Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Is my laptop hacked?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Is my laptop hacked?

Unread postby rbd » August 17th, 2019, 6:13 am

Hello MR Forum!

I'd like to have a check on my laptop. Reason is, it has been accessed recently by my someone close, who has a strong urge to investigate into my life to find as much as possible of me because her sick mind told her so. Luckily I have no longer contact with this person but I'm not sure whether anything has been installed on my laptop to hack it or monitor it. I have evidence of files been accessed and transferred, which I obviously can't change now as it's past. I just want to be sure my laptop is safe now.

I also noticed this when I open the History tab in Chrome (a browser that I don't use much but the person who accessed my laptop did a lot): "Your browser is managed by your organisation". Never seen this before and can't seem to be able to change it.

Scan results below.

Any chance you could also verify that my router has not been hacked either.

Thank you so much or your help.

rbd

=====================
FIRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2019
Ran by Administrator1 (administrator) on TOSHIBA (TOSHIBA SATELLITE PRO C50-A-1KH) (17-08-2019 10:33:29)
Running from C:\Users\Administrator1\Desktop
Loaded Profiles: Administrator1 (Available Profiles: Administrator1 & Pietro & Rahil & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alcor Micro Corp.) [File not signed] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(DTS, Inc. -> DTS, Inc.) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(PEGATRON CORPORATION -> ) C:\Windows\System32\GFNEXSrv.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION -> ) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA CORPORATION -> TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
(TOSHIBA CORPORATION -> TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION -> TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION -> TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION -> TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION -> TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION -> TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Toshiba Europe GmbH -> Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Toshiba Europe GmbH -> Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [996192 2013-05-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-03] (TOSHIBA CORPORATION -> )
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe [293760 2013-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-29] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-04-12] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2013-10-11] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [DTS Sound] => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe [1471296 2013-06-01] (DTS, Inc. -> DTS, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-17] (Alcor Micro Corp.) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\...\Drivers32: [vidc.H264] => C:\Windows\SysWOW64\TH264Codec.dll [356352 2012-11-12] (TDP5) [File not signed]
HKLM\...\Drivers32: [VIDC.MPG4] => C:\Windows\SysWOW64\Mpg4c32.dll [413760 2012-11-12] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [VIDC.MP42] => C:\Windows\SysWOW64\Mpg4c32.dll [413760 2012-11-12] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [VIDC.MP43] => C:\Windows\SysWOW64\Mpg4c32.dll [413760 2012-11-12] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [VIDC.TVTA] => C:\Windows\SysWOW64\TVTACodec.dll [90112 2012-11-12] (tvt) [File not signed]
HKLM\...\Drivers32: [VIDC.TVTX] => C:\Windows\SysWOW64\TVTXTDEC.DLL [282624 2012-11-12] (tvt) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\XVIDVFW.DLL [114688 2012-11-12] (tvt) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-09] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{3AFF1C30-4959-4c2f-8BED-E6E81E39F57A}] -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtCp.dll [2012-02-02] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2019-07-15]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION -> TOSHIBA CORPORATION.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {073279F4-799C-4F07-96EE-2BE10C720FAE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {090B8C91-D5C6-48DE-A9EC-F6A1D3B8955C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2049928 2019-08-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {140E9815-D940-43AB-BB31-4DFC7218134B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {146333AA-166F-4CBE-956A-BDF9B888674D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-24] (Google Inc -> Google Inc.)
Task: {27AA4BB3-D871-49C3-BBC0-B9E1585BE7BE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {2FE6EA4F-8EF6-4454-AD92-F7121A71B652} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-24] (Google Inc -> Google Inc.)
Task: {417E333C-16B5-4A70-8AA4-8B373A654AE1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {499CB95E-D5F8-4106-88E7-E48B898D322F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1551488 2019-08-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {5E05F8A2-7A76-46C9-A643-561B50E681F3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-10] (Adobe Inc. -> Adobe)
Task: {9620E01E-95D3-4662-B3C2-00683188FC89} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2136B53-4922-464B-8841-BCF9E8475611} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-15] (Adobe Inc. -> Adobe)
Task: {A490E4C1-ED4C-4E1B-95A8-5DC01F01F0F9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {A536000C-CF50-43BA-A45B-D6CC4313843C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {B52D0FF5-BF38-45F2-B2C9-D2990C72BC37} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {B6A1C5CB-B095-48A6-B1F5-2D4FDD7059EF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {C58BD3E8-91DF-49D8-B29B-F5C6612F576A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {FDC94B0F-9D63-4297-9F85-51895FDBA260} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-10] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4D779444-73DC-46D2-BB79-D871AC6C29CF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{78BDAA79-C3A1-4667-8655-49D6221C5566}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_b
SearchScopes: HKU\S-1-5-21-2246960787-3754121387-607372831-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-08-10] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-08-10] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://192.168.0.220/WebClient.exe
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

