Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Potential malware in the computer

This is a discussion on Potential malware in the computer within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi everybody, my dad accidentaly downloaded a .zip file from a scam email. Today I found out about this and


 
 
Thread Tools Search this Thread
Old 03-28-2016, 01:22 PM   #1
Registered Member
 
Join Date: Mar 2016
Posts: 9
OS: Windows 10



Hi everybody,

my dad accidentaly downloaded a .zip file from a scam email. Today I found out about this and immediately removed said file. The problem is that he some memory problems and he doesn't remember what he actually did with this file, so at the moment I don't know if he opened the .zip, if any file was extracted from it and if said file was executed. I would like to know what I can do to check to see if his computer has actually been infected.

Here's the log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20
Run by Enrico at 22:07:01 on 2016-03-28
Microsoft Windows 10 Home 10.0.10586.0.1252.39.1040.18.3988.1933 [GMT 2:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\igfxCUIService.exe
C:\Program Files\IDT\WDM\STacSV64.exe
C:\WINDOWS\system32\Hpservice.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVAST Software\Avast\avastUi.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
c:\program files\avast software\avast\asww10mon.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Modem Wi-Fi 42.2\CheckNDISPort_df.exe
C:\Program Files (x86)\Modem Wi-Fi 42.2\CancelAutoPlay_df.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mysearch.avg.com/?cid={8E8242C8-FE7C-4B50-AD00-D4C22C61CA2B}&mid=9bef070b970647cc9dc77514708ea979-f4e4d7b58d4fb97c0c989a7eff7669df75c6d392&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-12 20:09:13&v=4.2.4.155&pid=wtu&sg=&sap=hp
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [HP ENVY 4500 series (NET)] "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN45E120W405X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [CheckNDISPortF1ac1B] C:\Program Files (x86)\Modem Wi-Fi 42.2\CheckNDISPort_df.exe
mRun: [CancelAutoPlay_df] "C:\Program Files (x86)\Modem Wi-Fi 42.2\CancelAutoPlay_df.exe" run
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{09c5b193-df93-41c6-8b59-f8dd74f46198} : DHCPNameServer = 40.22.1.201 40.22.1.202
TCP: Interfaces\{a752db2a-650d-4440-9b58-32e690a59d2c} : DHCPNameServer = 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 0.0.0.1 mssplus.mcafee.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswVmm;avast! VM Monitor;C:\WINDOWS\System32\drivers\aswVmm.sys [2016-3-28 287016]
R0 iaStorAV;Controller RAID SATA Intel(R) per Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Servizio sicuro Microsoft Windows Trusted Runtime;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2016-3-28 1070904]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2016-3-28 463744]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 aswHwid;avast! HardwareID;C:\WINDOWS\System32\drivers\aswHwid.sys [2016-3-28 37656]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2016-3-28 107792]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2016-3-28 165344]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-3-28 237096]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Esperienze utente connesse e telemetria;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 DoSvc;Ottimizzazione recapito;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-10-12 35744]
R2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2012-8-23 29600]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-9-28 26680]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-5-14 2451456]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-7-30 328608]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-3-28 1514464]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-3-28 1136608]
R2 storqosflt;Driver filtro QoS archiviazione;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Server modello dati sezioni;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;Gestione utenti;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 IntcDAud;Audio Intel(R) per schermi;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-8-21 463112]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-6-26 39480]
R3 lfsvc;Servizio di georilevazione;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2016-3-28 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2016-3-28 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2016-3-28 65408]
