Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having trouble with people logging on my accounts on multiples sites


  • This topic is locked This topic is locked
8 replies to this topic

#1 vllyr

vllyr

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 31 October 2016 - 11:03 PM

Ok so someone been logging in some of my accounts with my password. Someone also used my email  to change one of my passwords.

I have changed all my passwords but there are too many accounts and that takes time.

My computer is running normal, no slowdowns or lots of processes. Only thing I noticed is dllhost ''COM SURROGATE'' running sometimes (not always). I had one ransomware on my pc and maybe didnt clean properly in the past.

 

I need your help, I have ran some programs and found some issues but I want to make sure my computer is clean.

I use Kaspersky Anti-Virus.

 

Also sorry for my english, not my main language.

 

 

Edit: Have included logs from FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016
Ran by Vinicius Hatano (administrator) on VINICIUSHATANO (01-11-2016 02:57:47)
Running from C:\Users\Vinicius Hatano\Desktop
Loaded Profiles: Vinicius Hatano (Available Profiles: Vinicius Hatano)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\Vinicius Hatano\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avpui.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\AsusWSPanel.exe [5099840 2013-06-26] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-04] (Razer Inc.)
HKU\S-1-5-21-634580630-1788014947-521793561-1000\...\Run: [f.lux] => C:\Users\Vinicius Hatano\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-634580630-1788014947-521793561-1000\...\Run: [Spotify Web Helper] => C:\Users\Vinicius Hatano\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-10-27] (Spotify Ltd)
HKU\S-1-5-21-634580630-1788014947-521793561-1000\...\Run: [Discord] => C:\Users\Vinicius Hatano\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-634580630-1788014947-521793561-1000\...\MountPoints2: {1a16b3cf-9dbe-11e4-8a8a-806e6f6e6963} - F:\Start.exe
HKU\S-1-5-21-634580630-1788014947-521793561-1000\...\MountPoints2: {4dfed2ca-9dd8-11e4-a451-806e6f6e6963} - F:\Bin\ASSETUP.exe
HKU\S-1-5-21-634580630-1788014947-521793561-1000\...\MountPoints2: {5289633d-c4ce-11e4-8831-382c4a8c504e} - G:\SETUP.EXE
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vinicius Hatano\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vinicius Hatano\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vinicius Hatano\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vinicius Hatano\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vinicius Hatano\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vinicius Hatano\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vinicius Hatano\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vinicius Hatano\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
Startup: C:\Users\Vinicius Hatano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSIAfterburner.lnk [2015-01-22]
ShortcutTarget: MSIAfterburner.lnk -> C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{EBB76C67-0250-44A7-9D47-909A22821912}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{EBB76C67-0250-44A7-9D47-909A22821912}: [DhcpNameServer] 8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-634580630-1788014947-521793561-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-634580630-1788014947-521793561-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA&ts=1423454287&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-634580630-1788014947-521793561-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA&ts=1423454287&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-634580630-1788014947-521793561-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA&ts=1423454287&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-634580630-1788014947-521793561-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA&ts=1423454287&type=default&q={searchTerms}
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1423454266&from=kmp&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-11-01] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-11-01] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://isearch.omiga-plus.com/?type=hp&ts=1421846789&from=ild&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA","hxxp://istart.webssearches.com/?type=hp&ts=1423454266&from=kmp&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA","hxxp://istart.webssearches.com/?type=hppp&ts=1423454283&from=kmp&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\Vinicius Hatano\AppData\Local\Google\Chrome\User Data\Default [2016-11-01]
