Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bestprosoft.com


  • Please log in to reply
11 replies to this topic

#1 Walty71

Walty71

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 19 September 2016 - 03:57 AM

Hello

I'm unable to remove bestprosoft.com from my browser.

I've removed all voices under registry, no program installed, but when I turn on my PC my browser open always on bestprosoft.com page, I've also searched inside the browser for plugins but no presence at all.

How can I get rid of it?

 

Thank you

 

Walter from Italy



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,900 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:25 PM

Posted 19 September 2016 - 05:38 AM

Welcome to BC....

 

Use the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Walty71

Walty71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 20 September 2016 - 04:18 AM

Hi,

thanx for fast answer.

Here're all logs from Adwcleaer, JRT and Malwarebytes. The Eset scan found 1 threat but it close at the end, I've tried twice.

 

Thank you for you help.

 

Walter

 

# AdwCleaner v6.020 - Creato file registro eventi 20/09/2016 in 10:48:43
# Aggiornato su 14/09/2016 da ToolsLib
# Database : 2016-09-20.1 [Server]
# Sistema operativo : Windows 10 Pro  (X64)
# Utente : rossi - ASUS-G73JW
# In esecuzione da : C:\Users\rossi\Downloads\AdwCleaner.exe
# Modo: pulizia
# Supporto : https://toolslib.net/forum



***** [ Servizi ] *****



***** [ Cartelle ] *****



***** [ File ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Collegamenti ] *****



***** [ Attività pianificate ] *****



***** [ Registro ] *****

[-] Chiave eliminata: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Chiave eliminata: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com


***** [ Browser ] *****



*************************

:: " tracciamento " chiavi eliminate
:: Impostazioni Winsock ripristinate

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1183 Byte] - [20/09/2016 10:48:43]
C:\AdwCleaner\AdwCleaner[S0].txt - [1536 Byte] - [20/09/2016 10:48:21]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1327 Byte] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Data scansione: 20/09/2016
Ora scansione: 10:53
File di log: Malwarebytes scan.txt
Amministratore: Sì

Versione: 2.2.1.1043
Database malware: v2016.09.20.03
Database rootkit: v2016.08.15.01
Licenza: Gratuito
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Auto-protezione: Disattivata

SO: Windows 10
CPU: x64
File system: NTFS
Utente: rossi

Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 359670
Tempo impiegato: 16 min, 13 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Euristiche: Attivata
PUP: Attivata
PUM: Attivata

Processi: 0
(Nessun elemento nocivo rilevato)

Moduli: 0
(Nessun elemento nocivo rilevato)

Chiavi di registro: 0
(Nessun elemento nocivo rilevato)

Valori di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Cartelle: 0
(Nessun elemento nocivo rilevato)

File: 0
(Nessun elemento nocivo rilevato)

Settori fisici: 0
(Nessun elemento nocivo rilevato)


(end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Pro x64
Ran by rossi (Administrator) on 19/09/2016 at 14:06:23,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\WINDOWS\system32\Tasks\DriverPack Notifier (Task)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERPACK-ONLINE(1).EXE-798A4617.pf (File)



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/09/2016 at 14:09:11,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 



#4 buddy215

buddy215

  • BC Advisor
  • 12,900 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:25 PM

Posted 20 September 2016 - 06:08 AM

Any chance you recall anything about what Eset found....name of file...file location, etc?

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 Walty71

Walty71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 20 September 2016 - 08:25 AM

Here're the three lists from CCleaner. Eset is not showing what he found until the end, I tried to push over the red voice that showed the threat.

 

Thank you very much for your help.

 

Si    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Si    HKCU:Run    OneDrive    Microsoft Corporation    "C:\Users\rossi\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
No    HKCU:Run    Spotify    Spotify Ltd    "C:\Users\rossi\AppData\Roaming\Spotify\Spotify.exe" -autostart
Si    HKCU:Run    Spotify Web Helper    Spotify Ltd    "C:\Users\rossi\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Si    HKCU:RunOnce    Uninstall C:\Users\rossi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64    Microsoft Corporation    C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rossi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64"
Si    HKLM:Run    DriverPack Notifier        C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe --run startup
No    HKLM:Run    EvtMgr6    Logitech, Inc.    C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
Si    HKLM:Run    FLxHCIm64    Windows ® Win 7 DDK provider    "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
Si    HKLM:Run    fspctrl    TODO: <Company name>    %ProgramFiles%\FSP\fspctrl.exe
Si    HKLM:Run    fspuip    Sentelic Corporation    %ProgramFiles%\FSP\fspuip.exe
Si    HKLM:Run    Logitech Download Assistant    Microsoft Corporation    C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Si    HKLM:Run    Malwarebytes Anti-Exploit    Malwarebytes Corporation    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Si    HKLM:Run    PSUAMain    Panda Security, S.L.    "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
Si    HKLM:Run    ShadowPlay    Microsoft Corporation    "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Si    HKLM:Run    snp2uvc    Sonix Technology Co., Ltd.    C:\Windows\vsnp2uvc.exe
Si    HKLM:Run    WindowsDefender        "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Si    Startup User    Firemin.lnk        C:\Program Files (x86)\Mozilla Firefox\firemin_3977\Firemin.exe
Si    Startup User    Rainmeter.lnk    Rainmeter    C:\Program Files\Rainmeter\Rainmeter.exe

 

Si    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Si    Task    ATK Package 36D18D69AFC3    ASUSTek Computer Inc.    "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe" -CancelShutdown
Si    Task    ATK Package A22126881260    ASUSTek Computer Inc.    "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe"
Si    Task    AutoPico Daily Restart        C:\Users\rossi\AppData\Local\Temp\RarSFX0\AutoPico.exe /silent
Si    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Si    Task    Defraggler Volume C Task    Piriform Ltd    C:\Program Files\Defraggler\df64.exe "C:" /ts /user "rossi" /appPath "C:\Program Files\Defraggler"  /MinPercent 2
Si    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Si    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Si    Task    klcp_update        "%ProgramFiles(x86)%\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
Si    Task    NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
Si    Task    NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Si    Task    NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Si    Task    NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
Si    Task    NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
Si    Task    NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
Si    Task    OneDrive Standalone Update Task    Microsoft Corporation    C:\Users\rossi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Si    Task    Process Lasso Core Engine Only    Bitsum LLC    "C:\Program Files\Process Lasso\processgovernor.exe"
Si    Task    Process Lasso Management Console (GUI)    Bitsum LLC    "C:\Program Files\Process Lasso\processlasso.exe"
Si    Task    RtHDVBg_ListenToDevice    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /AECBYLISTENTOSTATUS
Si    Task    RTKCPL    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
Si    Task    RunUninstallTool_SkipUac    CrystalIDEA Software    C:\Program Files\Uninstall Tool\UninstallTool.exe $(Arg0)
Si    Task    Tweaking.com - Windows Repair Tray Icon    Tweaking.com    C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe


 

3D Builder    Microsoft Corporation    27/07/2016        11.1.9.0
Adobe Acrobat Reader DC - Italiano    Adobe Systems Incorporated    27/08/2016    406MB    15.017.20053
Adobe Flash Player 23 NPAPI    Adobe Systems Incorporated    19/09/2016    19,2MB    23.0.0.162
Anteprima Skype    Skype    28/08/2016        11.7.113.0
Ashampoo Burning Studio 16    Ashampoo GmbH & Co. KG    02/06/2016    215MB    16.0.6
ASUS Welcome    ASUSTeK COMPUTER INC.    27/07/2016        1.0.1.0
ATK Package    ASUS    13/05/2016    8,13MB    1.0.0040
Calcolatrice    Microsoft Corporation    27/08/2016        10.1608.2213.0
calibre 64bit    Kovid Goyal    29/08/2016    376MB    2.65.1
Candy Crush Soda Saga    king.com    19/09/2016        1.73.900.0
CCleaner    Piriform    27/08/2016    18,3MB    5.21
Centro gestione Mouse e Tastiere Microsoft    Microsoft Corporation    28/08/2016    40,8MB    2.3.188.0
Connessione guidata cellulare    Microsoft Corporation    27/08/2016        10.1608.2211.0
Connettore app    Microsoft Corporation    27/07/2016        1.3.3.0
Contatti    Microsoft Corporation    27/07/2016        10.0.11902.0
CryptoPrevent    Foolish IT LLC    20/06/2016    9,54MB    
Defraggler    Piriform    29/08/2016    12,8MB    2.21
DriverPack Notifier    DriverPack Solution    27/07/2016        2.0.3
EMCO MoveOnBoot 2.3    EMCO Software    27/07/2016    8,01MB    2.3.5.3510
Film e TV    Microsoft Corporation    27/08/2016        3.6.23941.0
Finger Sensing Pad Driver    Sentelic    27/08/2016        9.5.0.3
Foto    Microsoft Corporation    19/09/2016        16.912.10070.0
Fotocamera    Microsoft Corporation    27/08/2016        2016.816.20.0
Fresco Logic USB3.0 Host Controller    Fresco Logic    02/06/2016    5,20MB    3.6.8.0
Google Chrome    Google Inc.    19/05/2016    508MB    53.0.2785.116
Groove Musica    Microsoft Corporation    20/09/2016        3.6.25021.0
Hub di Feedback    Microsoft Corporation    28/08/2016        1.6.2221.0
Informazioni di base    Microsoft Corporation    28/08/2016        4.0.12.0
IObit Unlocker    IObit    13/07/2016    4,34MB    1.1
K-Lite Mega Codec Pack 12.3.5    KLCP    27/08/2016    160MB    12.3.5
Logitech SetPoint 6.67    Logitech    27/07/2016    39,0MB    6.67.83
Malwarebytes Anti-Exploit version 1.8.1.2572    Malwarebytes    29/08/2016    6,56MB    1.8.1.2572
Malwarebytes Anti-Malware versione 2.2.1.1043    Malwarebytes    21/06/2016    56,7MB    2.2.1.1043
Mappe    Microsoft Corporation    27/08/2016        5.1608.2311.0
Messaggi    Microsoft Corporation    27/07/2016        3.19.1001.0
Meteo    Microsoft Corporation    27/08/2016        4.13.47.0
Microsoft ASP.NET MVC 4 Runtime    Microsoft Corporation    02/06/2016    2,47MB    4.0.40804.0
Microsoft Office Professional Plus 2016 - it-it    Microsoft Corporation    28/08/2016    1,18GB    16.0.7167.2040
Microsoft Solitaire Collection    Microsoft Studios    20/09/2016        3.12.8312.0
Microsoft Sticky Notes    Microsoft Corporation    19/09/2016        1.1.30.0
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000    Microsoft Corporation    13/05/2016    2,50MB    8.0.61000
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001    Microsoft Corporation    13/05/2016    2,48MB    8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    13/05/2016    836KB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    13/05/2016    2,24MB    9.0.30729.6161
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219    Microsoft Corporation    13/05/2016    792KB    10.0.40219
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219    Microsoft Corporation    13/05/2016    2,19MB    10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030    Корпорация Майкрософт    27/07/2016    20,5MB    11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030    Корпорация Майкрософт    27/07/2016    17,3MB    11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501    Корпорация Майкрософт    27/07/2016    20,5MB    12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501    Корпорация Майкрософт    27/07/2016    17,1MB    12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026    Microsoft Corporation    27/07/2016    22,4MB    14.0.23026.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026    Microsoft Corporation    27/07/2016    18,6MB    14.0.23026.0
Money    Microsoft Corporation    27/08/2016        4.13.47.0
Mozilla Firefox 48.0.2 (x86 it)    Mozilla    28/08/2016    90,5MB    48.0.2
Notizie    Microsoft Corporation    27/08/2016        4.13.47.0
NVIDIA Driver 3D Vision 372.70    NVIDIA Corporation    02/09/2016    30,8MB    372.70
NVIDIA Driver audio HD 1.3.34.15    NVIDIA Corporation    02/09/2016    8,79MB    1.3.34.15
NVIDIA Driver del controller 3D Vision 369.04    NVIDIA Corporation    02/09/2016    9,31MB    369.04
NVIDIA Driver grafico 372.70    NVIDIA Corporation    02/09/2016    603MB    372.70
NVIDIA GeForce Experience 3.0.6.48    NVIDIA Corporation    20/09/2016    2,53MB    3.0.6.48
NVIDIA PhysX System Software 9.16.0318    NVIDIA Corporation    02/06/2016    406MB    9.16.0318
OneDrive    Microsoft Corporation    02/09/2016        17.13.4.0
OneNote    Microsoft Corporation    19/09/2016        17.7369.57731.0
Ottieni Office    Microsoft Corporation    27/08/2016        17.7319.23511.0
Panda Protection Beta    Panda Security    20/09/2016    59,4MB    17.90.00.0000
Posta e Calendario    Microsoft Corporation    19/09/2016        17.7167.40817.0
Process Lasso    Bitsum    19/09/2016    26,4MB    8.9.8.48
Programma di installazione app    Microsoft Corporation    27/08/2016        1.0.2181.0
Rainmeter        19/09/2016        4.0 beta r2627
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    28/08/2016    34,0MB    6.0.1.7891
Recordify 2016    Abelssoft    02/06/2016    2,52MB    1.51
Registratore vocale    Microsoft Corporation    27/08/2016        10.1608.2211.0
Sport    Microsoft Corporation    27/08/2016        4.13.47.0
Spotify    Spotify AB    20/06/2016        1.0.31.56.g526cfefe
Store    Microsoft Corporation    19/09/2016        11608.1001.38.0
Store Purchase App    Microsoft Corporation    27/07/2016        1.0.45.0
Sveglie e orologio    Microsoft Corporation    27/08/2016        10.1608.2312.0
Sway    Microsoft Corporation    19/09/2016        17.7369.45121.0
System Ninja version 3.1.5    SingularLabs    27/08/2016    8,04MB    3.1.5
Telefono    Microsoft Corporation    27/07/2016        2.17.27003.0
Total Commander 64-bit (Remove or Repair)    Ghisler Software GmbH    27/08/2016        9.0 beta 11
Tweaking.com - Windows Repair    Tweaking.com    20/09/2016    70,0MB    3.9.3
Twitter    Twitter Inc.    19/09/2016        5.3.2.0
Uninstall Tool    CrystalIDEA Software, Inc.    27/08/2016    9,28MB    3.5.0
USB2.0 UVC 2M WebCam    Sonix    27/07/2016        5.8.54000.207
Vulkan Run Time Libraries 1.0.11.1    LunarG, Inc.    02/09/2016    1,66MB    1.0.11.1
Wi-Fi e dati cellulare a pagamento    Microsoft Corporation    19/09/2016        1.1607.6.0
WindowsBlogItalia    Adriano Alfaro    02/09/2016        10.0.81.0
WinRAR 5.40 (64-bit)    win.rar GmbH    28/08/2016    5,73MB    5.40.0
Xbox    Microsoft Corporation    19/09/2016        19.21.9012.0
Xbox Identity Provider    Microsoft Corporation    27/07/2016        11.19.19003.0
Xbox One SmartGlass    Microsoft Corporation    27/07/2016        2.2.1510.30008
 



#6 Walty71

Walty71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 20 September 2016 - 08:29 AM

At the end I did it:

This is the log from ESET scan

 

C:\Users\rossi\Downloads\ccsetup521.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application  



#7 buddy215

buddy215

  • BC Advisor
  • 12,900 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:25 PM

Posted 20 September 2016 - 09:31 AM

Okay...it just found the bundled Google Toolbar in CCleaner download which you did not allow to install.

 

Suggest Disabling these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Si    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Si    HKCU:Run    Spotify Web Helper    Spotify Ltd    "C:\Users\rossi\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Si    HKCU:RunOnce    Uninstall C:\Users\rossi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64    Microsoft Corporation    C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rossi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64"
Si    HKLM:Run    DriverPack Notifier        C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe --run startup
Si    HKLM:Run    ShadowPlay    Microsoft Corporation    "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Si    Startup User    Firemin.lnk        C:\Program Files (x86)\Mozilla Firefox\firemin_3977\Firemin.exe
 
Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.
Si    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Si    Task    klcp_update        "%ProgramFiles(x86)%\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
Si    Task    NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Si    Task    NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Si    Task    NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
Si    Task    NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
Si    Task    NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
Si    Task    RunUninstallTool_SkipUac    CrystalIDEA Software    C:\Program Files\Uninstall Tool\UninstallTool.exe $(Arg0)
Si    Task    Tweaking.com - Windows Repair Tray Icon    Tweaking.com    C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
 
Delete this Task: Use CCleaner by clicking on it and choosing Delete on the right.
Si    Task    AutoPico Daily Restart        C:\Users\rossi\AppData\Local\Temp\RarSFX0\AutoPico.exe /silent
 
Uninstall these programs:
Candy Crush Soda Saga    king.com    19/09/2016        1.73.900.0
DriverPack Notifier    DriverPack Solution    27/07/2016        2.0.3
IObit Unlocker    IObit    13/07/2016    4,34MB    1.1
System Ninja version 3.1.5    SingularLabs    27/08/2016    8,04MB    3.1.5
Uninstall Tool    CrystalIDEA Software, Inc.    27/08/2016    9,28MB    3.5.0
 
After doing the above and rebooting....please let me know if original problem still exists or not.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 Walty71

Walty71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 21 September 2016 - 08:02 AM

Unlikely the solution doesn't work. At windows re-start the bestprosoft.com re-appeared on my Firefox browser.



#9 buddy215

buddy215

  • BC Advisor
  • 12,900 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:25 PM

Posted 21 September 2016 - 08:14 AM

Okay...time to start a new Topic in the Malware Removal Forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 Walty71

Walty71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 21 September 2016 - 09:27 AM

When I try to use the FRST (64bit) the computer crash, I've tried twice but same problem.

Then I've downloaded the 32 bit version but it's saying that I've to use the 64 bit version.

Shall I try to use it in safe mode?



#11 buddy215

buddy215

  • BC Advisor
  • 12,900 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:25 PM

Posted 21 September 2016 - 09:40 AM

You can do that...if it continues to be a problem, start the new Topic and explain the problem you are having with FRST.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 Walty71

Walty71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 21 September 2016 - 09:44 AM

Ok, I did it. Thank you for your precious help.


And also you're very fast!!! Like Flash! :clapping:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users