FireFox:
========
FF DefaultProfile: afvj626a.default
FF ProfilePath: C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\afvj626a.default [2019-08-17]
FF Extension: (Avast Online Security) - C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\afvj626a.default\Extensions\wrc@avast.com.xpi [2019-08-17]
FF Extension: (NoScript) - C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\afvj626a.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-08-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-10] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-10] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default [2019-07-18]
CHR Extension: (Slides) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-12]
CHR Extension: (Docs) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-12]
CHR Extension: (Google Drive) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24]
CHR Extension: (YouTube) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-24]
CHR Extension: (Google Search) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Sheets) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-12]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-09]
CHR Extension: (IE Tab) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2019-07-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-12]
CHR Extension: (Gmail) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-15]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-06-01] (DTS, Inc. -> )
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] (PEGATRON CORPORATION -> )
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [92792 2007-11-06] (CACE TECHNOLOGIES, LLC -> CACE Technologies)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmUStor; C:\windows\System32\drivers\AmUStor.SYS [118184 2018-05-14] (Alcorlink Corp. -> )
R0 aswArDisk; C:\windows\System32\drivers\aswArDisk.sys [37320 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [209256 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [263224 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [206056 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [61688 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [279336 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42504 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [168896 2019-08-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [112520 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [88160 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1030784 2019-08-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [477288 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [225816 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [387688 2019-08-13] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\windows\System32\DRIVERS\athrx.sys [4022272 2013-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorF; C:\windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-11] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [199768 2019-08-13] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [224408 2019-08-17] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [73584 2019-08-17] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [275232 2019-08-17] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [106344 2019-08-17] (Malwarebytes Corporation -> Malwarebytes)
S3 NPF; C:\windows\System32\drivers\npf.sys [40464 2007-11-06] (CACE TECHNOLOGIES, LLC -> CACE Technologies)
R3 SmbDrvI; C:\windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-03] (Synaptics Incorporated -> Synaptics Incorporated)
R3 STHDA; C:\windows\System32\DRIVERS\stwrt64.sys [546304 2013-04-25] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-17 10:33 - 2019-08-17 10:38 - 000029966 _____ C:\Users\Administrator1\Desktop\FRST.txt
2019-08-17 10:32 - 2019-08-17 10:33 - 000000000 ____D C:\FRST
2019-08-17 10:31 - 2019-08-17 10:31 - 000000635 _____ C:\Users\Administrator1\Desktop\post.txt
2019-08-17 10:27 - 2019-08-17 10:27 - 001612800 _____ (Farbar) C:\Users\Administrator1\Desktop\FRST64.exe
2019-08-17 09:15 - 2019-08-17 09:15 - 000073584 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2019-08-17 09:14 - 2019-08-17 09:14 - 000224408 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2019-08-17 09:14 - 2019-08-17 09:14 - 000106344 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2019-08-17 09:11 - 2019-08-17 09:11 - 000275232 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2019-08-13 19:45 - 2019-08-13 19:45 - 000199768 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2019-08-13 19:44 - 2019-08-13 19:44 - 000001838 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-13 19:44 - 2019-08-13 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-13 19:44 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2019-08-13 07:39 - 2019-08-17 09:10 - 000212992 _____ C:\windows\system32\ClickToRun_Pipeline16
2019-08-10 00:07 - 2019-08-10 00:07 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-08-10 00:07 - 2019-08-10 00:07 - 000002427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-08-10 00:07 - 2019-08-10 00:07 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-08-10 00:07 - 2019-08-10 00:07 - 000002412 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-08-10 00:07 - 2019-08-10 00:07 - 000002411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-08-10 00:07 - 2019-08-10 00:07 - 000002383 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-08-10 00:07 - 2019-08-10 00:07 - 000002367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-08-10 00:07 - 2019-08-10 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strumenti di Microsoft Office
2019-07-18 21:49 - 2019-07-19 21:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-17 10:33 - 2016-11-17 00:16 - 000000000 ____D C:\Users\Administrator1\AppData\LocalLow\Mozilla
2019-08-17 10:29 - 2009-07-14 05:45 - 000027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-08-17 10:29 - 2009-07-14 05:45 - 000027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-08-17 10:16 - 2017-04-16 00:50 - 000004168 _____ C:\windows\System32\Tasks\Avast Emergency Update
2019-08-17 09:10 - 2009-07-14 06:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-08-17 01:24 - 2015-09-06 15:40 - 000000000 ____D C:\Users\Pietro\Documents\Sport
2019-08-15 19:16 - 2017-04-19 23:02 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
2019-08-15 19:16 - 2017-04-19 23:02 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-08-15 19:16 - 2017-04-19 23:02 - 000004324 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2019-08-15 19:16 - 2013-10-11 22:58 - 000000000 ____D C:\windows\SysWOW64\Macromed
2019-08-15 19:16 - 2013-10-11 22:58 - 000000000 ____D C:\windows\system32\Macromed
2019-08-13 19:56 - 2017-04-19 22:44 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2019-08-13 19:54 - 2017-04-19 22:43 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-13 19:46 - 2015-11-26 01:37 - 000040924 __RSH C:\ProgramData\ntuser.pol
2019-08-13 19:46 - 2014-09-06 16:02 - 000000000 ____D C:\ProgramData\TEMP
2019-08-13 19:46 - 2014-09-06 16:02 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2019-08-13 19:34 - 2018-06-22 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-08-13 19:19 - 2019-07-04 23:21 - 000168896 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2019-08-13 19:19 - 2017-04-16 00:50 - 001030784 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2019-08-13 19:19 - 2017-04-16 00:50 - 000387688 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2019-08-13 08:31 - 2016-11-18 21:41 - 000000000 ____D C:\Users\Pietro\AppData\LocalLow\Mozilla
2019-08-13 07:45 - 2009-07-14 04:20 - 000000000 ____D C:\windows\system32\NDF
2019-08-13 00:30 - 2014-09-04 00:42 - 000000000 ____D C:\Users\Pietro\AppData\Local\CutePDF Writer
2019-08-13 00:26 - 2009-07-14 06:13 - 000781790 _____ C:\windows\system32\PerfStringBackup.INI
2019-08-13 00:26 - 2009-07-14 04:20 - 000000000 ____D C:\windows\inf
2019-08-10 00:11 - 2013-10-11 23:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-10 00:06 - 2013-10-11 23:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-08-09 23:56 - 2015-11-24 15:52 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-09 23:56 - 2015-11-24 15:52 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-19 21:01 - 2017-11-18 18:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-18 21:48 - 2015-11-24 15:53 - 000000000 ____D C:\Users\Administrator1\AppData\Local\IE Tab