CHR Extension: (YouTube) - C:\Users\Vinicius Hatano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Vinicius Hatano\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Dropbox for Gmail) - C:\Users\Vinicius Hatano\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-03]
CHR Extension: (Session Buddy) - C:\Users\Vinicius Hatano\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-10-30]
CHR Extension: (AdBlock) - C:\Users\Vinicius Hatano\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Vinicius Hatano\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-10-14]
CHR Extension: (Kaspersky Protection) - C:\Users\Vinicius Hatano\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-07-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vinicius Hatano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Vinicius Hatano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Vinicius Hatano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] ()
S3 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464 2013-08-13] (ASUSTeK Computer Inc.) [File not signed]
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1314848 2016-01-19] ()
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S4 ForgeClientService; C:\Program Files (x86)\Forge\ForgeClientService.exe [184304 2016-10-13] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
S4 Origin Client Service; D:\Origin\OriginClientService.exe [2119688 2016-04-03] (Electronic Arts)
S4 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-09-28] (Plays.tv, LLC)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-12-07] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-07-22] ()
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-06-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-08] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2013-01-25] (ASUSTeK Computer Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236888 2016-08-16] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-16] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-04-28] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-16] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
S3 L6PODHD5; C:\Windows\System32\Drivers\L6PODHD564.sys [772864 2013-07-11] (Line 6)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-01 02:57 - 2016-11-01 02:58 - 00024148 _____ C:\Users\Vinicius Hatano\Desktop\FRST.txt
2016-11-01 02:57 - 2016-11-01 02:57 - 00000000 ____D C:\Users\Vinicius Hatano\Desktop\FRST-OlderVersion
2016-11-01 02:41 - 2016-11-01 02:41 - 00000000 ____D C:\Users\Vinicius Hatano\Desktop\avz4
2016-11-01 02:37 - 2016-11-01 02:37 - 01915401 _____ C:\Users\Vinicius Hatano\Desktop\GSI6_VINICIUSHATANO_Vinicius Hatano_11_01_2016_02_33_52.zip
2016-11-01 02:37 - 2016-11-01 02:37 - 00000000 ____D C:\ProgramData\s5ks
2016-11-01 02:35 - 2016-11-01 02:35 - 00000000 ____D C:\ProgramData\s59s
2016-11-01 02:35 - 2016-11-01 02:35 - 00000000 ____D C:\ProgramData\s32o
2016-11-01 02:34 - 2016-11-01 02:34 - 10112832 _____ C:\Users\Vinicius Hatano\Desktop\avz4.zip
2016-11-01 02:33 - 2016-11-01 02:33 - 08955415 _____ C:\Users\Vinicius Hatano\Desktop\GetSystemInfo6.1.zip
2016-11-01 02:33 - 2016-11-01 02:33 - 00000000 ____D C:\Users\Vinicius Hatano\Desktop\GetSystemInfo6.1
2016-11-01 02:33 - 2016-11-01 02:33 - 00000000 ____D C:\ProgramData\s6ec
2016-11-01 02:33 - 2016-11-01 02:33 - 00000000 ____D C:\ProgramData\s5js
2016-10-30 02:26 - 2016-10-30 02:28 - 00000000 ____D C:\AdwCleaner
2016-10-29 18:01 - 2016-10-29 18:02 - 00216586 _____ C:\TDSSKiller.3.1.0.11_29.10.2016_18.01.24_log.txt
2016-10-28 23:51 - 2016-10-29 11:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-28 23:51 - 2016-10-28 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-28 23:51 - 2016-10-28 23:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-28 23:51 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-28 23:51 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-28 23:51 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-28 23:41 - 2016-10-28 23:47 - 00772372 _____ C:\TDSSKiller.3.1.0.11_28.10.2016_23.41.44_log.txt
2016-10-28 23:38 - 2016-10-28 23:38 - 00005722 _____ C:\TDSSKiller.3.1.0.11_28.10.2016_23.38.01_log.txt
2016-10-28 13:23 - 2016-10-28 13:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-27 01:05 - 2016-10-27 01:05 - 00000000 ____D C:\Users\Vinicius Hatano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-24 01:41 - 2016-10-24 12:58 - 00000000 ____D C:\Users\Vinicius Hatano\Desktop\woe
2016-10-11 13:24 - 2016-10-31 17:10 - 00000000 ____D C:\Users\Vinicius Hatano\AppData\Roaming\discord
2016-10-11 13:24 - 2016-10-11 13:24 - 00000000 ____D C:\Users\Vinicius Hatano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-10-11 13:24 - 2016-10-11 13:24 - 00000000 ____D C:\Users\Vinicius Hatano\AppData\Local\SquirrelTemp
2016-10-11 13:24 - 2016-10-11 13:24 - 00000000 ____D C:\Users\Vinicius Hatano\AppData\Local\Discord
2016-10-11 13:23 - 2016-10-11 13:23 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\Vinicius Hatano\Desktop\DiscordSetup.exe
2016-10-02 17:25 - 2016-10-02 17:25 - 22160294 _____ C:\Users\Vinicius Hatano\Desktop\Lukão Vs Milkes.wav
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-01 02:57 - 2016-06-13 02:13 - 00000000 ____D C:\Users\Vinicius Hatano\Desktop\Virus
2016-11-01 02:57 - 2016-06-13 02:12 - 02408960 _____ (Farbar) C:\Users\Vinicius Hatano\Desktop\FRST64.exe
2016-11-01 02:57 - 2016-06-13 02:12 - 00000000 ____D C:\FRST
2016-11-01 02:40 - 2016-04-27 03:15 - 00003054 _____ C:\Windows\System32\Tasks\MSIAfterburner
2016-11-01 02:40 - 2015-01-16 22:48 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2016-11-01 02:37 - 2016-06-13 12:38 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-11-01 02:13 - 2015-01-16 17:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-01 02:12 - 2015-01-16 21:20 - 00005168 _____ C:\Users\Vinicius Hatano\Documents\info.txt
2016-11-01 02:08 - 2015-12-27 23:45 - 00000000 ____D C:\Users\Vinicius Hatano\AppData\Roaming\Spotify
2016-11-01 02:08 - 2015-12-27 23:45 - 00000000 ____D C:\Users\Vinicius Hatano\AppData\Local\Spotify
2016-11-01 02:02 - 2015-06-20 13:51 - 00000958 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-634580630-1788014947-521793561-1000UA.job
2016-11-01 00:54 - 2015-12-01 11:58 - 00000000 ____D C:\Users\Vinicius Hatano\AppData\Local\Battle.net
2016-11-01 00:54 - 2015-12-01 11:57 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-11-01 00:14 - 2009-07-14 02:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-01 00:14 - 2009-07-14 02:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-01 00:08 - 2015-01-16 17:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-01 00:07 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-31 17:34 - 2016-08-21 15:29 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-10-31 14:30 - 2015-01-21 11:22 - 00000000 ____D C:\Users\Vinicius Hatano\AppData\Roaming\uTorrent
2016-10-30 22:02 - 2015-06-20 13:51 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-634580630-1788014947-521793561-1000Core.job
2016-10-29 22:01 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-10-29 12:22 - 2016-04-15 13:36 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-10-29 00:04 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\tracing
2016-10-28 23:20 - 2009-07-14 03:13 - 00006384 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-28 18:45 - 2016-02-29 12:25 - 00000000 ____D C:\Users\Vinicius Hatano\AppData\Roaming\vlc
2016-10-28 13:24 - 2015-07-14 14:03 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-28 13:23 - 2015-01-16 17:55 - 00000000 ____D C:\ProgramData\Adobe
2016-10-28 13:23 - 2015-01-16 17:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-10-27 01:05 - 2015-03-08 02:43 - 00000000 ____D C:\Users\Vinicius Hatano\AppData\Roaming\Dropbox
2016-10-25 23:34 - 2015-01-16 17:52 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-22 14:05 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF
2016-10-20 10:56 - 2016-07-29 19:09 - 00000000 ____D C:\Users\Vinicius Hatano\AppData\Local\Forge
2016-10-14 14:02 - 2016-07-29 19:08 - 00000963 _____ C:\Users\Public\Desktop\Forge.lnk
2016-10-14 14:02 - 2016-07-29 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forge
2016-10-14 14:02 - 2016-07-29 19:08 - 00000000 ____D C:\Program Files (x86)\Forge
2016-10-13 00:36 - 2016-01-14 03:12 - 00000000 ____D C:\Users\Vinicius Hatano\AppData\Roaming\PlaysTV
2016-10-10 11:41 - 2016-01-11 14:08 - 00000000 ____D C:\Users\Vinicius Hatano\AppData\Roaming\Raptr
2016-10-05 12:25 - 2009-07-14 03:08 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2014-09-01 06:18 - 2014-09-01 06:18 - 0001248 _____ () C:\Users\Vinicius Hatano\AppData\Roaming\DHPDGXL
2014-09-01 06:18 - 2014-09-01 06:18 - 0001248 _____ () C:\Users\Vinicius Hatano\AppData\Roaming\ZUTRP
2015-06-23 18:29 - 2015-06-23 18:29 - 0000103 _____ () C:\Users\Vinicius Hatano\AppData\Local\fusioncache.dat
2015-01-16 18:15 - 2015-01-16 18:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Vinicius Hatano\AppData\Local\Temp\libeay32.dll
C:\Users\Vinicius Hatano\AppData\Local\Temp\msvcr120.dll
C:\Users\Vinicius Hatano\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-25 11:56
 
==================== End of FRST.txt ============================

Attached Files


Edited by vllyr, 01 November 2016 - 12:04 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:36 AM

Posted 02 November 2016 - 01:40 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-634580630-1788014947-521793561-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA&ts=1423454287&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-634580630-1788014947-521793561-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA&ts=1423454287&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-634580630-1788014947-521793561-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA&ts=1423454287&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-634580630-1788014947-521793561-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA&ts=1423454287&type=default&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1423454266&from=kmp&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://isearch.omiga-plus.com/?type=hp&ts=1421846789&from=ild&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA","hxxp://istart.webssearches.com/?type=hp&ts=1423454266&from=kmp&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA","hxxp://istart.webssearches.com/?type=hppp&ts=1423454283&from=kmp&uid=ST31000528AS_9VPA64BAXXXX9VPA64BA"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vinicius Hatano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Vinicius Hatano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know if the problem persists.

#3 vllyr

vllyr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 02 November 2016 - 02:39 PM

Thank you! There is the Fixlog!

I'll also update my anti-virus for the next version, any problems ?

Attached Files


Edited by vllyr, 02 November 2016 - 02:39 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:36 AM

Posted 03 November 2016 - 08:40 AM

Looking good.

Any issues still pending?

#5 vllyr

vllyr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 03 November 2016 - 08:56 AM

Everything looks fine, i'm just afraid someone might be receiving my personal/financial information.

I have dllhost.exe in C:\Windows\SysWOW64\ . If that's normal than I think we are ok!

 

Thank you for helping.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:36 AM

Posted 03 November 2016 - 09:22 AM

Submit the file to VirusTotal.
https://www.virustotal.com/

Post the log for my review.

#7 vllyr

vllyr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 03 November 2016 - 10:26 AM

dllhost.exe:

https://www.virustotal.com/en/file/f7ad4b09afb301ce46df695b22114331a57d52e6d4163ff74787bf68ccf44c78/analysis/1478186522/

 

 

dllhst3g.exe:

https://www.virustotal.com/en/file/bb381f7d6effa1efb311b8070d2ed0f1cee3fe7cb84b1b3e09e6cfdded9c99f2/analysis/1478186708/



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:36 AM

Posted 03 November 2016 - 01:24 PM

The files are clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#9 vllyr

vllyr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 03 November 2016 - 09:06 PM

Everything is fine, I changed some of my passwords and no one tried to login on any other websites.

Thank you for helping me. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users