesta scaduta.
Risposta da 2001:4998:44:204::a7: durata=69ms 
 
Statistiche Ping per 2001:4998:44:204::a7:
    Pacchetti: Trasmessi = 2, Ricevuti = 1, 
    Persi = 1 (50% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 69ms, Massimo =  69ms, Medio =  69ms
 
Esecuzione di Ping 127.0.0.1 con 32 byte di dati:
Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128
Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128
 
Statistiche Ping per 127.0.0.1:
    Pacchetti: Trasmessi = 2, Ricevuti = 2, 
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 0ms, Massimo =  0ms, Medio =  0ms
===========================================================================
Elenco interfacce
 13...3c 95 09 73 3c f9 ......Realtek RTL8723BE 802.11 bgn Wi-Fi Adapter
 14...3e 95 09 73 3c f9 ......Microsoft Wi-Fi Direct Virtual Adapter
 16...40 b0 34 c3 1c 65 ......Realtek PCIe FE Family Controller #2
  3...3c 95 09 73 3c fa ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  9...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  2...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Tabella route
===========================================================================
Route attive:
     Indirizzo rete             Mask          Gateway     Interfaccia Metrica
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.11     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.11    291
     192.168.0.11  255.255.255.255         On-link      192.168.0.11    291
    192.168.0.255  255.255.255.255         On-link      192.168.0.11    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.11    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.11    291
===========================================================================
Route permanenti:
  Nessuna
 
IPv6 Tabella route
===========================================================================
Route attive:
 Interf Metrica Rete Destinazione      Gateway
 16    291 ::/0                     fe80::fe52:8dff:fe4f:bff3
  1    331 ::1/128                  On-link
  2    331 2001::/32                On-link
  2    331 2001:0:9d38:90d7:3415:f4f:9446:652d/128
                                    On-link
 16    291 2605:e000:8ac3:4b00::/56 fe80::fe52:8dff:fe4f:bff3
 16    291 2605:e000:8ac3:4b00::/64 On-link
 16    291 2605:e000:8ac3:4b00::3/128
                                    On-link
 16    291 2605:e000:8ac3:4b00:4813:bce5:2742:2389/128
                                    On-link
 16    291 2605:e000:8ac3:4b00:bdb5:f1bb:f9c:47a2/128
                                    On-link
 16    291 2605:e000:8ac3:4b00:c4f8:2379:6a46:5e6e/128
                                    On-link
 16    291 fe80::/64                On-link
  2    331 fe80::/64                On-link
  2    331 fe80::3415:f4f:9446:652d/128
                                    On-link
 16    291 fe80::bdb5:f1bb:f9c:47a2/128
                                    On-link
  1    331 ff00::/8                 On-link
 16    291 ff00::/8                 On-link
  2    331 ff00::/8                 On-link
===========================================================================
Route permanenti:
  Nessuna
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\windows\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\windows\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/25/2017 07:09:33 PM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: mcshield.exe, versione: 1.5.0.2939, timestamp: 0x589dafee
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.14393.1378, timestamp: 0x594a1350
Codice eccezione: 0xc0000005
Offset errore 0x0000000000030bdd
ID processo che ha generato l'errore: 0x2b1c
Ora di avvio dell'applicazione che ha generato l'errore: 0xmcshield.exe0
Percorso dell'applicazione che ha generato l'errore: mcshield.exe1
Percorso del modulo che ha generato l'errore: mcshield.exe2
ID segnalazione: mcshield.exe3
Nome completo pacchetto che ha generato l'errore: mcshield.exe4
ID applicazione relativo al pacchetto che ha generato l'errore: mcshield.exe5
 
Error: (07/25/2017 07:09:33 PM) (Source: AVLogEvent) (User: NT AUTHORITY)
Description: McShield crashed.
Error Code:c0000005
 
Error: (07/25/2017 06:48:17 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Servizi di crittografia: impossibile elaborare la chiamata OnIdentity() nell'oggetto writer del sistema.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Accesso negato.
.
 
Error: (07/25/2017 06:04:01 PM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: mcshield.exe, versione: 1.5.0.2939, timestamp: 0x589dafee
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.14393.1378, timestamp: 0x594a1350
Codice eccezione: 0xc0000005
Offset errore 0x0000000000030bdd
ID processo che ha generato l'errore: 0x265c
Ora di avvio dell'applicazione che ha generato l'errore: 0xmcshield.exe0
Percorso dell'applicazione che ha generato l'errore: mcshield.exe1
Percorso del modulo che ha generato l'errore: mcshield.exe2
ID segnalazione: mcshield.exe3
Nome completo pacchetto che ha generato l'errore: mcshield.exe4
ID applicazione relativo al pacchetto che ha generato l'errore: mcshield.exe5
 
Error: (07/25/2017 06:04:00 PM) (Source: AVLogEvent) (User: NT AUTHORITY)
Description: McShield crashed.
Error Code:c0000005
 
Error: (07/25/2017 06:01:27 PM) (Source: SideBySide) (User: )
Description: Generazione del contesto di attivazione non riuscita per "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1". Errore nel file manifesto o dei criteri "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2", riga UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
L'identità del componente trovata nel manifesto non corrisponde all'identità del componente richiesto.
Il riferimento è UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La definizione è UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Utilizzare sxstrace.exe per ottenere una diagnosi dettagliata.
 
Error: (07/25/2017 05:59:58 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (07/23/2017 12:54:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-3A0DF22V)
Description: Attivazione dell'app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 non riuscita con errore: -2144927141 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo.
 
Error: (07/23/2017 11:52:42 AM) (Source: Microsoft Office 16) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {FB6D988C-7ABE-4536-B9EF-76B231791503}
 
Error: (07/23/2017 11:52:42 AM) (Source: Microsoft Office 16) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {FB6D988C-7ABE-4536-B9EF-76B231791503}
 
 
System errors:
=============
Error: (07/25/2017 07:09:35 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: impostazioni specifiche dell'applicazioneLocaleAttivazione{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYSERVIZIO LOCALES-1-5-19LocalHost (tramite LRPC)Non disponibileNon disponibile
 
Error: (07/25/2017 06:09:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1053mcpltsvcNon disponibile{20966775-18A4-4299-B8E3-772C336B52A7}
 
Error: (07/25/2017 06:09:52 PM) (Source: Service Control Manager) (User: )
Description: Il servizio McAfee Platform Services non è stato avviato per il seguente errore: 
%%1053 = Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.
 
 
Error: (07/25/2017 06:09:52 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio McAfee Platform Services.
 
Error: (07/25/2017 06:09:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1053mcpltsvcNon disponibile{20966775-18A4-4299-B8E3-772C336B52A7}
 
Error: (07/25/2017 06:09:52 PM) (Source: Service Control Manager) (User: )
Description: Il servizio McAfee Platform Services non è stato avviato per il seguente errore: 
%%1053 = Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.
 
 
Error: (07/25/2017 06:09:52 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio McAfee Platform Services.
 
Error: (07/25/2017 06:09:51 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1053mcpltsvcNon disponibile{20966775-18A4-4299-B8E3-772C336B52A7}
 
Error: (07/25/2017 06:09:51 PM) (Source: Service Control Manager) (User: )
Description: Il servizio McAfee Platform Services non è stato avviato per il seguente errore: 
%%1053 = Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.
 
 
Error: (07/25/2017 06:09:51 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio McAfee Platform Services.
 
 
Microsoft Office Sessions:
=========================
Error: (07/25/2017 07:09:33 PM) (Source: Application Error)(User: )
Description: mcshield.exe1.5.0.2939589dafeentdll.dll10.0.14393.1378594a1350c00000050000000000030bdd2b1c01d305b438628999C:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\windows\SYSTEM32\ntdll.dllf2e3cbfd-ecce-4cf6-ba34-630bcaabede9
 
Error: (07/25/2017 07:09:33 PM) (Source: AVLogEvent)(User: NT AUTHORITY)
Description: c0000005
 
Error: (07/25/2017 06:48:17 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Accesso negato.
 
Error: (07/25/2017 06:04:01 PM) (Source: Application Error)(User: )
Description: mcshield.exe1.5.0.2939589dafeentdll.dll10.0.14393.1378594a1350c00000050000000000030bdd265c01d305ab10312b85C:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\windows\SYSTEM32\ntdll.dll3a6a89f5-ac68-493a-a058-0374ebd97832
 
Error: (07/25/2017 06:04:00 PM) (Source: AVLogEvent)(User: NT AUTHORITY)
Description: c0000005
 
Error: (07/25/2017 06:01:27 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL1
 
Error: (07/25/2017 05:59:58 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (07/23/2017 12:54:40 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-3A0DF22V)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
Error: (07/23/2017 11:52:42 AM) (Source: Microsoft Office 16)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {FB6D988C-7ABE-4536-B9EF-76B231791503}
 
Error: (07/23/2017 11:52:42 AM) (Source: Microsoft Office 16)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {FB6D988C-7ABE-4536-B9EF-76B231791503}
 
 
=========================== Installed Programs ============================
 
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6 - Advanced Micro Devices, Inc.)
Assistente aggiornamento Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Blue Jeans (HKLM-x32\...\{6D19EE68-6672-48DB-A45A-5CCFA8021D92}) (Version: 1.28.10 - Blue Jeans)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (HKLM-x32\...\WTA-0839020f-6de7-4a72-a653-80c65339b385) (Version: 3.0.2.59 - WildTangent) Hidden
Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version:  - )
Catalyst Control Center Next Localization BR (HKLM\...\{990A818A-23DE-F425-E8B4-78341E95694B}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{842F1C45-EB39-AA4F-2934-2A22E03C95AF}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{9C368472-2529-72F9-7DC3-98B1C8954188}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{1E774F55-4593-93A1-C5A1-B1EFFA15259C}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{CB3F96D2-AEEE-7E4D-1650-45A33F0A52D6}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{25C480D6-0954-E30A-FF8A-3061AA2F6F6E}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F271E21D-ADF7-7D12-BDC9-FC1F4ACEAF70}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{B6A3C338-F8D1-79FB-F313-F13798FAD1A4}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{7A1C1FC3-5F6D-B713-F03B-07F82812E4F5}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{95F53CAE-1224-D221-823D-6212778BB14C}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{791E8BFE-4C74-E908-A9D2-0130855EED07}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{75C985EB-94BF-FFDB-9137-8020CB536DDB}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{879C208E-D878-DEFC-DB7D-507C5F9B82CD}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7C98D0BB-C8BA-1C84-BD5F-B7045237EA6D}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{557B2A4E-D2CB-B061-B54A-875CF9927C5E}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{30EFA954-0DD1-F213-9E87-5ECFFB610202}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{8C2BF250-50A1-EA32-49F2-D5C3F639BD93}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{F776812E-84AB-213D-49E6-A149F12AE58A}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{4CC8D5F2-C67C-9831-6BE9-E02093BB6E94}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{4DBA5600-02D4-2B71-2AF5-DA4EADC46A1C}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{4D900229-FE15-713B-E917-569EB8DBB13C}) (Version: 2016.0902.1748.30217 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Crazy Chicken Soccer (HKLM-x32\...\WTA-56657ea8-3b6b-40e3-943c-5074eda7b5cc) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3309 - CyberLink Corp.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Giochi WildTangent (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{9B252E0D-7B31-48A6-B01E-B5CCBA286E8E}) (Version: 1.1.0.168 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{B90CB0DE-2E60-41C4-9857-466EB98192BF}) (Version: 1.1.158.0 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{6FA09B91-5D97-45A9-95E9-50F635C98043}) (Version: 8.4.19.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{01C10617-5268-464E-98C6-822ADA3DF219}) (Version: 12.7.27.15 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10608.329 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.8.1052 - Intel Corporation)
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-e7a5791b-7d50-4217-9346-773696b63956) (Version: 3.0.2.59 - WildTangent) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0.1 - McAfee, Inc.)
Microsoft Office 365 ProPlus - it-it (HKLM\...\O365ProPlusRetail - it-it) (Version: 16.0.8229.2086 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.8229.2086 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - it-it (HKLM\...\HomeStudentRetail - it-it) (Version: 16.0.8229.2086 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2086 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2086 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2086 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0410-0000-0000000FF1CE}) (Version: 16.0.8229.2045 - Microsoft Corporation) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-ca0135cb-3c6d-4cf5-a2ad-96efcccba0fc) (Version: 3.0.2.59 - WildTangent) Hidden
PX Profile Update (HKLM-x32\...\{1E6B7DAA-FB3A-B936-16A6-4062256FB769}) (Version: 1.00.1. - AMD) Hidden
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-9107b6e0-0a67-4429-8119-9389f330886f) (Version: 2.2.0.97 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.57 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.76 - REALTEK Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-38ebbce4-e2d0-46d3-9c1e-6069059a4899) (Version: 3.0.2.126 - WildTangent) Hidden
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Software per periferiche con chipset Intel® (HKLM-x32\...\{5f5c7829-a6ba-4fc6-9f47-d068f51ed99b}) (Version: 10.1.1.35 - Intel® Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.13 - Synaptics Incorporated)
Trinklit Supreme (HKLM-x32\...\WTA-3a819f5f-b712-45fa-b7b3-db27ac434082) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.21.0 (HKLM\...\VulkanRT1.0.21.0) (Version: 1.0.21.0 - LunarG, Inc.)
WildTangent Games App per HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 55%
Total physical RAM: 3986.91 MB
Available physical RAM: 1790.23 MB
Total Virtual: 5138.91 MB
Available Virtual: 2293.16 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:450.26 GB) (Free:403.22 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.27 GB) (Free:1.69 GB) NTFS
 
========================= Users: ========================================
 
Account utente per \\LAPTOP-3A0DF22V
 
Administrator            Debby                    DefaultAccount           
defaultuser0             Guest                    
Esecuzione comando riuscita.
 
 
**** End of log ****
 
# AdwCleaner 7.0.0.0 - Logfile created on Wed Jul 26 02:46:08 2017
# Updated on 2017/17/07 by Malwarebytes 
# Database: 07-24-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
PUP.Optional.Booking, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider found: AOL - aol.com
SearchProvider found: Ask - ask.com
 
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 
 
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64 
Ran by Debby (Administrator) on Tue 07/25/2017 at 21:41:03.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0045751501031380mcinstcleanup (Registry Key) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/25/2017 at 21:44:20.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
C:\Users\Debby\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004796 HTML/FakeAlert.MG trojan
C:\Users\Debby\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0047ac HTML/FakeAlert.MG trojan
 


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:11 AM

Posted 26 July 2017 - 09:58 AM

Have you completed ESET scan?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 26 July 2017 - 11:05 AM

Yes, the last couple lines in my post

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:11 AM

Posted 26 July 2017 - 12:22 PM

My bad.... now try the English language pack

https://support.microsoft.com/en-us/help/14236/language-packs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 27 July 2017 - 09:12 AM

I didn't have anything removed yet, so I'm assuming the language pack should work fine without any changes? I'll have to get back to it tonight when I get home.

#8 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 29 July 2017 - 02:13 PM

Well no change, I removed the Italian language pack and copied the system language as English using the window prompts for date & language with no luck, did you see any infections in my logs?



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:11 AM

Posted 30 July 2017 - 07:03 PM

Hi, I think you should ask about this in Win 10 as it does not appear to be malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users