==================== FLock ================

2013-12-06 12:52 C:\windows\CSC

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-04-18 22:10
==================== End of FRST.txt ============================

============
ADDITION log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by Administrator1 (17-08-2019 10:39:25)
Running from C:\Users\Administrator1\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-04-21 18:53:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2246960787-3754121387-607372831-500 - Administrator - Disabled)
Administrator1 (S-1-5-21-2246960787-3754121387-607372831-1000 - Administrator - Enabled) => C:\Users\Administrator1
Guest (S-1-5-21-2246960787-3754121387-607372831-501 - Limited - Disabled) => C:\Users\Guest
Pietro (S-1-5-21-2246960787-3754121387-607372831-1001 - Limited - Enabled) => C:\Users\Pietro
Rahil (S-1-5-21-2246960787-3754121387-607372831-1007 - Limited - Enabled) => C:\Users\Rahil

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20036 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.238 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Alcor Micro USB Card Reader (HKLM-x32\...\{F08E6C0F-EF66-4E9B-B220-747F99FE0C15}) (Version: 4.4.1245.72462 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.4.1245.72462 - Alcor Micro Corp.)
Apple Application Support (32-bit) (HKLM-x32\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{466D00D0-E7DE-47C2-8FE5-54A8009F5850}) (Version: 7.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 2.0.0.9 - Qualcomm Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.13(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ControlCenter (HKLM-x32\...\{E5EDA1E6-5FDD-4B29-8399-6022B81C3A7C}) (Version: - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DTS Sound (HKLM-x32\...\{791692AD-63B2-4A87-A097-4E8DD3CE4BC9}) (Version: 1.00.0079 - DTS, Inc.)
Filzip 3.06 (HKLM-x32\...\Filzip 3.0.6.93_is1) (Version: 3.0.6 - Philipp Engel)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
H264 Video Codec (HKLM-x32\...\H264) (Version: - T,DP5)
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3293 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
iTunes (HKLM\...\{74291031-84BA-4A01-9B8A-1C17CDFB820D}) (Version: 12.9.2.6 - Apple Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft Office 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Italiano (HKLM-x32\...\{90150000-001F-0410-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
NVMS-1000 (HKLM-x32\...\{706F1178-8CDB-45E5-B05F-D1950D9D17DF}) (Version: 2.0.0.2 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0410-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Sculptris Alpha 6 (HKLM-x32\...\Sculptris Alpha 6 Alpha 6) (Version: Alpha 6 - Pixologic)
Skype version 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.04.01 - Toshiba Client Solutions Co., Ltd.)
TOSHIBA Battery Manager (HKLM\...\{D7C7641F-0C96-4635-BFE1-29EBB3B05CC8}) (Version: 9.0.0.64 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.12 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.23.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards (HKLM\...\{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}) (Version: 9.0.01.6402 - Toshiba Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0029 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.14 - TOSHIBA Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.14 - TOSHIBA)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.0.6402 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Power Saver (HKLM\...\{4573FA6D-5FC1-4CA0-8D90-BAF9325B28ED}) (Version: 9.0.0.6404 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0011 - TOSHIBA)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.1.6401 - Toshiba Corporation)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
WebClient (HKLM-x32\...\WebClient) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.0.2 (HKLM-x32\...\WinPcapInst) (Version: 4.0.0.1040 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [Filzip] -> {B28C18DB-6816-4F31-9630-397683E3C2C3} => C:\Program Files (x86)\Filzip\fzshext.dll [2004-09-08] () [File not signed]
ContextMenuHandlers1: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2010-07-30] (TOSHIBA CORPORATION -> TOSHIBA)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2010-07-30] (TOSHIBA CORPORATION -> TOSHIBA)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6-x32: [Filzip] -> {B28C18DB-6816-4F31-9630-397683E3C2C3} => C:\Program Files (x86)\Filzip\fzshext.dll [2004-09-08] () [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2013-12-06 13:17 - 2013-08-15 23:34 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2011-12-15 00:04 - 2011-12-15 00:04 - 000150016 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files\TOSHIBA\TPHM\TPCHCTL.dll
2011-12-15 00:03 - 2011-12-15 00:03 - 000109568 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files\TOSHIBA\TPHM\TPCHMui.dll
2011-12-15 00:03 - 2011-12-15 00:03 - 000259584 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files\TOSHIBA\TPHM\TReport.dll
2013-06-19 02:51 - 2013-06-19 02:51 - 000057344 _____ (TOSHIBA CORPORATION.) [File not signed] C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosCpsAPI.dll
2013-03-08 00:02 - 2013-03-08 00:02 - 000202752 _____ (TOSHIBA CORPORATION.) [File not signed] C:\windows\System32\tbtmon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [252]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2019-01-05 18:58 - 000000036 _____ C:\windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{ED0E5E14-C822-4331-B83C-081848F6852C}] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
FirewallRules: [{0DCF30F8-9976-4A13-A374-9F14D32AC006}] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
FirewallRules: [{D654BC83-80E5-41CD-B365-6BAED47921CD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{77A4AEF1-83CE-43FD-B9AE-6DA6288B2E18}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{1F631B2B-5D98-401B-976B-85A785D1C9A5}] => (Allow) C:\Users\Administrator1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{E776AB36-B620-4A00-8133-20441BBA7901}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1CDA2465-3886-4465-B515-6F0D6CEE8C3D}] => (Allow) LPort=2869
FirewallRules: [{A0BDDE8A-B7FE-4778-AFA6-EAE70D2C5B58}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{CE306CA1-5DC0-4815-8C6F-45808F475E70}C:\program files (x86)\controlcenter\controlcenter.exe] => (Allow) C:\program files (x86)\controlcenter\controlcenter.exe (TVT) [File not signed]
FirewallRules: [UDP Query User{19313C13-F158-455E-901A-FB144D55676F}C:\program files (x86)\controlcenter\controlcenter.exe] => (Allow) C:\program files (x86)\controlcenter\controlcenter.exe (TVT) [File not signed]
FirewallRules: [TCP Query User{18B3C83B-AE60-4FBD-9F43-9B4D13A1AB72}C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe] => (Allow) C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe () [File not signed]
FirewallRules: [UDP Query User{02A0693B-0043-41A4-99DB-429F45DD13A7}C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe] => (Allow) C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe () [File not signed]
FirewallRules: [{D560366C-E366-4326-8512-F1FF7B390939}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{37ED6C6D-9F64-4C18-9211-F0F6FA5C2B90}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A8AABE8D-A824-4343-A84B-F3BB9DACECE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EE8AD0C8-466D-41DD-BB34-D9FAB89EE781}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8F97AF21-8E48-4091-8D27-42DDFC527491}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{86553C5D-ED3C-4553-8EA3-64A52FC83504}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5F70F35E-0D60-48EC-A4A2-4B26F1623C84}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{54741927-6956-4A68-BB12-0DA3CE628E5D}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8A370F55-47C6-4EEB-8A95-BEF32FABAE78}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{87BD4817-4C31-4C46-A857-DC3D249E1E20}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6F3C9541-5E7C-4D94-A3F9-BA0B957F40BF}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D3A1028E-5E31-4C2D-B7EC-8A2A22394DAA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

16-06-2019 17:01:21 Windows Update
24-06-2019 02:44:49 Windows Update
10-07-2019 23:27:45 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2019 09:11:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/17/2019 12:37:35 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/17/2019 12:27:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/15/2019 07:06:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/13/2019 07:08:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/13/2019 07:39:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/13/2019 12:27:13 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x80070057; CorrelationId: {2E60E2EE-9713-458F-8BFD-93DDBAF93D8C}

Error: (08/13/2019 12:15:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (08/17/2019 01:25:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (08/15/2019 07:06:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DTS APO Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/15/2019 07:06:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the DTS APO Service service to connect.

Error: (08/13/2019 07:36:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (08/13/2019 08:38:15 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (08/13/2019 07:38:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DTS APO Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/13/2019 07:38:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the DTS APO Service service to connect.

Error: (08/13/2019 12:17:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.


Windows Defender:
===================================
Date: 2014-09-27 23:54:54.460
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{EFB0E6BC-BF83-4EAC-8611-3D60304AC533}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

CodeIntegrity:
===================================

Date: 2016-08-13 17:06:13.988
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-13 17:06:13.894
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-23 00:59:45.944
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-23 00:59:45.648
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-21 23:27:26.038
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-21 23:27:25.788
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-20 22:09:58.100
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-20 22:09:57.804
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: TOSHIBA 1.40 08/19/2014
Motherboard: TOSHIBA PT10S
Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz
Percentage of memory in use: 88%
Total physical RAM: 4008.05 MB
Available physical RAM: 473.8 MB
Total Virtual: 8014.25 MB
Available Virtual: 4180.95 MB

==================== Drives ================================

Drive c: (TI31224900A) (Fixed) (Total:453.87 GB) (Free:361.21 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{cd4b7444-5e6c-11e3-82f1-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 628BBA91)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.4 GB) - (Type=17)

==================== End of Addition.txt ============================
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm
Advertisement
Register to Remove

Re: Is my laptop hacked?

Unread postby mAL_rEm018 » August 17th, 2019, 8:04 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello rbd,

Welcome back to Malware Removal! My name is mAL_rEm018, but feel free to call me mAL. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing your logs and will return as soon as possible, with additional instructions. In the meantime I would like you to read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Is my laptop hacked?

Unread postby rbd » August 17th, 2019, 7:22 pm

Hello mAL,

Thank you for your help.

I did read the post (I still remember the rules of the house from previously!).
I await your further instructions.

rbd
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Is my laptop hacked?

Unread postby mAL_rEm018 » August 18th, 2019, 7:42 am

Hello rbd,

Before we continue, there is something I'd like you to consider. This person had access to your computer and could have made some modifications that the tools we use might not detect. If I were in your position, I would reformat the computer as there is no way it can be trusted again. Of course, this is you decision to make. So, please let me know how you would like to proceed in your next reply.

Regards,
mAL
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Is my laptop hacked?

Unread postby rbd » August 18th, 2019, 9:41 pm

Hello mAL,

I appreciate your consideration.
That person had limited knowledge of operating systems and how a computer is structured and works. Indeed the way I found out this person had access to my files was very basic; a computer-wise person would have avoided very easily to be found in that way.
In addition, I know that the intention was more to see what I had on my laptop than monitor what I do. If anything was installed, I'm sure it would be trivial and would be found out by you. I don't have this skill to find it out though, hence why I've come here for help.
So I'm fine with proceeding without formatting. Nonetheless, depending on what you might find in your analysis, I might have to change my position later on. But I honestly believe it unlikely.

Regards,
rbd

PS
It might well be that some behaviours displayed by my laptop could be simply due to malware, or not even that. But since this episode with this person happened, I must consider that as primary cause, hence why my original post on here.
I hope what I said makes sense.
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Is my laptop hacked?

Unread postby rbd » August 18th, 2019, 9:47 pm

One more issue I noticed...

Previously, when typing an address in FF and some similar pages were showing up in the drop down menu of the address bar as I typed, I was able to move onto these previous page and delete them (from the browser's history) directly by pressing 'Del' button. Now I can no longer do this.
Has there been a block placed on this?
(To delete history, I must open the History tab and delete from there)
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Is my laptop hacked?

Unread postby mAL_rEm018 » August 19th, 2019, 2:41 pm

Hello rbd,

We will look into the browser issues once we're run a few scans. I see that your browsers have a few restrictions set to them:
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

I'm not saying this is what's causing these issues, but we will look into it after.

Backup your registry using TCRB
  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

Next..

  • Please open Malwarebytes Anti-Malware. I see it's already installed on your computer.
  • Click on Check for Updates
  • Once the updates have been installed, select the Scan tab.
  • Ensure that Threat Scan is selected and click on Start Scan.
  • Once the scan is completed, if there has been any detections, select Apply Actions.
  • You will most likely be prompted to restart your computer, if so please allow the reboot.

Once your computer is restarted, please do the following..

  • Open Malwarebytes Anti-Malware and click on Reports.
  • Double-click on the Scan Report by looking at the timestamp (it should be in the following order: Day/Month/Year Time)
  • Click Export and select Text file (*.txt).
  • In the File name: box, please write MBAM Log and save it to your desktop.
  • Once the process is over, a message will appear stating that the file has been successfully exported. Click OK.
  • Please post the contents of MBAM Log.txt in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problems while following my instructions?
  • MBAM report
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Is my laptop hacked?

Unread postby rbd » August 19th, 2019, 8:00 pm

Hello mAL,

I did follow your instructions. Strangely, when I clicked on your links (for the software to download) nothing happened. I had to right-click then Open link in new window.
Same happened when I had to download FRST.
It didn't use to happen before.
Then the file didn't download properly and couldn't open.
I repeated the operation with Chrome: the link worked straightaway and TCRB opened and installed itself.

MBAM reported no threats. Log below.

-------------
MBAM Log
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/20/19
Scan Time: 12:39 AM
Log File: 9589657b-c2da-11e9-95fa-0c54a5430668.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.12089
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: TOSHIBA\Administrator1

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 318622
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 15 min, 40 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Is my laptop hacked?

Unread postby rbd » August 19th, 2019, 8:03 pm

PS.
When I was writing my reply, I pressed on Preview button down here to see a preview of my post, but nothing showed up. I could only press Submit.
Same happened with my previous posts, even though I'm only reporting it now.
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Is my laptop hacked?

Unread postby mAL_rEm018 » August 20th, 2019, 6:11 pm

Hi rbd,

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank notepad file named fixlist.txt will open.
  • Copy and paste the following into it ....
Code: Select all
CreateRestorePoint:
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
EmptyTemp:

  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST
  • Please post me the log


-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any difficulties while following my instructions?
  • Do you see any difference in your computer's behaviour?
  • fixlog.txt
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Is my laptop hacked?

Unread postby rbd » August 20th, 2019, 7:58 pm

Hi mAL,

I followed your instructions. When I pressed Ctrl+y, the file that opened was not called fixlist but some random characters name. Other than that, it worked.

On Chrome-> History I no longer see "Your browser is managed by your organisation". Other than that, on Firefox when I'm posting my reply to you, pressing the Preview button still doesn't do anything.

Fixlist log pasted below.

--------

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by Administrator1 (21-08-2019 00:37:44) Run:1
Running from C:\Users\Administrator1\Desktop
Loaded Profiles: Administrator1 (Available Profiles: Administrator1 & Pietro & Rahil & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Code: Select all

CreateRestorePoint:
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
EmptyTemp:

*****************

Code: Select all => Error: No automatic fix found for this entry.
Restore point was successfully created.
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8552896 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 10205079 B
Edge => 0 B
Chrome => 37515058 B
Firefox => 22844581 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Administrator1 => 11133372 B
Pietro => 12435564 B
Rahil => 256107 B
Guest => 27056 B

RecycleBin => 1901 B
EmptyTemp: => 106.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:39:18 ====
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Is my laptop hacked?

Unread postby mAL_rEm018 » August 22nd, 2019, 8:37 am

Hi rbd,

My apologies for the delay.

Since you don't have problem posting on the forum using Chrome and no one else has reported the same issues with the preview button as you, it is most likely related with something in your Firefox browser.

Try disabling your Add-ons in Firefox one-by-one and see if that fixes the issue with the preview button. After you have disabled one, restart Firefox and see if the preview button does something. If not, then follow the same steps until you have either identified which Add-on is causing the problem or you've disabled all of them. The information for disabling Add-ons can be found: here.

Let me know if that fixes the issue you have with the Preview button.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Is my laptop hacked?

Unread postby rbd » August 22nd, 2019, 5:23 pm

Hi mAL,

My apologies for the delay.

No worries. Thanks for your help.


I did what you said. Turns out the culprit is NoScript. I'm surprised, it's an excellent add-on and I never had such problem before. I'll turn it on, though, as it's too useful.

Previously, in post #6, I said about not being able to delete web page addresses directly from the address bar.
This is still the case.
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Is my laptop hacked?

Unread postby mAL_rEm018 » August 22nd, 2019, 5:46 pm

Hi rbd,

rbd wrote:I did what you said. Turns out the culprit is NoScript. I'm surprised, it's an excellent add-on and I never had such problem before. I'll turn it on, though, as it's too useful.

I'm glad we found the culprit. :) Would you consider uninstalling and reinstalling NoScript? It might fix the problem.

rbd wrote:Previously, in post #6, I said about not being able to delete web page addresses directly from the address bar.

If you start typing something in the address bar and see history suggestions, all you need to do is to use the down arrow until you get to the address you want to delete. Then press delete on your keyboard. Could you please try it and let me know if it works for you?
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Is my laptop hacked?

Unread postby rbd » August 22nd, 2019, 6:10 pm

Hi mAL,

Would you consider uninstalling and reinstalling NoScript? It might fix the problem.

Done. But the problem is still there.

If you start typing something in the address bar and see history suggestions, all you need to do is to use the down arrow until you get to the address you want to delete. Then press delete on your keyboard. Could you please try it and let me know if it works for you?

This is what I was trying to describe that I used to do. But it no longer works. I've just tried again.
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware