Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem with some malaware???


  • Please log in to reply
5 replies to this topic

#1 GxG

GxG

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 06 June 2017 - 08:43 AM

Hi everybody
Thanks for support.
 
I used to have avg antivirus, some days ago i noticed that avg wasn't working properly. If i tried to open it nothing happens. With some difficulties i 
 
removed it and tried to reistall again, but i couldn't. It stopped at the very beging with no signs. So i tried to install avira antivirus. Same story. 
I tried some online scanning, trend micro and others, but nothing came up. 
I installed malwarebytes with success but the scan didn't found anything.
SOme friend told me about 360 total security. I installed it successfully. I performed the total scan, but even this found anythig souspicious.
 
This computer is working with some automatic machines, that are having some little problems. Assistance said that it could be because of some virus in 
 
the computer.
So i performed combofix. 
But i couldn't read the log.
 
Plese help
Thanks
 
GxG
 
 
 
combofixlog
 
ComboFix 17-05-16.01 - admin 31/05/2017   0:24.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.8100.5886 [GMT 2:00]
Eseguito da: c:\users\admin\Desktop\ComboFix.exe
AV: 360 Total Security *Disabled/Updated* {0371CA44-3F80-A1D3-BECE-910620B58D50}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: 360 Total Security *Disabled/Updated* {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((   Files Creati Da 2017-04-28 al 2017-05-30  )))))))))))))))))))))))))))))))))))
.
.
2017-05-30 22:27 . 2017-05-30 22:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-05-30 21:44 . 2017-05-30 21:45 -------- d-----w- c:\programdata\360Quarant
2017-05-30 21:41 . 2017-05-30 21:41 -------- d-----w- c:\program files (x86)\360
2017-05-30 21:29 . 2017-05-30 21:58 187320 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-05-30 21:29 . 2017-05-30 22:00 84256 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-05-30 21:29 . 2017-05-30 22:00 113592 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-05-30 21:29 . 2017-05-30 22:00 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-05-30 21:29 . 2017-05-30 22:00 251832 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-05-30 21:29 . 2017-05-09 14:37 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-05-30 21:28 . 2017-05-30 21:28 -------- d-----w- c:\programdata\Malwarebytes
2017-05-30 21:28 . 2017-05-30 21:28 -------- d-----w- c:\program files\Malwarebytes
2017-05-30 21:28 . 2017-05-30 21:28 -------- d-----w- c:\users\admin\AppData\Local\Programs
2017-05-29 21:34 . 2017-05-29 21:34 -------- d-----w- c:\program files\CCleaner
2017-05-29 21:10 . 2017-05-30 21:16 -------- d-----w- c:\users\admin\AppData\Local\FSDART
2017-05-29 21:10 . 2017-05-29 21:11 -------- d-----w- c:\programdata\F-Secure
2017-05-29 21:10 . 2017-05-29 21:10 -------- d-----w- c:\users\admin\AppData\Local\F-Secure
2017-05-29 20:50 . 2017-05-29 20:52 -------- d-----w- C:\AVG_Remover
2017-05-21 05:54 . 2017-05-21 05:54 529864 ----a-w- c:\program files (x86)\Mozilla Firefox\minidump-analyzer.exe
2017-05-17 15:15 . 2017-05-17 15:15 -------- d-s---w- c:\windows\SysWow64\Microsoft
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-11 14:23 . 2016-06-23 09:26 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-08-19 292848]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2013-09-03 134616]
"Aia.LactoSync.UI"="c:\program files (x86)\Aia\LactoSync\Aia.LactoSync.UI.exe" [2017-02-08 160256]
"QHSafeTray"="c:\program files (x86)\360\Total Security\safemon\QHSafeTray.exe" [2017-05-17 1944528]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Activity-Alarm-Marker-6.bat - collegamento.lnk - c:\dairypln\Activity-Alarm-Marker-6.bat [2016-5-10 396]
DPProcessControl.exe - collegamento.lnk - c:\dairypln\DPProcessControl.exe [2017-5-17 625016]
DPSync.exe - collegamento.lnk - c:\dairypln\DPSync.exe [2017-5-17 147456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EloUsbG2;EloUsbG2 Service;c:\windows\system32\Drivers\EloUsbG2.sys;c:\windows\SYSNATIVE\Drivers\EloUsbG2.sys [x]
R3 IntcDAud;Audio Intel® per schermi;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 pmserenum;PenMount Serial Device Enumeration Service;c:\windows\system32\DRIVERS\pmserenum.sys;c:\windows\SYSNATIVE\DRIVERS\pmserenum.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 iusb3hcs;Driver dello switch Controller Host Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 360Box64;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box64.sys;c:\windows\SYSNATIVE\DRIVERS\360Box64.sys [x]
S1 360FsFlt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LactoSync;LactoSync;c:\program files (x86)\Aia\LactoSync\Aia.LactoSync.exe;c:\program files (x86)\Aia\LactoSync\Aia.LactoSync.exe [x]
S2 QHActiveDefense;360 Total Security;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe [x]
S3 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]
S3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360AvFlt.sys [x]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 e1rexpress;Intel® PCI Express Network Connection Driver R;c:\windows\system32\DRIVERS\e1r62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1r62x64.sys [x]
S3 iusb3hub;Driver hub Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Driver Controller Host estendibile Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*Deregistered* - ESProtectionDriver
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-12-04 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-12-04 771056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-12-04 770032]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-07-08 13632216]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{A655DE18-A68E-421E-A8A5-3BC32AA7E754}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ujfkxts.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2017-05-31  02:15:26
ComboFix-quarantined-files.txt  2017-05-31 00:15
.
Pre-Run: 70.006.755.328 byte disponibili
Post-Run: 69.229.543.424 byte disponibili
.
- - End Of File - - 84492C9D877D69DC8B137A34FE5D2B37
A36C5E4F47E84449FF07ED3517B43A31

