22 replies to this topic

[Marco1]

My laptop 3 day ago starts to be very slow. especially with internet connection

I have checked the connection speed with a second laptop and is OK

Attached Files

•  FRST.txt   108.16KB   289 downloads
•  Addition.txt   76.7KB   232 downloads

[Juliet]

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

 

Start::
CloseProcesses:
CreateRestorePoint:
Task: {C0F76BCB-EC63-4DEC-BC5B-6D2866D54C46} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FCDA05B1-5FB0-4FF7-ADFF-68FD0C56A64B} - \WPD\SqmUpload_S-1-5-21-2555437703-3487995665-1624086675-1001 -> No File <==== ATTENTION
SearchScopes: HKLM-x32 -> {799AB903-C2F1-4ADE-B4A4-8D9D3001F018} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2555437703-3487995665-1624086675-1001 -> {0C16FF58-81D1-458F-89E4-997CC4E2D984} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&intl=it&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2555437703-3487995665-1624086675-1001 -> {799AB903-C2F1-4ADE-B4A4-8D9D3001F018} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [bollbfeakabenkobaocgakdibphdnanj] - <no Path/update_url>
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers2: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> No File
ContextMenuHandlers2: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => -> No File
ContextMenuHandlers3: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> No File
ContextMenuHandlers3: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> No File
ContextMenuHandlers6: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ShortcutWithArgument: C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrossLoop\CrossLoop.lnk -> C:\Users\Marco\AppData\Local\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server
ShortcutWithArgument: C:\Users\Marco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CrossLoop.lnk -> C:\Users\Marco\AppData\Local\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server
FirewallRules: [{7CEC368D-A3FA-4D5F-BC46-801F8EBA1D3D}] => (Allow) C:\Users\Marco\AppData\Local\Temp\7zS3C6D\hppiw.exe => No File
FirewallRules: [{3AA2E560-9C52-4A66-A778-379042D464C6}] => (Allow) C:\Users\Marco\AppData\Local\Temp\7zS3C6D\hppiw.exe => No File
FirewallRules: [{875562EC-033C-4C4C-BE3F-14ECFE6B6769}] => (Block) C:\program files (x86)\d-link\d-viewcam\mainconsole.exe => No File
FirewallRules: [{F6A9A694-4307-43D0-A48A-DD4B437ECCF9}] => (Block) C:\program files (x86)\d-link\d-viewcam\mainconsole.exe => No File
FirewallRules: [UDP Query User{3B06924D-25E0-4728-B8B8-460FF69B7B84}C:\tnlenterprises\sentryvision\controlpanel.exe] => (Block) C:\tnlenterprises\sentryvision\controlpanel.exe => No File
FirewallRules: [TCP Query User{FE6F5FFE-7940-4DCE-824B-802D8194DFDA}C:\tnlenterprises\sentryvision\controlpanel.exe] => (Block) C:\tnlenterprises\sentryvision\controlpanel.exe => No File
FirewallRules: [{8D1B898C-2E7E-46FE-8FD9-2B343CA92A6D}] => (Allow) C:\Program Files (x86)\PCTV Systems\DistanTV\RemoteTVApp.exe => No File
FirewallRules: [{E8009070-8BBB-4F3C-9E57-A3809D6579DA}] => (Allow) C:\Program Files (x86)\PCTV Systems\DistanTV\RemoteTVApp.exe => No File
FirewallRules: [{70BC6082-A28F-4018-BF80-B5F62F3C702D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe => No File
FirewallRules: [{F41DDC03-9CF1-40B5-B042-43F531706240}] => (Allow) E:\Advanced\autorun.exe => No File
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

 

• run AdwCleaner by clicking on Scan Now
• when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
• if it asks to reboot, allow the reboot
• on reboot, click on View Log File; please attach the content of the log to your next reply.
• ==============
• RogueKiller Scan
• Download the right version of RogueKiller for your Windows version (32 or 64-bit).
• Move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
• Click on the Start Scan button in the right panel, which will bring up another tab, and click on it again (this time it'll be in the bottom right corner).
• Wait for the scan to complete.
• On the completion of the scan, the results will be displayed.
• REMOVAL STEPS
• Check only those entries that you are sure are malware (threat found), and click on the Remove Selected button.
• On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner).
• This will open the report in Notepad. Please copy and paste the contents of the report into your next reply.
• 
  
  Please post these 3 logs when finished.

[Marco1]

Done you can reports attached

Attached Files

•  Fixlog.txt   11.51KB   195 downloads
•  AdwCleanerC01.txt   7.48KB   188 downloads
•  rk_rep.txt   2.23KB   205 downloads

[Juliet]

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

• run the program
• click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
• click on the ‘Scan’ tab, (directly below the Dashboard tab)
• select the Threat Scan option
• slick the Scan Now button
• Threat Scan will begin
• when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
• if prompted to restart the computer, close all other programs and click Yes to restart your computer
• once you are back at your desktop, open MBAM once more
• click on the ‘Reports’ tab
• double-click on the most recent Scan Report
• click on Export, then Copy to Clipboard
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
  
  You may have already used the below scanner, and if you have, please look in your add remove programs in the control panel and remove it.
  
  ESET Online Scanner
  
  Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
  ---------------
  
  Please post these 2 logs when finished and tell me what your computer is doing now.

[Marco1]

MBAN report clean

I cant scan with esets

 on line

I have downloaded from your linck

but it doesn't work the application stops

[Juliet]

Let's see if we can get this one to work

You will probably have to temporarily disable your antivirus security to download and run the below scanner.

Emsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

• Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
• Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
• After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
• Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
• If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
• After the restart, open EEK again (in the C:\EEK folder);
• This time, click on Logs;
• From there, go under the Quarantine Log tab, and click on the Export button;
• Save the log on your desktop, then open it, and copy/paste its content in your next reply;

Please post the log when finished, is the computer running any better?

[Marco1]

Hi Juliet,

My pc has improved its performance a little.
After each restart the speed is satisfactory but with passing
dell ore goes down constantly.
I have interpreted the scan with the emergency kit and attach the log.
Eset on line scan now works but the scan is still in progress

I will post the report as soon as the scan finish

Attached Files

•  Forensics_200702-192602.txt   1.57KB   197 downloads

[Marco1]

some problems with english

My pc has improved its performance a little.
After each restart the speed is satisfactory but with passing
of the hours goes down constantly.
I have performed the scan with the emergency kit and attached the log.
Eset on line scan now works but the scan is still in progress

[Juliet]

what comes to mind looking over logs, you have a heavy duty internet security app on here,  Kaspersky, it's a good app and, can cause havoc at times with resources.
If in the back ground there is another item task to run, I could see lag happening.
I'm not saying by any means that this is exactly whats happened but let's keep that in mind.
 
Whats been found so far is light compared to others by means of infections but,  we haven't tried a root kit scan
After you complete what your doing with Eset on line scan follow the below.

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwa...t-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

[Marco1]

Hi Juliet,

Esetonline scan has been completed and you find the report attached

Attached Files

•  Eset.txt   1.11KB   183 downloads

[Marco1]

malwarebyte rootkit completed

nothing found

Today the PC seem to work properly

Attached Files

•  mbar-log-2020-07-03 (11-14-47).txt   2.08KB   188 downloads

[Juliet]

Right now,  I don't think it's infection. What was and has been found has been removed.

Let's give it a day.  Use the computer but do not download anything.

 

Then give me an update.

[Marco1]

OK

[Marco1]

Hi Juliet,

Today afetr restarting my pc works really really slow

I have tried to disable kaspersky protection but nothing has changed

[Juliet]

How's it doing this morning?

 

Have you rebooted again?