R3 NcbService;Gestore connessione rete;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Enumeratore scheda di rete virtuale Microsoft;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 rt640x64;Driver NT Realtek RT640;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-30 589824]
R3 StateRepository;Servizio repository stati;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
S0 aswRvrt;avast! Revert;C:\WINDOWS\System32\drivers\aswRvrt.sys [2016-3-28 74544]
S2 MapsBroker;Gestione mappe scaricate;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;Servizio router AllJoyn;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;Preparazione app;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;Servizio di distribuzione AppX (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Servizio viva voce Bluetooth;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Servizio per dispositivi Controllo dispositivo portatili;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;Driver HID per touchscreen CapImg;C:\WINDOWS\System32\drivers\capimg.sys [2016-3-26 117248]
S3 ClipSVC;Servizio licenze client (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;Gestore individuazione in background DevQuery;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Servizio Agente di raccolta standard hub diagnostica Microsoft (R);C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Servizio di registrazione gestione dispositivi;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DsSvc;Servizio di condivisione dati;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2015-10-17 30264]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Servizio di gestione app aziendali;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Classe di funzione USB generica;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Driver generico per pulsanti HID implementati con interrupt;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Driver controller GPIO di I/O seriale Intel(R);C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Driver controller I/O seriale I2C Intel(R);C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2012-9-28 650808]
S3 ibbus;InfiniBand Bus/AL (driver filtro) Mellanox;C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Servizio hotspot di Windows Mobile;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Servizio agente di raccolta dati ETW di Internet Explorer;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-6-26 50232]
S3 intelpep;Driver plug-in motore di alimentazione Intel(R);C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LicenseManager;Servizio Gestione licenze Windows;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [2016-2-5 293128]
S3 mlx4_bus;Enumeratore bus ConnectX Mellanox;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Servizio di installazione della rete;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Contenitore Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Servizio Telefono;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Servizio Demo negozio;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Servizio di enumerazione dispositivo smart card;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Servizio dati sensori;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Servizio sensori;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;SMP spazi di archiviazione Microsoft;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Servizio router SMS di Microsoft Windows.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Driver Microsoft Standard NVM Express;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Driver UFS (Universal Flash Storage) Microsoft;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Gestione livelli di archiviazione;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-30 61952]
S3 UcmUcsi;Client UCSI gestione connettore USB;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Driver UEFI Microsoft;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-10-30 254816]
S3 UfxChipidea;Controller Chipidea USB;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;Controller Synopsys USB;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
S3 UrsChipidea;Driver commutazione ruolo USB Chipidea;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Driver commutazione ruolo USB Synopsys;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 UsoSvc;Servizio agente di orchestrazione aggiornamenti;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Driver VHF (Virtual HID Framework);C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Interfaccia servizio guest Hyper-V;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Servizio sessione macchina virtuale Hyper-V;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 w3logsvc;Servizio di registrazione W3C;C:\WINDOWS\System32\svchost.exe -k apphost [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-10-30 694784]
