Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange malware... am I still infected?


  • Please log in to reply
35 replies to this topic

#1 moseviero

moseviero

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 18 February 2016 - 04:03 AM

Greetings to everyone!

I'm Mosè, I write from Italy and I'm hoping to get some tip to solve the strangest problem I'm having with a computer since... forever! :-)

 

Some days ago I accidentally opened an .exe file and got infected with a malware. My Avast antivirus started to alert me with loud messages: "a menace has been found!", or something similar (I'm obviously using the Italian version). The culprit was the file nt.bat, in the "roaming" directory, connected with the file dxdiag10bcx.exe. I immediately made a scan and then also a boot scan with Avast itself, without any success. For the next days, every time I booted the computer I got that alert message for a few times, but after some minutes it stopped and everything seemed to work just fine. The only other message I got was about the SSH, Telnet and Rlogin client not working any more: but it didn't really seem to affect anything.

 

I started searching for a more powerful scanning software: I tried with Malwarebytes (useless) and with Emissoft Emergency Kit: this last tool found something, but I'm not sure it's actually connected with my problem.

 

Now after a few days the situation has changed: I don't get any more alert messages from Avast, but I still get the message about the SSH, Telnet and Rlogin client not working. I'm not sure if I've solved the problem and should ignore the message (considering everything seems to work just fine) or if I'm still infected.

 

What do you think? Do you have any suggestions?

 

Thank you very much for any help you can offer me! :-)

Mosè



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:08 AM

Posted 18 February 2016 - 07:58 AM

Hi moseviero :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 moseviero

moseviero
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 18 February 2016 - 12:04 PM

There we go! Thank you! :-)

Mosè

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Mosè (administrator) on 18-02-2016 at 18:03:24
Running from "C:\Users\Mosè\Desktop"
Microsoft Windows 10 Home  (X64)
Model: Alienware Area-51 R2 Manufacturer: Alienware
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Configurazione IP di Windows
 
Cache del resolver DNS svuotata.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-AC 7260 = Wi-Fi (Connected)
Killer e2200 Gigabit Ethernet Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Connessione di rete Bluetooth (Media disconnected)
 
 
# ----------------------------------
# Configurazione IPv4
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Connessione alla rete locale (LAN)* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connessione di rete Bluetooth" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connessione alla rete locale (LAN)* 5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# Fine configurazione IPv4
 
 
 
Configurazione IP di Windows
 
   Nome host . . . . . . . . . . . . . . : DESKTOP-FQLKHMF
   Suffisso DNS primario . . . . . . . . : 
   Tipo nodo . . . . . . . . . . . . . . : Ibrido
   Routing IP abilitato. . . . . . . . . : No
   Proxy WINS abilitato . . . . . . . .  : No
   Elenco di ricerca suffissi DNS. . . . : lan
 
Scheda Ethernet Ethernet:
 
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Killer e2200 Gigabit Ethernet Controller
   Indirizzo fisico. . . . . . . . . . . : 44-A8-42-FB-E6-FC
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S
 
Scheda LAN wireless Connessione alla rete locale (LAN)* 1:
 
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Indirizzo fisico. . . . . . . . . . . : 4C-EB-42-B1-6F-CB
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S
 
Scheda LAN wireless Wi-Fi:
 
   Suffisso DNS specifico per connessione: lan
   Descrizione . . . . . . . . . . . . . : Intel® Dual Band Wireless-AC 7260
   Indirizzo fisico. . . . . . . . . . . : 4C-EB-42-B1-6F-CA
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::f16c:8f5e:5860:7467%2(Preferenziale) 
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.1.74(Preferenziale) 
   Subnet mask . . . . . . . . . . . . . : 255.255.255.0
   Lease ottenuto. . . . . . . . . . . . : marted 16 febbraio 2016 17:24:53
   Scadenza lease . . . . . . . . . . .  : venerd 19 febbraio 2016 17:54:45
   Gateway predefinito . . . . . . . . . : 192.168.1.254
   Server DHCP . . . . . . . . . . . . . : 192.168.1.254
   IAID DHCPv6 . . . . . . . . . . . : 38595394
   DUID Client DHCPv6. . . . . . . . : 00-01-00-01-1D-F3-B5-E2-44-A8-42-FB-E6-FC
   Server DNS . . . . . . . . . . . . .  : 192.168.1.254
   NetBIOS su TCP/IP . . . . . . . . . . : Attivato
 
Scheda Ethernet Connessione di rete Bluetooth:
 
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Indirizzo fisico. . . . . . . . . . . : 4C-EB-42-B1-6F-CE
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S
 
Scheda Tunnel isatap.lan:
 
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: lan
   Descrizione . . . . . . . . . . . . . : Microsoft ISATAP Adapter
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S
 
Scheda Tunnel Teredo Tunneling Pseudo-Interface:
 
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S
   Indirizzo IPv6 . . . . . . . . . . . . . . . . . : 2001:0:9d38:90d7:cd1:1f5f:a1db:f6b4(Preferenziale) 
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::cd1:1f5f:a1db:f6b4%10(Preferenziale) 
   Gateway predefinito . . . . . . . . . : ::
   IAID DHCPv6 . . . . . . . . . . . : 419430400
   DUID Client DHCPv6. . . . . . . . : 00-01-00-01-1D-F3-B5-E2-44-A8-42-FB-E6-FC
   NetBIOS su TCP/IP . . . . . . . . . . : Disattivato
Server:  dsldevice.lan
Address:  192.168.1.254
 
Nome:    google.com
Addresses:  2a00:1450:4001:80f::1002
 173.194.112.105
 173.194.112.98
 173.194.112.97
 173.194.112.96
 173.194.112.110
 173.194.112.99
 173.194.112.104
 173.194.112.103
 173.194.112.101
 173.194.112.100
 173.194.112.102
 
 
Esecuzione di Ping google.com [173.194.112.41] con 32 byte di dati:
Risposta da 173.194.112.41: byte=32 durata=36ms TTL=55
Risposta da 173.194.112.41: byte=32 durata=35ms TTL=55
 
Statistiche Ping per 173.194.112.41:
    Pacchetti: Trasmessi = 2, Ricevuti = 2, 
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 35ms, Massimo =  36ms, Medio =  35ms
Server:  dsldevice.lan
Address:  192.168.1.254
 
Nome:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Esecuzione di Ping yahoo.com [98.139.183.24] con 32 byte di dati:
Risposta da 98.139.183.24: byte=32 durata=130ms TTL=50
Risposta da 98.139.183.24: byte=32 durata=131ms TTL=50
 
Statistiche Ping per 98.139.183.24:
    Pacchetti: Trasmessi = 2, Ricevuti = 2, 
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 130ms, Massimo =  131ms, Medio =  130ms
 
Esecuzione di Ping 127.0.0.1 con 32 byte di dati:
Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128
Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128
 
Statistiche Ping per 127.0.0.1:
    Pacchetti: Trasmessi = 2, Ricevuti = 2, 
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 0ms, Massimo =  0ms, Medio =  0ms
===========================================================================
Elenco interfacce
  8...44 a8 42 fb e6 fc ......Killer e2200 Gigabit Ethernet Controller
  9...4c eb 42 b1 6f cb ......Microsoft Wi-Fi Direct Virtual Adapter
  2...4c eb 42 b1 6f ca ......Intel® Dual Band Wireless-AC 7260
  7...4c eb 42 b1 6f ce ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  3...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Tabella route
===========================================================================
Route attive:
     Indirizzo rete             Mask          Gateway     Interfaccia Metrica
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.74     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.74    281
     192.168.1.74  255.255.255.255         On-link      192.168.1.74    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.74    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.74    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.74    281
===========================================================================
Route permanenti:
  Nessuna
 
IPv6 Tabella route
===========================================================================
Route attive:
 Interf Metrica Rete Destinazione      Gateway
 10    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 10    306 2001::/32                On-link
 10    306 2001:0:9d38:90d7:cd1:1f5f:a1db:f6b4/128
                                    On-link
  2    281 fe80::/64                On-link
 10    306 fe80::/64                On-link
 10    306 fe80::cd1:1f5f:a1db:f6b4/128
                                    On-link
  2    281 fe80::f16c:8f5e:5860:7467/128
                                    On-link
  1    306 ff00::/8                 On-link
  2    281 ff00::/8                 On-link
 10    306 ff00::/8                 On-link
===========================================================================
Route permanenti:
  Nessuna
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/18/2016 06:03:25 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/18/2016 06:03:13 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/18/2016 06:03:02 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/18/2016 06:02:51 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/18/2016 06:02:40 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/18/2016 06:02:28 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/18/2016 06:02:17 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/18/2016 06:02:06 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/18/2016 06:01:55 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/18/2016 06:01:43 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
 
System errors:
=============
Error: (02/18/2016 05:55:43 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio DellDataVault.
 
Error: (02/18/2016 05:55:13 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio DellDataVault.
 
Error: (02/18/2016 02:36:51 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio DellDataVault.
 