 



BC AdBot (Login to Remove)

 


#2 GxG

GxG
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 08 June 2017 - 04:17 AM

i include also the farbar scan and addiction.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-06-2017 01
Ran by admin (administrator) on ADMIN-PC (08-06-2017 11:11:35)
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Elo Touchsystems) C:\Program Files\Elo TouchSystems\EloSrvce.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Aia) C:\Program Files (x86)\Aia\LactoSync\Aia.LactoSync.UI.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Aia) C:\Program Files (x86)\Aia\LactoSync\Aia.LactoSync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(GEA Farm Technologies GmbH) C:\DairyPln\DPProcessControl.exe
(GEA Farm Technologies GmbH) C:\DairyPln\DPSync.exe
(AIA) C:\Program Files (x86)\Aia\Si@llEvA\Aia.GaiaNet.UI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(GEA Farm Technologies GmbH) C:\DairyPln\DpList.exe
(GEA Farm Technologies GmbH) C:\DairyPln\DPMenue.exe
() C:\DairyPln\Sleep.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-09] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Aia.LactoSync.UI] => C:\Program Files (x86)\Aia\LactoSync\Aia.LactoSync.UI.exe [160256 2017-02-08] (Aia)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1944528 2017-05-17] (QIHU 360 SOFTWARE CO. LIMITED)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Activity-Alarm-Marker-6.bat - collegamento.lnk [2017-04-18]
ShortcutTarget: Activity-Alarm-Marker-6.bat - collegamento.lnk -> C:\DairyPln\Activity-Alarm-Marker-6.bat ()
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DPProcessControl.exe - collegamento.lnk [2017-04-18]
ShortcutTarget: DPProcessControl.exe - collegamento.lnk -> C:\DairyPln\DPProcessControl.exe (GEA Farm Technologies GmbH)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DPSync.exe - collegamento.lnk [2017-04-18]
ShortcutTarget: DPSync.exe - collegamento.lnk -> C:\DairyPln\DPSync.exe (GEA Farm Technologies GmbH)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{A655DE18-A68E-421E-A8A5-3BC32AA7E754}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-506815007-2562484085-2247379037-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-506815007-2562484085-2247379037-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-506815007-2562484085-2247379037-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-506815007-2562484085-2247379037-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6A210ABC-CC62-4D18-AAFC-E005E11B971B}&mid=cf20b7f56f4a47ccb583d142ed7513dd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=it&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-23 14:24:34&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-506815007-2562484085-2247379037-1000 -> {B67E3480-8732-4770-8BFD-6CFF6A17369A} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2017-05-17] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-11] (Oracle Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2017-05-17] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-11] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 7ujfkxts.default
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ujfkxts.default [2017-06-08]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ujfkxts.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2017-05-25]
FF Extension: (Follow-on Search Telemetry) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ujfkxts.default\features\{53897fb1-5e05-496b-a2d8-1648b7a1b83e}\followonsearch@mozilla.com.xpi [2017-06-06]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-11] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Profile 1 -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Profile 1 -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2017-05-29]
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-06-08]
CHR Extension: (Documenti Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-24]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-24]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-24]
CHR Extension: (Google Documenti offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-24]
CHR Extension: (360 Internet Protection) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\glcimepnljoholdmjchkloafkggfoijh [2017-06-03]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-24]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-21]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 EloSystemService; C:\Program Files\Elo TouchSystems\EloSrvce.exe [129024 2010-10-05] (Elo Touchsystems) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LactoSync; C:\Program Files (x86)\Aia\LactoSync\Aia.LactoSync.exe [134656 2017-02-08] (Aia) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [928208 2017-05-17] (QIHU 360 SOFTWARE CO. LIMITED)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [175040 2017-05-17] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2017-05-17] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2017-05-17] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2017-05-17] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [49088 2017-05-17] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [423360 2017-05-17] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [190400 2017-05-17] (360.cn)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R3 e1rexpress; C:\Windows\System32\DRIVERS\e1r62x64.sys [495376 2013-04-05] (Intel Corporation)
S3 EloUsbG2; C:\Windows\System32\Drivers\EloUsbG2.sys [134224 2010-09-23] (Elo Touchsystems)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-06] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-06] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-06-06] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-06-06] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-06] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-06-08] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
S3 pmserenum; system32\DRIVERS\pmserenum.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-08 11:11 - 2017-06-08 11:11 - 00015930 _____ C:\Users\admin\Downloads\FRST.txt
2017-06-08 11:11 - 2017-06-08 11:11 - 00000000 ____D C:\FRST
2017-06-08 11:10 - 2017-06-08 11:11 - 02435072 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2017-06-06 23:00 - 2017-06-06 23:00 - 00075896 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-01 16:59 - 2017-06-01 16:59 - 00000000 ____D C:\Users\admin\Doctor Web
2017-06-01 16:41 - 2017-06-01 16:48 - 152864520 _____ C:\Users\admin\Downloads\r3y95qbw.exe
2017-06-01 16:37 - 2017-06-01 16:37 - 00255251 _____ C:\Users\admin\AppData\Local\census.cache
2017-06-01 16:37 - 2017-06-01 16:37 - 00091256 _____ C:\Users\admin\AppData\Local\ars.cache
2017-06-01 16:14 - 2017-06-01 16:14 - 00000036 _____ C:\Users\admin\AppData\Local\housecall.guid.cache
2017-06-01 16:13 - 2017-06-01 16:13 - 02405584 _____ (Trend Micro Inc.) C:\Users\admin\Downloads\HousecallLauncher64.exe
2017-05-31 08:11 - 2017-05-31 08:11 - 00035840 _____ C:\Users\admin\Downloads\23.5.2017.xls
2017-05-31 02:15 - 2017-05-31 02:15 - 00009784 _____ C:\ComboFix.txt
2017-05-31 00:23 - 2017-05-31 02:15 - 00000000 ____D C:\Qoobox
2017-05-31 00:23 - 2017-05-31 00:28 - 00000000 ____D C:\Windows\erdnt
2017-05-31 00:23 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2017-05-31 00:23 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2017-05-31 00:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-05-31 00:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-05-31 00:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-05-31 00:23 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2017-05-31 00:23 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2017-05-31 00:23 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2017-05-31 00:18 - 2017-05-31 00:19 - 05659512 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2017-05-31 00:09 - 2017-05-31 00:09 - 00000000 ____D C:\Windows\Tasks\360Disabled
2017-05-30 23:44 - 2017-05-30 23:45 - 00000000 ____D C:\ProgramData\360Quarant
2017-05-30 23:42 - 2017-05-31 08:01 - 00000000 ____D C:\Users\admin\AppData\LocalLow\360WD
2017-05-30 23:42 - 2017-05-31 00:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\360safe
2017-05-30 23:42 - 2017-05-31 00:09 - 00000000 ____D C:\ProgramData\360safe
2017-05-30 23:42 - 2017-05-30 23:42 - 00000000 _RSHD C:\360SANDBOX
2017-05-30 23:42 - 2017-05-30 23:42 - 00000000 ____D C:\Users\admin\AppData\Roaming\360TotalSecurity
2017-05-30 23:42 - 2017-05-30 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2017-05-30 23:42 - 2017-05-30 23:42 - 00000000 ____D C:\ProgramData\360TotalSecurity
2017-05-30 23:42 - 2017-05-17 11:06 - 00423360 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys
2017-05-30 23:42 - 2017-05-17 11:06 - 00330472 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2017-05-30 23:42 - 2017-05-17 11:06 - 00190400 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2017-05-30 23:42 - 2017-05-17 11:06 - 00175040 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys
2017-05-30 23:42 - 2017-05-17 11:06 - 00086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
2017-05-30 23:42 - 2017-05-17 11:06 - 00086248 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2017-05-30 23:42 - 2017-05-17 11:06 - 00049088 _____ (360.cn) C:\Windows\system32\Drivers\360Camera64.sys
2017-05-30 23:41 - 2017-05-30 23:41 - 00000000 ____D C:\Program Files (x86)\360
2017-05-30 23:39 - 2017-05-30 23:41 - 51539560 _____ C:\Users\admin\Downloads\360TS_Setup.exe
2017-05-30 23:38 - 2017-05-30 23:39 - 01477032 _____ (QIHU 360 SOFTWARE CO. LIMITED) C:\Users\admin\Downloads\360TS_Setup_Mini.exe
2017-05-30 23:33 - 2017-05-30 23:34 - 00381532 _____ C:\TDSSKiller.3.1.0.15_30.05.2017_23.33.52_log.txt
2017-05-30 23:33 - 2017-05-30 23:33 - 04922400 _____ (AO Kaspersky Lab) C:\Users\admin\Downloads\tdsskiller.exe
2017-05-30 23:29 - 2017-06-08 09:15 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-30 23:29 - 2017-06-06 06:02 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-30 23:29 - 2017-06-06 06:02 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-30 23:29 - 2017-06-06 06:02 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-30 23:29 - 2017-06-06 06:02 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-30 23:29 - 2017-06-06 06:02 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-30 23:29 - 2017-05-30 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-30 23:28 - 2017-05-30 23:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-30 23:28 - 2017-05-30 23:28 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-30 23:23 - 2017-05-30 23:26 - 63364552 _____ (Malwarebytes ) C:\Users\admin\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe
2017-05-30 23:15 - 2017-05-30 23:26 - 00000000 ____D C:\Users\admin\Downloads\backups
2017-05-30 23:10 - 2017-05-30 23:10 - 00388608 _____ (Trend Micro Inc.) C:\Users\admin\Downloads\HijackThis.exe
2017-05-30 20:05 - 2017-05-30 20:05 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-05-30 20:05 - 2017-05-30 20:05 - 00001031 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-05-30 20:01 - 2017-05-30 20:02 - 15507008 _____ (TeamViewer GmbH) C:\Users\admin\Downloads\TeamViewer_Setup.exe
2017-05-30 14:27 - 2017-05-30 14:27 - 00108107 _____ C:\Users\admin\Downloads\inv481655.pdf
2017-05-30 09:40 - 2017-05-30 09:40 - 00068269 _____ C:\Users\admin\Downloads\fondazione 4.pdf
2017-05-29 23:34 - 2017-05-29 23:34 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-05-29 23:34 - 2017-05-29 23:34 - 00000000 ____D C:\Program Files\CCleaner
2017-05-29 23:33 - 2017-05-29 23:33 - 09551280 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup530.exe
2017-05-29 23:10 - 2017-05-30 23:16 - 00000000 ____D C:\Users\admin\AppData\Local\FSDART
2017-05-29 23:10 - 2017-05-29 23:11 - 00000000 ____D C:\ProgramData\F-Secure
2017-05-29 23:10 - 2017-05-29 23:10 - 00000000 ____D C:\Users\admin\AppData\Local\F-Secure
2017-05-29 23:09 - 2017-05-29 23:09 - 00524248 _____ (F-Secure Corporation) C:\Users\admin\Downloads\F-SecureOnlineScanner.exe
2017-05-29 23:05 - 2017-05-29 23:06 - 04793496 _____ (Avira Operations GmbH & Co. KG) C:\Users\admin\Downloads\avira_it_av_592c89a501173__ws (2).exe
2017-05-29 22:52 - 2017-05-29 22:52 - 04793496 _____ (Avira Operations GmbH & Co. KG) C:\Users\admin\Downloads\avira_it_av_592c89a501173__ws (1).exe
2017-05-29 22:51 - 2017-05-29 22:51 - 04793496 _____ (Avira Operations GmbH & Co. KG) C:\Users\admin\Downloads\avira_it_av_592c89a501173__ws.exe
2017-05-29 22:50 - 2017-05-29 22:52 - 00000000 ____D C:\AVG_Remover
2017-05-29 22:49 - 2017-05-29 22:49 - 07986864 _____ ( ) C:\Users\admin\Downloads\AVG_Remover.exe
2017-05-17 15:37 - 2017-05-17 15:37 - 00000000 ____D C:\Users\admin\Documents\Taurus 5.0.0.58
2017-05-17 15:34 - 2017-05-17 15:37 - 00003246 _____ C:\Windows\System32\Tasks\Syncro CowScout
2017-05-17 15:27 - 2017-05-17 15:29 - 00000976 _____ C:\Users\admin\Desktop\VelosDataSync.exe.lnk
2017-05-17 11:57 - 2017-05-17 11:59 - 00000099 _____ C:\Users\admin\Desktop\ProvaCowScout.rfa
2017-05-17 09:55 - 2017-05-17 15:05 - 00000000 ____D C:\Users\admin\Documents\Salvataggi
2017-05-12 08:29 - 2017-05-12 08:29 - 00000000 ____D C:\Users\admin\Desktop\Nuova cartella (2)
2017-05-11 08:34 - 2017-05-11 08:36 - 30810194 _____ C:\Users\admin\Downloads\Burl+n.+16+del+21+aprile+2017+-+PSR,+Operazione+4.1.01+-+decreto+n.+4374+del+14+aprile+-+approvazione+esiti+istruttori+e+ammissione+a+finanziamento.pdf
2017-05-11 08:28 - 2017-05-11 08:28 - 00078763 _____ C:\Users\admin\Downloads\RL_RLAOOA1_2017_24122.pdf
2017-05-09 18:15 - 2017-05-09 18:15 - 00000744 _____ C:\Users\admin\Downloads\daticert (1).xml
2017-05-09 16:39 - 2017-05-09 16:39 - 00047325 _____ C:\Users\admin\Downloads\RL_RLAOOAE05_2017_1721 (2).pdf
2017-05-09 16:33 - 2017-05-09 16:33 - 00000991 _____ C:\Users\admin\Downloads\daticert.xml
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-08 11:10 - 2016-05-05 10:43 - 00000000 ____D C:\DairyPln
2017-06-08 10:46 - 2016-05-09 11:36 - 00000000 ____D C:\dpback
2017-06-07 23:52 - 2016-12-10 08:57 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2017-06-07 23:52 - 2016-06-23 11:27 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer
2017-06-07 17:01 - 2016-06-23 11:27 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-06-07 17:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-06-06 15:02 - 2016-05-25 10:12 - 00000000 ____D C:\Users\admin\Desktop\appa
2017-06-01 17:00 - 2015-11-26 17:11 - 00000000 ____D C:\Users\admin
2017-05-31 15:02 - 2016-06-24 08:49 - 00003582 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-31 15:02 - 2016-06-24 08:49 - 00003454 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-31 07:57 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-31 07:57 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-31 07:55 - 2011-04-12 12:49 - 00740658 _____ C:\Windows\system32\perfh010.dat
2017-05-31 07:55 - 2011-04-12 12:49 - 00146712 _____ C:\Windows\system32\perfc010.dat
2017-05-31 07:55 - 2009-07-14 07:13 - 01658888 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-31 07:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-31 00:27 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2017-05-31 00:11 - 2015-11-27 00:01 - 00000000 ____D C:\Windows\Panther
2017-05-30 23:57 - 2016-05-05 10:43 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-30 23:43 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-05-30 23:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-05-30 23:11 - 2015-11-26 17:11 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore
2017-05-29 22:51 - 2016-06-23 14:24 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2017-05-29 08:29 - 2016-06-23 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2017-05-26 09:29 - 2016-06-23 13:49 - 00000000 ____D C:\Program Files (x86)\AVG
2017-05-26 09:29 - 2016-06-23 13:42 - 00000000 ____D C:\Users\admin\AppData\Local\AvgSetupLog
2017-05-26 09:16 - 2016-06-23 13:55 - 00000000 ____D C:\Users\admin\AppData\Roaming\AVG
2017-05-26 09:10 - 2009-07-14 07:08 - 00032512 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-25 07:33 - 2016-05-25 10:16 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Temp
2017-05-25 07:20 - 2017-04-08 17:57 - 00159496 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys.149568966396801
2017-05-24 11:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-22 15:08 - 2016-12-03 12:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-22 15:08 - 2016-06-23 14:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-19 17:28 - 2016-06-24 08:51 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-19 17:28 - 2016-06-24 08:51 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-17 15:04 - 2016-05-09 19:08 - 00000000 ____D C:\taurus1
2017-05-17 11:18 - 2016-05-05 10:43 - 00000625 _____ C:\ProgramData\Microsoft\Windows\Start Menu\DAIRYPLAN Menue.lnk
2017-05-17 11:18 - 2016-05-05 10:43 - 00000619 _____ C:\Users\Public\Desktop\DAIRYPLAN Menue.lnk
2017-05-14 08:30 - 2016-11-05 08:41 - 00000000 ____D C:\Users\admin\Desktop\QUOTIDIANO
 
==================== Files in the root of some directories =======
 
2017-06-01 16:37 - 2017-06-01 16:37 - 0091256 _____ () C:\Users\admin\AppData\Local\ars.cache
2017-06-01 16:37 - 2017-06-01 16:37 - 0255251 _____ () C:\Users\admin\AppData\Local\census.cache
2017-06-01 16:14 - 2017-06-01 16:14 - 0000036 _____ () C:\Users\admin\AppData\Local\housecall.guid.cache
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-02 00:51
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-06-2017 01
Ran by admin (08-06-2017 11:12:07)
Running from C:\Users\admin\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-11-26 15:11:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-506815007-2562484085-2247379037-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-506815007-2562484085-2247379037-500 - Administrator - Disabled)
Guest (S-1-5-21-506815007-2562484085-2247379037-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 9.0.0.1196 - 360 Security Center)
Adobe Reader 9.4.0 - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated\0)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
DAIRYPLAN (Westfalia Landtechnik GmbH) (HKLM-x32\...\dairyplan) (Version:  - )
Elo Touchscreen Driver 5.2.0.43  (HKLM\...\EloTouchscreen) (Version: 5.2.0.43  - Elo TouchSystems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Network Connections 18.6.110.0 (HKLM\...\PROSetDX) (Version: 18.6.110.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.6 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
LactoSync (HKLM-x32\...\{6A7A3B38-7517-4189-931D-085D1AAF8C21}) (Version: 1.2.17039.166 - Aia)
LibreOffice 5.2.5.1 (HKLM-x32\...\{79CD8EA1-DEB1-4582-9E41-8634223BDCD4}) (Version: 5.2.5.1 - The Document Foundation)
Malwarebytes versione 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 it) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 it)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
Si@llEvA (HKLM-x32\...\{166cd32b-b6a1-4ca3-99fd-c680cd2eacae}) (Version: 1.9.16159.13 - Aia)
Si@llEvA (HKLM-x32\...\{26BF607A-7CD5-4910-B0B6-C2A8D097FA0E}) (Version: 1.9.17045.122 - Aia)
Taurus (HKLM-x32\...\{AA4CEFB0-1DD8-43EA-B3FF-E90901C7905A}) (Version: 4.0.0.0 - Nedap N.V.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78313 - TeamViewer)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {085F67A8-E6B1-40D8-BB09-57548DD331B4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-24] (Google Inc.)
Task: {33EDFD01-E219-4607-80C9-40C41D2CC906} - System32\Tasks\Syncro CowScout => C:\DairyPln\Velossync.bat [2017-05-16] () <==== ATTENTION
Task: {5FCD9209-01DE-4ACA-989E-558509980D7E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {AFD3A836-E821-47EB-AAFB-15307E8753A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-24] (Google Inc.)
Task: {BD7DFF02-5133-4680-A083-6460193CE730} - System32\Tasks\{42E6AB3C-48C1-4FB1-9490-A3035B7F49BE} => pcalua.exe -a C:\DairyPln\DPNetInstall.exe -d C:\DairyPln
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\admin\Desktop\trasferimento mungiture.lnk -> C:\mungiture\trasf.bat ()
Shortcut: C:\Users\admin\Desktop\Devono essere sempre in esecuzione\Activity-Alarm-Marker-6 - collegamento.lnk -> C:\DairyPln\Activity-Alarm-Marker-6.bat ()
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Activity-Alarm-Marker-6 - collegamento.lnk -> C:\DairyPln\Activity-Alarm-Marker-6.bat ()
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Activity-Alarm-Marker-6.bat - collegamento.lnk -> C:\DairyPln\Activity-Alarm-Marker-6.bat ()
 
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-18 10:07 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2016-05-18 10:08 - 2012-08-31 15:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2016-05-18 10:07 - 2012-08-31 15:03 - 03034112 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2016-05-18 10:07 - 2012-08-31 15:02 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2017-05-30 23:42 - 2017-05-17 11:06 - 00785360 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2017-05-30 23:29 - 2017-06-06 06:02 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-08 17:20 - 2017-02-08 17:20 - 00016384 _____ () C:\PROGRAM FILES (X86)\AIA\LACTOSYNC\AIA.LACTOSYNC.INTERPULS.UI.DLL
2017-02-08 17:19 - 2017-02-08 17:19 - 00006144 _____ () C:\Program Files (x86)\Aia\LactoSync\Aia.LactoSync.InterPuls.Common.dll
2017-02-08 17:19 - 2017-02-08 17:19 - 00056832 _____ () C:\PROGRAM FILES (X86)\AIA\LACTOSYNC\AIA.LACTOSYNC.INTERPULS.DLL
2017-02-08 17:19 - 2017-02-08 17:19 - 00004608 _____ () C:\Program Files (x86)\Aia\LactoSync\it-IT\Aia.LactoSync.InterPuls.resources.dll
2016-07-04 10:03 - 2016-07-04 10:03 - 00150016 _____ () C:\Program Files (x86)\Aia\Si@llEvA\FluentValidation.dll
2017-02-14 10:50 - 2017-02-14 10:50 - 00187904 _____ () C:\Program Files (x86)\Aia\Si@llEvA\Aia.SiAll.Services.Client.dll
2016-05-09 09:47 - 2016-05-09 09:47 - 15174144 _____ () C:\Program Files (x86)\Aia\Si@llEvA\x64\mupdfnet64.dll
2016-05-10 09:55 - 2014-09-08 17:29 - 00007680 _____ () c:\dairypln\Sleep.exe
2017-05-19 17:28 - 2017-05-09 11:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-19 17:28 - 2017-05-09 11:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-05-30 23:42 - 2017-05-17 11:06 - 00099240 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2017-05-30 23:42 - 2017-05-17 11:06 - 00497576 _____ () C:\Program Files (x86)\360\Total Security\safemon\wdui2.dll
2015-11-26 17:47 - 2013-09-03 17:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-506815007-2562484085-2247379037-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{47844071-AA1F-441D-BDC5-2CE934146703}C:\dairypln\dpservice.exe] => (Allow) C:\dairypln\dpservice.exe
FirewallRules: [UDP Query User{5938019B-922C-4FEC-B927-7625AFF2F430}C:\dairypln\dpservice.exe] => (Allow) C:\dairypln\dpservice.exe
FirewallRules: [{5FD4B05F-9B85-4446-919C-C2657C96507D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{82A6E055-ECFD-4FCE-B48F-F896853C7B82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7ABBD283-9347-49AC-A268-514800E73072}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{32CD308D-4945-47D4-BB34-C74455777B88}C:\dairypln\dpprocesscontrol.exe] => (Allow) C:\dairypln\dpprocesscontrol.exe
FirewallRules: [UDP Query User{7570CEAA-8E2F-4E20-8194-0D366F2C71A6}C:\dairypln\dpprocesscontrol.exe] => (Allow) C:\dairypln\dpprocesscontrol.exe
FirewallRules: [{4ED5798B-22A8-4EA0-A524-123E4F9DE4D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6461276A-D3A4-4C05-BC20-0501FE6B13B3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5EC4350C-6B94-4E12-A2CC-2D876200311C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A8DF233E-06E7-4096-BE66-834E137B563C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{76D6B842-BCE2-4740-87CC-9033FB381787}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{1B8341AE-36B3-435F-A705-754D102ED751}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{38E18EC2-4A3C-4921-ACB8-C1DC59CA009E}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{61EDDFE1-A5CD-4438-9727-0E17C6BF8A0A}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
 
==================== Restore Points =========================
 
10-05-2017 00:00:00 Punto di controllo pianificato
17-05-2017 11:15:40 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
17-05-2017 11:17:13 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
17-05-2017 11:18:31 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
25-05-2017 00:00:01 Punto di controllo pianificato
31-05-2017 00:23:24 ComboFix created restore point
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/07/2017 11:44:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma DPMeasGraph.exe versione 5.285.90.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: 1350
 
Ora di avvio: 01d2dfd7452a5ec6
 
Ora di chiusura: 16
 
Percorso applicazione: C:\DairyPln\DPMeasGraph.exe
 
ID segnalazione: 87843dd1-4bca-11e7-abf4-000bab91fa2e
 
Error: (06/07/2017 11:44:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma DPMeasGraph.exe versione 5.285.90.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: 944
 
Ora di avvio: 01d2dfd72d12d160
 
Ora di chiusura: 0
 
Percorso applicazione: C:\DairyPln\DPMeasGraph.exe
 
ID segnalazione: 6fd30b97-4bca-11e7-abf4-000bab91fa2e
 
Error: (06/07/2017 11:43:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma DPMeasGraph.exe versione 5.285.90.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: 18d8
 
Ora di avvio: 01d2dfd71ab33243
 
Ora di chiusura: 0
 
Percorso applicazione: C:\DairyPln\DPMeasGraph.exe
 
ID segnalazione: 64cbeb92-4bca-11e7-abf4-000bab91fa2e
 
Error: (06/07/2017 04:55:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma DPMeasGraph.exe versione 5.285.90.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: c8c
 
Ora di avvio: 01d2df9dffa1bfb0
 
Ora di chiusura: 0
 
Percorso applicazione: C:\DairyPln\DPMeasGraph.exe
 
ID segnalazione: 477f2ebe-4b91-11e7-abf4-000bab91fa2e
 
Error: (06/07/2017 10:48:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma DPMeasGraph.exe versione 5.285.90.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: 1fa0
 
Ora di avvio: 01d2df6aca16495e
 
Ora di chiusura: 15
 
Percorso applicazione: C:\DairyPln\DPMeasGraph.exe
 
ID segnalazione: 158cecf6-4b5e-11e7-abf4-000bab91fa2e
 
Error: (06/07/2017 10:47:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma DPMeasGraph.exe versione 5.285.90.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: 13e0
 
Ora di avvio: 01d2df6aaeacf0b7
 
Ora di chiusura: 16
 
Percorso applicazione: C:\DairyPln\DPMeasGraph.exe
 
ID segnalazione: fef95fdd-4b5d-11e7-abf4-000bab91fa2e
 
Error: (06/06/2017 06:10:15 AM) (Source: LactoSync) (EventID: 0) (User: )
Description: [DairyPlan] L'operazione di importazione è fallita.
System.TimeoutException: Il processo di esportazione non è stato completato nel tempo atteso (00:05:00 ms).
   at Aia.LactoSync.Westfalia.DairyPlanSyncer.ProcessFile(String inputFilePath, String outputFilePath, CancellationToken cancellationToken)
   at Aia.LactoSync.Westfalia.DairyPlanSyncer.<>c__DisplayClass28_0.<OnImportAsync>b__0()
   at System.Threading.Tasks.Task`1.InnerInvoke()
   at System.Threading.Tasks.Task.Execute()
 
Error: (06/06/2017 06:05:01 AM) (Source: LactoSync) (EventID: 0) (User: )
Description: [DairyPlan] L'operazione di esportazione è fallita.
System.TimeoutException: Il processo di esportazione non è stato completato nel tempo atteso (00:05:00 ms).
   at Aia.LactoSync.Westfalia.DairyPlanSyncer.ProcessFile(String inputFilePath, String outputFilePath, CancellationToken cancellationToken)
   at Aia.LactoSync.Westfalia.DairyPlanSyncer.<>c__DisplayClass27_0.<OnExportAsync>b__0()
   at System.Threading.Tasks.Task`1.InnerInvoke()
   at System.Threading.Tasks.Task.Execute()
 
Error: (06/05/2017 06:10:08 PM) (Source: LactoSync) (EventID: 0) (User: )
Description: [DairyPlan] L'operazione di importazione è fallita.
System.TimeoutException: Il processo di esportazione non è stato completato nel tempo atteso (00:05:00 ms).
   at Aia.LactoSync.Westfalia.DairyPlanSyncer.ProcessFile(String inputFilePath, String outputFilePath, CancellationToken cancellationToken)
   at Aia.LactoSync.Westfalia.DairyPlanSyncer.<>c__DisplayClass28_0.<OnImportAsync>b__0()
   at System.Threading.Tasks.Task`1.InnerInvoke()
   at System.Threading.Tasks.Task.Execute()
 
Error: (06/05/2017 06:05:00 PM) (Source: LactoSync) (EventID: 0) (User: )
Description: [DairyPlan] L'operazione di esportazione è fallita.
System.TimeoutException: Il processo di esportazione non è stato completato nel tempo atteso (00:05:00 ms).
   at Aia.LactoSync.Westfalia.DairyPlanSyncer.ProcessFile(String inputFilePath, String outputFilePath, CancellationToken cancellationToken)
   at Aia.LactoSync.Westfalia.DairyPlanSyncer.<>c__DisplayClass27_0.<OnExportAsync>b__0()
   at System.Threading.Tasks.Task`1.InnerInvoke()
   at System.Threading.Tasks.Task.Execute()
 
 
System errors:
=============
Error: (06/05/2017 11:13:06 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Il master ha ricevuto un annuncio server dal computer GUIDO-PC
che ritiene di essere il master per il dominio sul trasporto NetBT_Tcpip_{A655DE18-A68E-421E-A8A5-3BC32AA7E754}.
Il master sta per essere arrestato o si sta forzando un'elezione.
 
Error: (05/31/2017 04:54:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Ricevuto avviso di errore irreversibile: 40.
 
Error: (05/31/2017 04:54:13 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Ricevuto avviso di errore irreversibile: 40.
 
Error: (05/31/2017 04:54:13 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Ricevuto avviso di errore irreversibile: 40.
 
Error: (05/31/2017 07:50:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver: 
cdrom
 
Error: (05/31/2017 07:40:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver: 
cdrom
 
Error: (05/31/2017 07:23:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver: 
cdrom
 
Error: (05/31/2017 07:20:30 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver: 
cdrom
 
Error: (05/31/2017 02:26:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Il server {995C996E-D918-4A8C-A302-45719A6F4EA7} non si è registrato con DCOM entro il timeout richiesto.
 
Error: (05/31/2017 12:27:41 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Il servizio PEVSystemStart è contrassegnato come interattivo. Il sistema non è configurato per consentire servizi interattivi. Questo servizio potrà non funzionare correttamente.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4650U CPU @ 1.70GHz
Percentage of memory in use: 37%
Total physical RAM: 8099.69 MB
Available physical RAM: 5074.64 MB
Total Virtual: 16197.57 MB
Available Virtual: 13274.02 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.14 GB) (Free:61.97 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: E86F7363)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
 
 
 
 
tnks


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:33 AM

Posted 08 June 2017 - 10:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I did not find much information on these entries.
Do you know what it is?

If not then please add the 3 lines to the Fix below before you save the Fixlist.txt file.

Task: {33EDFD01-E219-4607-80C9-40C41D2CC906} - System32\Tasks\Syncro CowScout => C:\DairyPln\Velossync.bat [2017-05-16] () <==== ATTENTION
C:|Windows\System32\Tasks\Syncro CowScout
C:\DairyPln\Velossync.bat


===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-506815007-2562484085-2247379037-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-506815007-2562484085-2247379037-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6A210ABC-CC62-4D18-AAFC-E005E11B971B}&mid=cf20b7f56f4a47ccb583d142ed7513dd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=it&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-23 14:24:34&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR HomePage: Profile 1 -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Profile 1 -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Profile 1 -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-21]
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
S3 pmserenum; system32\DRIVERS\pmserenum.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.
---

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Let me know what problem persists.

#4 GxG

GxG
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 10 June 2017 - 08:23 AM

Hi Nasdaq,

thanks for your support.

 

Here is the fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-06-2017 01
Ran by admin (10-06-2017 15:16:01) Run:1
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-506815007-2562484085-2247379037-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-506815007-2562484085-2247379037-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6A210ABC-CC62-4D18-AAFC-E005E11B971B}&mid=cf20b7f56f4a47ccb583d142ed7513dd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=it&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-23 14:24:34&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR HomePage: Profile 1 -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Profile 1 -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Profile 1 -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-21]
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
S3 pmserenum; system32\DRIVERS\pmserenum.sys [X]
 
Task: {33EDFD01-E219-4607-80C9-40C41D2CC906} - System32\Tasks\Syncro CowScout => C:\DairyPln\Velossync.bat [2017-05-16] () <==== ATTENTION
C:|Windows\System32\Tasks\Syncro CowScout
C:\DairyPln\Velossync.bat
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-506815007-2562484085-2247379037-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-506815007-2562484085-2247379037-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh => key removed successfully
HKLM\System\CurrentControlSet\Services\pmserenum => key removed successfully
pmserenum => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33EDFD01-E219-4607-80C9-40C41D2CC906} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33EDFD01-E219-4607-80C9-40C41D2CC906} => key removed successfully
C:\Windows\System32\Tasks\Syncro CowScout => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Syncro CowScout => key removed successfully
C:|Windows\System32\Tasks\Syncro CowScout => Error: No automatic fix found for this entry.
C:\DairyPln\Velossync.bat => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2209043 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 6794 B
Edge => 0 B
Chrome => 184184184 B
Firefox => 22012688 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 135502 B
systemprofile32 => 82861 B
LocalService => 132244 B
NetworkService => 3740 B
admin => 3756527 B
 
RecycleBin => 8224 B
EmptyTemp: => 210.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:16:30 ====


#5 GxG

GxG
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 10 June 2017 - 08:34 AM

This computer is working with two milking robot, that are having some annoing minor problem.

Assistance said that it could be because of viruses. But they are not sure. 

It's true that for a mounth maybe, the computer runs with out antivirus. There was the small icon of avira at the down right of the taskbar, but last week i noticed that it was useless. I had to download a specific removal tool to unistall avira. I tried to install avg but it was not possible. At the very begging of the installation everything stop with no signs.

This makes me suspitious and makes me think that assistance was right.... but nothing is coming up.

 

thanks for your attention.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:33 AM

Posted 10 June 2017 - 01:11 PM



Il programma DPMeasGraph.exe versione 5.285.90.0 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

If this program is important to your operation have a look at the possiblity of reinstalling the program.

---

I tried to install avg but it was not possible. At the very begging of the installation everything stop with no signs.

360 Total Security may be preventing the installation.Both should not be working simultaneously.

This is all the Security you need.
AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

Malwarebytes will work well wiith it.

However you should disable this process
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===

No virus was found on the logs.
When time permits run this Scan.

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Windows XP:
C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users