S3 WdNisDrv;Driver Network Inspection System di Windows Defender;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Servizio Controllo rete di Windows Defender;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Servizio host del provider di crittografia di Windows;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;Servizio WinMad;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;Servizio WinVerbs;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Cartelle di lavoro;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Servizi notifica Push Windows;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 XblAuthManager;Gestione autenticazione Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Giochi salvati su Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-26 238592]
S3 XboxNetApiSvc;Servizio di rete Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-3-26 29696]
S4 CDPSvc;Servizio piattaforma dispositivi connessi;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Strumento di aggiornamento automatico fuso orario;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
SUnknown cblgqzbc;cblgqzbc; [x]
SUnknown jogpywag;jogpywag; [x]
SUnknown qchaeojf;qchaeojf; [x]
.
=============== Created Last 30 ================
.
2016-03-28 16:48:50 74544 ----a-w- C:\WINDOWS\System32\drivers\aswE503.tmp
2016-03-28 16:48:50 463744 ----a-w- C:\WINDOWS\System32\drivers\aswE504.tmp
2016-03-28 16:48:50 37656 ----a-w- C:\WINDOWS\System32\drivers\aswE4F1.tmp
2016-03-28 16:48:50 287016 ----a-w- C:\WINDOWS\System32\drivers\aswE514.tmp
2016-03-28 16:48:50 165344 ----a-w- C:\WINDOWS\System32\drivers\aswE515.tmp
2016-03-28 16:48:50 107792 ----a-w- C:\WINDOWS\System32\drivers\aswE502.tmp
2016-03-28 16:48:50 1070904 ----a-w- C:\WINDOWS\System32\drivers\aswE3E6.tmp
2016-03-28 16:48:50 103064 ----a-w- C:\WINDOWS\System32\drivers\aswE4E1.tmp
2016-03-28 16:45:21 52184 ----a-w- C:\WINDOWS\avastSS.scr
2016-03-28 16:44:12 -------- d-----w- C:\Program Files\AVAST Software
2016-03-28 16:43:51 -------- d-----w- C:\ProgramData\AVAST Software
2016-03-28 16:36:45 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2016-03-28 16:36:44 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63768124-C2BD-4879-B90B-2A085BA4C8ED}\gapaengine.dll
2016-03-28 16:36:19 11249080 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B283FE35-6EA0-432E-9C3A-F502577B2991}\mpengine.dll
2016-03-28 16:36:11 301728 ------w- C:\WINDOWS\System32\MpSigStub.exe
2016-03-28 16:23:56 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2016-03-28 16:04:26 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-03-28 16:04:05 65408 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2016-03-28 16:04:05 27008 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2016-03-28 16:04:05 140672 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2016-03-28 16:04:05 -------- d-----w- C:\ProgramData\Malwarebytes
2016-03-28 16:04:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-28 14:47:01 -------- d-----w- C:\ProgramData\Avg_Update_0216sc
2016-03-28 12:39:36 -------- d-----w- C:\Users\Enrico\AppData\Local\MicrosoftEdge
2016-03-27 01:29:35 -------- d-----w- C:\Users\Enrico\AppData\Local\NetworkTiles
2016-03-26 16:47:16 22376960 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-03-26 16:47:10 18677760 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-03-26 16:47:07 3449168 ----a-w- C:\WINDOWS\System32\WSService.dll
2016-03-26 16:47:04 6972416 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2016-03-26 16:47:00 7835648 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-03-26 16:21:05 -------- d-----w- C:\Users\Enrico\AppData\Local\ActiveSync
2016-03-26 16:20:10 -------- d-----w- C:\Users\Enrico\AppData\Local\Publishers
2016-03-26 16:19:22 -------- d-----w- C:\Users\Enrico\AppData\Local\Comms
2016-03-26 16:19:02 -------- d-----w- C:\Users\Enrico\AppData\Local\assembly
2016-03-26 16:18:17 -------- d-----w- C:\Users\Enrico\AppData\Local\TileDataLayer
2016-03-26 16:17:35 -------- d-----w- C:\ProgramData\USOShared
2016-03-26 11:38:05 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
2016-03-26 11:34:18 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
2016-03-26 11:34:18 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
2016-03-26 11:19:27 72688 ----a-w- C:\WINDOWS\System32\OpenCL.DLL
2016-03-26 11:19:27 69104 ----a-w- C:\WINDOWS\SysWow64\OpenCL.DLL
2016-03-26 11:19:16 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2016-03-26 11:18:53 6085632 ----a-w- C:\WINDOWS\System32\stlang64.dll
2016-03-26 11:18:53 426328 ----a-w- C:\WINDOWS\System32\EED64A.dll