Error: (02/18/2016 02:36:14 PM) (Source: Service Control Manager) (User: )
Description: Il servizio Accesso dati utente_21c62c1 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (02/18/2016 02:36:14 PM) (Source: Service Control Manager) (User: )
Description: Il servizio Archiviazione dati utente_21c62c1 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (02/18/2016 02:36:14 PM) (Source: Service Control Manager) (User: )
Description: Il servizio Dati contatti_21c62c1 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (02/18/2016 02:36:14 PM) (Source: Service Control Manager) (User: )
Description: Il servizio Sincronizza host_21c62c1 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (02/18/2016 02:36:14 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: impostazioni specifiche dell'applicazioneLocaleAttivazione{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (tramite LRPC)Non disponibileNon disponibile
 
Error: (02/18/2016 09:10:48 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio DellDataVault.
 
Error: (02/18/2016 09:10:18 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio DellDataVault.
 
 
Microsoft Office Sessions:
=========================
Error: (02/18/2016 06:03:25 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/18/2016 06:03:13 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/18/2016 06:03:02 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/18/2016 06:02:51 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/18/2016 06:02:40 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/18/2016 06:02:28 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/18/2016 06:02:17 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/18/2016 06:02:06 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/18/2016 06:01:55 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/18/2016 06:01:43 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-02-15 15:18:35.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-13 10:31:21.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-12 13:43:13.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-29 08:47:18.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-18 09:19:56.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-14 09:22:59.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-06 20:32:12.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-30 20:14:01.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-30 15:06:50.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-25 18:06:13.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Aggiornamenti NVIDIA 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Alienware Command Center (HKLM\...\{3B0BFF91-F5EE-4EE3-84B9-5822AF012632}) (Version: 4.0.51.0 - Dell Inc.) Hidden
Alienware Command Center (HKLM-x32\...\InstallShield_{3B0BFF91-F5EE-4EE3-84B9-5822AF012632}) (Version: 4.0.51.0 - Dell Inc.)
Alienware Customer Connect (HKLM-x32\...\{99E581C6-471C-46CA-989E-3B17EB7E3F27}) (Version: 1.3.2.0 - Dell Inc.)
Alienware Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Anno 1404 - Gold Edition (HKLM-x32\...\1440426004_is1) (Version: 2.0.0.2 - GOG.com)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Centro gestione Mouse e Tastiere Microsoft (HKLM\...\{285D0398-98DD-4C39-8D64-88EA0978D5D9}) (Version: 2.6.140.0 - Microsoft Corporation) Hidden
Centro gestione Mouse e Tastiere Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.7.0 - Dell Inc.) Hidden
Dell Foundation Services (HKLM\...\{AE5E3C86-2633-4DAF-A7F4-C43D1E738BAE}) (Version: 3.1.3300.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell)
Dell System Detect (HKCU\...\58d94f3ce2c27db0) (Version: 6.12.0.1 - Dell)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Forté Agent (HKLM-x32\...\{9B867430-CF67-4989-A414-68DF625D5D15}) (Version: 8.00.1272 - Forté Internet Software, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
iExplorer 3.8.8.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Killer Bandwidth Control Filter Driver (HKLM\...\{D7C17038-7D8E-46B3-9398-0F1E18781795}) (Version: 1.1.55.1230 - Rivet Networks) Hidden
Killer E220x Drivers (HKLM\...\{162DE9EE-DB6C-479C-B390-C5263655EE0E}) (Version: 1.1.55.1230 - Rivet Networks) Hidden
Killer Network Manager (HKLM\...\{9600166B-6FC4-436F-A4A3-485CB7024D37}) (Version: 1.1.55.1230 - Rivet Networks) Hidden
Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.55.1230 - Rivet Networks)
LibreOffice 5.0.4.2 (HKLM-x32\...\{14B5DDCF-61C4-4F1E-A621-844685D60B5A}) (Version: 5.0.4.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.5.1 - Mozilla)
Mozilla Thunderbird 38.6.0 (x86 it) (HKLM-x32\...\Mozilla Thunderbird 38.6.0 (x86 it)) (Version: 38.6.0 - Mozilla)
MSI ODD Monitor (HKLM-x32\...\{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.7 - Micro-Star Int'l Co., Ltd.) Hidden
MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.7 - Micro-Star Int'l Co., Ltd.)
NVIDIA Driver 3D Vision 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.91 - NVIDIA Corporation)
NVIDIA Driver audio HD 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Driver del controller 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Driver grafico 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.91 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Pannello di controllo NVIDIA 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 361.91 - NVIDIA Corporation) Hidden
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Software Intel® PROSet/Wireless (HKLM-x32\...\{4544164b-edf0-455c-b150-bed7109d751e}) (Version: 18.11.0 - Intel Corporation)
Software per periferiche con chipset Intel® (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel® Corporation) Hidden
Sound Blaster Recon3Di (HKLM-x32\...\{A3DF88A7-3E53-4A8F-AD68-4C8AF98931AE}) (Version: 1.01.00 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Supporto applicazioni Apple (64 bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 29%
Total physical RAM: 16271.54 MB
Available physical RAM: 11489.9 MB
Total Virtual: 18703.54 MB
Available Virtual: 10366.23 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:105.03 GB) (Free:10.71 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:1862.89 GB) (Free:1806.24 GB) NTFS
 
========================= Users: ========================================
 
Account utente per \\DESKTOP-FQLKHMF
 
Administrator            DefaultAccount           Guest                    
MosŠ                     
Esecuzione comando riuscita.
 
 
**** End of log ****


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:08 AM

Posted 18 February 2016 - 12:08 PM

Thank you :) Now follow the instructions below please.

sUc2qjf.pngAutoruns - Start-up Entries
Follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns.zip from the Sysinternals Suite webpage;
  • Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;
  • Accept the EULA on opening, then wait for all the entries to load;
  • Click on File then Save and save the file to a location easily accessible as a .arn (Autoruns) file;
  • Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 moseviero

moseviero
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 18 February 2016 - 04:37 PM

Here we are: https://www.dropbox.com/s/585n0eplh5xs6g7/DESKTOP-FQLKHMF.arn?dl=0

 

Probably it's important (or maybe not) to say that the error message appeared *after* I made the Minitoolbox report I posted above.

 

Thank you! :-)

Mosè 



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:08 AM

Posted 18 February 2016 - 05:21 PM

Are you able to take a screenshot of that error message and post it here for me?

mq1pzD6.pngHow to take a screenshot using the Snipping Tool
Follow the instructions below to take a screenshot using Windows' Snipping Tool:
  • Press on the Win Key + R to open the Run box;
  • Enter SnippingTool and press on Enter;
  • The Snipping Tool will open, asking you to choose the area to take in the screenshot;
  • Left click on the area where you want to start the screenshot, keep it, and drag the cursor across the screen;
  • Once done, release the left button to take the screenshot;
  • In the editing window, click on the File menu then Save As;
  • Save the screenshot in a folder that you can access easily;
  • Upload the screenshot on Imgur.com and post the URL to it here;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 moseviero

moseviero
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 20 February 2016 - 08:42 AM

Hi again!

 

I had already grabbed the image of the error message on my own, I hope it's good: http://imgur.com/OMWmm1T

 

It's two days I'm getting another error message at startup, this one: http://imgur.com/4UTfrf6

 

Thank you again for your help :-)

Mosè



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:08 AM

Posted 20 February 2016 - 08:55 AM

Your second error is caused by Alienware Command Center. And you might need to reinstall to fix it. Follow the instructions below please.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 moseviero

moseviero
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 20 February 2016 - 02:04 PM

Hi again!

 

When I launch JRT as per instructions above, the tool says:

 

Creating restore point... FAILED 0x80070422

The tool failed to create a restore point!
Tool paused.
 
I can continue with the scan anyway, but I don't know if I should...


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:08 AM

Posted 20 February 2016 - 02:36 PM

You can continue the scan, we can address the System Restore issue after :)

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 moseviero

moseviero
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 20 February 2016 - 04:24 PM

Here we are!

 

Log of JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64 
Ran by MosŠ (Administrator) on 20/02/2016 at 22:07:10,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 5 
 
Successfully deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\search.lnk (Shortcut) 
Successfully deleted: C:\Users\MosŠ\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\MosŠ\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage (File) 
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/02/2016 at 22:09:08,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-----------------
 
ADWcleander can't find anything wrong, and does not list anything on any tab!
 
-----------------
 
Malware can't find anything either. Here is the log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 20/02/2016
Scan Time: 22:17
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.20.03
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Mosè
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385009
Time Elapsed: 4 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:08 AM

Posted 20 February 2016 - 04:25 PM

Alright good :) Let's run a scan with Emsisoft Emergency Kit just to see if it picks up any remnants.

0Wrv6UC.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 moseviero

moseviero
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 20 February 2016 - 05:19 PM

Here we go!

 

Emsisoft Emergency Kit can't find anything right now: I've made a scan after an update and it didn't list anything.

 

This is what it found some days ago, when I did the first scan with it. But it seems to me that this files are email attachments that were never opened and just stored away by Thunderbird:

 

Emsisoft Emergency Kit - Version 11.0
Log della quarantena
 
Data Origine Evento Infezione/PUP
16/02/2016 17:03:38 C:\Users\Mosè\AppData\Roaming\Thunderbird\Profiles\qbynhqon.default\ImapMail\imap.moseviero.it\INBOX.sbd\Trash Sposta in quarantena Trojan.JS.Downloader.CJK (B)
16/02/2016 17:03:41 C:\Users\Mosè\AppData\Roaming\Thunderbird\Profiles\qbynhqon.default\ImapMail\in.virgilio.it\Spam Sposta in quarantena JS:Trojan.Crypt.NX (B)


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:08 AM

Posted 20 February 2016 - 06:57 PM

Looks like it as well. Just cached content.

Now we need to address that SSH, Telnet, etc. error message. Are you able to run MiniToolBox with the option below, right after you get a SSH, Telnet, etc. application hang?

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • List Last 10 Event Viewer Errors;
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 moseviero

moseviero
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 21 February 2016 - 07:43 AM

There we go. This log was made like 5 minutes after the error message. Tell me if it's too late already! 

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Mosè (administrator) on 21-02-2016 at 13:41:21
Running from "C:\Users\Mosè\Desktop"
Microsoft Windows 10 Home  (X64)
Model: Alienware Area-51 R2 Manufacturer: Alienware
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/21/2016 01:36:09 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/21/2016 01:35:48 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/21/2016 01:35:27 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/21/2016 01:35:05 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/21/2016 01:34:44 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/21/2016 01:34:25 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceCreationEvent WITHIN 5 WHERE TargetInstance ISA 'Win32_Process'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/21/2016 01:34:24 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceDeletionEvent within 15 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/21/2016 01:34:24 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 15 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/21/2016 01:34:23 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
Error: (02/20/2016 02:36:21 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Impossibile riattivare il filtro eventi con query "select * from __InstanceDeletionEvent within 15 where TargetInstance ISA 'Win32_USBControllerdevice'" nello spazio dei nomi "//./root/CIMV2". Errore 0x8004106c. Impossibile recapitare gli eventi tramite questo filtro finché il problema non verrà risolto.
 
 
System errors:
=============
Error: (02/21/2016 12:04:31 AM) (Source: Service Control Manager) (User: )
Description: Il servizio Accesso dati utente_637dacd è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (02/21/2016 12:04:31 AM) (Source: Service Control Manager) (User: )
Description: Il servizio Archiviazione dati utente_637dacd è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (02/21/2016 12:04:31 AM) (Source: Service Control Manager) (User: )
Description: Il servizio Dati contatti_637dacd è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (02/21/2016 12:04:31 AM) (Source: Service Control Manager) (User: )
Description: Il servizio Sincronizza host_637dacd è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (02/21/2016 12:04:31 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: impostazioni specifiche dell'applicazioneLocaleAttivazione{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (tramite LRPC)Non disponibileNon disponibile
 
Error: (02/20/2016 10:07:15 PM) (Source: Service Control Manager) (User: )
Description: Arresto imprevista del servizio NVIDIA Display Driver Service. Questo evento si è già verificato 1 volta(e).
 
Error: (02/20/2016 04:45:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: impostazioni specifiche dell'applicazioneLocaleAttivazione{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (tramite LRPC)Non disponibileNon disponibile
 
Error: (02/19/2016 10:53:38 PM) (Source: Service Control Manager) (User: )
Description: Il servizio Accesso dati utente_5bd57e9 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (02/19/2016 10:53:38 PM) (Source: Service Control Manager) (User: )
Description: Il servizio Archiviazione dati utente_5bd57e9 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
Error: (02/19/2016 10:53:38 PM) (Source: Service Control Manager) (User: )
Description: Il servizio Dati contatti_5bd57e9 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.
 
 
Microsoft Office Sessions:
=========================
Error: (02/21/2016 01:36:09 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/21/2016 01:35:48 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/21/2016 01:35:27 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/21/2016 01:35:05 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/21/2016 01:34:44 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/21/2016 01:34:25 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceCreationEvent WITHIN 5 WHERE TargetInstance ISA 'Win32_Process'0x8004106c
 
Error: (02/21/2016 01:34:24 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceDeletionEvent within 15 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/21/2016 01:34:24 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 15 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/21/2016 01:34:23 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceCreationEvent within 3 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
Error: (02/20/2016 02:36:21 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2select * from __InstanceDeletionEvent within 15 where TargetInstance ISA 'Win32_USBControllerdevice'0x8004106c
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-02-15 15:18:35.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-13 10:31:21.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-12 13:43:13.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-29 08:47:18.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-18 09:19:56.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-14 09:22:59.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-06 20:32:12.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-30 20:14:01.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-30 15:06:50.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-25 18:06:13.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
**** End of log ****





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users