2016-03-26 11:18:53 3308376 ----a-w- C:\WINDOWS\System32\EEP64A.dll
2016-03-26 11:18:53 1821184 ----a-w- C:\WINDOWS\System32\IDTNC64.cpl
2016-03-26 11:18:53 1664000 ----a-w- C:\WINDOWS\sttray64.exe
2016-03-26 11:18:53 136024 ----a-w- C:\WINDOWS\System32\EEL64A.dll
2016-03-26 11:18:53 118104 ----a-w- C:\WINDOWS\System32\EEA64A.dll
2016-03-26 11:18:52 -------- d-----w- C:\WINDOWS\System32\SRSLabs
2016-03-26 11:18:44 -------- d-----w- C:\Program Files\IDT
2016-03-26 11:17:57 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2016-03-26 11:15:12 -------- d-----w- C:\WINDOWS\System32\wbem\MOF
2016-03-26 11:13:11 -------- d-sh--w- C:\Recovery
2016-03-26 11:13:01 -------- dc----w- C:\WINDOWS\Panther
2016-03-26 11:09:29 -------- d-----w- C:\Windows.old
2016-03-26 11:01:49 -------- d-----w- C:\WINDOWS\System32\Microsoft
2016-03-26 10:59:36 -------- d-----w- C:\WINDOWS\SysWow64\XPSViewer
2016-03-26 10:59:35 -------- d-----w- C:\inetpub
2016-03-26 10:58:50 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2016-03-26 10:58:50 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2016-03-26 10:58:50 103120 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2016-03-26 10:58:42 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2016-03-26 10:58:42 124624 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2016-03-26 10:58:42 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2016-03-02 15:19:03 -------- d-----w- C:\ProgramData\Visan
2016-03-02 15:18:54 -------- d-----w- C:\Users\Enrico\AppData\Roaming\HpUpdate
2016-03-02 15:18:46 763912 ----a-w- C:\WINDOWS\System32\HPDiscoPMC511.dll
2016-03-02 15:18:33 -------- d-----w- C:\Program Files (x86)\HP
2016-03-02 15:18:32 -------- d-----w- C:\Program Files\HP
2016-03-02 15:17:20 -------- d-----w- C:\Users\Enrico\AppData\Local\HP
.
==================== Find3M ====================
.
2016-03-28 16:46:32 107792 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2016-03-28 16:46:32 1070904 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
2016-03-28 16:46:16 287016 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
2016-03-28 16:45:30 165344 ----a-w- C:\WINDOWS\System32\drivers\aswStm.sys
2016-03-28 16:45:29 74544 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2016-03-28 16:45:29 37656 ----a-w- C:\WINDOWS\System32\drivers\aswHwid.sys
2016-03-28 16:45:29 103064 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
2016-03-28 16:39:41 451 ----a-w- C:\WINDOWS\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-03-26 10:59:29 56320 ----a-w- C:\WINDOWS\System32\admwprox.dll
2016-03-26 10:59:29 53248 ----a-w- C:\WINDOWS\System32\ahadmin.dll
2016-03-26 10:59:29 202240 ----a-w- C:\WINDOWS\System32\iisRtl.dll
2016-03-26 10:59:29 19456 ----a-w- C:\WINDOWS\System32\iisreset.exe
2016-03-26 10:59:29 15360 ----a-w- C:\WINDOWS\System32\wamregps.dll
2016-03-26 10:59:29 13312 ----a-w- C:\WINDOWS\System32\iisrstap.dll
2016-03-26 10:59:27 51200 ----a-w- C:\WINDOWS\SysWow64\admwprox.dll
2016-03-26 10:59:27 26112 ----a-w- C:\WINDOWS\SysWow64\ahadmin.dll
2016-03-26 10:59:27 17408 ----a-w- C:\WINDOWS\SysWow64\iisreset.exe
2016-03-26 10:59:27 168960 ----a-w- C:\WINDOWS\SysWow64\iisRtl.dll
2016-03-26 10:59:27 11264 ----a-w- C:\WINDOWS\SysWow64\wamregps.dll
2016-03-26 10:59:27 10240 ----a-w- C:\WINDOWS\SysWow64\iisrstap.dll
2016-03-08 07:12:26 829944 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-03-08 07:12:26 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-03-01 05:31:29 848168 ----a-w- C:\WINDOWS\System32\mfsvr.dll
2016-03-01 05:22:47 709688 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2016-02-24 09:52:06 1997328 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2016-02-24 09:51:58 7474528 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-02-24 09:48:32 713568 ----a-w- C:\WINDOWS\System32\invagent.dll
2016-02-24 09:47:03 1173344 ----a-w- C:\WINDOWS\System32\aeinv.dll
2016-02-24 09:40:06 513888 ----a-w- C:\WINDOWS\System32\devinv.dll
2016-02-24 09:34:50 1613664 ----a-w- C:\WINDOWS\System32\diagtrack.dll
2016-02-24 09:15:07 1557768 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2016-02-24 08:58:26 794888 ----a-w- C:\WINDOWS\System32\mfds.dll
2016-02-24 08:51:24 1322248 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-02-24 08:50:49 808800 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2016-02-24 08:46:25 6607080 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2016-02-24 08:43:01 625000 ----a-w- C:\WINDOWS\System32\ClipSVC.dll
2016-02-24 08:39:30 141560 ----a-w- C:\WINDOWS\System32\AuthHost.exe
2016-02-24 08:39:01 358752 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2016-02-24 08:19:18 670928 ----a-w- C:\WINDOWS\SysWow64\mfds.dll
2016-02-24 08:14:23 216416 ----a-w- C:\WINDOWS\System32\AppxAllUserStore.dll
2016-02-24 08:11:46 957608 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-02-24 08:11:07 258280 ----a-w- C:\WINDOWS\System32\sqmapi.dll
2016-02-24 08:11:03 652392 ----a-w- C:\WINDOWS\System32\dxgi.dll
2016-02-24 08:11:03 394080 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-02-24 08:11:03 1997152 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-02-24 08:11:01 703840 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2016-02-24 08:10:54 576864 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-02-24 08:10:52 630632 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-02-24 08:09:58 640472 ----a-w- C:\WINDOWS\System32\wer.dll
2016-02-24 08:09:49 147808 ----a-w- C:\WINDOWS\System32\wermgr.exe
2016-02-24 0839 5242496 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2016-02-24 07:59:11 294752 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2016-02-24 07:39:44 23552 ----a-w- C:\WINDOWS\System32\ExtrasXmlParser.dll
2016-02-24 07:39:34 45568 ----a-w- C:\WINDOWS\System32\UserDataTypeHelperUtil.dll
2016-02-24 07:38:35 187744 ----a-w- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
2016-02-24 07:38:12 111616 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2016-02-24 07:37:58 45056 ----a-w- C:\WINDOWS\System32\UserDataLanguageUtil.dll
2016-02-24 07:36:17 60416 ----a-w- C:\WINDOWS\System32\PimIndexMaintenanceClient.dll
2016-02-24 07:35:26 220064 ----a-w- C:\WINDOWS\SysWow64\sqmapi.dll
2016-02-24 07:35:24 523752 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll
2016-02-24 07:35:18 45568 ----a-w- C:\WINDOWS\System32\atmlib.dll
2016-02-24 07:35:08 540752 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-02-24 07:33:53 141664 ----a-w- C:\WINDOWS\SysWow64\wermgr.exe
2016-02-24 07:33:49 538736 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2016-02-24 07:31:49 118272 ----a-w- C:\WINDOWS\System32\fontsub.dll
2016-02-24 07:30:18 25600 ----a-w- C:\WINDOWS\System32\wfapigp.dll
2016-02-24 07:28:12 70656 ----a-w- C:\WINDOWS\System32\POSyncServices.dll
2016-02-24 07:23:20 68096 ----a-w- C:\WINDOWS\System32\UserDataPlatformHelperUtil.dll
2016-02-24 07:23:09 91648 ----a-w- C:\WINDOWS\System32\asycfilt.dll
2016-02-24 07:22:03 196608 ----a-w- C:\WINDOWS\System32\fwpolicyiomgr.dll
2016-02-24 07:20:57 167936 ----a-w- C:\WINDOWS\System32\dafBth.dll
2016-02-24 07:20:35 195072 ----a-w- C:\WINDOWS\System32\VCardParser.dll
2016-02-24 07:20:00 87552 ----a-w- C:\WINDOWS\System32\AppxSysprep.dll
2016-02-24 07:19:56 31232 ----a-w- C:\WINDOWS\System32\seclogon.dll
2016-02-24 07:19:10 145408 ----a-w- C:\WINDOWS\System32\dssvc.dll
2016-02-24 07:15:29 365568 ----a-w- C:\WINDOWS\System32\atmfd.dll
2016-02-24 07:14:00 274944 ----a-w- C:\WINDOWS\System32\ExSMime.dll
2016-02-24 07:13:57 121856 ----a-w- C:\WINDOWS\System32\AppointmentActivation.dll
2016-02-24 07:12:54 243712 ----a-w- C:\WINDOWS\System32\cemapi.dll
2016-02-24 07:12:03 221184 ----a-w- C:\WINDOWS\System32\PhoneCallHistoryApis.dll
2016-02-24 07:10:05 93184 ----a-w- C:\WINDOWS\System32\wpninprc.dll
2016-02-24 07:09:04 258560 ----a-w- C:\WINDOWS\System32\UserDataAccountApis.dll
2016-02-24 07:09:00 161792 ----a-w- C:\WINDOWS\System32\AppxSip.dll
2016-02-24 07:07:53 252928 ----a-w- C:\WINDOWS\System32\PimIndexMaintenance.dll
2016-02-24 07:05:00 208896 ----a-w- C:\WINDOWS\System32\storewuauth.dll
2016-02-24 07:03:16 88576 ----a-w- C:\WINDOWS\SysWow64\olepro32.dll
2016-02-24 07:02:17 161280 ----a-w- C:\WINDOWS\System32\CallHistoryClient.dll
2016-02-24 07:01:56 146432 ----a-w- C:\WINDOWS\System32\AuthBroker.dll
2016-02-24 07:01:21 764928 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2016-02-24 07:01:15 67584 ----a-w- C:\WINDOWS\System32\profext.dll
2016-02-24 07:00:00 214528 ----a-w- C:\WINDOWS\System32\Windows.Devices.Scanners.dll
2016-02-24 06:59:55 450560 ----a-w- C:\WINDOWS\System32\Windows.Internal.Bluetooth.dll
2016-02-24 06:59:44 318976 ----a-w- C:\WINDOWS\System32\domgmt.dll
2016-02-24 06:59:32 360448 ----a-w- C:\WINDOWS\System32\vaultsvc.dll
2016-02-24 06:58:29 685568 ----a-w- C:\WINDOWS\System32\scapi.dll
2016-02-24 06:55:57 790528 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2016-02-24 06:55:39 224256 ----a-w- C:\WINDOWS\System32\PackageStateRoaming.dll
2016-02-24 06:55:08 18944 ----a-w- C:\WINDOWS\SysWow64\ExtrasXmlParser.dll
2016-02-24 06:54:57 37888 ----a-w- C:\WINDOWS\SysWow64\UserDataTypeHelperUtil.dll
2016-02-24 06:54:55 228352 ----a-w- C:\WINDOWS\System32\wsqmcons.exe
.
============= FINISH: 22.08.56,96 ===============
Attached Files
File Type: txt attach.txt (2.9 KB, 20 views)
lockecole is offline  
Sponsored Links
Advertisement
 
Old 04-01-2016, 12:11 AM   #2
Registered Member
 
Join Date: Mar 2016
Posts: 9
OS: Windows 10



I've seen that many other threads have received answers, but not this one. Do you need additional info?
lockecole is offline  
Old 04-01-2016, 12:56 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 04-02-2016, 04:04 AM   #4
Registered Member
 
Join Date: Mar 2016
Posts: 9
OS: Windows 10



# AdwCleaner v5.108 - Logfile created 02/04/2016 at 12:42:39
# Updated 30/03/2016 by Xplode
# Database : 2016-03-30.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Enrico - PC-GIORGIO
# Running from : C:\Users\Enrico\Downloads\AdwCleaner.exe
# Option : Scan
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\ProgramData\AVG Security Toolbar

***** [ Files ] *****

File Found : C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage
File Found : C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage-journal
File Found : C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_mysearch.avg.com_0.localstorage
File Found : C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_mysearch.avg.com_0.localstorage-journal

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : [x64] HKLM\SOFTWARE\AVG Secure Search
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com/?cid={8E8242C8-FE7C-4B50-AD00-D4C22C61CA2B}&mid=9bef070b970647cc9dc77514708ea979-f4e4d7b58d4fb97c0c989a7eff7669df75c6d392&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-12 20:09:13&v=4.2.4.155&pid=wtu&sg=&sap=hp
Data Found : HKU\S-1-5-21-1164529194-2230524795-3189009908-1002\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com/?cid={8E8242C8-FE7C-4B50-AD00-D4C22C61CA2B}&mid=9bef070b970647cc9dc77514708ea979-f4e4d7b58d4fb97c0c989a7eff7669df75c6d392&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-12 20:09:13&v=4.2.4.155&pid=wtu&sg=&sap=hp
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-1164529194-2230524795-3189009908-1002\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data Found : HKU\S-1-5-21-1164529194-2230524795-3189009908-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {95B7759C-8C7F-4BF1-B163-73684A933233}

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [3132 bytes] - [02/04/2016 12:42:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3205 bytes] ##########
Attached Files
File Type: txt FRST.txt (124.6 KB, 30 views)
File Type: txt Addition.txt (31.8 KB, 36 views)
lockecole is offline  
Old 04-02-2016, 07:05 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello lockecole. It appears you didn't run the 'Clean' function of AdwCleaner.

You have to run AdwCleaner, click 'Scan', then when the scan is finished, you must click 'Clean' while the AdwCleaner user interface is still open.

If the 'Clean' function is run, there will be a log named AdwCleaner[C#].txt, in addition to the AdwCleaner[S#].txt logs.

[C#] are for Clean, and [S#] are for Scan.

Let me know if you still have trouble.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-03-2016, 10:54 AM   #6
Registered Member
 
Join Date: Mar 2016
Posts: 9
OS: Windows 10



Here's the proper log:

# AdwCleaner v5.108 - Logfile created 03/04/2016 at 19:44:34
# Updated 30/03/2016 by Xplode
# Database : 2016-04-03.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Enrico - PC-GIORGIO
# Running from : C:\Users\Enrico\Downloads\AdwCleaner (1).exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar

***** [ Files ] *****

[-] File Deleted : C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage
[-] File Deleted : C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage-journal
[-] File Deleted : C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_mysearch.avg.com_0.localstorage
[-] File Deleted : C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_mysearch.avg.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-1164529194-2230524795-3189009908-1002\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKU\S-1-5-21-1164529194-2230524795-3189009908-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2588 bytes] - [03/04/2016 19:44:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [3296 bytes] - [02/04/2016 12:42:39]
C:\AdwCleaner\AdwCleaner[S2].txt - [3373 bytes] - [03/04/2016 19:41:19]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2807 bytes] ##########
lockecole is offline  
Old 04-03-2016, 12:44 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, lockecole. Thanks for the log.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up and restore your files - Windows Help

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {08B21B6A-08B2-46AC-A09F-4EFB602958CF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {0B9EDA1E-4385-4CA8-A778-7BDFE08A6DD3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {0C3E75E5-0E0A-46E6-9E71-EE45A469A995} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {225DCA15-16A7-4F5F-8F5B-1429E1435B60} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {290D72BB-950A-4D6B-8215-9D1DBA4D2A4A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {3CE5C7B3-CB4C-44E7-8BA6-6FB278D1D194} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {58F14DC0-BF92-41AE-BBCF-6FFAE9DF7988} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {5EEC5D44-FE7B-4992-AED0-C96F08C02458} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {6744F3BD-5651-41F5-AB3D-D009B6602CBE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {842D99C5-4902-487B-8C51-4235116515F9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {92DC45B7-D428-4D38-B356-DBB9A4E49A6D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {C9D85C97-6C24-4E72-8AE5-019D34C74EF0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {CA2CFD7C-7A2B-4352-80CF-4AF473B969EA} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-1164529194-2230524795-3189009908-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={8E8242C8-FE7C-4B50-AD00-D4C22C61CA2B}&mid=9bef070b970647cc9dc77514708ea979-f4e4d7b58d4fb97c0c989a7eff7669df75c6d392&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-12 20:09:13&v=4.2.4.155&pid=wtu&sg=&sap=hp
    SearchScopes: HKU\S-1-5-21-1164529194-2230524795-3189009908-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8E8242C8-FE7C-4B50-AD00-D4C22C61CA2B}&mid=9bef070b970647cc9dc77514708ea979-f4e4d7b58d4fb97c0c989a7eff7669df75c6d392&lang=it&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-12-12 20:09:13&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1164529194-2230524795-3189009908-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8E8242C8-FE7C-4B50-AD00-D4C22C61CA2B}&mid=9bef070b970647cc9dc77514708ea979-f4e4d7b58d4fb97c0c989a7eff7669df75c6d392&lang=it&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-12-12 20:09:13&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
    BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File
    CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
    HOSTS:
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-05-2016, 03:40 PM   #8
Registered Member
 
Join Date: Mar 2016
Posts: 9
OS: Windows 10



Hi chemist,

here's the log:

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Enrico (2016-04-06 00:29:13) Run:1
Running from C:\Users\Enrico\Desktop
Loaded Profiles: Enrico (Available Profiles: Giorgio & Enrico)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {08B21B6A-08B2-46AC-A09F-4EFB602958CF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0B9EDA1E-4385-4CA8-A778-7BDFE08A6DD3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0C3E75E5-0E0A-46E6-9E71-EE45A469A995} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {225DCA15-16A7-4F5F-8F5B-1429E1435B60} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {290D72BB-950A-4D6B-8215-9D1DBA4D2A4A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3CE5C7B3-CB4C-44E7-8BA6-6FB278D1D194} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {58F14DC0-BF92-41AE-BBCF-6FFAE9DF7988} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5EEC5D44-FE7B-4992-AED0-C96F08C02458} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6744F3BD-5651-41F5-AB3D-D009B6602CBE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {842D99C5-4902-487B-8C51-4235116515F9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {92DC45B7-D428-4D38-B356-DBB9A4E49A6D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C9D85C97-6C24-4E72-8AE5-019D34C74EF0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CA2CFD7C-7A2B-4352-80CF-4AF473B969EA} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1164529194-2230524795-3189009908-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={8E8242C8-FE7C-4B50-AD00-D4C22C61CA2B}&mid=9bef070b970647cc9dc77514708ea979-f4e4d7b58d4fb97c0c989a7eff7669df75c6d392&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-12 20:09:13&v=4.2.4.155&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-1164529194-2230524795-3189009908-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8E8242C8-FE7C-4B50-AD00-D4C22C61CA2B}&mid=9bef070b970647cc9dc77514708ea979-f4e4d7b58d4fb97c0c989a7eff7669df75c6d392&lang=it&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-12-12 20:09:13&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1164529194-2230524795-3189009908-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8E8242C8-FE7C-4B50-AD00-D4C22C61CA2B}&mid=9bef070b970647cc9dc77514708ea979-f4e4d7b58d4fb97c0c989a7eff7669df75c6d392&lang=it&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-12-12 20:09:13&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
HOSTS:
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08B21B6A-08B2-46AC-A09F-4EFB602958CF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08B21B6A-08B2-46AC-A09F-4EFB602958CF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B9EDA1E-4385-4CA8-A778-7BDFE08A6DD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B9EDA1E-4385-4CA8-A778-7BDFE08A6DD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C3E75E5-0E0A-46E6-9E71-EE45A469A995}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3E75E5-0E0A-46E6-9E71-EE45A469A995}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{225DCA15-16A7-4F5F-8F5B-1429E1435B60}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{225DCA15-16A7-4F5F-8F5B-1429E1435B60}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{290D72BB-950A-4D6B-8215-9D1DBA4D2A4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{290D72BB-950A-4D6B-8215-9D1DBA4D2A4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CE5C7B3-CB4C-44E7-8BA6-6FB278D1D194}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CE5C7B3-CB4C-44E7-8BA6-6FB278D1D194}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58F14DC0-BF92-41AE-BBCF-6FFAE9DF7988}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58F14DC0-BF92-41AE-BBCF-6FFAE9DF7988}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EEC5D44-FE7B-4992-AED0-C96F08C02458}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EEC5D44-FE7B-4992-AED0-C96F08C02458}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6744F3BD-5651-41F5-AB3D-D009B6602CBE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6744F3BD-5651-41F5-AB3D-D009B6602CBE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{842D99C5-4902-487B-8C51-4235116515F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{842D99C5-4902-487B-8C51-4235116515F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92DC45B7-D428-4D38-B356-DBB9A4E49A6D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92DC45B7-D428-4D38-B356-DBB9A4E49A6D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9D85C97-6C24-4E72-8AE5-019D34C74EF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9D85C97-6C24-4E72-8AE5-019D34C74EF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA2CFD7C-7A2B-4352-80CF-4AF473B969EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA2CFD7C-7A2B-4352-80CF-4AF473B969EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1164529194-2230524795-3189009908-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1164529194-2230524795-3189009908-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1164529194-2230524795-3189009908-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\hkhkiakolggnnicallabhkobalpeplpi" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hkhkiakolggnnicallabhkobalpeplpi" => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 550 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 00:30:27 ====
lockecole is offline  
Old 04-05-2016, 07:38 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, lockecole. How is the machine behaving?

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-08-2016, 04:27 PM   #10
Registered Member
 
Join Date: Mar 2016
Posts: 9
OS: Windows 10



MBAM LOG

Malwarebytes Anti-Malware
www.malwarebytes.org

Data scansione: 07/04/2016
Ora scansione: 19.48
File di log: MBAM log.txt
Amministratore: Ś

Versione: 2.2.1.1043
Database malware: v2016.04.07.04
Database rootkit: v2016.04.03.01
Licenza: Periodo di prova
Protezione da malware: Attivata
Protezione da siti web nocivi: Attivata
Auto-protezione: Disattivata

SO: Windows 10
CPU: x64
File system: NTFS
Utente: Enrico

Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 388745
Tempo impiegato: 13 min, 9 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Euristiche: Attivata
PUP: Attivata
PUM: Attivata

Processi: 0
(Nessun elemento nocivo rilevato)

Moduli: 0
(Nessun elemento nocivo rilevato)

Chiavi di registro: 0
(Nessun elemento nocivo rilevato)

Valori di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Cartelle: 0
(Nessun elemento nocivo rilevato)

File: 0
(Nessun elemento nocivo rilevato)

Settori fisici: 0
(Nessun elemento nocivo rilevato)


(end)

ESET REPORT

C:\Users\Enrico\Downloads\EN4500_198.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows.old\Users\Enrico\AppData\Local\Temp\7zS245C\Optional\HP_IPG_Toolbar_installer.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

REPORT ON SYSTEM BEHAVIOR

I haven't found any anomalies while using the system, but it must be said that it's my dad's laptop and I haven't used it to do anything other than producing these logs.
lockecole is offline  
Old 04-09-2016, 12:43 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, lockecole. Use the machine normally for a day or so and let me know how it behaves.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\Enrico\Downloads\EN4500_198.exe"
"C:\Windows.old\Users\Enrico\AppData\Local\Temp\7zS245C\Optional\HP_IPG_Toolbar_installer.exe"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-11-2016, 02:40 PM   #12
Registered Member
 
Join Date: Mar 2016
Posts: 9
OS: Windows 10



I used the computer today and didn't notice anything strange.

I also ran the fix.bat file and it told me "Deleted Successfully !!"
lockecole is offline  
Old 04-11-2016, 06:39 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

Help BleepingComputer Defend Freedom of Speech

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-14-2016, 05:27 AM   #14
Registered Member
 
Join Date: Mar 2016
Posts: 9
OS: Windows 10



Unfortunately I am away for work and won't be able to do anything for the next 48 hours. I'll write to you once I have done.

Thanks :)
lockecole is offline  
Old 04-14-2016, 05:58 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome. No problem, let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-17-2016, 05:29 AM   #16
Registered Member
 
Join Date: Mar 2016
Posts: 9
OS: Windows 10



All done. You can mark the thread as resolved.

Thanks again!
lockecole is offline  
Old 04-17-2016, 09:40 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, lockecole! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Redirecter in my win 8.1 sync settings or ???
Ok so for some time now malware bytes is blocking my metro/modern/etc IE of windows 8.1 from redirecting to androrat.xx.xx (put x's for safety but it's co.cc) and to ncrypt.xx (it started with ncrypt but today i saw the androrat one and - kinda forgot about this one but i do know it might be .in or...
Medicated Virus/Trojan/Spyware Help 26 07-15-2015 07:04 PM
Trying to help a friend get malware off her computer
Hello, I am helping a friend with her computer remotely, using Teamviewer. Yesterday she contacted me saying that her browsers were messed up and her computer was very slow. I connected using Teamviewer and rapidly determined that her computer had a bunch of malware running on it. Microsoft...
SquigglyDoodle Inactive Malware Help Topics 2 03-26-2015 05:52 AM
Suspect audio virus and tool bar removal
Good evening and thank you for your efforts so far. I use an Acer AX1200-B1581A running Win 7 64 bit. Every audio source that I play is interrupted with silence or tone intervention. This includes internet sources as well as CD drive. I am older, my glasses are in the shop and I sincerely hope I...
sonofwilliam Resolved HJT Threads 81 03-19-2013 08:30 AM
Power Supply Information and Selection
:smile: CHOOSING AND UNDERSTANDING A POWER SUPPLY UNIT The power supply unit in today’s modern computer assumes a role probably more critical than any other single component in your system even when compared to the CPU and motherboard. Therefore, there are multiple factors that must...
Tumbleweed36 RAM and Power Supply Support 0 07-09-2006 03:41 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:56 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts